>*)
`
`&P
`
`°]
`=
`2)
`
`|
`
`-)
`Cc
`
`Page 1 of 13
`
`GOOGLEEXHIBIT 1037
`
`(ea
`
`oe
`
`47
`
`4)
`eee
`UE
`» &
`a|
`
`| ==
`
`>
`NO
`a)
`
`=—b
`
`a|
`
`
`Page 1 of 13
`
`GOOGLE EXHIBIT 1037
`
`

`

`
`Inside Java’ 2
`Platform Security ©
`Architecture, API Design,
`and Implementation
`
`TheJava" Series Kors
`
`Perea ite Source
`
`(
`
`@Sun
`
`Page 2 of 13
`
`ee)
`
`t—_=\-—RASS<A\EAN)RNWAS>ere)SA
`
`Page 2 of 13
`
`

`

`TX 5-045-888
`
`ANALUU
`
`
`
`Inside Java™ 2
`Platform Security
`
`Page 3 of 13
`
`Page 3 of 13
`
`

`

`The Java™ Series
`Lisa Friendly, Series Editor
`Tim Lindholm, Technical Editor
`Please see our website (http://www.awl.com /cseng/javaseries) for more information onthesetitles.
`
`Jonni Kanerva, The Java™ FAQ
`ISBN 0-201-63456-2
`
`Doug Lea, Concurrent Programming in Java™:
`Design Principles and Patterns
`ISBN 0-201-69581-2
`
`Sheng Liang, The Java™ Native Interface:
`Programmer’s Guide and Specification
`ISBN 0-201-32577-2
`
`Tim Lindholm and Frank Yellin, The Java™ Virtual
`Machine Specification, Second Edition
`ISBN 0-201-43294.3
`
`Henry Sowizral, Kevin Rushforth, and Michael
`Deering, The Java™ 3D API Specification
`ISBN 0-201-32576-4
`
`Kathy Walrath and Mary Campione, The JFC Swing
`Tutorial: A Guide to Constructing GUIs
`ISBN 0-201-43321-4
`
`Seth White, Maydene Fisher, Rick Cattell, Graham
`Hamilton, and Mark Hapner, JDBC™ API Tutorial
`and Reference, Second Edition: Universal Data
`Access for the Java™ 2 Platform
`ISBN 0-201-43328-1
`
`Ken Arnold and James Gosling, The Java™
`Programming Language, Second Edition
`ISBN 0-201-31006-6
`
`Mary Campione and Kathy Walrath, The Java™
`Tutorial, Second Edition: Object-Oriented
`Programming for the Internet (Book/CD)
`ISBN 0-201-31007-4
`
`Mary Campione, Kathy Walrath, Alison Huml, and
`the Tutorial Team, The Java™ Tutorial Continued:
`The Rest of the JDK™ (Book/CD)
`ISBN 0-201-48558-3
`
`Patrick Chan, The Java™ Developers Almanac 1999
`ISBN 0-201-43298-6
`
`Patrick Chan and Rosanna Lee, The Java™ Class
`Libraries, Second Edition, Volume 2: java.applei,
`java.awt, java.beans
`‘
`ISBN 0-201-31003-1
`
`Patrick Chan, Rosanna Lee, and Doug Kramer,
`The Java™ Class Libraries, Second Edition,
`Volume I: java.io, java.lang, java.math,
`java.net, java.text, java.util
`ISBN 0-201-31002-3
`
`Patrick Chan, Rosanna Lee, and Doug Kramer,
`The Java™ Class Libraries, Second Edition,
`Volume 1: Supplementfor the Java™ 2 Platform,
`Standard Edition, v1.2
`ISBN 0-201-48552-4
`
`Li Gong, Inside the Java™ 2 Platform Security
`Architecture: Cryptography, APIs, and
`Implementation
`ISBN 0-201-31000-7
`
`James Gosling, Bill Joy, and Guy Steele,
`The Java™ Language Specification
`ISBN 0-201-63451-1
`
`James Gosling, Frank Yellin, and The Java Team,
`The Java™ Application Programming Interface,
`Volume I: Core Packages
`ISBN 0-201-63453-8
`
`James Gosling, Frank Yellin, and The Java Team,
`The Java™ Application Programming Interface,
`Volume 2: Window Toolkit and Applets
`ISBN 0-201-63459-7
`
`Page 4 of 13
`
`Page 4 of 13
`
`

`

`
`
`Inside Java™ 2
`Platform Security
`Architecture, API Design,
`and Implementation
`
`Li Gong
`
`A
`vv
`
`ADDISON-WESLEY
`An imprint of Addison Wesley Longman,Inc.
`Reading, Massachusetts * Harlow, England * Menlo Park, California
`Berkeley, California « Don Mills, Ontario * Sydney
`Bonn ¢ Amsterdam * Tokyo * Mexico City
`
`Page 5 of 13
`
`Page 5 of 13
`
`

`

`Copyright © 1999 Sun Microsystems, Inc,, 901 San Antonio Road, Palo Alto, CA, 94303, USA.
`All rights reserved.
`,
`
`Duke™ designed by Joe Palrang.
`
`Sun Microsystems, Inc. has intellectual property rights relating to implementations of the technology
`described in this publication. In particular, and without limitation, these intellectual property rights
`may include one or more U.S. patents,
`foreign patents, or pending applications. Sun, Sun
`Microsystems, the Sun logo, and all Sun, Java, Jini, and Solaris based trademarks and logos are
`trademarks or registered trademarks of Sun Microsystems, Inc.,
`in the United States and other
`countries. UNIX is a registered trademark in the United States and other countries, exclusively licensed
`through X/Open Company, Ltd.
`
`THIS PUBLICATIONIS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND,EITHER |
`EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
`OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGE-
`MENT.
`
`THIS PUBLICATION COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHI-
`CAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN;
`THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THE PUBLICATION.
`SUN, MICROSYSTEMS, INC., MAY MAKE IMPROVEMENTS AND/OR CHANGES IN ANY
`TECHNOLOGY, PRODUCT, OR PROGRAM DESCRIBED IN THIS PUBLICATION AT ANY
`TIME.
`
`The publisher offers discounts on this book when ordered in quantity for special sales. For more information, please
`contact: Corporate, Government and Special Sales; Addison Wesley Longman,Inc.; One Jacob Way; Reading, Massa-
`
`/
`chusetts01867.
`ISBN: 0-201-31000-7
`12345678 9-CRS-0302010099
`FirstPrinting,June1999
`
`4 7 6
`p
`73
`1DsbLS
`/9G9G
`COD3.
`
`Page 6 of 13
`
`Page 6 of 13
`
`

`

`Contents
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Preface ..ccscrccccccrccceccccseceseeccscrccscccscceses Xi
`
`How This Book Is Organized.............000. 00.22 ee ees xi
`Acknowledgments ....... 00... cece eee tee ete e eee e eens xiii
`
`Computer and Network Security Fundamentals. ..... ceceeeee ld
`1.1 Cryptography versus Computer Security 0.0.0.0... cece cece eee 2
`1.2 Threats and Protection. ..... 0... eee cece eee nena 3
`1.3 Perimeter Defense. ......... 00.0000. eee eee eee 4
`1.3.1 Firewalls 2.0...ec eee cent eee eae 6
`1.3.2 Inadequacies of Perimeter Defense Alone............-...-.2..0-, 6
`1.4 Access Control and Security Models 2.0.0.0... ccc c ccc e ee ce ene eeee 7
`1.4.1 MAC and DAC Models... 01. eee cee cee eens 7
`1.4.2 Access to Data and Information......... 06.00. e cece ee eee ees 8
`1.4.3 Static versus Dynamic Models ......... 0... cee cece eee ees 9
`1.4.4 Considerations Concerning the Use of Security Models............ 10
`1.5 Using Cryptography 2.0.0... ccc ccc cence eee eee teen eee 11
`1.5.1 One-Way Hash Functions ....... 00... ccc ce ec c eee 12
`1.5.2 Symmetric Ciphers 2.0... 0... cc eee eee eee eee eee 13
`1.5.3 Asymmetric Ciphers 0.2.0.0... ce cece e eee eee eees 14
`1.6 Authentication ........0. 0. eee eee 15
`1.7 Mobile Code... ccc ccc cee cece tenet nee e een eee 17
`
`1.8 Where Does Java Security FitIn.. 0... eee ce eee eens 18
`
`Basic Security for the Java Language...........0ccececeeee 21
`2.1 The Java Language and Platform ...... 0... cece ee eee cee ee eee eee 22
`2.2 Basic Security Architecture... 00... cc cece eee ee eens vee eee 23
`2.3 Bytecode Verification and Type Safety .... 0.0... eee eens 25
`24 Signed Applets 00... cee ccc eee renee ene etna eens me
`2.5 A Brief History of Security Bugs and Fixes...............-055alOFCONGBSS
`
`SEP 0 2 1959
`
`
`
`
`<QPynGHT GEES
`
`COPY
`
`Page 7 of 13
`
`Page 7 of 13
`
`

`

`CONTENTS
`
`3 JDK 1.2 Security Architecture ...............cc cece eeeee 33
`3.1 From the Beginning ........ 00. cece cee cette tenet eens 33
`3.2 Why a New Security Architecture... 0.0... ee ee cee eee ee ee 34
`3.2.1 Sandbox Restrictions on Applets Too Limiting.................. 34
`3.2.2 Insufficient Separation Between Policy and Enforcement.......... 35
`3.2.3 Security Checks Not Easily Extensible ........... 00.0200 e eee 35
`3.2.4 Locally Installed Applets Too Easily Trusted............0.00005 36
`3.2.5 Internal Security Mechanisms Fragile ....................2205. 36
`3.2.6 SUMMALY.
`. 6. ee cece eee ete b eee e ene 37
`3.3 java.security.GeneralSecurityEXCeption ........ cece cee eee 37
`3.4 Security Policy 26... cece eee tee teen e tne e nes 38
`3.5 CodeSource ......... cee eee eee ete teens Al
`
`3.5.1 Testing for Equality and Using Implication...................0, 43
`3.6 Permission Hierarchy...........000 000 cece ee eee ce ene ee ennne 45
`3.6.1 java. security. PermisSSiOn co... ccc ccc ccc cect eee ees 46
`3.6.2 Permission Sets... 0... cece cee cee eee rete e eens 48
`3.6.3 java.security.UnresolvedPermission..............-.60- 50
`3.6.4 java.i0.FilePermiSSiON. ....... kc c cee eee ee eee 52
`3.6.5 java.net.SocketPermisSSiOn ....... ccc cee cee cence ees 55
`3.6.6 java.security.BasicPermisSion ..............2..020000e 59
`3.6.7 java.util.PropertyPermission ........ 0... ccc eee eee cee 59
`3.6.8 java. lang.RuntimePermission .2... 00... ccc cece cease 61
`3.6.9 java.awt.AWTPermisSsion..... 0... 0. eee eee eee ees 62
`3.6.10 java.net.NetPermisSsion.......... 0.000 cece cece eee 63
`3.6.11 java. lang.reflect.ReflectPermission ................ 63
`3.6.12 java.io.SerializablePermission........ cece scene ees 64
`3.6.13 java.security.SecurityPermission.................... 64
`3.6.14 java.security.AllPermission ..............0--c eevee 65
`3.6.15 Implications of Permission Implications ............000 eee eee 66
`3.7 Assigning Permissions ..............0 000000 c eee e ee cee teens 66
`3.7.1 Positive versus Negative Permissions..............02e secur eeee 68
`3.8 ProtectiOnDomain...... cece cece cee eee eee ee nneee 69
`
`3.9 Securely Loading Classes. ...... 0. cece cece cece e eee tte een nees 71
`3.9.1 Class Loader Hierarchy ...... 0.0.0 ee ences 72
`3.9.2 java. lang.ClassLoader and Delegation ..........-.-....06- 74
`3.9.3 java.security, SecureClassLoader ...... cc cece ec eee ee 79
`3.9.4 jJava.net.URLClassLoader. ....... 0.00.0 ccc cece eee 80
`3.9.5 Classpaths 2.0... ccc eet e eer teeeet eee een tees 81
`3.10 java.lang.SecurityManager ....... ccc eee cece cee een ees 83
`_qww.-.,,3:10.1 Example Use of the Security Manager..............0.- eee eee 83
`
`4:3,10,2-~Unchanged APIs in JDK 1.2 2.06... cece eee een eens 84
`coo?
`
`3.10.3 Deprecated Methods in JDK 1.2.0.0... 00. cc ccc eeeeeeee ees 85
`
`
`
`Page 8 of 13
`
`Page 8 of 13
`
`

`

`CONTENTS
`
`vii
`
`3.11 java.security.AccessController ...... 0... cece eee 90
`3.11.1 Interface Design of AccessController ........ 0. ccc cee eee 91
`3.11.2 The Basic Access Control Algorithm ................2 0.2 eee 92
`3.11.3 Method Inheritance... 0... ccc eee renee eee 94
`
`3.11.4 Extending the Basic Algorithm with Privileged Operations eee 95
`3.11.5 Three Types of Privileged Actions .......... 0.0. eee eens 98
`3.11.6 The Context of Access Control... 00.0.0... cece eee eee ee 101
`3.11.7 The Full Access Control Algorithm ......... 00. eee eee eens 102
`3.11.8 SecurityManager versus AccessController.............. 104
`3.11.9 A Mini-History of Privileged Operations ..................65. 105
`3.12 Summary and Lessons Learned. ..... 0... 00. ccc ccc e eee et eee eens 106
`
`4 Deploying the Security Architecture........... see ee eens 113
`4.1 Installing IDK 1.2... 00 ccc cece ee ee ees 113
`4.2 Policy Configuration... 0... 0c. cece cece eee eens 115
`4.2.1 Configuring System-Wide and User-Specific Policies............ 115
`4.2.2 Configuring Application-Specific Policies .............. 0.0055 116
`4.2.3 Configuring an Alternative Policy Class Implementation ........ 117
`4.2.4 Default Policy File Format ...................00-. beeen eeeee 118
`4.2.5 Policy File Examples......... 0.2... ec e eee ccc ee eens 122
`4.2.6 Property Expansion in Policy Files. ...... 00... cece cece eee ees 123
`4.3 Digital Certificates 0... ck cece eee eee 125
`4.4 Helpful Security Tools 2.0.2... cco cee eee eens 130
`4.4.1 Keystore Databases ..... 00... ee eee tees 130
`4.4.2 Keytool ... ccc ccc etre eee e ence enna 133
`4.4.3 Policy Tool «0.2... ce ce cece ene ees 139
`4.4.4 Jarsigner ........ cece cece cee eee tenets en eens 143
`44.5 Code Signing Example ....... 0... ccc cece cece cece eens 148
`4.5 Managing Security Policies for Nonexperts . 0... 0... seen 150
`
`5 Customizing the Security Architecture.............. woeeee 153
`5.1 Creating New Permission Types... 2.2.0.0... eee eee ees 153
`5.2 Composite Permissions....... 0... cece cee eee teen eens 155
`5.3 Customizing Security Policy... .. 0. ccc ccc c ee centers 156
`5.4 Migrating JDK 1.1-Based Security Managers .............. 006. e eee 158
`5.4.1 JDK 1.1 Security Manager Classes ...... 0... ccc e ete eee eee 158
`5.4.2 Accommodating JDK 1.1 Security Managers on JDK 1.2......... 160
`5.4.3 Modifying JDK 1.1 Security Managers for JDK 1.2.............. 163
`
`6 Object Security .......sssseeeeseeeeeeereeeenenees eeeee 173
`6.1 Security Exceptions. ..... 0.0.0... ce eee neren 173
`6.2 Fields and Methods ........... 0.00 cc cece cence tee neta eens 174
`
`Page 9 of 13
`
`Page 9 of 13
`
`

`

`viii
`
`CONTENTS
`
`Static Fields 00... ccc eee eee eect eee tne e eee 176
`
`Private Object State and Object Immutability ....................... 176
`Privileged Code 2.0... ccc cee eee eet e en teenies 178
`Serialization ©... 2. kee ee cee teen e een eee nena 179
`Inner Classes... 00. eee eee e eee teen eens 181
`Native Methods ....... ccc cece cece cece eee cece een tenes 182
`
`6.3
`6.4
`6.5
`6.6
`6.7
`6.8
`6.9
`6.10
`6.11
`
`73
`
`Signing Objects 2.0... eee ect e eee e tne ee tennee 182
`Sealing Objects... 6... ee ee teen e eee eee 185
`Guarding Objects... 6. cee cece eee e eee teens 186
`6.11.1 Examples of Using GuardedObject .............. 0 cee eee 188
`7 Programming Cryptography .........sseecccecceeceeucs 191
`71
`Design Principles ....... 0.000. 192
`72
`Cryptographic Services and Service Providers ....... rrr 193
`7.2.1 Installing and Adding a Provider ........ 0... cee eee cence eee 197
`Cryptography Classes... 0.1 cee eee cece eee eee teens 199
`7.3.1 java. security. Security..... ccc ccc ce cece ee cee tee eens 199
`7.3.2 java. security.Provider.... cc... cece eee e eee e ee nees 200
`7.3.3 java.security.MessageDigest ................0.2 cece 200
`7.3.4 java.security. Signature. ...... cece cece eee eee eee 201
`7.3.5 Algorithm Parameters...... 00... cece cece ccc ences 204
`7.3.6 java.security.Key and java.security.spec.KeySpec .... 207
`7.3.7 java.security.KeyFactory and java.security.cert.
`210
`CertificateFactory
`7.3.8 KeyPair and KeyPairGenerator..... 0.0... ccc cece uae 212
`7.3.9 java.security.KeyStore.... 0.0... cece ce eee 214
`Randommess and Seed Generators... 0... c eee teens 215
`
`TA
`
`75
`
`7.6
`
`Vd
`
`74.1 java.security.SecureRandom ......... 0.0.00 eee eee 216
`Code Examples... 0.0.0... cece cece eee cnet e ee recente 217
`7.5.1 Example 1: Computing a Message Digest ..................... 217
`7.5.2 Example 2: Generating a Public/Private Key Pair ............... 218
`7.5.3 Example 3: Generating and Verifying Signatures ............... 219
`7.5.4 Example 4: Reading a File That Contains Certificates............ 221
`Standard Names ...... 06... c ee eee eee teen eee ees 222
`7.6.1 Message Digest Algorithms ......... eee eee eee eee eee 222
`7.6.2 Key and Parameter Algorithms. ...........0.0. 0.000. cess eee 222
`7.6.3 Digital Signature Algorithms .......... 0.00.0 eect ee eens 223
`7.6.4 Random Number Generation Algorithms. ...............000008 223
`7.6.5 Certificate Types... 2.0... eee cee ene e eee ees 223
`7.6.6 Keystore Types... 0... cece cee eee eee nes 224
`Algorithm Specifications 0.0.0... 0... cece eee ener e ee eeees 224
`7.7.1 SHA-I Message Digest Algorithm. ..... 0.0... cece eee ee eee 225
`
`Page 10 of 13
`
`Page 10 of 13
`
`

`

`CONTENTS
`
`ix
`
`7.7.2 MD2 MessageDigest Algorithm... ........-.. 0-0. seen eee 225
`7.7.3 MDS Message Digest Algorithm............. cece eee eens 225
`7.7.4 Digital Signature Algorithm ........... 066. cece creer eens « 225
`7.7.5 RSA-Based Signature Algorithms............ 0000 eee eee ee ees 225
`7.1.6 DSA KeyPair Generation Algorithm. ..........60.+60 eee eee 226
`7.7.7 RSA KeyPair Generation Algorithm............eee ee eee nnee 227
`7.7.8 DSA Parameter Generation Algorithm ........ 00... eee eee 227
`
`8 Future Directions ......... voce eects esses seeeeeesee LOD
`8.1 Security Management .... 0.2.0.0. cece cence eens 229
`8.2 JDK Feature Enhancement ......... 0.0 cece eee cee eee ete eens 230
`8.3 Java Authentication and Authorization Service .............002--055- 232
`8.3.1 Subjects and Principals... 0... ce cee teens 234
`8.3.2 Credentials... 0... 0. cece ce cee ene een eens 234
`8.3.3 Pluggable and Stacked Authentication ...........6-. eee ee eee es 235
`8.3.4 Callbacks 2.000.e tee eee ee enee 239
`8.3.5 Access Control... 2... eee eee nnn 239
`8.3.6 JAAS Implementation .......... 06 cc cece teen eeecee eeee 241
`8.4 Conclusion......De ene e ee eee eee eee en ene ete nena nae 242
`
`Bibliography ........eeeccecceescceecees see e cece ecee ee 245
`
`Index. .........06- ween ence eee e eect eeeeeeceereesesees 2OL
`
`Page 11 of 13
`
`Page 11 of 13
`
`

`

` i"
`
`0 006 447 737 7
`“The book is of enormous consequence dnd PpOterm1ue vue. sie suv Z
`platformsecurity represents an advance of major proportions, and the
`information in this bookis captured nowhereelse.”
`—Peter G. Neumann,Principal Scientist, SRI International Computer
`Science Lab, author of Computer-Related Risks, and Moderator of
`the Risks Forum
`
`
`
`a
`Cover design by Simone R. Payment
`Cover art by Sara Connell
`Text printed on recycled paper
`wv ADDISON-WESLEY
`Addison-Wesleyis an imprint
`of Addison Wesley Longman,Inc.
`
`“Profound! There are a large numberof security pearls. | enjoyed and
`was very impressed byboth the depth and breadth of the book.”
`—Stephen Northcutl, Director of Research for Intrusion Detection
`and Response, SANS Institute
`
`Inside Java™ 2 Platform Security is the definitive and comprehensive
`guide to the Java security platform. Written by the Chief Java Security
`Architect at Sun, it provides a detailed look into the central workings of
`the Java™ security architecture and describes security tools and tech-
`niques for successful implementation.
`This book features detailed descriptions of the many enhancements
`incorporated within the security architecture that underlies the Java 2
`platform. It also provides a practical guide to the deployment of Java
`securily, and shows how to customize, extend, and refine the core secu-
`rity architecture. For those new to the topic,
`the book includes an
`overview of computer and network security concepts and an explanation
`of the basic Java security model.
`You will find detailed discussions on such specific topics as:
`+ The original Java sandbox security model
`* The new Java 2, platform permission hierarchy
`* How Java security supports the secure loading of classes
`+ Java 2 access control mechanisms
`+ Policy configuration anddigital certificates
`* Security tools, including Key Store and Jar Signer
`
`permission types
`+ How to movelegacy security code onto the Java” 2 platform
`:
`-"
`:
`.
`:
`;
`In addition, the book discusses techniques for preserving object security—
`such as signing, sealing, and guarding objects—and outlines the Java
`cryptography architecture. Throughout, the book points out common
`mistakes and contains numerous code examples demonstrating the
`usage of classes and methods.
`Li Gong,
`internationally renowned computer security expert and
`Chair of the Java Security Advisory Council,
`is Chief Java Security
`
`«WaystocustomizetheJavasecurityarchitecturewithnew @5un
`
`ArchitectandaDistinguishedEngineeratSunMicrosystems,Inc.Heisan MlWINiI)mil|iili
`
`Associate Editor of ACM Transactions on Information and System Security
`and The Journal of ComputerSecurity, and served as Program Chairof the
`ISBN O-201-31000- 7
`IEEE Symposium on Security and Privacy and the ACM Conference on
`
`Computer and Communications Security. 37950S
`http://java.sun.com/books/Series
`$52.50
`CANADA
`
`Page 12 of 13
`
`Page 12 of 13
`
`

`

`
`
`Page 13 of 13
`
`