| | One aspect of the JVM that plays an important role in the security sandbox is the class loader architecture. In the JVM, class loaders are responsible for importing binary data that defines the running program's classes and interfaces. In the block diagram shown in Figure 1, a single mysterious cube identifies itself as "the class loader," but in reality, there may be more than one class loader inside a JVM. Thus, the class loader cube of the block diagram actually represents a subsystem that may involve many class loaders. The JVM has a flexible class loader architecture that allows a Java application to load classes in custom ways. | As described in last month's "Under the Hood," you can prevent code loaded by different class loaders from interfering with one another inside the JVM by using a class-file verifier. But to protect assets external to the Java virtual machine, you must use a security manager. The security manager defines the outer boundaries of the sandbox. (For a refresher on the Java sandbox, see the first section of my August "Under the Hood" column.) | This article, the first in a series, will cover the general concepts of computer security and cryptography. Although mobile code is not a revolutionary concept, Java and the Internet present some unique challenges to computer security. The evolution of Java architecture and its impact on security, the different security APIs and tools, and applet security will be covered in the subsequent articles. | With a copy of an X.509 certificate's ASN.1 definition and a knowledge of the DER, you can write a Java application that will read and write X.509 certificates and interoperate with similar applications written in other programming languages. Luckily, you will probably never have to go to that much trouble because the Java 2 Platform, Standard Edition (J2SE) comes with built-in support for X.509 certificates. | This article, Part 2 of a series, will cover the various aspects of securely running Java code downloaded from a network. Although mobile code is not a revolutionary concept, Java and the Internet present some unique challenges to computer security. The evolution of the Java architecture and its impact on security, different security APIs and tools, and applet security will be covered in this series. | In the earlier articles we examined Java security as focused on the CodeSource property, which is a combination of where the code originated (URL) and who signed it (certificates). This CodeSource-based access control lacks the ability to enforce access based on who is running the code. JAAS supplements the Java 2 security architecture by providing a framework to do so, as illustrated in Figure 1. | This month, I will explore SSL as implemented by the JSSE (Java Secure Socket Extension), and show you how to build secure network applications in Java using SSL and JSSE. | | Authentication is the process by which users' access privileges are verified prior to their entering a Website's protected area. There are two major authentication approaches: basic authentication and form-based authentication. | After an overview of those security features that have changed between J2SE (Java 2 Platform, Standard Edition) 1.3 and the upcoming J2SE 1.4, this article digs deeper into the new packages included in 1.4. The first of the newer packages is the Java Certification Path (CertPath) API, which supports certificate chain manipulation. Second is the Java GSS-API (JGSS), which contains the Java bindings for the Generic Security Services Application Program Interface (GSS-API) for standardized access to a variety of security services and a framework for a single sign-on. | For those reasons, an infrastructure built on public-key cryptography, certificates, and CAs must include the functionality of certificate revocation as well as certificate issuance. The issuance of a certificate states that the CA believes, to the best of its ability, that the entity named in the issued certificate is associated with the public key enclosed in the issued certificate. The revocation of a certificate indicates that the CA is no longer willing to make that claim because of the issues raised above or any number of other concerns. | One of the security goals that the class-file verifier helps achieve is program robustness. If a buggy compiler or savvy cracker generated a class file that contained a method whose bytecodes included an instruction to jump beyond the end of the method, that method could, if it were invoked, cause the virtual machine to crash. Thus, for the sake of robustness, it is important that the virtual machine verify the integrity of the bytecodes it imports. | Consider another alarming phenomenon: When I talk with managers and engineers about security, I often discover that they operate under the misconception that they don't need to worry about security because "Java is secure." By accepting this faulty notion, engineers fail to acknowledge that in building Java apps, they must consider security from three different contexts: virtual machine security, application security, and network security. Java is secure out of the box in only one of those contexts: virtual machine security. | Both Java and non-Java developers are familiar with the most well-known security context: virtual machine security. This is due to the vast amount of attention the JVM and runtime environment received throughout these technologies' formative years. Virtual machine security encompasses the JVM and the supporting runtime environment. Over the last several years, virtual machine security has solidified and is well respected. | This series, then, is an attempt to shed a little more light on some of the core tools used to build secure applications in Java -- not secure from the byte code perspective that was so popular in the past, but rather secure from a user, application, and network perspective. If you're not clear on the difference between the two, read on and you'll soon see where I'm heading. | Java's security model is one of the language's key architectural features that makes it an appropriate technology for networked environments. Security is important because networks provide a potential avenue of attack to any computer hooked to them. This concern becomes especially strong in an environment in which software is downloaded across the network and executed locally, as is done with Java applets, for example. Because the class files for an applet are automatically downloaded when a user goes to the containing Web page in a browser, it is likely that a user will encounter applets from untrusted sources. Without any security, this would be a convenient way to spread viruses. Thus, Java's security mechanisms help make Java suitable for networks because they establish a needed trust in the safety of network-mobile code. | One way to provide authentication is to use SSL (Secure Socket Layer). SSL, which is available for Java in the JSSE (Java Secure Socket Extension), handles authentication among communicating processes using X.509 technology and provides encryption support using various encryption algorithms of assorted strengths. For many applications, honestly, this is the way to go, especially if you want an out-of-the-box solution and can guarantee that both sides provide SSL support. However, SSL won't work in some cases; maybe you don't need it, can't use it, or don't want to use it. In those cases you have to provide similar functionality yourself. | For the remainder of this article, I focus on the JBossSX org.jboss.security.plugins.JaasSecurityManager, a JAAS-based implementation of the security manager interfaces. But first, I'll present a brief introduction to JAAS. | An excerpt from Chapter 3, "Security," of Apache: The Definitive Guide, 2nd Edition. Enable Apache to communicate securely over Secure Sockets Layer (SSL). Covers building, configuring, and securing an SSL-enabled Apache server under Unix. | Networked applications, by their very nature, require close attention to security. The Secure Sockets Layer (SSL) protocol was developed by Netscape in 1994 as a common solution to client-server communication security issues. SSL supports a flexible client-server authentication scheme and provides for algorithm-independent encrypted client-server communication. SSL runs as a layer between the Transport Control Protocol (TCP) and application layer protocols, such as HTTP and SMTP. | Editor's note: The internet is an "equal opportunity annoyer"--no matter who you are or what you're doing online, eventually its many quirks may leave you feeling a bit disenchanted with the whole Net experience. When that happens, pick up a copy of Internet Annoyances, Preston Gralla's latest book for O'Reilly, which is chock-full of numerous fixes to what ails the internet, just like the samples you'll find here. | This book discusses the features of Java that make it secure. In this book, we'll discuss why Java is said to be secure, what that security means (and doesn't mean), and--most importantly--how to use the security features of the Java platform within your own programs. This last point is actually the focus of this book: while some of Java's security features are automatically a part of all Java programs, many of them are not. In this book, we'll learn about all those features and how to utilize them in our own Java applications. | Microsoft has recognized the lack of security in DHCP and DNS. As a result, Windows Server 2003 has several security technologies that are not necessarily standards-based or fully compatible with other operating systems; however, depending on your computing environment and need for security, these technologies can prove beneficial. | This is the fourth and final article in this series comparing Java and .NET security. It discusses implementations of user authentication and authorization on those platforms. Previous articles of this series covered configuration and code containment in Part 1, cryptography support and the mechanisms of communication protection in Part 2, and code protection and Code Access Security (CAS) in Part 3. | Editor's note: In the introduction to Chapter 10, from which this excerpt is taken, David Pogue writes, "If it weren’t for that darned Internet, personal computing would be a lot of fun. After all, it’s the Internet that lets all those socially stunted hackers enter our machines, unleashing their viruses, setting up remote hacking tools, feeding us spyware, and otherwise making our lives an endless troubleshooting session. It sure would be nice if they’d cultivate some other hobbies." With the release of Windows XP Service Pack 2 (SP2), Microsoft's latest and most reliable corporate desktop operating system now provides better protection against viruses, worms, and malicious hackers. David Pogue, creator of the Missing Manuals series, offers an excerpt from his newest book, Windows XP Pro: The Missing Manual, 2E, which covers all the intricacies of SP2. The excerpt deals more specifically with the Security Center and the Windows Firewall. Knowledge is power; protect your system. | This is the third article in a series of Java vs. .NET security comparisons. It deals with the issues of code protection and distribution, and Code Access Security (CAS) mechanisms on those platforms. Previous articles of this series covered configuration and code containment in Part 1, and cryptography support and the mechanisms of communication protection in Part 2. | Editor's note: In part one in this multipart series of excerpts from Practical Unix & Internet Security, 3rd Edition, we covered tips and general design principles to code by to help you avoid security-related bugs. This week we offer advice both on what to do and what not to do when you are coding a new network program. And check back to this space over the next few weeks for tips on writing SUID/SGID programs, and on using passwords to generate random numbers, all from Chapter 16 on "Secure Programming Techniques." | Editor's note: Last week's excerpt from Chapter 17 of WebLogic: The Definitive Guide examined WebLogic's security mechanisms, including the Java Security Manager. In this week's second and final excerpt from the book, authors Avinash Chugh and Jon Mountjoy cover WebLogic's various security providers and their default implementations, along with a look at how to authenticate using JAAS, and examples of Authentication and Identity Assertion Providers. | Before we proceed too much further, we should say something about how to activate ProfilingSecurityManager as our application's security manager. Recall earlier, we forced our applications to run subject to the default Java security manager by setting the system property -Djava.security.manager specifically without a corresponding property value. We need to take this one step further and specify the custom security manager as the security manager by assigning a value to the system property: -Djava.security.manager=secmgr.ProfingSecurityManager. Thus activated, ProfilingSecurityManager will write to System.out the rules needed in a policy file that will allow the application to run without throwing security violation exceptions. However, these rules cannot be processed into a final, useable form until the application has completed its run under ProfilingSecurityManager. Why? Because only then is it known that the application has finished requesting access to checked resources. So for processing and tidying the rules when the application has finished running under ProfilingSecurityManager, we provide a simple Perl script parsecodebase.pl (also in the sample code) to aggregate, format, and output the rules in a readable format, sorted and grouped by codebase. | This article initiates a series that will provide a side-by-side technical comparison of security features of Java v1.4.2/J2EE v1.4 (beta2) and .NET v1.1 platforms. The following areas will be considered: Security Configuration and Code Containment (this article, Part 1), Cryptography and Communication (Part 2), Code Protection and Code Access Security, or CAS, (Part 3), and Authentication and User Access Security, or UAS, (Part 4). | Editor's note: In this first installment in a multipart series of excerpts from Practical Unix & Internet Security, 3rd Edition, you'll find tips and general design principles to code by that will help you avoid security-related bugs. Over the next few weeks, we'll offer additional tips on topics ranging from writing network programs to writing SUID/SGID programs to using passwords to generating random numbers; all from Chapter 16 on "Secure Programming Techniques." | Editor's note: In part one in a two-part series of excerpts from Chapter 17 of WebLogic: The Definitive Guide, authors Avinash Chugh and Jon Mountjoy examine WebLogic's various security mechanisms, beginning with a look at the Java Security Manager and how WebLogic filters connection requests. They also cover WebLogic's authentication and authorization framework and how it supports the standard J2EE security services. | Editor's note: An overwhelming number of Unix security problems have been caused by SUID/SGID programs. In this week's excerpt from Chapter 16 of Practical Unix & Internet Security, 3rd Edition, we offer tips on writing SUID/SGID programs. Consider the rules described in this excerpt as well as those we covered in Part 1 and Part 2. And as an added bonus, this excerpt also includes advice on using the chroot( ) system call to enhance the security of your programs. | Editor's note: In the previous installment in this multipart series of excerpts from Chapter 16 of Practical Unix & Internet Security, 3rd Edition, we offered tips on writing SUID/SGID programs, and on using chroot(). In this week's final excerpt of the series, we have tips on using passwords more securely, and on generating random numbers, both of which play important roles in maintaining computer security. | This is the second article in a series on Java vs. .NET security comparisons. It deals with the issues of cryptography support and the mechanisms of communication protection on those platforms. The previous article in this series, Part 1, covered configuration and code containment. | Nowadays the war between different Java web frameworks is focused on offering richer and more interactive applications but there are some basic security requirements that have not been covered yet by many of them, even in the most recently published ones. | Misconfiguration and improper installation of web and application servers can be a serious problem and adversely affect the integrity of your web application and its components. 'Understanding Tomcat Security', excerpted from the Apache Tomcat Security Handbook (Wrox), looks at the top ten web application vulnerabilities as listed by the Open Web Application Security Project. It goes over the proper installation of Tomcat as a service running under an unprivileged user account, how to use a local firewall to add additional layers of security to network traffic, and shows you how to properly manage default applications and Contexts, included with Tomcat, to minimize possible entry points for attacks. | In this article, Dale discusses one way in which open source J2EE Security Realms can be used to facilitate code reuse - and thus manufacturing efficiency - into the enterprise software manufacturing process. | In this tutorial we'll introduce and review security and Web Services. This is a controversial subject, with security the most oft-cited concern among developers considering adopting Web Services technologies for the first time. We'll begin by reviewing some basic concepts, then look at common security techniques such as SSL (Secure Socket Layer). We'll then examine the process involved in authentication and authorization, as well as data privacy (if you're already familliar with security concepts, you might want to begin at Section 1.2). | Java 2's security system is a complex, pluggable architecture that allows for Java programmers to participate in the default process, or to replace the java.policy-based implementation altogether in favor of something else. In fact, Sun favors this latter approach, urging developers to implement a customized Policy implementation more suitable to their business' needs. In this paper, we will examine the details of how a new Policy implementation is built, and provide readers with the knowledge necessary to "roll your own" Java Security Policy implementations. This paper assumes you are familiar, at least in concept, with some of the Java2 Security architecture. | This paper explores some of the internals of Java 2 security. We'll take an inside-out approach to exploring the important concepts and APIs: First we'll look at the high-level concepts that Java 2 security is based on, and then we'll examine the Java class internals that encode these concepts. The Java classes are a highly optimized implementation of the relatively simple concepts on which Java 2 security is based. The high optimization level means that a bare reading of the source code is confusing and at times misleading, so a good understanding of the concepts and how the Java security classes map to those concepts is essential when pursuing a strong understanding of Java 2 security. This paper wraps up with a discussion of advanced Java security techniques. We'll see how to impose Java security on non-Java interpreted scripts, how to create logical threads of execution taking into account Java 2 security, as well as other techniques. | This chapter excerpt introduces security patterns and their benefits throughout the design of a J2EE Web Banking Application. It defines the scope and requirements of this application, identifies relevant security patterns, and applies them to the design of both the application and its operating environment. Uses cases are developed and code is presented for all the major Java classes. | This book excerpt is from Chapter 6 of "J2EE Security: For Servlets, EJBs, and Web Services" by Pankaj Kumar, ISBN 0131402641, copyright 2004. All rights reserved. This chapter, titled "Securing the Wire" is posted with permission from Prentice Hall PTR. | JavaDB, as an open source and pure-Java relational database, provides several features that make it suitable for embedded and network server modes, including JavaDB mechanisms to make it secure on several levels. If you are going to build an application using JavaDB and security is important, then this article is for you. | JSR 250 (see Reference [5]) defines common annotations for the Java platform. This article discusses the security annotations defined in JSR 250 and demonstrates how to use them for securing an application with authentication and authorization. | Security is an important aspect of programming these days. As applications get distributed around the Net piecemeal, those application pieces need to protect the parts of their underlying framework that were once assumed to be built into the main application. Along with these changes, the underlying Java 2 platform release has evolved to incorporate more and more features into the J2SE release 1.4 to provide a secure environment to execute mobile code. | As technology evolves, native platforms undergo many security improvements, for example, cryptographic accelerators, secure key management, more built-in security services, and so on. Leveraging the security offered by the native platform provides several significant benefits to the Java platform: They include but are not limited to the performance boost that cryptographic accelerators provide, a consistent behavior that matches what native applications have when they use the same native library, and the seamless sharing of users' native credentials. | After completing Part One and Part Two, you are ready to learn about JavaTM Commerce Client (JCC) framework security. Electronic commerce transactions must be secure. There is too much personal and financial information involved for them not to be. Fortunately, the JCC framework makes the security part easy. | Sun Microsystems, Inc., is announcing two new Java SE security response features, each designed to strengthen the Java platform's position as one of the most widely used, secure software platforms available. The new features include Sun's synchronized release of Java SE security fixes, and advance customer notification of those releases. They are designed to complement Sun's existing Sun Alert notifications, as well as the built-in Java Auto Update tool for Microsoft Windows users, and build a foundation for additional Sun Connection services and a customized Java SE platform for production environments that are expected in 2008. | In Parts 1 through 3 of this series, Raghavan Srinivas discussed network and Java security concepts, including a detailed look at applet security. In this article, the fourth and last in the series, he details the optional, yet important, packages that enhance Java security. | The good news is that JSSE has been integrated into the Java 2 SDK, Standard Edition, version 1.4 (J2SE 1.4). This means if you have J2SE 1.4 installed, then you can build secure Internet applications based on SSL without downloading any additional packages. This two-part series of articles provides a hands-on tutorial explaining how to develop secure Internet applications for today's and tomorrow's market. This article is concerned with the server-side and the next article will be concerned with the client-side. This article starts by presenting a detailed overview of SSL, then shows you how to: | This article presents an overview of information security, followed by an overview of the basic concepts for securing web services. It covers some of the prominent industry standards developed to provide comprehensive security solutions, as well as the Java WSDP 1.5 XWS-Security framework, which implements the OASIS Web Services Security (WSS) specification. | This article, the third in the series, will cover the various requirements for securely running Java code downloaded from a network. Although mobile code is not a revolutionary concept, Java and the Internet present some unique challenges to computer security. The evolution of the Java architecture and its impact on core Java security was discussed in Parts 1 and 2. This article takes a different tack: a hands-on approach to tie all the concepts together by deploying a simple applet that writes to the local filesystem. | Whitfield Diffie is a rarity, a person who has gained nearly legendary status in his lifetime. His 1975 invention of the concept of public key cryptography has revolutionized cryptography for nearly 30 years. Stanford Law School professor Lawrence Lessig has called it, "the most important technological breakthrough in the last thousand years." Public key cryptography is a set of techniques that enables two people who share no secret in common to exchange information secretly. In the past, to send and receive a secret message, two parties had to share a secret encryption/decryption device, known as a key, that both encoded and unlocked the message. Party A would encrypt the message using a key and send the message to Party B, who needed the same key to unlock it. The sharing of keys created problematic vulnerabilities. | The Java Secure Socket Extension (JSSE), which is a set of Java packages that enable secure Internet communications, is a framework and implementation of the Secure Socket Layer (SSL) version 3.0 and the Transport Layer Security (TLS) version 1.0, which is an improvement on SSL 3.0. These packages enable you, the Java developer, to develop secure network applications that feature the secure passage of data between a client and a server running any application protocol, such as HTTP, FTP, Telnet, NTTP, over TCP/IP. | Many potential applications of Jini require network security. Although various third parties have made proprietary security extensions to Jini, until now the only security available to users of the standard Jini release is the security infrastructure of the Java platform. The Jini Community's Davis project is about to change that. Bob Scheifler is leading the development of the next release of Jini, in which security is the central concern, as part of the Davis project. On Friday, April 12, 2002 Bill Venners visited the Sun Microsystems campus in Burlington, Massachusettes and interviewed Bob Scheifler, Sun Distinguished Engineer and architect in the Jini Group. In this first installment of the interview, Scheifler discusses the need for security in Jini and the special security considerations of dynamically downloaded code. | At the time we make a call on a secure proxy for a server, what the proxy is obliged to do is to figure out what the server's constraints for that method are, figure out what the client's constraints for that method are, and figure out what the context constraints are. We must union all three sets of requirements together, and union all three sets of preferences together. We must then make sure the remote call obeys the union of the requirements and obeys the preferences as best it can. The proxy is obliged to do this. It is part of the contract of implementing the RemoteSecurity interface that all the remote calls made through the proxy will do this process of unioning all the constraints and making sure that the remote call enforces all the requirements. | Security beyond the architecture To be effective, a computer or network security strategy must be comprehensive. It cannot consist exclusively of a sandbox for running downloaded Java code. For instance, it may not matter much that the Java applets you download from the Internet and run on your computer can't read the word processing file of your top-secret business plan if you: | Most developers are concerned about the security aspects of the software they write, and some even worry on a constant basis whether there might be security problems lurking in their production code. Such worries are the first hallmark of a security-conscious developer, according to Barmak Meftah, VP of Products and Services at Fortify Software, and Bill Pugh, creator of the popular FindBugs tool: | Discussion about security in the industry has centered around a perimeter approach. With that approach, operations folks fortify the perimeter and build an infrastructure to prevent vulnerabilities or potential violations or viruses to enter your environment. However, if you really think about it, most of those malicious type items are counting on the underlying application. If you build your application to be secure, that is your most solid line of defense. | In the Security/ex2 directory, create two JAR files, friend.jar and stranger.jar, which will contain the class files for Friend.java and Stranger.java. For an explanation of this process, here's an excerpt from Inside the Java Virtual Machine: | The initial excitement brought on by Java's ability to automatically and transparently download code across the network dynamically subsided quickly. PC users across the world quickly realized that it is a "bad thing" to run unknown code on their machines. Sun Microsystems launched JDK 1.0 with the famous (and infamous) "sandbox security model" for applets downloaded over the Internet, assuring users that downloaded applets can really do very little harm -- if you don't let them do anything useful. | Although Java-based wireless Web services have a bright future in the world of pervasive mobile commerce, the current technology is not yet mature. Security is among the remaining issues yet to be resolved. Wireless communications are easy targets for air wave interception, and wireless devices rarely have the computing power to support strong encryption of all communication data. Moreover, on the back end, Web services run outside corporate firewalls and interact with each other using open messaging protocols. Wireless Web services are likewise vulnerable targets for various cracking attacks. Well developed point-to-point security technologies such as SSL/TLS and HTTPS are not suitable for the multiple vendor, multiple intermediary Web services network topography -- the focus needs to be on securing the contents themselves rather than the connections over which they travel. Despite the new challenges, Web services themselves, however, can be used to enhance mobile commerce security. Emerging Web services security specifications enable you to use Web services as security utilities. | Either the Web Services Gateway or a DataPower appliance can be used to address the WS-Security specification level interoperability problem. As shown in Figure 3, both of these solutions have the capability to proxy a Web service that uses the WS-Security 1.0 specification and make this service available to all Web service consumers that use the WS-Security draft 13 specification. | This tutorial explains the use of the Java? Secure Socket Extension (JSSE) packages included in JDK 1.4. The complexity of using JSSE is not in the communication itself, but rather in the configuration. Before you can run your client/server software, you must create the keys needed by the encryption algorithms, and these keys must be properly loaded by your software before it can create secure sockets. This tutorial provides cookbook-style instructions for creating and installing JSSE encryption keys in a client/server application environment. | This article focused on using method-based security to protect Java class instances. It also explained how Acegi and Spring internally create and proxy Java objects and how bean proxies work to implement access control. The article includes a couple of sample applications that you can use to further explore the concepts you have learned in this series. See the Resources section to learn more about securing Java applications with Acegi. | Yanni Zhang ([email protected]), Component Lead, Java Security team, IBM Audrey Timkovich ([email protected]), Technical Lead, Java Security team, IBM John Peck ([email protected]), Technical Lead, Java Security team, IBM | A modern enterprise is usually a complex system that faces a lot of opportunities and challenges every day. Many of these challenges can put an enterprise's IT infrastructure at risk, so ensuring the highest possible level of IT security is crucial. The Apache Geronimo application server supports small-to-medium-sized enterprise applications and provides robust, security-minded support for the latest J2EE specification. Using the Geronimo application server lets you build a secure enterprise infrastructure conforming to the latest standards. To demonstrate the security features of Geronimo, a team of IBM experts has implemented an emulator of a simple banking scenario to show the technical capabilities of Geronimo in a real-world business situation. | This series starts with an introduction to the common security concerns of enterprise applications and explains how Acegi resolves them. You will see Acegi's architectural model and its security filters, which embody most of the functionality you'll use to secure your applications. You will learn how filters work individually, how they can be combined, and how a filter chain functions from start to finish in an enterprise security implementation. This article concludes with a sample application that demonstrates Acegi's implementation of a URL-based security system. The following articles in the series will explore some of the more advanced uses of Acegi, including how to design and host access control policies and then configure Acegi to use them. | We are working on various aspects of secure systems design and implementation. This includes development of the basic building blocks of secure systems as well as complete solutions and tools. We particularly focus on the areas of secure identity cards and documents as well as authentication technology, for example by creating end-to-end authentication solutions such as the Zone Trusted Information Channel (ZTIC). A new research topic is secure sensor and actuator networks. The secure virtualization project is investigating tools for security management in virtualized environments and setting up trusted virtual domains. | I strongly encourage any enterprise-level Java developers to examine the full JAAS specification (see Resources) and explore the solutions already available for their vendors' platforms. Using the JAAS interface for application security can dramatically reduce the effort required to implement an effective security layer and simultaneously increase the safety of the system. | This five-part series of articles introduces Acegi Security System and demonstrates how to use Acegi to secure enterprise Java applications. This final article of the series continues a discussion of using Acegi to secure JSF applications. In Part 4 I showed how you can secure a JavaServer Faces (JSF) page using Acegi without writing any Java code. I also provided an in-depth explanation of events that happen when you deploy your JSF-Acegi application and when a user accesses it. This time I focus on techniques for securing JavaBeans in your JSF applications. | The Java? platform, both its base language features and library extensions, provides an excellent base for writing secure applications. In this tutorial, Part 2 of 2, Brad Rubin introduces the basic concepts of authentication and authorization and provides an architectural overview of JAAS. Through the use of a sample application, he'll guide your understanding of JAAS from theory to practice. By the end of the tutorial you will have a good foundation for working with JAAS on your own. | The Java? platform, both its base language features and library extensions, provides an excellent base for writing secure applications. In this tutorial, the first of two parts on Java security, Brad Rubin guides you through the basics of cryptography and how it is implemented in the Java programming language, using plenty of code examples to illustrate the concepts. | For many high-stakes Internet-accessible systems that use the enterprise edition of the Java 2 platform -- Web entities that need to protect data or restrict user access -- security is far too important to handle using current standard practices. We need to design better protection into our systems if they are to survive. | This fourth installment demonstrates how to use Acegi to secure JavaServer Faces (JSF) applications that run in a servlet container. This article first explains the features Acegi provides for this purpose and dispels some common misconceptions about using Acegi with JSF. This article then presents a simple web.xml file that you can use to deploy Acegi to secure a JSF application. From there, go deep inside Acegi and JSF components to understand the sequences of events that happen when you deploy the web.xml file and when users access the JSF application. The article concludes by presenting a sample JSF application secured by Acegi. | This two-part series of articles will demonstrate the use of Java Card? technology to enhance the security of Java 2 Platform, Micro Edition (J2ME) applications. This first article begins with an introduction to smart card and Java Card technologies. I'll examine the workings of a sample e-bank application in which Java Cards will serve J2ME clients. I'll also demonstrate how to load and install Java applications onto Java Cards. Next, I'll explain the exchange of messages that occurs when a J2ME client invokes the services of a Java Card. Finally, I demonstrate how the different classes of the sample Java Card application work. | This series of articles is an introduction to using Acegi Security System to secure your Java enterprise applications. In the first article in this series, I introduced Acegi and explained how to use security filters to implement a simple, URL-based security system. In this second article, I begin to discuss the more advanced uses of Acegi, starting with writing an access control policy and storing it in ApacheDS, an open source LDAP directory server. I also show you how to configure Acegi to interact with the directory server to implement your access control policy. At the conclusion of the article, I present an example application that uses ApacheDS and Acegi to implement a secure access control policy. | In this three-part series of articles, I have demonstrated secure Kerberos messaging in a J2ME application. You have studied the details of Kerberos messages that result in an exchange of cryptographic keys. You have also learned how a J2ME application uses the keys to establish a communication context and securely exchange messages with a remote e-bank server. I have also provided the J2ME code that demonstrates all the concepts that the articles have discussed. | Trust is an issue in every non-trivial distributed application -- peer-to-peer applications included. In a distributed application, the level of trust is the metric that measures how confident we are that we are communicating with whom we think we are, and that we are accessing the resources we think we are. | For most kinds of Java applications, you can use the System.out.print command to display data on the output console at run time and view the behavior of the application. You can also write the data to a file so that you can later study the application's run time behavior at different points. Unfortunately, you can't use either of these techniques to debug your Java Card applications. The JCDK doesn't have a console, so you can't use the System.out.print command to view the data at run time. The Java Card API also does not support creating a file on the Java Card. At present, the only way to debug a Java Card application is to rely on data returned to a client application like a J2ME MIDlet. | After deploying SCM infrastructure following the steps described in Deployment Guide Series: IBM Tivoli Security Compliance Manager, we start to develop the portlet application using Rational Application Developer. We chose IBM Portlet API for the portlet development. Here is the general approach. We used JDBC to retrieve compliance information stored in the SCM database, and invoke SCM Admin CLI commands to perform some SCM actions, such as registering a client, creating snapshots, and re-scanning compliance status of a client. Those CLI commands are described in Tivoli Security compliance Manager Administrator Guide. You can find these documents in the Resources section. | As it turns out, on Windows machines the "encrypted" password is stored in the registry. Not good. A relevant software security tip for Windows programmers is always to assume that people can read any entries you put into the registry! If you choose to store something there, make sure it is well-protected with strong cryptography. | In this tutorial, system administrators Brian Bilbrey and Tom Syroid outline the requirements necessary to transform CVS into a secure application -- from both the server and client side of the equation -- as part of Studio B's MetroSphere project. | Suffice it to say that with the introduction of the J2EE Web application security architecture, we're reaping the rewards of nearly 10 years of trial and error, and it shows. The J2EE security framework consists of three APIs: the Java Authentication and Authorization Service (JAAS), Java Secure Socket Extension (JSSE), and Java Cryptography (JCE). While JCE is an interesting and important API, it's not quite so central to our interests as the "big three" of secure Web application development: authentication, authorization, and transport. So in this month's column we'll focus on the JAAS and JSSE. | In this article, we'll focus on both the advantages and the compromises of developing on the Java 2 Platform, Micro Edition (J2ME). We'll start with a brief overview of the basic concepts and benefits of J2ME. Next, we'll closely examine the potential security advantages of J2ME-based applications over other wireless alternatives such as WAP and native applications. We'll explain the current application security models available on the J2ME platform, as well as the platform's suitability to some predictable future trends. As part of this discussion, we'll suggest some potential ways to enhance network and data security for J2ME applications. In closing, we'll summarize the feasibility of developing advanced secure applications for the smallest wireless devices using J2ME technologies. Throughout the article we will focus mostly on both the current and upcoming (2.0) MIDP specification, given that MIDP is the most widely used J2ME profile. | Take David Jencks, for instance. I set out to talk to him about Apache Geronimo security, but quickly realized he was even busier than I had suspected. "Right now I am working on finishing JPA support with container-managed persistence," he told me when I sat down to talk to him just before Thanksgiving. "We have the Daytrader sample application working in Geronimo using OpenJPA. I'm quite excited by this; JPA looks like it will be a much better persistence solution than entity beans or even JDO1 (I haven't had a chance to work with JDO2 yet). I'm also working on integrating [Apache] CXF for the JEE5 JAX-WS support, and hope to get to Axis2 integration soon. I'm also trying to figure out how to refactor the deployment system to make it more extensible and simpler. And I'm hoping to find the time to actually demonstrate pluggable JACC. And if I get any free time I hope to get back to the Jetspeed 2 integration I started last year." | With the Apache Geronimo project gaining momentum after each successive release, developers are beginning to take notice and wonder how they might develop applications using this Java? 2 Platform, Enterprise Edition (J2EE)-certified platform. While developing applications with standard technologies might be trivial to J2EE veterans, getting these components to work on this platform requires Geronimo-specific knowledge. Consequently, those new to J2EE applications and how they are integrated into Geronimo will find this series useful, as will veteran J2EE programmers looking to build applications on Geronimo. This series shows you how to create an example application and follow the procedures needed to configure and deploy it onto Geronimo. In Part 1, you create and deploy the application using servlets, JavaServer Pages (JSPs), J2EE declarative security, and J2EE Connector Architecture (JCA). | Previous articles in this series describe the WS-Security specification-level interoperability problem, and they help you choose an appropriate workaround. This article focuses on implementing the EJB proxy workaround. The approach involves building an EJB Web service proxy, which acts as the glue between the J2EE 1.3 client and the J2EE 1.4 Web service provider. Compared to the middleware proxy approach described in a previous article of this series, implementing the EJB proxy approach is a basic programming exercise. No additional middleware infrastructure is required if your front-end middleware tier contains a WebSphere® Application Server, Version 6.0 or later, or another J2EE application server capable of supporting J2EE 1.4 applications. Also, this approach is not as scalable as the middleware proxy approach, because it requires manual modification of each J2EE 1.3 client application. The EJB proxy approach described in this article is best used when you need a lightweight, low-cost solution for sandbox, test, or proof-of-concept situations. | The software industry is focused on providing support for developing and deploying mission-critical applications written in Java. The Java environment encompasses a broad spectrum from enterprise servers to embedded devices. A range of Java-based systems, including JavaOS, EmbeddedJava, and PersonalJava, among others, will become available, providing potentially different levels of underlying services. This situation will result in requirements for varying levels of security strength. | In this final installment of The busy Java developer's guide to db4o, I'll address three features you expect and require from any data storage system, be it object-oriented, relational, or otherwise. Get ready to learn how db4o supports application security, distribution, and transactions. | Because it is changing the way software is built, consumed, and delivered (compared with traditional software development practices), SaaS is proving to be a disruptive IT trend. One of the key differences between developing a SaaS application and developing an enterprise application is that SaaS applications must be multi-tenant. Other key SaaS requirements, such as security, customization, Service-Oriented Architecture (SOA), and integration impact the SaaS application architecture. SaaS is disruptive trend because it is | Clearly an industry standard way of securing a Web service was required, and IBM, Microsoft, and VeriSign responded to this need in April, 2002. From the WS-Security specification (see also Resources): | Under JDK 1.0 and JDK 1.1 (and even JDK 1.2 for backward compatibility and additional flexibility), you can implement a custom security policy for your Java programs by subclassing the java.lang.SecurityManager abstract class in the java.lang package. This abstract class contains methods in the form of checkXXX(). All library functions that access system resources have been "wired" to call these methods to determine if access is allowed (that is, file read, network connect, and so on). The SecurityManager class is abstract in JDK 1.0 and JDK 1.1, so you must subclass it in your program in order to use it. However, none of the check methods is abstract -- all of them have default implementation, and therefore need not be overloaded. You may override the methods in the class to implement your own custom security policy for your applications. If you want to disallow a certain operation, throw SecurityException from the checkXXX() method. This is what the default implementation will do for all the checkXXX() methods that you do not override. | This article shows how to implement an effective primary line of defense to secure a Java-based multitenant SaaS application. The solution combines the use of Spring Security, a proven open source security framework, with Apache Directory Server, a popular Java-based open source Lightweight Directory Access Protocol (LDAP) v3 compliant server. The solution proposed is available as an example Java Web application that can be deployed on either Apache Tomcat or Apache Geronimo. | For the past several months, you have been exploring various issues regarding object integrity, security, and performance. In this month's article, you continue with this theme and begin to learn how objects are duplicated. This is not a trivial issue. Although copying primitives such as numbers is mostly straightforward, copying objects is a more complicated task. Completely duplicating an object is a multi-step process. | At this point, the graphical representation is in a logical state, the fido references and object with the name of fido and the spot references an object with the name of spot as seen in Diagram 2. | One of the interesting areas of object integrity pertains to the fact that developers often do not know what they have; in many cases, this can cause significant problems. Duplicating objects falls into this category. The problem is that objects are processed using pointers and references. Duplicating a pointer or a reference does not necessarily duplicate the entire object. The main issue here is that objects are often made up of other objects—and these relationships are critical to consider. | One topic that is quite interesting to investigate is the relationship between source code and the bytecodes that the compiler produces. In fact, explore this from various perspectives. You can look at performance issues, security issues, intellectual property issues, and even readability issues. In many cases, one or more of these topics intersect. For example, fine tuning bytecodes for increased performance can also lead to more secure code. The same goes for intellectual property concerns, which can go hand-in-hand with dealing with code performance. It is important, and quite interesting, to understand the effect on fine-tuning bytecodes can have. | Application Security is the strategy and actions to prevent security breaches of applications and systems. Because the vast majority of applications are known to have bugs, security issues such as design, development, implementation, and/or deployment flaws, application security is a necessary component of any company's technology strategy. | From time to time, we hear that electronic commerce, particularly via the World Wide Web, will revolutionize the way that business is done. Yet the financial industry has been slow to embrace, or even to acknowledge, the forecast revolution, and many people, fearing electronic fraud and imposture, remain suspicious of the technologies involved and refrain from using them. In an effort to allay such fears and to offer a secure environment for electronic transactions, Sun Microsystems is developing the Java Wallet, which it believes will provide solutions to the manifold problems of electronic commerce. | This article introduces you to the Virtual Private Networks, the demand of today's growing networks, and its endangered security. This article highlights the following topics: | Matt Weisfeld is a faculty member at Cuyahoga Community College (Tri-C) in Cleveland, Ohio. Matt is a member of the Information Technology department, teaching programming languages such as C++, Java, C#, and .NET as well as various Web technologies. Prior to joining Tri-C, Matt spent 20 years in the information technology industry gaining experience in software development, project management, business development, corporate training, and part-time teaching. Matt holds an MS in computer science and an MBA in project management. Besides The Object-Oriented Thought Process, which is now in its second edition, Matt has published two other computer books, and more than a dozen articles in magazines and journals such as Dr. Dobb's Journal, The C/C++ Users Journal, Software Development Magazine, Java Report, and the international journal Project Management. Matt has presented at conferences throughout the United States and Canada. | When building a house, there are certain very specific things that a builder will do: roofing shingles are laid so that the higher shingles overlap the lower ones. Flashing is placed over the top of newly installed windows. These specific practices protect the house from water damage, and they flow from a single, general principle: that water needs to run off of a house in waterfall fashion. Similarly, while there are many specific security practices, they flow from a small set of well-accepted principles. Understanding the fundamental principles puts you in the best position to implement specific practices where needed in your own projects. | This column covers the topic of Java Class access security. Here, you explore a very basic aspect of security that a Java developer would be concerned about at the design level. | Adding security certifications and experience to your IT skill set is an undeniable way to significantly increase your worth. Even during the downturn of the IT employment market of the past couple years, those with security experience and skills were often able to stay in demand. Several security certifications exist. There are certifications that range from entry-level to advanced in their content and experience requirements. Some of the upper-level security certifications that one might look into include the CISSP, SANS Institute certifications, and Cisco security exams. If you are just beginning in the IT security world, one of the better recognized entry-level security certifications is the Security+ certification offered by the widely recognized CompTIA. | In the previous column, you explored some of the behaviors of dynamically loaded classes as they relate to the topics of performance and security, http://www.developer.com/java/data/article.php/3652286. Specifically, you attempted to insert a rogue class into the loading process to see whether you could compromise the integrity of the class loading process. In this article, you will expand this concept within the constraints of a client/server model. | OWASP provides a top 10 list of web vulnerabilities which includes invalidated parameters, can lead to unauthorized backend server manipulation, cross-site scripting flaws which can lead to unauthorized manipulation of users browsers. Many of the vulnerabilities listed can be fixed through proper application design. However, application security expertise is scarce and many times not a priority. Therefore, one approach is to secure applications using a layered security architecture using so-called application firewalls. For example, Sanctum's AppShield or SpiDymanics', provides protection to web applications by inspecting web application for common programmatic errors, design flaws, and unintended functionality. AppShield is normally deployed in front of the web applications as a sort of proxy device. By using a security layer, a time-based strategy to managing risk is employed. This security layer approach prevents intrusions and at the same time buys some time to patch or correct application vulnerabilities. | Once Java code has been run on a machine, there is very little that protects it from being compromised. Developers need to assume that eventually their source code will be decompiled and scrutinized. There are, however, ways to sanitize source code after a program runs, and steps to make it expensive, time consuming, and extremely difficult to unravel. | This exam is relatively new to the security certification scene, but it is seen as a possible leader in baseline security exams. This exam is intended to test you on fundamental security concepts and abilities. By passing this exam you can prove you have a solid fundamental foundation in general security concepts, communications security, infrastructure security, basics of cryptography, and operational/organizational security. CompTIA, who also offers other popular certifications like the A+ and Network+ Exams, offers this exam. | How We Learned to Cheat at Online Poker: A Study in Software Security By Brad Arkin Frank Hill Scott Marks Matt Schmid and Thomas John Walls | Selecting the platform and technologies that support the users, roles and access rights. This includes choosing an operating system, the Web server, an application server if applicable, the directory service when a large number of users is concerned, a user authentication mechanism (anonymous, cookie, basic, challenge response, digest, certificate-based), the authentication mechanism between the different application tiers, and so on. Certainly, the decisions are not made solely from the security standpoint, but this is the role of the architect: To take in all the application requirements and find the best possible solution within the constraints. | Coding policies should include serious strategies on error handling. For instance, Java supports exceptions. How and where exceptions are to be used should be listed in the policy. How the program is going to be tested, or how defensive runs will be practiced, should also be included in the document. Standards for how to implement finally in catch/try blocks should be outlined, etc. | Discussions of security as it relates to applications often ends up polarized?either focusing on specific coding issues or attacks on the underlying system used to gain access to or through the application. This article focuses on the importance of security during the architecture and design phases of an application, and provides an overview of the areas of security that need attention. Focusing on security early is one way to avoid weakness post-deployment, and to increase the overall strength and resilience of your applications. | A funny (but innocent) example of this flaw is on the Websites of two well-known security companies. They offer a number of whitepapers for download, but conditional upon filling in a form with personal details. A quick look in the HTML source shows that the form uses a hidden field to store the page where the visitor is redirected after filling in the form. Thus, a simple copy & paste into the URL bar will bypass the information collection stage. | Security in and of an application does not have to be an overwhelming task. By considering the security aspects of an application at all stages, as early as basic functional requirements, one can weave security into all areas of the application; doing so results in a cumulative and strong level of security strength, resiliency, and quality. Effort spent during the design phases looking at the various layers of the application and how one hopes people will and will not use the application sets the foundation for functionality that both meets the needs of users and withstands all anomalies that occur. | In early Java incarnations, untrusted code was constrained to a security sandbox. Code signing was added to the security toolbox in 1997 with the introduction of JDK 1.1. Together, sandboxing and signatures make for a powerful approach to securing untrusted code. (See Sandboxes and signatures: The future of executable content.) However, even with code signing, the JDK 1.1 trust model is black and white; that is, code is either completely trusted or completely untrusted. Java 2 changes all that by allowing fine-grained security policy and access control enforcement. The access control system in Java 2 is built around the concept of stack inspection. | In our last installment, we introduced policy and covered product requirements, error handling, and object states. Part two will finish discussing elements that should be part of a secure Java code policy. | This is an excerpt from Chapter 1: No Straight Thing from the book Secure Coding (ISBN: 0-596-00242-4), written by Mark G. Graff and Kenneth R. van Wyk, published by O'Reilly & Associates. | Microsoft has also recently updated their Java Virtual Machine (JVM) in response to security issues within the sandbox. The flaw affected JVM builds in the 2000, 3100, 3200, and 3300 series, which includes every build of I.E. 4.X and 5.X. The flaw allowed an unsigned applet to read and send information outside of the sandbox under certain parameters. The applet could then masquerade as the affected browser, browse within a network or past a firewall, go to secure sites if passwords were stored or cached, and send the information back to the server the applet originated from. This would effectively allow a hacker to browse sites as the user who downloaded their applet. They could also possibly achieve Telnet or FTP access. | Chapter 1 "Mobile Code and Security: Why Java Security Is Important" introduces some of the history of Java, the Internet and the Web. It provides a summary of the features in the Java platform and introduces how Java establishes trust. The chapter also includes pointers to external sources for those new to Java. Experienced readers will want to skim or skip Chapter 1. If you have been working with Java for a reasonable amount of time, you will not benefit from this chapter. | Are the numerous security flaws we hear so much about week after week really avoidable? Mark G. Graff and Kenneth R. van Wyk, the authors of Secure Coding: Principles and Practices, believe so. Secure Coding is a fairly quick read that everyone can benefit from, regardless of their role in the development cycle. The book is not oriented towards any specific platform, language, or methodology. It looks at this huge problem the computer industry faces from the development side and leads the reader to a better understanding of the security they can design, build, and implement into an application. Graff and van Wyk show that securing your program is more than just paying close attention to your code. Everyone involved in the development of an application needs a solid understanding of what is really needed. The book provides more than just how-to solutions, it provides a new or more complete vision of the security necessary in today's market. | Java programs are especially vulnerable to decompilers, because Java source code is compiled to Java bytecode, which is a platform independent abstraction layer for the virtual machine. Because Java's bytecode contains interface and type information that runs safety checks on the language before it is actually run on the machine, decompiling is much easier in Java than most other development languages. | The MP performs management functions for an overall system and provides coordination among all the planes (control, data, forwarding, and so forth). The MP, control plane, and data plane are illustrated in Figure 1 in conjunction with a remote management system. | Above all, have fun and use these programs to learn as much as you can about the theory behind and the mechanics of digital signatures using public key cryptography as implemented using Java. |
|