throbber
Amazon.com: A Glance: Inside Java 2 Platform Security: Architecture, API Design, and I...
`
`Page 1 of 8
`
`http://www.amazon.com/exec/obidos/ASIN/0201310007/
`
`30 captures
`14 Nov 1999 - 26 Jun 2003
`
`Go OCT NOV DEC
`14
`1998 1999 2001
`
`(cid:66) ⍰ ❎
`f (cid:64)
`▾ About this capture
`
`at a glance
`reviews
`customer
`comments
`if you like this
`book...
`table of contents
`e-mail a friend
`about this book...
`Keyword Search
`Books
`
`
`
`Full search: Books, Music,
`DVD & Video, Toys,
`Electronics, or Home
`Improvement
`
`Inside Java 2 Platform Security: Architecture, API Design, and
`Implementation
`by Li Gong
`
`Our Price: $34.95
`
`Availability: Usually
`ships within 24 hours.
`
`Click for larger picture
`
`Shopping with us is
`100% safe.
`Guaranteed.
`
`(We'll set one up for you)
`View my Wish List
`
`Paperback - 262 pages (June 1999)
`Addison-Wesley Pub Co; ISBN: 0201310007 ; Dimensions (in inches): 0.54 x 9.25 x 7.39
`Amazon.com Sales Rank: 8,451
`Avg. Customer Review:
`Number of Reviews: 3
`
`Write an online review and share your thoughts with other readers!
`
`Customers who bought this book also bought:
`
`• JavaSpaces(TM) Principles, Patterns and Practice (The Jini(TM)
`Technology Series); Eric Freeman, et al
`• The Jini(TM) Specification (The Jini(TM) Technology Series); Ken
`Arnold, et al
`• The Java Native Interface : Programmer's Guide and Specification
`(Java Series); Sheng Liang
`• JDBC(TM) API Tutorial and Reference, Second Edition: Universal
`Data Access for the Java(TM) 2 Platform (Java Series); Seth White, et
`al
`
`Click here for more suggestions...
`
`Our auction & zShops sellers recommend:
`
`• Gong Li CHINESE BOX Jeremy Irons Maggie Cheung
`"DRENCHINGLY ROMANTIC" (Current bid: $1.95)
`• JAVA LANGUAGE API SUPERBIBLE W/CD (Current bid: $14.99)
`• Secrets Of A Super Hacker (Price: $20.95)
`
`https://web.archive.org/web/19991114194120/http:/www.amazon.com/exec/obidos/ASIN/...
`
`1/24/2018
`
`GOOGLE EXHIBIT 1039
`Google LLC v. Blackberry Ltd.
`IPR2017-01619
`
`Page 1 of 8
`
`

`

`Amazon.com: A Glance: Inside Java 2 Platform Security: Architecture, API Design, and I...
`
`Page 2 of 8
`
`30 captures
`14 Nov 1999 - 26 Jun 2003
`
`Go OCT NOV DEC
`(cid:66) ⍰ ❎
`http://www.amazon.com/exec/obidos/ASIN/0201310007/
`Reviews
`14
`Amazon.com
`f (cid:64)
`1998 1999 2001
`An expert tour of security on the new Java 2 platform, Inside Java 2 Security
`▾ About this capture
`will find an enthusiastic audience among advanced Java developers and
`system administrators. As the author notes during the general discussion on
`network security, safeguarding your system goes far beyond mere
`cryptography.
`
`This book reviews multiple security threats and the strategies used to combat
`them, such as denial of service attacks, Trojan horses, and covert channels.
`In addition, it touches on the evolution of Java security from the restrictive
`days of the JDK 1.0 sandbox to the sophisticated security features available
`in Java 2, including a section that presents a list of 11 security bugs found in
`early versions of Java.
`
`Because Java 2 security is now policy-based, it must be managed by system
`administrators as part of enterprise security. A chapter on Java 2 security
`presents the "big picture" as well as the classes used to implement policy-
`based security where developers can control access to an entire system like
`files, network resources, or runtime permissions on code. The book also
`discusses the rather primitive tools used for Java 2 security management
`such as the policytool utility. For advanced developers, further sections
`demonstrate how to create new permission classes and how to make JDK 1.1
`security code migrate to Java 2.
`
`A section on the Java Cryptography Architecture (JCA) shows that Java 2
`supports the latest in encryption standards like SHA, DSA, RSA, and X.509
`certificates. The text concludes with some well-considered predictions for
`the future of security on the Java platform. In the meantime, this book shows
`you what you will need to know about security when committing to Java 2
`on the enterprise. Security is now part of the picture and will require both
`extra development time and administrative effort. --Richard Dragan
`
`Booknews, Inc.
`The Chief Java Security Architect at Sun Microsystems, where Java comes
`from, provides a detailed look at the central workings of Jana security
`architecture and describes security tools and techniques for successful
`implementation. He also discusses techniques for preserving object security,
`among them signing, sealing, and guarding objects.
`
`Book Description
`"The book is of enormous consequence and potential value. The Java(TM) 2
`Platform Security represents an advance of major proportions, and the
`information in this book is captured nowhere else." --Peter G. Neumann,
`Principal Scientist, SRI International Computer Science Lab, author of
`Computer-Related Risks, and Moderator of the Risks Forum
`
`"Profound! There are a large number of security pearls. I enjoyed and was
`very impressed by both the depth and breadth of the book." --Stephen
`
`https://web.archive.org/web/19991114194120/http:/www.amazon.com/exec/obidos/ASIN/...
`
`1/24/2018
`
`Page 2 of 8
`
`

`

`Amazon.com: A Glance: Inside Java 2 Platform Security: Architecture, API Design, and I...
`
`Page 3 of 8
`
`30 captures
`14 Nov 1999 - 26 Jun 2003
`
`Northcutt, Director of Research for Intrusion Detection and Response,
`Go OCT NOV DEC
`(cid:66) ⍰ ❎
`http://www.amazon.com/exec/obidos/ASIN/0201310007/
`14
`SANS Institute
`f (cid:64)
`1998 1999 2001
`Inside the Java(TM) 2 Platform Security is the definitive and comprehensive
`▾ About this capture
`guide to the Java security platform. Written by the Chief Java Security
`Architect at Sun, it provides a detailed look into the central workings of the
`Java(TM) security architecture and describes security tools and techniques
`for successful implementation.
`
`This book features detailed descriptions of the many enhancements
`incorporated within the security architecture that underlies the Java 2
`platform. It also provides a practical guide to the deployment of Java
`security, and shows how to customize, extend, and refine the core security
`architecture. For those new to the topic, the book includes an overview of
`computer and network security concepts and an explanation of the basic
`Java security model.
`
`You will find detailed discussions on such specific topics as:
`
`* The original Java sandbox security model * The new Java 2 Platform
`permission hierarchy * How Java security supports the secure loading of
`classes * Java 2 access control mechanisms * Policy configuration * Digital
`certificates * Security tools, including Key Store and Jar Signer * Secure
`Java programming techniques * Ways to customize the Java security
`architecture with new permission types * How to move legacy security code
`onto the Java(TM) 2 Platform
`
`In addition, the book discusses techniques for preserving object security-
`such as signing, sealing, and guarding objects-and outlines the Java
`cryptography architecture. Throughout, the book points out common
`mistakes and contains numerous code examples demonstrating the usage of
`classes and methods.
`
`With this complete and authoritative guide, you will gain a deeper
`understanding into how and why the Java security technology functions as it
`does, and will be better able to utilize its sophisticated security capabilities
`in the development of your applications.
`
`About the Author
`Li Gong, internationally renowned computer security expert and Chair of the
`Java Security Advisory Council, is Chief Java Security Architect and a
`Distinguished Engineer at Sun Microsystems, Inc. He is an Associate Editor
`of ACM Transactions on Information and System Security and The Journal
`of Computer Security, and served as Program Chair of the IEEE Symposium
`on Security and Privacy and the ACM Conference on Computer and
`Communications Security.
`
`Excerpted from Inside the Java(tm) 2 Platform Security Architecture:
`Cryptography, APIs, and Implementations(The Java(tm) Series) by Li
`
`https://web.archive.org/web/19991114194120/http:/www.amazon.com/exec/obidos/ASIN/...
`
`1/24/2018
`
`Page 3 of 8
`
`

`

`Amazon.com: A Glance: Inside Java 2 Platform Security: Architecture, API Design, and I...
`
`Page 4 of 8
`
`http://www.amazon.com/exec/obidos/ASIN/0201310007/
`
`30 captures
`14 Nov 1999 - 26 Jun 2003
`
`Go OCT NOV DEC
`14
`
`(cid:66) ⍰ ❎
`f (cid:64)
`1998 1999 2001
`▾ About this capture
`spring of 1995, strong and growing interest has developed regarding the
`security of the Java platform, as well as new security issues raised by the
`deployment of Java technology. This level of attention to security is a fairly
`new phenomenon in computing history. Most new computing technologies
`tend to ignore security considerations when they emerge initially, and most
`are never made more secure thereafter. Attempts made to do so typically are
`not very successful, as it is now well known that retrofitting security is
`usually very difficult, if not impossible, and often causes backward
`compatibility problems. Thus it is extremely fortunate that when Java
`technology burst on the Internet scene, security was one of its primary
`design goals. Its initial security model, although very simplistic, served as a
`great starting place, an Archimedean fulcrum. The engineering talents and
`strong management team at JavaSoft are the lever; together they made Java's
`extensive security architecture a reality.
`
`From a technology provider's point of view, security on the Java platform
`focuses on two aspects. The first is to provide the Java platform, primarily
`through the Java Development Kit, as a secure, platform on which to run
`Java-enabled applications in a secure fashion. The second is to provide
`security tools and services implemented in the Java programming language
`that enable a wider range of security-sensitive applications, for example, in
`the enterprise world.
`
`I wrote this book with many purposes in mind. First, I wanted to equip the
`reader with a brief but clear understanding of the overall picture of systems
`and network security, especially in the context of the Internet environment
`within which Java technology plays a central role, and how various security
`technologies relate to each other.
`
`Second, I wanted to provide a comprehensive description of the current
`security architecture on the Java platform. This includes language features,
`platform APIs, security policies, and their enforcement mechanisms.
`Whenever appropriate, I discuss not only how a feature functions, but also
`why it is designed in such a way and the alternative approaches that we--the
`Java security development team at Sun Microsystems--examined and
`rejected. When demonstrating the use of a class or its methods, I use real-
`world code examples whenever appropriate. Some of these examples are
`synthesized from the JDK 1.2 code source tree.
`
`Third, I sought to tell the reader about security deployment issues, both how
`an individual or an enterprise manages security and how to customize,
`extend, and enrich the existing security architecture. Finally, I wanted to
`help developers avoid programming errors by discussing a number of
`common mistakes and by providing tips for safe programming that can be
`immediately applied to ongoing projects.
`
`https://web.archive.org/web/19991114194120/http:/www.amazon.com/exec/obidos/ASIN/...
`
`1/24/2018
`
`Page 4 of 8
`
`

`

`Amazon.com: A Glance: Inside Java 2 Platform Security: Architecture, API Design, and I...
`
`Page 5 of 8
`
`30 captures
`14 Nov 1999 - 26 Jun 2003
`
`This book is organized as follows:
`
`How This Book Is Organized
`http://www.amazon.com/exec/obidos/ASIN/0201310007/
`
`Go OCT NOV DEC
`14
`
`(cid:66) ⍰ ❎
`f (cid:64)
`1998 1999 2001
`▾ About this capture
`* Chapter 1. A general background on computer, network, and information
`security * Chapter 2. A review of the original Java security model, the
`sandbox * Chapter 3. An in-depth look at the new security architecture in
`JDK 1.2, which is policy-driven and capable of enforcing fine-grained
`access controls * Chapter 4. An explanation of how to deploy and utilize the
`new security features in JDK 1.2, including security policy management,
`digital certificates, and various security tools * Chapter 5. A demonstration
`of how to customize various aspects of the security architecture, including
`how to move legacy security code onto the JDK 1.2 platform * Chapter 6. A
`review of techniques to make objects secure and tips for safe programming *
`Chapter 7. An outline of the Java cryptography architecture along with
`usage examples * Chapter 8. A look ahead to future directions for Java
`security
`
`This book is primarily for serious Java programmers and for security
`professionals who want to understand Java security issues both from a
`macro (architectural) point of view as well as from a micro (design and
`implementation) perspective. It is also suitable for nonexperts who are
`concerned about Internet security as a whole, as this book clears up a
`number of misconceptions around Java security.
`
`Throughout this book, I assume that the reader is familiar with the
`fundamentals of the Java language. For those who want to learn more about
`that language, the book by Arnold and Gosling is a good source. This book
`is not a complete API specification. For such details, please refer to JDK 1.2
`documentation.
`
`Acknowledgments
`
`It is a cliche to say that writing a book is not possible without the help of
`many others, but it is true. I am very grateful to Dick Neiss, my manager at
`JavaSoft, who encouraged me to write the book and regularly checked on
`my progress. Lisa Friendly, the Addison-Wesley Java series editor, helped
`by guiding me through the writing process while maintaining a constant but
`"friendly" pressure. The team at Addison-Wesley was tremendously helpful.
`I'd like particularly to thank Mike Hendrickson, Katherine Kwack, Marina
`Lang, Laura Michaels, Marty Rabinowitz, and Tracy Russ. They are always
`encouraging, kept faith in me, and rescued me whenever I encountered
`obstacles.
`
`This book is centered around JDK 1.2 security development, a project that
`lasted fully two years, during which many people inside and outside of Sun
`Microsystems contributed in one way or another to the design,
`implementation, testing, and documentation of the final product. I would
`like to acknowledge Dirk Balfanz, Bob Blakley, Josh Bloch, David Bowen,
`Gilad Bracha, David Brownell, Eric Chu, David Connelly, Mary Dageforde,
`
`https://web.archive.org/web/19991114194120/http:/www.amazon.com/exec/obidos/ASIN/...
`
`1/24/2018
`
`Page 5 of 8
`
`

`

`Amazon.com: A Glance: Inside Java 2 Platform Security: Architecture, API Design, and I...
`
`Page 6 of 8
`
`http://www.amazon.com/exec/obidos/ASIN/0201310007/
`
`30 captures
`14 Nov 1999 - 26 Jun 2003
`
`Go OCT NOV DEC
`14
`
`(cid:66) ⍰ ❎
`f (cid:64)
`1998 1999 2001
`▾ About this capture
`Roger Riggs, Jim Roskind, Nakul Saraiya, Roland Schemers, Bill Shannon,
`Tom van Vleck, Dan Wallach, and Frank Yellin. I also appreciate the
`technical guidance from James Gosling and Jim Mitchell, as well as
`management support from Dick Neiss, Jon Kannegaard, and Alan Baratz. I
`have had the pleasure of chairing the Java Security Advisory Council, and I
`thank the external members, Ed Felten, Peter Neumann, Jerome Saltzer,
`Fred Schneider, and Michael Schroeder for their participation and superb
`insights into all matters that relate to computer security.
`
`Isabel Cho, Lisa Friendly, Charlie Lai, Jan Luehe, Teresa Lunt, Laura
`Michaels, Stephen Northcutt, Peter Neumann, and a number of anonymous
`reviewers provided valuable comments on draft versions of this book.
`
`G. H. Hardy once said that young men should prove theorems, while old
`men should write books. It is now time to prove some more theorems.
`
`Li Gong, Los Altos, California, June 1999
`
`Customer Comments
`Average Customer Review:
`
`Number of Reviews: 3
`
`A reader from Colorado Springs , September 2, 1999
`Simple coverage
`This uninspired coverage of the Security API is a real disappointment
`considering that it comes from Sun. The Security API is not trivial and the
`150 pages that cover Security API classes are not sufficient to provide the
`in-depth analysis needed to understand and manipulate the API. This book is
`a good overview of the Security API. There are some good general security
`discussions, and some historical perspectives on why the API is designed the
`way it is. I read this book after reading the O'Reilly security book which is
`much more thorough.
`
`A reader from Fredricksburg, VA , June 10, 1999
`This book is a must for anyone interested in Java security.
`One of my coworkers asked me today whether I thought a Java based
`approach to email encryption was sensible; how could he evaluate the merits
`of the design? I told him the first thing I would do is get Li Gong's book
`"Inside Java 2 Platform Security," it is the most complete coverage of Java
`security available, and read it cover to cover. Then we could discuss the
`problem in depth.
`
`hhinton@ee.ryerson.ca from Toronto, Canada , May 26, 1999
`Required reading for anyone planning to use the Java SA
`This book provides comprehensive coverage of the Java Security
`Architecture.
`
`https://web.archive.org/web/19991114194120/http:/www.amazon.com/exec/obidos/ASIN/...
`
`1/24/2018
`
`Page 6 of 8
`
`

`

`Amazon.com: A Glance: Inside Java 2 Platform Security: Architecture, API Design, and I...
`
`Page 7 of 8
`
`http://www.amazon.com/exec/obidos/ASIN/0201310007/
`
`30 captures
`14 Nov 1999 - 26 Jun 2003
`
`Go OCT NOV DEC
`14
`
`(cid:66) ⍰ ❎
`f (cid:64)
`1998 1999 2001
`▾ About this capture
`Architecture, with a detailed description of what is there, why it is there and
`how to use it. Sections on deploying and customizing the SA are of practical
`use to anyone in this situation. The book also contains a concise and useful
`discussion of object security and how to go about getting it. There is a
`detailed discussion of the Java Cryptography Architecture, a must if you
`plan on using the cryptographic functionality. The book concludes with a
`thought-provoking section on future directions. This book stands out
`because of the insightful discussions on why design decisions were made
`and the implications of these decisions. This makes the book interesting
`reading even if you aren't going to implement the SA in the immediate
`future. If you are planning on implementing the SA, don't do it without this
`book within grabbing distance.
`
`Customers who bought titles by Li Gong also bought
`titles by these authors:
`
`• Ken Arnold
`• Eric Freeman
`• Sheng Liang
`• W. Keith Edwards
`• Seth White
`
`Look for similar books by subject:
`Browse other Computers & Internet titles.
`Computer Books: General
`Computer Programming Languages
`Computer Data Security
`Computer Bks - Languages / Programming
`Computers
`Programming Languages - Java
`Security
`Operating Systems - General
`Find books matching ALL checked subjects
`i.e., each book must be in subject 1 AND subject 2 AND ...
`
`• I have read this book, and I want to review it.
`• I am the Author, and I want to comment on my book.
`• I am the Publisher, and I want to comment on this book.
`
`Text Only
`
`Top of Page
`
`https://web.archive.org/web/19991114194120/http:/www.amazon.com/exec/obidos/ASIN/...
`
`1/24/2018
`
`Page 7 of 8
`
`

`

`Amazon.com: A Glance: Inside Java 2 Platform Security: Architecture, API Design, and I...
`
`Page 8 of 8
`
`http://www.amazon.com/exec/obidos/ASIN/0201310007/
`
`30 captures
`14 Nov 1999 - 26 Jun 2003
`
`Go OCT NOV DEC
`14
`
`1998 1999 2001
`
`(cid:66) ⍰ ❎
`f (cid:64)
`▾ About this capture
`
`Computers & Internet | Kids | Business & Investing
`
`Amazon.co.uk | Amazon.de
`
`Legal Notices © 1996-1999, Amazon.com, Inc.
`
`https://web.archive.org/web/19991114194120/http:/www.amazon.com/exec/obidos/ASIN/...
`
`1/24/2018
`
`Page 8 of 8
`
`

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket