Amazon.com: A Glance: Inside Java 2 Platform Security: Architecture, API Design, and I...
`
`Page 1 of 8
`
`http://www.amazon.com/exec/obidos/ASIN/0201310007/
`
`30 captures
`14 Nov 1999 - 26 Jun 2003
`
`Go OCT NOV DEC
`14
`1998 1999 2001
`
`(cid:66) ⍰ ❎
`f (cid:64)
`▾ About this capture
`
`at a glance
`reviews
`customer
`comments
`if you like this
`book...
`table of contents
`e-mail a friend
`about this book...
`Keyword Search
`Books
`
`
`
`Full search: Books, Music,
`DVD & Video, Toys,
`Electronics, or Home
`Improvement
`
`Inside Java 2 Platform Security: Architecture, API Design, and
`Implementation
`by Li Gong
`
`Our Price: $34.95
`
`Availability: Usually
`ships within 24 hours.
`
`Click for larger picture
`
`Shopping with us is
`100% safe.
`Guaranteed.
`
`(We'll set one up for you)
`View my Wish List
`
`Paperback - 262 pages (June 1999)
`Addison-Wesley Pub Co; ISBN: 0201310007 ; Dimensions (in inches): 0.54 x 9.25 x 7.39
`Amazon.com Sales Rank: 8,451
`Avg. Customer Review:
`Number of Reviews: 3
`
`Write an online review and share your thoughts with other readers!
`
`Customers who bought this book also bought:
`
`• JavaSpaces(TM) Principles, Patterns and Practice (The Jini(TM)
`Technology Series); Eric Freeman, et al
`• The Jini(TM) Specification (The Jini(TM) Technology Series); Ken
`Arnold, et al
`• The Java Native Interface : Programmer's Guide and Specification
`(Java Series); Sheng Liang
`• JDBC(TM) API Tutorial and Reference, Second Edition: Universal
`Data Access for the Java(TM) 2 Platform (Java Series); Seth White, et
`al
`
`Click here for more suggestions...
`
`Our auction & zShops sellers recommend:
`
`• Gong Li CHINESE BOX Jeremy Irons Maggie Cheung
`"DRENCHINGLY ROMANTIC" (Current bid: $1.95)
`• JAVA LANGUAGE API SUPERBIBLE W/CD (Current bid: $14.99)
`• Secrets Of A Super Hacker (Price: $20.95)
`
`https://web.archive.org/web/19991114194120/http:/www.amazon.com/exec/obidos/ASIN/...
`
`1/24/2018
`
`GOOGLE EXHIBIT 1039
`Google LLC v. Blackberry Ltd.
`IPR2017-01620
`
`Page 1 of 8
`
`

`

`Amazon.com: A Glance: Inside Java 2 Platform Security: Architecture, API Design, and I...
`
`Page 2 of 8
`
`30 captures
`14 Nov 1999 - 26 Jun 2003
`
`Go OCT NOV DEC
`(cid:66) ⍰ ❎
`http://www.amazon.com/exec/obidos/ASIN/0201310007/
`Reviews
`14
`Amazon.com
`f (cid:64)
`1998 1999 2001
`An expert tour of security on the new Java 2 platform, Inside Java 2 Security
`▾ About this capture
`will find an enthusiastic audience among advanced Java developers and
`system administrators. As the author notes during the general discussion on
`network security, safeguarding your system goes far beyond mere
`cryptography.
`
`This book reviews multiple security threats and the strategies used to combat
`them, such as denial of service attacks, Trojan horses, and covert channels.
`In addition, it touches on the evolution of Java security from the restrictive
`days of the JDK 1.0 sandbox to the sophisticated security features available
`in Java 2, including a section that presents a list of 11 security bugs found in
`early versions of Java.
`
`Because Java 2 security is now policy-based, it must be managed by system
`administrators as part of enterprise security. A chapter on Java 2 security
`presents the "big picture" as well as the classes used to implement policy-
`based security where developers can control access to an entire system like
`files, network resources, or runtime permissions on code. The book also
`discusses the rather primitive tools used for Java 2 security management
`such as the policytool utility. For advanced developers, further sections
`demonstrate how to create new permission classes and how to make JDK 1.1
`security code migrate to Java 2.
`
`A section on the Java Cryptography Architecture (JCA) shows that Java 2
`supports the latest in encryption standards like SHA, DSA, RSA, and X.509
`certificates. The text concludes with some well-considered predictions for
`the future of security on the Java platform. In the meantime, this book shows
`you what you will need to know about security when committing to Java 2
`on the enterprise. Security is now part of the picture and will require both
`extra development time and administrative effort. --Richard Dragan
`
`Booknews, Inc.
`The Chief Java Security Architect at Sun Microsystems, where Java comes
`from, provides a detailed look at the central workings of Jana security
`architecture and describes security tools and techniques for successful
`implementation. He also discusses techniques for preserving object security,
`among them signing, sealing, and guarding objects.
`
`Book Description
`"The book is of enormous consequence and potential value. The Java(TM) 2
`Platform Security represents an advance of major proportions, and the
`information in this book is captured nowhere else." --Peter G. Neumann,
`Principal Scientist, SRI International Computer Science Lab, author of
`Computer-Related Risks, and Moderator of the Risks Forum
`
`"Profound! There are a large number of security pearls. I enjoyed and was
`very impressed by both the depth and breadth of the book." --Stephen
`
`https://web.archive.org/web/19991114194120/http:/www.amazon.com/exec/obidos/ASIN/...
`
`1/24/2018
`
`Page 2 of 8
`
`

`

`Amazon.com: A Glance: Inside Java 2 Platform Security: Architecture, API Design, and I...
`
`Page 3 of 8
`
`30 captures
`14 Nov 1999 - 26 Jun 2003
`
`Northcutt, Director of Research for Intrusion Detection and Response,
`Go OCT NOV DEC
`(cid:66) ⍰ ❎
`http://www.amazon.com/exec/obidos/ASIN/0201310007/
`14
`SANS Institute
`f (cid:64)
`1998 1999 2001
`Inside the Java(TM) 2 Platform Security is the definitive and comprehensive
`▾ About this capture
`guide to the Java security platform. Written by the Chief Java Security
`Architect at Sun, it provides a detailed look into the central workings of the
`Java(TM) security architecture and describes security tools and techniques
`for successful implementation.
`
`This book features detailed descriptions of the many enhancements
`incorporated within the security architecture that underlies the Java 2
`platform. It also provides a practical guide to the deployment of Java
`security, and shows how to customize, extend, and refine the core security
`architecture. For those new to the topic, the book includes an overview of
`computer and network security concepts and an explanation of the basic
`Java security model.
`
`You will find detailed discussions on such specific topics as:
`
`* The original Java sandbox security model * The new Java 2 Platform
`permission hierarchy * How Java security supports the secure loading of
`classes * Java 2 access control mechanisms * Policy configuration * Digital
`certificates * Security tools, including Key Store and Jar Signer * Secure
`Java programming techniques * Ways to customize the Java security
`architecture with new permission types * How to move legacy security code
`onto the Java(TM) 2 Platform
`
`In addition, the book discusses techniques for preserving object security-
`such as signing, sealing, and guarding objects-and outlines the Java
`cryptography architecture. Throughout, the book points out common
`mistakes and contains numerous code examples demonstrating the usage of
`classes and methods.
`
`With this complete and authoritative guide, you will gain a deeper
`understanding into how and why the Java security technology functions as it
`does, and will be better able to utilize its sophisticated security capabilities
`in the development of your applications.
`
`About the Author
`Li Gong, internationally renowned computer security expert and Chair of the
`Java Security Advisory Council, is Chief Java Security Architect and a
`Distinguished Engineer at Sun Microsystems, Inc. He is an Associate Editor
`of ACM Transactions on Information and System Security and The Journal
`of Computer Security, and served as Program Chair of the IEEE Symposium
`on Security and Privacy and the ACM Conference on Computer and
`Communications Security.
`
`Excerpted from Inside the Java(tm) 2 Platform Security Architecture:
`Cryptography, APIs, and Implementations(The Java(tm) Series) by Li
`
`https://web.archive.org/web/19991114194120/http:/www.amazon.com/exec/obidos/ASIN/...
`
`1/24/2018
`
`Page 3 of 8
`
`

`

`Amazon.com: A Glance: Inside Java 2 Platform Security: Architecture, API Design, and I...
`
`Page 4 of 8
`
`http://www.amazon.com/exec/obidos/ASIN/0201310007/
`
`30 captures
`14 Nov 1999 - 26 Jun 2003
`
`Go OCT NOV DEC
`14
`
`(cid:66) ⍰ ❎
`f (cid:64)
`1998 1999 2001
`▾ About this capture
`spring of 1995, strong and growing interest has developed regarding the
`security of the Java platform, as well as new security issues raised by the
`deployment of Java technology. This level of attention to security is a fairly
`new phenomenon in computing history. Most new computing technologies
`tend to ignore security considerations when they emerge initially, and most
`are never made more secure thereafter. Attempts made to do so typically are
`not very successful, as it is now well known that retrofitting security is
`usually very difficult, if not impossible, and often causes backward
`compatibility problems. Thus it is extremely fortunate that when Java
`technology burst on the Internet scene, security was one of its primary
`design goals. Its initial security model, although very simplistic, served as a
`great starting place, an Archimedean fulcrum. The engineering talents and
`strong management team at JavaSoft are the lever; together they made Java's
`extensive security architecture a reality.
`
`From a technology provider's point of view, security on the Java platform
`focuses on two aspects. The first is to provide the Java platform, primarily
`through the Java Development Kit, as a secure, platform on which to run
`Java-enabled applications in a secure fashion. The second is to provide
`security tools and services implemented in the Java programming language
`that enable a wider range of security-sensitive applications, for example, in
`the enterprise world.
`
`I wrote this book with many purposes in mind. First, I wanted to equip the
`reader with a brief but clear understanding of the overall picture of systems
`and network security, especially in the context of the Internet environment
`within which Java technology plays a central role, and how various security
`technologies relate to each other.
`
`Second, I wanted to provide a comprehensive description of the current
`security architecture on the Java platform. This includes language features,
`platform APIs, security policies, and their enforcement mechanisms.
`Whenever appropriate, I discuss not only how a feature functions, but also
`why it is designed in such a way and the alternative approaches that we--the
`Java security development team at Sun Microsystems--examined and
`rejected. When demonstrating the use of a class or its methods, I use real-
`world code examples whenever appropriate. Some of these examples are
`synthesized from the JDK 1.2 code source tree.
`
`Third, I sought to tell the reader about security deployment issues, both how
`an individual or an enterprise manages security and how to customize,
`extend, and enrich the existing security architecture. Finally, I wanted to
`help developers avoid programming errors by discussing a number of
`common mistakes and by providing tips for safe programming that can be
`immediately applied to ongoing projects.
`
`https://web.archive.org/web/19991114194120/http:/www.amazon.com/exec/obidos/ASIN/...
`
`1/24/2018
`
`Page 4 of 8
`
`

`

`Amazon.com: A Glance: Inside Java 2 Platform Security: Architecture, API Design, and I...
`
`Page 5 of 8
`
`30 captures
`14 Nov 1999 - 26 Jun 2003
`
`This book is organized as follows:
`
`How This Book Is Organized
`http://www.amazon.com/exec/obidos/ASIN/0201310007/
`
`Go OCT NOV DEC
`14
`
`(cid:66) ⍰ ❎
`f (cid:64)
`1998 1999 2001
`▾ About this capture
`* Chapter 1. A general background on computer, network, and information
`security * Chapter 2. A review of the original Java security model, the
`sandbox * Chapter 3. An in-depth look at the new security architecture in
`JDK 1.2, which is policy-driven and capable of enforcing fine-grained
`access controls * Chapter 4. An explanation of how to deploy and utilize the
`new security features in JDK 1.2, including security policy management,
`digital certificates, and various security tools * Chapter 5. A demonstration
`of how to customize various aspects of the security architecture, including
`how to move legacy security code onto the JDK 1.2 platform * Chapter 6. A
`review of techniques to make objects secure and tips for safe programming *
`Chapter 7. An outline of the Java cryptography architecture along with
`usage examples * Chapter 8. A look ahead to future directions for Java
`security
`
`This book is primarily for serious Java programmers and for security
`professionals who want to understand Java security issues both from a
`macro (architectural) point of view as well as from a micro (design and
`implementation) perspective. It is also suitable for nonexperts who are
`concerned about Internet security as a whole, as this book clears up a
`number of misconceptions around Java security.
`
`Throughout this book, I assume that the reader is familiar with the
`fundamentals of the Java language. For those who want to learn more about
`that language, the book by Arnold and Gosling is a good source. This book
`is not a complete API specification. For such details, please refer to JDK 1.2
`documentation.
`
`Acknowledgments
`
`It is a cliche to say that writing a book is not possible without the help of
`many others, but it is true. I am very grateful to Dick Neiss, my manager at
`JavaSoft, who encouraged me to write the book and regularly checked on
`my progress. Lisa Friendly, the Addison-Wesley Java series editor, helped
`by guiding me through the writing process while maintaining a constant but
`"friendly" pressure. The team at Addison-Wesley was tremendously helpful.
`I'd like particularly to thank Mike Hendrickson, Katherine Kwack, Marina
`Lang, Laura Michaels, Marty Rabinowitz, and Tracy Russ. They are always
`encouraging, kept faith in me, and rescued me whenever I encountered
`obstacles.
`
`This book is centered around JDK 1.2 security development, a project that
`lasted fully two years, during which many people inside and outside of Sun
`Microsystems contributed in one way or another to the design,
`implementation, testing, and documentation of the final product. I would
`like to acknowledge Dirk Balfanz, Bob Blakley, Josh Bloch, David Bowen,
`Gilad Bracha, David Brownell, Eric Chu, David Connelly, Mary Dageforde,
`
`https://web.archive.org/web/19991114194120/http:/www.amazon.com/exec/obidos/ASIN/...
`
`1/24/2018
`
`Page 5 of 8
`
`

`

`Amazon.com: A Glance: Inside Java 2 Platform Security: Architecture, API Design, and I...
`
`Page 6 of 8
`
`http://www.amazon.com/exec/obidos/ASIN/0201310007/
`
`30 captures
`14 Nov 1999 - 26 Jun 2003
`
`Go OCT NOV DEC
`14
`
`(cid:66) ⍰ ❎
`f (cid:64)
`1998 1999 2001
`▾ About this capture
`Roger Riggs, Jim Roskind, Nakul Saraiya, Roland Schemers, Bill Shannon,
`Tom van Vleck, Dan Wallach, and Frank Yellin. I also appreciate the
`technical guidance from James Gosling and Jim Mitchell, as well as
`management support from Dick Neiss, Jon Kannegaard, and Alan Baratz. I
`have had the pleasure of chairing the Java Security Advisory Council, and I
`thank the external members, Ed Felten, Peter Neumann, Jerome Saltzer,
`Fred Schneider, and Michael Schroeder for their participation and superb
`insights into all matters that relate to computer security.
`
`Isabel Cho, Lisa Friendly, Charlie Lai, Jan Luehe, Teresa Lunt, Laura
`Michaels, Stephen Northcutt, Peter Neumann, and a number of anonymous
`reviewers provided valuable comments on draft versions of this book.
`
`G. H. Hardy once said that young men should prove theorems, while old
`men should write books. It is now time to prove some more theorems.
`
`Li Gong, Los Altos, California, June 1999
`
`Customer Comments
`Average Customer Review:
`
`Number of Reviews: 3
`
`A reader from Colorado Springs , September 2, 1999
`Simple coverage
`This uninspired coverage of the Security API is a real disappointment
`considering that it comes from Sun. The Security API is not trivial and the
`150 pages that cover Security API classes are not sufficient to provide the
`in-depth analysis needed to understand and manipulate the API. This book is
`a good overview of the Security API. There are some good general security
`discussions, and some historical perspectives on why the API is designed the
`way it is. I read this book after reading the O'Reilly security book which is
`much more thorough.
`
`A reader from Fredricksburg, VA , June 10, 1999
`This book is a must for anyone interested in Java security.
`One of my coworkers asked me today whether I thought a Java based
`approach to email encryption was sensible; how could he evaluate the merits
`of the design? I told him the first thing I would do is get Li Gong's book
`"Inside Java 2 Platform Security," it is the most complete coverage of Java
`security available, and read it cover to cover. Then we could discuss the
`problem in depth.
`
`hhinton@ee.ryerson.ca from Toronto, Canada , May 26, 1999
`Required reading for anyone planning to use the Java SA
`This book provides comprehensive coverage of the Java Security
`Architecture.
`
`https://web.archive.org/web/19991114194120/http:/www.amazon.com/exec/obidos/ASIN/...
`
`1/24/2018
`
`Page 6 of 8
`
`

`

`Amazon.com: A Glance: Inside Java 2 Platform Security: Architecture, API Design, and I...
`
`Page 7 of 8
`
`http://www.amazon.com/exec/obidos/ASIN/0201310007/
`
`30 captures
`14 Nov 1999 - 26 Jun 2003
`
`Go OCT NOV DEC
`14
`
`(cid:66) ⍰ ❎
`f (cid:64)
`1998 1999 2001
`▾ About this capture
`Architecture, with a detailed description of what is there, why it is there and
`how to use it. Sections on deploying and customizing the SA are of practical
`use to anyone in this situation. The book also contains a concise and useful
`discussion of object security and how to go about getting it. There is a
`detailed discussion of the Java Cryptography Architecture, a must if you
`plan on using the cryptographic functionality. The book concludes with a
`thought-provoking section on future directions. This book stands out
`because of the insightful discussions on why design decisions were made
`and the implications of these decisions. This makes the book interesting
`reading even if you aren't going to implement the SA in the immediate
`future. If you are planning on implementing the SA, don't do it without this
`book within grabbing distance.
`
`Customers who bought titles by Li Gong also bought
`titles by these authors:
`
`• Ken Arnold
`• Eric Freeman
`• Sheng Liang
`• W. Keith Edwards
`• Seth White
`
`Look for similar books by subject:
`Browse other Computers & Internet titles.
`Computer Books: General
`Computer Programming Languages
`Computer Data Security
`Computer Bks - Languages / Programming
`Computers
`Programming Languages - Java
`Security
`Operating Systems - General
`Find books matching ALL checked subjects
`i.e., each book must be in subject 1 AND subject 2 AND ...
`
`• I have read this book, and I want to review it.
`• I am the Author, and I want to comment on my book.
`• I am the Publisher, and I want to comment on this book.
`
`Text Only
`
`Top of Page
`
`https://web.archive.org/web/19991114194120/http:/www.amazon.com/exec/obidos/ASIN/...
`
`1/24/2018
`
`Page 7 of 8
`
`

`

`Amazon.com: A Glance: Inside Java 2 Platform Security: Architecture, API Design, and I...
`
`Page 8 of 8
`
`http://www.amazon.com/exec/obidos/ASIN/0201310007/
`
`30 captures
`14 Nov 1999 - 26 Jun 2003
`
`Go OCT NOV DEC
`14
`
`1998 1999 2001
`
`(cid:66) ⍰ ❎
`f (cid:64)
`▾ About this capture
`
`Computers & Internet | Kids | Business & Investing
`
`Amazon.co.uk | Amazon.de
`
`Legal Notices © 1996-1999, Amazon.com, Inc.
`
`https://web.archive.org/web/19991114194120/http:/www.amazon.com/exec/obidos/ASIN/...
`
`1/24/2018
`
`Page 8 of 8
`
`