Java Network Security

Contents

Part 1. Introduction to Java and Security 1

Chapter 1. An Overview of Java Security 3

1.1 What Java Does 3
1.2 Java Is Not an Island: Java as a Part of Security 5

1.2.1 Safety and Security 7

1.2.2 Java as an Aid to Security 8

1.2.3 Java as a Threat to Security 9

1.2.4 Java as Something to Be Secured 10

1.2.5 Writing Secure Java 11

1.2.6 Staying One Jump Ahead 11

1.2.7 The Vigilant Web Site 12

Chapter 2. Attack and Defense 15

2.1 Java Is Not Just a Language 15
2.2 Components of Java 15

2.2.1 The Development Environment 16

2.2.2 The Execution Process 22

2.2.3 Interfaces and Architectures 27

2.2.4 Cryptography to the Rescue! 31

2.2.5 Signed Applets 34

2.3 Attacking the World of Java 35

2.3.1 Perils in the Life of an Applet 35

2.3.2 Vulnerabilities in Java Applications 42

2.4 Summary 44

Part 2. Under The Hood 45

Chapter 3. The Java Virtual Machine 47

3.1 The Java Virtual Machine, Close Up 47
3.1.1 The Class Loader 48

3.1.2 The Class File Verifier 49

3.1.3 The Heap 50

3.1.4 The Class Area 50

3.1.5 The Native Method Loader 50

3.1.6 The Native Method Area 51

3.1.7 The Security Manager 51

3.1.8 The Execution Engine 51

3.1.9 The Trusted Classes 51

3.1.10 The Just In Time (JIT) Compiler 52

3.2 Summary 53

Chapter 4. Class of 1.1 55

4.1 The Traditional Development Life Cycle 55
4.2 The Java Development Life Cycle 57

4.3 The Java Class File Format 59

4.3.1 Decompilation Attacks 60

4.4 The Constant Pool 62

4.4.1 Beating the Decompilation Threat 67

4.5 Java Bytecode 69

4.5.1 A Bytecode Example 69

Chapter 5. The Class Loader and Class File Verifier 77

5.1 Overview of the Java Security Model 77
5.2 Class Loaders 79

5.2.1 How Class Loaders Are Implemented 81

5.2.2 The Class Loading Process 83

5.2.3 Why You Might Want to Build Your Own Class Loader 85

5.3 The Class File Verifier 86

5.3.1 The Duties of the Class File Verifier 88

5.3.2 The Four Passes of the Class File Verifier 89

5.4 Summary 93

Chapter 6. An Incompleteness Theorem for Bytecode Verifiers 95

Chapter 7. Playing in the Sandbox 97

7.1 What the Security Manager Does 97
7.2 Operation of the Security Manager 99

7.2.1 Class Loader/Security Manager Interdependence 101

7.3 Attacking the Sandbox 101

7.3.1 Types of Attack 102

7.3.2 Malicious Applets 104

7.4 Summary 107

Chapter 8. Cryptography in Java 109

8.1 Security Questions, Cryptographic Answers 109
8.1.1 Public Key Certificates 111

8.2 Introducing JCA: the Provider Concept 113

8.2.1 JCE and Export Considerations 114

8.3 The Security Classes in Practice 115

8.3.1 The Scenario 115

8.3.2 What Do We Learn from This? 117

8.3.3 IBM Packages for Cryptographic Protocols 118

Chapter 9. Java Gets Out of Its Box 119

9.1 JAR Files and Applet Signing 119
9.1.1 Current Implementations 121

9.2 JavaSoft Signed JAR Example 122

9.2.1 Creating the Certificate Authority Key Database 122

9.2.2 Creating the Server Key Database 123

9.2.3 Creating and Signing a JAR File 126

9.3 Coming Next from JavaSoft: JDK 1.2 129

9.3.1 Protection Domains 129

9.4 Netscape Signed JAR Example 130

9.4.1 Using the netscape.security Package 131

9.4.2 Installing Keys and Certificates in Netscape 134

9.4.3 Signing JAR Files with Netscape JAR Packager 136

9.5 Microsoft and Signed Applets 140

9.5.1 Two Signed CAB Examples 142

9.6 Future Developments 147

Part 3. Beyond the Island of Java: Surfing into the Unknown 149

Chapter 10. Application Architectures 151

10.1 Browser Add-on Applets 151
10.2 Networked Architectures 151

10.2.1 Two-Tier Architecture 152

10.2.2 Three-Tier Architecture 153

10.2.3 Network Security 157

10.3 Secure Clients and Network Computers 159

10.4 Server-Side Java 160

10.4.1 The Cost of Server-Side Java 161

10.4.2 Servlets 162

10.5 Distributed Object Architectures - RMI 164

10.5.1 The Security of RMI 166

Chapter 11. Firewalls: In and Out of the Net 169

11.1 What Is a Firewall? 169
11.2 What Does a Firewall Do? 170

11.2.1 Inside a TCP/IP Packet 170

11.2.2 How Can Programs Communicate through a Firewall? 173

11.3 Detailed Example of TCP/IP Protocol 174

11.3.1 DNS Flow (UDP Example) 175

11.3.2 HTTP Flow (TCP Example) 176

11.4 Proxy Servers and SOCKS 181

11.4.1 Proxy Servers 181

11.4.2 What Is SOCKS? 182

11.4.3 Using Proxy Servers or SOCKS Gateways 185

11.5 The Effect of Firewalls on Java 186

11.5.1 Downloading an Applet Using HTTP 186

11.5.2 Stopping Java Downloads with a Firewall 186

11.5.3 Java Network Connections through the Firewall 189

11.5.4 RMI Remote Method Invocation 191

11.6 Summary 194

Chapter 12. Java and SSL 195

12.1 What Is SSL? 195
12.2 Using SSL from an Applet 197

12.2.1 Using SSL URLs with Java 197

12.2.2 SSL Class Packages 198

12.3 Summary 199

Chapter 13. Java and Cryptolopes 201

13.1 Cryptolope History 202
13.2 Today: Cryptolope Live! 203

13.3 Example Applications 207

13.4 Tomorrow 207

Chapter 14. Epilogue 209

Appendix A. Sources of Information about Java Security 211

A.1 Companies 211

A.1.1 JavaSoft 211
A.1.2 Sun 212

A.1.3 Microsoft 212

A.1.4 IBM 213

A.1.5 Reliable Software Technologies 214

A.2 Universities 214

A.2.1 Princeton 214
A.2.2 Yale 214

A.2.3 Georgia Institute of Technology 215

A.2.4 Others 215

Appendix B. Signature Formats 217

Appendix C. The Bytecode Verifier in Detail 219

C.1 The Data Flow Analyzer 219

Appendix D. What's on the CD? 223

D.1 How to Access the CD 223