did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780471319528

Securing Java: Getting Down to Business with Mobile Code, 2nd Edition

by ;
  • ISBN13:

    9780471319528

  • ISBN10:

    047131952X

  • Edition: 2nd
  • Format: Paperback
  • Copyright: 1999-01-01
  • Publisher: Wiley
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $34.99

Summary

Information Security/Java "This book is mandatory reading for every user and developer of Webware." -Peter G. Neumann, Moderator of the Risks Forum, from his review of the first edition Securing Java Java security is more important now than ever before. As Java matures and moves into the enterprise, security takes a more prominent role. But as Java evolves, its security issues and architectures get more complicated. Written by the world's leading experts on mobile code security, this updated and expanded edition of the groundbreaking guide to Java security includes lessons for Web users, developers, system administrators, and business decision-makers alike. This book navigates the uncharted waters of mobile code security and arms the reader with the knowledge required for securing Java. It provides in-depth coverage of: * The base Java security sandbox, made up of the Verifier, Class Loaders, and the Security Manager * Code signing, stack inspection, and the new Java 2 security architecture * The pros and cons of language-based enforcement models and trust models * All known Java security holes and the attack applets that exploit them * Techniques commonly used in malicious applets * Twelve rules for developing more secure Java code, with explicit examples * Hard questions to ask third-party Java security tools vendors * Analysis of competing systems for mobile code, including ActiveX and JavaScript * Card Java security, smart card risks, and their impact on e-commerce security On the companion Web site www.securingjava.com you'll find: * The Java Security Hotlist: Over 100 categorized and annotated Java security-related Web links * An e-mail list to keep subscribers abreast of breaking Java security news * A complete electronic edition of this book

Author Biography

GARY McGRAW is Vice President and Senior Research Scientist with Reliable Software Technologies and an international authority on Java security. Dr. McGraw is the author of over 50 peer-reviewed technical publications, consults with major e-commerce vendors including Visa, and is the principal investigator on several U.S. government research grants. EDWARD W. FELTEN is Professor of Computer Science at Princeton University where he leads the world-renowned Secure Internet Programming team. Professor Felten discovered many of Java’s security holes and is actively involved in designing more secure approaches to mobile code.

Table of Contents

Chapter 1 Mobile Code and Security: Why Java Security Is Important
1(36)
Who Cares?
2(3)
Mobile Code
5(2)
The Power of Networking
7(6)
Downloading Code: Not a New Problem
13(2)
Java in a Demitasse
15(9)
Securing Java
24(1)
How Does Java Security Stack Up?
25(6)
Where to Find More Information on Java
31(2)
Mobile Code Has Its Price
33(2)
Assessing the Risks
35(2)
Chapter 2 The Base Java Security Model: The Original Applet Sandbox
37(44)
Potential Threats
38(8)
What Untrusted Java Code Can't Do
46(2)
What Untrusted Java Code Can Do
48(1)
The Java Language and Security
48(2)
The Three Parts of the Default Sandbox
50(2)
The Verifier
52(7)
The Class Loader Architecture
59(8)
The Security Manager
67(4)
Different Classes of Security
71(3)
Type Safety
74(3)
Browser-Specific Security Rules
77(1)
The Fundamental Tradeoff
78(1)
Is There Really a Java Security Policy?
78(3)
Chapter 3 Beyond the Sandbox: Signed Code and Java 2
81(34)
What's the Main Goal?
82(1)
Security Enhancements in JDK 1.1
83(5)
Signed Code
88(4)
Trust
92(3)
An Introduction to Java 2 Security
95(2)
Access Control and Stack Inspection
97(4)
New Security Mechanisms in Sun's Java 2
101(12)
Outside the Sandbox
113(2)
Chapter 4 Malicious Applets: Avoiding a Common Nuisance
115(24)
What Is a Malicious Applet?
117(4)
Annoying Applets
121(6)
Denial of Service
127(3)
Opening Untrusted Windows
130(2)
Stealing Cycles
132(1)
Forging Mail
133(2)
Killing Off the Competition
135(1)
Malicious Applets on the Web
136(2)
The Implications
138(1)
Chapter 5 Attack Applets: Exploiting Holes in the Security Model
139(48)
Implementation Errors or Specification Errors?
140(3)
Attack Applets
143(1)
What Applets Aren't Supposed to Do
143(1)
A Chronology of Problems
144(3)
Jumping the Firewall
147(6)
Slash and Burn
153(3)
You're Not My Type
156(2)
Applets Running Wild
158(5)
Casting Caution to the Wind
163(2)
Tag-Team Applets
165(2)
Big Attacks Come in Small Packages
167(2)
Steal This IP Number
169(2)
Cache Cramming
171(1)
Virtual Voodoo
172(1)
The Magic Coat
172(2)
Verifying the Verifier
174(3)
The Vacuum Bug
177(1)
Look Over There
178(4)
Beat the System
182(2)
What These Problems Teach Us
184(3)
Chapter 6 Securing Java: Improvements, Solutions, and Snake Oil
187(26)
Improving the Platform
188(11)
Writing Safer Code: A Defensive Stance
199(1)
Third-Party Solutions or Snake Oil?
200(4)
Risks That Third-Party Vendors Can Address
204(4)
Risks That Third-Party Vendors Can't Address
208(3)
Assess Your Risks
211(2)
Chapter 7 Java Security Guidelines: Developing and Using Java More Securely
213(14)
Guidelines for Java Developers
214(7)
Guidelines for Java Users
221(5)
Guidelines Are Never Perfect
226(1)
Chapter 8 Java Card Security: How Smart Cards and Java Mix
227(18)
Java Security Goes Both Ways
228(1)
What Is a Smart Card?
229(2)
Why Put Java on a Smart Card?
231(1)
How Can Java Fit on a Card?
232(1)
How Secure Are Smart Cards?
233(6)
What Role Can Smart Cards Play in E-Commerce Systems?
239(1)
How Does the Use of Java Impact Smart Card Security?
240(4)
Managing Risks
244(1)
Chapter 9 The Future of Java Security: Challenges Facing Mobile Code
245(10)
Lessons from the Trenches
245(2)
Challenges for Secure Mobile Code
247(4)
Software Assurance for Java
251(1)
Should You Use Java?
252(3)
Appendix A Frequently Asked Questions: Java Security Java versus ActiveX
255(10)
Java Security
255(5)
Security Tradeoffs: Java versus ActiveX
260(5)
Appendix B The Java Security Hotlist
265(18)
Books
266(1)
Researchers
267(2)
FAQs
269(2)
Papers
271(3)
Talks/Articles
274(3)
Hostile Applets
277(2)
Commercial
279(2)
Mostly Harmless
281(2)
Appendix C How to Sign Java Code
283(30)
Signing Classes with the Netscape Object Signing Tool
284(8)
Signing Java Applets with Microsoft's Authenticode
292(5)
Comparing Authenticode to Netscape Object Signing
297(1)
Signing Code with Sun's JDK 1.1.x
297(6)
Differences Between Netscape Object Signing and
303(1)
JDK 1.1.x javakey
303(1)
Signing Code with Sun's Java 2
303(8)
Differences between JDK 1.1 Code Signing
311(1)
and Java 2 Code Signing
311(1)
In Conclusion
312(1)
References 313(6)
Index 319

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program