14 Java Security
14.5 Extending Java Security
14.5.2 Java Security API
The Java Security is built around several important design principles:
- Implementation and Format Independence: JavaSecurity will provide
interfaces to various algorithms, such as DSA, MD5 and SHA. It does this
while making it possible for applications to request an algorithm without
regard to implementation details. For example, JDK 1.1 includes the
SunSecurity Provider, which implements DSA entirely in Java.
- Interoperability Across Implementations: This feature is the
byproduct of JavaSecurity's implementation independence. A simple example
of this is that keys generated by an implementation of a given algorithm
should work with any other similar implementation. To achieve this, JavaSecurity defines standard encoding rules based on existing international standards
such as X.509, PKCS#8.
- Implementation-Specific Security: JavaSecurity takes advantage
of Java's type system to allow its implementations to design their own
security policies while adhering to a set of common semantics.
Here are some of the extensions to the Java security model: [FAQ]
- "Signed applets" solve this problem. To sign an applet, the producer first
bundles all the Java code and related files into a single file called a
Java Archive or JAR. The producer then creates a string called a digital
signature based on the contents of the JAR. JAR files also allow clients
to download all related files with a single request. Signed JAR files will
be included in Java Release 1.1. In order to be able to sign code, a
developer must first take two basic steps:
- Flexible Policies : Since digital signatures will allow
us to assign applets some amount of trust, it may be useful to relax the
Java security restrictions for authenticated applets. The SecurityManager
could enforce different levels of control based on how much a particular
publisher is trusted.
- Auditing: Auditing is another important feature. Auditing
software maintains a record of everything which happens on the system.
When something goes wrong, through an accident or through a bug, the audit
trail allows system administrators and security personnel to figure out
what has happened. Efforts are underway to define what standard auditing
features should be supported by all implementations of Java.
- Encryption: The channel on which there is communication between
servers and clients is still vulnerable. So the Security API is being
developed. These will allow applets to select the type of encryption used,
to negotiate with the server to create keys and do the actual encryption of
the data.
![[PREV]](../images/Nav/Prev.gif)
![[NEXT]](../images/Nav/Next.gif)
![[UP]](../images/Nav/Up.gif)
![[HOME]](../images/Nav/Home.gif)
Copyright © 1996 Virginia Polytechnic Institute & State University
All Rights Reserved
Vijay Sureshkumar
<vijay@csgrad.cs.vt.edu>
Last modified: Sun Oct 20 21:52:09 1996