When I first mentioned to a colleague of mine that I was writing a book on JavaTM security, he immediately starting asking me questions about firewalls and Internet DMZs. Another colleague overheard us and started asking about electronic commerce, which piqued the interest of a third colleague who wanted to hear all about virtual private networks. All this was interesting, but what I really wanted to talk about was how a Java applet could be allowed to read a file.
Such is the danger of anything with the word “security” in its title: security is a broad topic, and everyone has his or her own notion of what security means. Complicating this issue is the fact that Java security and network security (including Internet security) are complementary and sometimes overlapping topics: you can send encrypted data over the network with Java, or you can set up a virtual private network that encrypts all your network traffic and remove the need for encryption within your Java programs.
This is a book about security from the perspective of a Java program. In this book, we discuss the basic platform features of Java that provide security—the class loader, the bytecode verifier, the security manager—and we discuss recent additions to Java that enhance this security model—digital signatures, security providers, and the access controller. The ideas in this book are meant to provide an understanding of the architecture of Java’s security model and how that model can be used (both programmatically and administratively).
This book is intended primarily for programmers who want to write secure Java applications. Much of the book is focused on various APIs within Java that provide security; we discuss both how those APIs are used by standard Java-enabled browsers and how they can be used in your own Java applications. From a programming perspective, this latter case is the most interesting: Java-enabled browsers have each adopted particular security models, but there’s not much a programmer or administrator can do to alter those models. However, this is beginning to change, as technologies like Sun Microsystems’ Java Plug-in bring Sun’s basic security model to popular browsers.
For the end user or system administrator who is interested in Java security, this book will provide knowledge of the facilities provided by the basic Java platform and how those facilities are used by Java-enabled browsers and by Java applications. We do not delve into the specific security features of any Java-enabled browser, although we do point out along the way which security features of Java are subject to change by the companies that provide Java-enabled browsers. Hence, end users and system administrators can read this book (and skip over many of the programming examples) to gain an understanding of the fundamental security features of the Java platform, and they can understand from each of its parts how the security feature might be administrated (especially for Java applications). This is particularly true for end users and administrators who are interested in assessing the risk of using Java: we give full details of the implementation of Java’s security model not only so that you can program within that model (and adjust it if necessary), but also so that you have a deep understanding of how it works and can assess for yourself whether or not Java meets your definition of security.
From a programming perspective, we assume that developers who read this book have a good knowledge of how to program in Java, and in particular how to write Java applications. When we discuss advanced security features and cryptographic algorithms, we do so assuming that the programmer is primarily interested in using the API to perform certain tasks. Hence, we explain at a rudimentary level what a digital signature is and how it is created and used, but we do not explain the cryptographic theory behind a digital signature or prove that a digital signature is secure. For developers who are sufficiently versed in these matters, we also show how the APIs may be extended to support new types of cryptographic algorithms, but again we leave the mathematics and rigorous definitions of cryptography for another book.