| General Issues |
| Review of Java Security Mechanisms |
| "Gossip": Examples of Security problems of various sorts from malicious to annoying |
| Cryptography: including RSA Public Keys |
| Authentication and Digital Certificates |
| Java/JavaScript and Security |
| Implications for Commerce (the SET system) |
| Web Servers and Secure Sockets SSL |
| Some relevant technologies including Kerberos, S/MIME, Clipper, PEM and PGP |
001 Remarks on Internet and Java Security Spring 99 002 Abstract of CPS616 Java and Internet Security Presentation 003 Some Reference Material 004 Some General Issues I 005 Some General Issues II 006 Need for Security in Commerce - I 007 Need for Security in Commerce - II 008 Structure of Internet and Security-I 009 Structure of Internet and Security-II 010 Structure of Internet and Security-III 011 A PKZIP Anecdote 012 Downloading Software is Dangerous? 013 The Moldavia Pornographic Phone Scam 014 An Early Netscape DNS Bug 015 Tempest and Control Zones 016 Military Security Levels 017 Firewalls and Gateways - I 018 Firewalls and Gateways II 019 Encrypted Tunnels 020 The Great Clipper Controversy 021 Export Restrictions on Cryptography 022 Denial of Service versus "Attacks" 023 Combining Denial of Service with more Malicious Attack 024 Comments on Denial of Service 025 Some Attacking Concepts 026 Naïve way Viruses Spread themselves 027 Introduction to Cryptography 028 Breaking an Encryption Scheme 029 Types of Cryptographic Function 030 Security Uses of Cryptography 031 Secret Key Cryptography 032 Uses of Secret Key Cryptography 033 Secret Key Authentication 034 Message Integrity with Secret Key Cryptography 035 Public Key Cryptography 036 Insecure Link Transmission with Public Key Cryptography 037 Authentication with public key Cryptography 038 Digital Signatures and Public Key Cryptography 039 Use of Digital Signatures with public key Cryptography 040 Hash and Message Digests 041 Some Math Behind Secret Key Cryptography 042 Some Math behind RSA Algorithm -I 043 Some Math behind RSA Algorithm -II 044 Certificate Authorities 045 Review of Certificate Process 046 Sample Certificate from Netscape 047 VeriSign Digital ID's or Certificates - I 048 VeriSign Digital ID's or Certificates - II 049 VeriSign's Description of Digital ID's 050 VeriSign's Description of Certificate Revocation I 051 VeriSign's Description of Certificate Revocation II 052 The Java Security Model 053 Sandbox mechanism 054 What can applets do - I? 055 What can applets do - II? 056 What can applets do - III? 057 The Byte Code Verifier 058 Byte Code Verification 059 Why is type checking important! 060 Applet Class Loader 061 Going beyond the Sandbox: History of Java Security Models 062 Going beyond the Sandbox-2 063 Going beyond the Sandbox-3 064 JDK 1.2 Security Model 065 JAVA Fine-grained Access Control-1 066 JAVA Fine-grained Access Control-2 067 JAVA Fine-grained Access Control-3 068 JAVA Fine-grained Access Control-4 069 JAVA Fine-grained Access Control-5 070 JAVA Fine-grained Access Control-6 071 JAVA Fine-grained Access Control-7 072 Java Security-Related Tools 073 How to sign Java Code 074 Signing Classes with the Netscape Object Signing Tool 075 Netscape Object Signing Tool -2 076 Netscape Object Signing Tool -3 077 Signing Java Applets with Microsoft's Authenticode 078 Microsoft's Authenticode 2 079 Signing Code with Sun's JDK 1.1.x 080 Signing Code with Sun's JDK 1.1.x-2 081 Signing Code with Sun's JDK 1.1.x-3 082 Browsing Signed Applets 083 The Java Authentication Framework 084 The Java Authentication Framework-2 085 Signing Code with Sun's Java 2 086 Signing Code with Sun's Java 2-II 087 Signing Code with Sun's Java 2-III 088 Signing Code with Sun's Java 2-IV 089 Some Comparisons of Sign Tools 090 Some Comparisons of Sign Tools - 2 091 Secure Electronic Transaction SET 092 Electronic Shopping Experience - I 093 Electronic Shopping Experience - II 094 Features of SET - I 095 Features of SET - II 096 SET Encryption Summary 097 Sample SET Cryptography Use 098 Sample SET Cryptography Steps 2 to 5 099 Sample SET Cryptography Step 6 100 Sample SET Cryptography Steps 7-10 101 Structure of Public Key System in SET 102 Features of Public Key System in SET - I 103 Features of Public Key System in SET - II 104 Cardholder Registration Process in SET 105 Merchant Registration Process in SET 106 Purchase Request Process in SET 107 Payment Authorization and Capture Processes in SET 108 SSL and S/MIME 109 SSL from Netscape I 110 SSL from Netscape II 111 SSL from Netscape III 112 Netscape's Description of S/MIME 113 Generating Certificates on Unix-1 114 Generating Certificates on Unix-2 115 Sample Certificate and primary Key 116 Secure Server Example-NPAC Grading System-1 117 Secure Server Example-NPAC Grading System-2 118 Secure Server Example-NPAC Grading System-3 119 Secure Server Example-NPAC Grading System-4 120 Java Security Manager 121 Java Security Package 122 Java Digital Signatures-1 123 Java Digital Signatures-2 124 Some Other Security Systems 125 KERBEROS 126 KERBEROS - 2 127 SESAME Security System 128 Details on SESAME I 129 Details on SESAME II 130 The GSS-API Security Interface 131 Globus System Security Policy and Requirements -- Overview 132 Further Properties of Globus Entities 133 Globus Application Requirements 134 Relevant Components of Globus 135 Issues in the Globus Security Model 136 Elements of Globus Security Policy I 137 Elements of Globus Security Policy II 138 Globus Security Functional Requirements - I 139 Globus Security Functional Requirements - II 140 JavaScript Security Model 141 JavaScript Security Issues 142 Same Origin Policy 143 Signed Script Policy-1 144 Signed Script Policy-2 145 Signed Script Policy-3 146 Codebase Principals-1 147 Codebase Principals-2 148 Scripts Signed by Different Principals 149 Principals of Windows and Layers 150 Determining Container Principals 151 Identifying Signed Scripts 152 Using Expanded Privileges 153 Targets 154 Targets-2 155 Importing and Exporting Functions 156 Weaknesses in the JavaScript Model 157 Signing Scripts 158 Signing Scripts-2 159 Signing Scripts-3 160 Signing Scripts-4