..,829,..53%isN223223%
`
`Page 1 of 13
`
`GOOGLE EXHIBIT 1037
`
`
`
`Page 1 of 13
`
`GOOGLE EXHIBIT 1037
`
`
`
`
`
`Page 2 of 13
`
`Page 2 of 13
`
`
`
`Inside JavaTM 2
`
`TX 5-045-888
`IIIMIIWI““WIWIWIIJHMIIWIHMWIIIHWII‘
`
`Platform Security
`
`Page 3 of 13
`
`
`
`The Java“ Series
`
`Ken Arnold and James Gosling, The Java“
`Programming Language, Second Edition
`ISBN 0—201-31006-6
`
`Mary Campione and Kathy Walrath, The Java‘"
`Tutorial, Second Edition: Object—Oriented
`Programming for the Internet (Book/CD)
`ISBN 0—201—31007-4
`
`Mary Campione, Kathy Walrath, Alison Huml, and
`the Tutorial Team, The Java‘” Tutorial Continued:
`The Rest of the JDKm (Book/CD)
`ISBN 0—201-48558~3
`
`Patrick Chan, The Java“ Developers Almanac 1999
`ISBN 0-201-43298-6
`
`Patrick Chan and Rosanna Lee, The Java1M Class
`Libraries, Second Edition, Volume 2: java.applet,
`java. awt, javabeans
`'
`ISBN 0-201-31003-1
`
`Patrick Chan, Rosanna Lee, and Doug Kramer,
`The Java” Class Libraries, Second Edition,
`Volume I: javaio, javalang, javaimath,
`java. net, java. text, javautil
`ISBN 0-201-31002-3
`
`Patrick Chan, Rosanna Lee, and Doug Kramer,
`The JavarM Class Libraries, Second Edition,
`Volume I : Supplementfor the Java” 2 Platform,
`Standard Edition, v1.2
`ISBN 0-201-48552—4
`
`Li Gong, Inside the Java” 2 Platform Security
`Architecture: Cryptography, APIs, and
`Implementation
`ISBN 0-20l-31000-7
`
`James Gosling, Bill Joy, and Guy Steele,
`The Java“ Language Specification
`ISBN 0-201a6345 1-]
`
`James Gosling, Frank Yellin, and The Java Team,
`The Javam Application Programming Interface,
`Volume 1: Core Packages
`ISBN 0-201-63453-8
`
`James Gosling, Frank Yellin, and The Java Team,
`The Java“ Application Programming Interface,
`Volume 2: Window Toolkit and Applets
`ISBN 0-201-63459-7
`
`Jonni Kanerva, The Java“ FAQ
`ISBN 0—201—63456—2
`
`Doug Lea, Concurrent Programming in Java“:
`Design Principles and Patterns
`ISBN 0-201-69581-2
`
`Sheng Liang, The Java” Native Interface:
`Programmer’s Guide and Specification
`ISBN 0-201-32577-2
`
`Tim Lindholm and Frank Yellin, The Java“ Virtual
`Machine Specification, Second Edition
`ISBN 0-201-43294-3
`
`Henry Sowizral, Kevin Rushforth, and Michael
`Deering, The Java“ 3D API Specification
`ISBN 0-201-32576-4
`
`Kathy Walrath and Mary Campione, The IFC Swing
`Tutorial: A Guide to Constructing GUIs
`ISBN 0-201—43321-4
`
`Seth White, Ma‘ydene Fisher, Rick Cattell, Graham
`Hamilton, and Mark Hapner, JDBC'“ API Tutorial
`and Reference, Second Edition: Universal Data
`Access for the Java'" 2 Platform
`
`Lisa Friendly, Series Editor
`Tim Lindholm, Technical Editor
`Please see our web site (http://www.awl.com /cseng/j avaseries) for more information on these titles.
`
`ISBN 0—201—43328—1
`
`Page 4 of 13
`
`
`
`Inside avam 2
`Platform Security
`
`Bonn ' Amsterdam - Tokyo 0 Mexico City
`
`ADDISON-WESLEY
`An imprint of Addison Wesley Longman, Inc.
`
`Reading, Massachusetts 0 Harlow, England . Menlo Park, California
`Berkeley, California 0 Don Mills, Ontario 0 Sydney
`
`Architecture, API Design,
`
`and Implementation
`
`A
`VV
`
`Page 5 of 13
`
`
`
`Copyright © 1999 Sun Microsystems, Inc., 901 San Antonio Road, Palo Alto, CA, 94303, USA.
`All rights reserved.
`‘
`
`DukeTM designed by Joe Palrang.
`
`THIS PUBLICATION IS PROVIDED “AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
`EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
`OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGE-
`MENT.
`
`THIS PUBLICATION COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHI-
`CAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN;
`THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THE PUBLICATION.
`SUN, MICROSYSTEMS, INC, MAY MAKE IMPROVEMENTS AND/OR CHANGES IN ANY
`TECHNOLOGY, PRODUCT, OR PROGRAM DESCRIBED IN THIS PUBLICATION AT ANY
`TIME.
`
`The publisher offers discounts on this book when ordered in quantity for special sales. For more information, please
`contact: Corporate, Government and Special Sales; Addison Wesley Longman, Incl; One Jacob Way; Reading, Massa-
`
`Sun Microsystems, Inc. has intellectual property rights relating to implementations of the technology
`described in this publication. In particular, and without limitation, these intellectual property rights
`may include one or more US. patents,
`foreign patents, or pending applications. Sun, Sun
`Microsystems, the Sun logo, and all Sun, Java, Jini, and Solaris based trademarks and logos are
`trademarks or registered trademarks of Sun Mitrosystems, Inc.,
`in the United States and other
`countries. UNIX is a registered trademark in the United States and other countries, exclusively licensed
`through X/Open Company, Ltd.
`
`flip/a
`
`chusetts01867.
`ISBN: 0-201-31000—7
`
`_
`
`1 2 3 4 5 6 7 8 9-CRS-03UZOIOO99
`First Printing, June 1999
`
`é
`
`fl
`fl
`. 73
`
`Jsrélés
`Hf?
`
`Page 6 of 13
`
`
`
`Contents
`
`
`
`
`
`
`
`
`
`
`
`
`How This Book Is Organized .
`Acknowledgments .
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`.
`.
`
`Computer and Network Security Fundamentals . . . . . . . . . .
`1.1 Cryptography versus Computer Security .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`1.2 Threats and Protection .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`1.3 Perimeter Defense .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`1.3.1 Firewalls .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`i
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`xi
`
`.
`.
`
`. xii
`.
`. xiii
`
`. . . . 1
`.
`.
`.
`. 2
`.
`.
`.
`. 3
`.
`.
`.
`. 4
`.
`. .. 6
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`. 6
`. 7
`. 7
`. 8
`
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`a
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`1.4.3 Static versus Dynamic Models .
`1.4.4 Considerations Concerning the Use of Security Models .
`1.5 Using Cryptography .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`1.5.1 One-Way Hash Functions .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`1.5 .2 Symmetric Ciphers .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. .
`.
`.
`.
`1.5.3 Asymmetric Ciphers .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`1.6 Authentication .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`1.7 Mobile Code .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`1.3.2 Inadequacies of Perimeter Defense Alone .
`1.4 Access Control and Security Models .
`.
`.
`.
`.
`.
`.
`.
`.
`1.4.1 MAC and DAC Models .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`1.4.2 Access to Data and Information .
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`1.8 Where Does Java Security Fit In .
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`. .
`
`.
`
`.
`
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`
`. 9
`.
`.
`.
`. 10
`.
`.
`. . 11
`.
`.
`. 12
`.
`.
`. 13
`.
`. .. 14
`. .. 15
`.
`.
`. 17
`
`.
`
`. . 18
`
`Basic Security for the Java Language. . . . . . . . . . . . . . . . . . . . . . 21
`2.1 The Java Language and Platform .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 22
`2.2 Basic Security Architecture .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`’.
`.
`.
`.
`.
`.
`.
`. 23
`2.3 Bytecode Verification and Type Safety .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 25
`2.4 Signed Applets .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.~.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. .. 27
`
`2.5 A Brief History of Security Bugs and Fixes .
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`. . . ,
`
`._
`
`_
`
`Page 7 of 13
`
`
`
`3 JDK1.28ecurityArchitecture........................... 33
`3.1 From the Beginning .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 33
`3.2 Why a New Security Architecture .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 34
`3.2.1 Sandbox Restrictions on Applets Too Limiting .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 34
`3.2.2 Insufficient Separation Between Policy and Enforcement .
`.
`.
`.
`.
`.
`.
`.
`.
`. 35
`3.2.3 Security Checks Not Easily Extensible .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 35
`3.2.4 Locally Installed Applets Too Easily Trusted .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 36
`3.2.5 Internal Security Mechanisms Fragile .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 36
`3.2.6 Summary .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 37
`java.securi ty.Genera'l SecurityException .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. .. 37
`Security Policy .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 38
`CodeSource .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`,
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 41
`
`. .. 85
`
`CONTENTS
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`. 43
`.
`.
`. .. 45
`. .. 46
`.
`.
`. 48
`
`. .. 50
`. .. 52
`. .. 55
`. .. 59
`. .. 59
`. .. 61
`. .. 62
`. .. 63
`. .. 63
`. .. 64
`. .. 64
`. .. 65
`.
`.
`. 66
`.
`.
`. 66
`.
`.
`. 68
`.
`.
`. 69
`
`. 71
`.
`.
`. 72
`.
`.
`. 74
`.
`.
`. .. 79
`. .. 80
`. .. 81
`. .. 83
`
`.
`.
`
`.
`.
`
`. 83
`. 84
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`3.5.1 Testing for Equality and Using Implication .
`Permission Hierarchy .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`3.6.1 java.security. Permission .
`.
`.
`.
`.
`.
`.
`.
`.
`3.6.2 Permission Sets .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`3.6.3 java.security.UnresolvedPermission .
`.
`.
`.
`3.6.4 java.io.FilePermission .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`3.6.5 java.net.SocketPermission .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`3.6.6 java.security. BasicPermission .
`.
`.
`.
`.
`.
`.
`.
`.
`3.6.7 java. util .PropertyPe rmi ssi on .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`3.6.8 java.lang.RuntimePermission .2).
`.
`.
`.
`.
`.
`.
`.
`.
`3.6.9 java.awt.AWTPermission .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`3.6.10 java.net.NetPermission .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`3.6.11 java. lang.ref'lect. ReflectPermission .
`3.6.12 java.i0.SerializablePermission .
`.
`.
`.
`.
`.
`.
`3.6.13 java. security.SecurityPermi ssion .
`.
`.
`.
`.
`3.6.14 java.security.AllPermission .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`3.6.15 Implications of Permission Implications .
`.
`.
`.
`.
`.
`.
`Assigning Permissions .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`3.7.1 Positive versus Negative Permissions .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`Protecti onDomai n .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`Securely Loading Classes .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`3.9.1 Class Loader Hierarchy .
`3.9.2 java. 1 ang . Cl assLoader and Delegation .
`3.9.3 java.secur‘ity.SecureClassLoader .
`.
`.
`3.9.4 java.net.URLC'|assLoader .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`3.9.5 Classpaths .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`java.lang.SecurityManager .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`_. 3.10.1 Example Use of the Security Manager .
`g :3._19.2~Unchanged APIs in JDK 1.2 .
`.
`.
`.
`.
`.
`.
`.
`3.101’3‘rpéprecated Methods in JDK 1.2 .
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`Page 8 of 13
`
`
`
`CONTENTS
`
`3.11
`
`.
`.
`.
`.
`.
`.
`.
`java.secur"i ty.AccessControIIer .
`3.11.1 Interface Design ofAccessController .
`3.11.2 The Basic Access Control Algorithm .
`.
`.
`.
`.
`3.11.3 Method Inheritance .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`3.11.4 Extending the Basic Algorithm with Privileged Operations .
`3.11.5 Three Types of Privileged Actions .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. .-.
`.
`.
`.
`.
`.
`.
`.
`3.11.6 The Context of Access Control .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`3.11.7 The Full Access Control Algorithm .
`3.11.8 Securi tyManager versus AccessContr‘oI 1 er .
`3.11.9 A Mini-History of Privileged Operations .
`.
`.
`.
`.
`.
`.
`.
`Summary and Lessons Learned.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`3.12
`
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`. .. 90
`. .. 91
`.
`.
`. 92
`.
`.
`. 94
`
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`. 95
`.
`. 98
`.
`. 101
`
`. 102
`. 104
`. 105
`. 106
`
`. 153
`. 155
`. 156
`. 158
`. 158
`. 160
`. 163
`
`4 Deploying the Security Architecture. . . . . . . . . . . . . . . . . . . . . . 113
`4.1
`Installing JDK 1.2 .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 113
`4.2
`.
`.
`.
`.
`Policy Configuration .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 115
`.
`.
`4.2.1 Configuring System-Wide and User-Specific Policies .
`.
`.
`.
`. 115
`.
`.
`4.2.2 Configuring Application-Specific Policies .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 116
`4.2.3 Configuring an Alternative P01 1' cy Class Implementation .
`.
`. 117
`4.2.4 Default Policy File Format .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`..
`.
`.
`.
`. 118
`4.2.5 Policy File Examples .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 122
`4.2.6 Property Expansion in Policy Files .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 123
`Digital Certificates .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 125
`Helpful Security Tools .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 130
`4.4.1 Keystore Databases .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 130
`, 4.4.2 Keytool .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 133
`4.4.3 Policy Tool
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 139
`4.4.4 Jarsigner .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 143
`4.4.5 Code Signing Example .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 148
`Managing Security Policies for Nonexperts .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 150
`
`. 174
`
`4.5
`
`Customizing the Security Architecture. . . . .
`5.1
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`Creating New Permission Types .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`5.2
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`Composite Permissions .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`5.3
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`Customizing Security Policy .
`.
`.
`.
`.
`. .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`5.4
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`Migrating JDK 1.1-Based Security Managers .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`5.4.1 JDK 1.1 Security Manager Classes .
`.
`.
`.
`.
`.
`.
`.
`.
`5.4.2 Accommodating JDK 1.1 Security Managers on JDK 1.2 .
`5.4.3 Modifying JDK 1.1 Security Managers for JDK 1.2 .
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`ObjectSecurity.......................................173
`6.1
`Security Exceptions .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.. .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 173
`6.2
`Fields and Methods .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`Page 9 of 13
`
`
`
`Static Fields .
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`.
`
`CONTENTS
`
`. 176
`
`.
`
`.
`
`.
`.
`.
`.
`
`.
`
`.
`
`.
`.
`.
`.
`
`.
`
`.
`
`.
`.
`.
`.
`
`.
`
`.
`
`.
`.
`.
`.
`
`.
`
`.
`
`.
`.
`.
`.
`
`.
`
`.
`
`.
`.
`.
`.
`
`.
`
`.
`
`.
`.
`.
`.
`
`.
`
`.
`
`.
`
`.
`.
`.
`.
`
`.
`
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`
`. 176
`. 178
`. 179
`.
`181
`. 182
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`. 182
`. 185
`. 186
`. 188
`
`210
`. 212
`.
`.
`. .. 214
`.
`.
`. 215
`
`.
`.
`.
`
`.
`.
`.
`
`7 ProgrammingCryptography........................... 191
`7.1
`Design Principles .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 192
`7.2
`Cryptographic Services and Service Providers .
`.
`.
`.
`.
`.
`.
`‘.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 193
`7.2.1 Installing and Adding a Provider .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 197
`.
`Cryptography Classes .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 199
`.
`7.3.1 java.secur1'ty.Secur1'ty .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. .. 199
`.
`7.3.2 'java.security.Prov1'der .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. .. 200
`.
`7.3.3 java.security.MessageDigest .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. .. 200
`.
`7.3.4 java.secur‘jty.5'ignature .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. .. 201
`.
`7.3.5 Algorithm Parameters .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. 204
`7.3.6 java. security. Key and java. security. spec . KeySpec .
`. .. 207
`7.3.7 java. security. KeyFactory and java. security. cert.
`Certifi cateFactory
`7.3.8 KeyPai r and KeyPai rGenerator .
`7.3.9 java.secur'jty.KeyStore .
`.
`.
`.
`.
`.
`Randomness and Seed Generators .
`.
`.
`.
`.
`.
`.
`
`. 225
`
`6.3
`6.4
`6.5
`6.6
`6.7
`6.8
`6.9
`6.10
`6.11
`
`Private Object State and Object Irnmutability .
`Privileged Code .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`Serialization .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`Inner Classes .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`Native Methods .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`Signing Objects .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`Sealing Objects .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`Guarding Objects .
`6.11.1 Examples of Using GuardedObject .
`
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`.
`.
`.
`.
`
`7.3
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`,
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`7.4.1 java.security.SecureRandom .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`Code Examples .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`7.5.1 Example 1: Computing a Message Digest .
`.
`.
`.
`7.5.2 Example 2: Generating a Public/Private Key Pair .
`.
`.
`.
`7.5.3 Example 3: Generating and Verifying Signatures .
`7.5.4 Example 4: Reading a File That Contains Certificates .
`Standard Names .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`. .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`7.6.1 Message Digest Algorithms .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`7.6.2 Key and Parameter Algorithms .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`7.6.3 Digital Signature Algorithms .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`7.6.4 Random Number Generation Algorithms .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`7.6.5 Certificate Types .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`7.6.6 Keystore Types .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`Algorithm Specifications .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`7.7.1 SHA—l Message Digest Algorithm .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`. .. 216
`.
`.
`. 217
`.
`.
`. 217
`.
`.
`. 218
`.
`.
`. 219
`.
`.
`. 221
`.
`.
`. 222
`.
`.
`. 222
`.
`.
`. 222
`.
`.
`. 223
`.
`.
`. 223
`.
`.
`. 223
`.
`.
`. 224
`.
`.
`. 224
`.
`.
`
`Page 10 of 13
`
`
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.‘
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.. .
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`. .
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`. 225
`. 225
`. 225
`. 225
`. 226
`. 227
`. 227
`
`. 229
`. 230
`. 232
`
`. 234
`. 234
`. 235
`. 239
`. 239
`. 241
`. 242
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`Bibliography.......
`
`..
`
`...
`
`..
`
`......245
`
`.
`.
`.
`.
`.
`7.7.2 MDZ Message Digest Algorithm.
`.
`.
`.
`.
`.
`7.7.3 MDS Message Digest Algorithm .
`.
`.
`.
`.
`.
`7.7.4 Digital Signature Algorithm .
`.
`.
`.
`.
`.
`.
`.
`7.7.5 RSA—Based Signature Algorithms .
`.
`.
`7.7.6 DSA KeyPair Generation Algorithm .
`.
`.
`7.7.7 RSA KeyPair Generation Algorithm .
`7.7.8 DSA Parameter Generation Algorithm .
`
`.
`.
`.
`.
`.
`.
`.
`
`.
`.
`.
`.
`.
`.
`.
`
`8 FutureDirections
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`8.1 Security Management .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`8.2 JDK Feature Enhancement .
`8.3 Java Authentication and Authorization Service .
`
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`8.3.1 Subjects and Principals .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`8.3.2 Credentials .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`8.3.3 Pluggable and Stacked Authentication .
`8.3.4 Callbacks .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`8.3.5 Access Control .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`8.3.6 JAAS Implementation .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`8.4 Conclusion.
`.
`.
`.
`. ., .
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`.
`
`Index.......
`
`Page 11 of 13
`
`
`
`Java/Security
`
`WI
`
`LIBRARY OF CONGRESS
`
`Inside Java
`
`i
`
`l
`
`I
`
`0 006 447 737 7
`"The book is ofenormous consequence and panama. yuluc.
`I IICJUVU 4
`platform security represents an advance of major proportions, and the
`information in this book is captured nowhere else.”
`—Peter G. Neumann, Principal Scientist, SRI International Computer
`Science Lab, author of Computer—Related Risks, and Moderator of
`the Risks Forum
`
`”Pr0found! There are a large number of security pearls. I enjoyed and
`was very impressed by both the depth and breadth of the book.”
`—Stephen Northcutt, Director of Research for Intrusion Detection
`and Response, SANS Institute
`
`- Policy configuration and digital certificates
`- Security tools, including Key Store andJar Signer
`- Ways to customize the Java security architecture with new
`permission types
`- How to move legacy security code onto the Java" 2 platform
`
`CANADA
`
`Inside java" 2 Platform Security is the definitive and comprehensive
`guide to the Java security platform. Written by the Chief Java Security
`Architect at Sun, it provides a detailed look into the central workings of
`the Javaw security architecture and describes security tools and tech—
`niques for successful implementation.
`This book features detailed descriptions of the many enhancements
`incorporated within the security architecture that underlies the Java 2
`platform. It also provides a practical guide to the deployment of Java
`security, and shows how to customize, extend, and refine the core secu—
`rity architecture. For those new to the topic,
`the book includes an
`overview of computer and network security concepts and an explanation
`of the basic Java security model.
`You will find detailed discussions on such specific topics as:
`- The original Java sandbox security model
`' The new Java 2\platform permISSIon hierarchy
`- How Java security supports the secure loading of classes
`- Java 2 access control mechanisms
`
`i
`_
`i
`I
`_ Epggéaéaie BS
`«~1-
`'
`f».
`sit
`J1.
`,
`3%“ mg
`e“ Eva.
`¥ =V~ H ‘ -' '- a
`
`“mm”
`cover degg” by Simone R- Payment
`Cover art by Sara Connell
`aText printed on recycled paper
`‘
`
`'
`Add'son’l/Ves’lcylS an'mprmt
`0f Addison WESIeY Longmanz lnC-
`
`I
`
`9 780201 310009
`
`5 3 49 5
`
`I S B N D - E [I 1. - 3 1. U I] U - 7
`$34 95 Us
`$52.50
`
`In addition, the book discusses techniques for preserving object security—
`such as signing sealing, and guarding objects—and outlines the Java
`cryptography architecture. Throughout, the book points out common
`mistakes and contains numerous code examples demonstrating the
`usage of classes and methods.
`‘
`Li Gong,
`internationally renowned computer security expert and
`Chair of the Java Security Advisory Council,
`is Chief Java Security
`
`Architect and a Distinguished Engineer at Sun Microsystems, Inc. He is an
`
`Associate Editor of/IC/l/I Transactions on Information and System Security
`and Thejournal ofComputer Security, and served as Program Chair of the
`IEEE Symposium on Security and Privacy and the ACM Conference on
`Computer and Communications Security.
`http://java.sun.com/books/Series
`
`Page 12 of 13
`
`
`
`
`
`Page 13 0f 13
`
`Page 13 of 13
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
