Find this at http://www.npac.syr.edu/users/gcf/cps616securityapril98/

Basic Principles of Java and Internet Security

Given by Geoffrey C. Fox at CPS616 Web Technologies on Spring 98. Foils prepared April 7 1998

General Issues
Review of Java Security Mechanisms
"Gossip": Examples of Security problems of various sorts from malicious to annoying
Cryptography: including RSA Public Keys
Authentication and Digital Certificates
Java/JavaScript and Security
Implications for Commerce (the SET system)
Web Servers and Secure Sockets SSL
Some relevant technologies including Kerberos, S/MIME, Clipper, PEM and PGP


Table of Contents for Basic Principles of Java and Internet Security


001 Remarks on Internet and Java Security CPS616 Web Technology Course
     Spring 98
002 Abstract of CPS616 Java and Internet Security Presentation
003 Some Reference Material
004 Some General Issues I
005 Some General Issues II
006 Need for Security in Commerce - I
007 Need for Security in Commerce - II
008 Structure of Internet and Security-I
009 Structure of Internet and Security-II
010 Structure of Internet and Security-III
011 A PKZIP Anecdote
012 Downloading Software is Dangerous?
013 The Moldavia Pornographic Phone Scam
014 An Early Netscape DNS Bug
015 Tempest and Control Zones
016 Military Security Levels
017 Firewalls and Gateways - I
018 Firewalls and Gateways II
019 Encrypted Tunnels
020 The Great Clipper Controversy
021 Export Restrictions on Cryptography
022 Denial of Service versus "Attacks"
023 Combining Denial of Service with more Malicious Attack
024 Comments on Denial of Service
025 Some Attacking Concepts
026 Naïve way Viruses Spread themselves
027 Introduction to Cryptography
028 Breaking an Encryption Scheme
029 Types of Cryptographic Function
030 Security Uses of Cryptography
031 Secret Key Cryptography
032 Uses of Secret Key Cryptography
033 Secret Key Authentication
034 Message Integrity with Secret Key Cryptography
035 Public Key Cryptography
036 Insecure Link Transmission with Public Key Cryptography
037 Authentication with public key Cryptography
038 Digital Signatures and Public Key Cryptography
039 Use of Digital Signatures with public key Cryptography
040 Hash and Message Digests
041 Some Math Behind Secret Key Cryptography
042 Some Math behind RSA Algorithm -I
043 Some Math behind RSA Algorithm -II
044 Certificate Authorities
045 Review of Certificate Process
046 Sample Certificate from Netscape
047 VeriSign Digital ID's or Certificates - I
048 VeriSign Digital ID's or Certificates - II
049 VeriSign's Description of Digital ID's
050 VeriSign's Description of Certificate Revocation I
051 VeriSign's Description of Certificate Revocation II
052 The Java Security Model
053 Sandbox mechanism
054 What can applets do - I?
055 What can applets do - II?
056 What can applets do - III?
057 The Byte Code Verifier
058 Byte Code Verification
059 Why is type checking important!
060 Applet Class Loader
061 Secure Electronic Transaction SET
062 Electronic Shopping Experience - I
063 Electronic Shopping Experience - II
064 Features of SET - I
065 Features of SET - II
066 SET Encryption Summary
067 Sample SET Cryptography Use
068 Sample SET Cryptography Steps 2 to 5
069 Sample SET Cryptography Step 6
070 Sample SET Cryptography Steps 7-10
071 Structure of Public Key System in SET
072 Features of Public Key System in SET - I
073 Features of Public Key System in SET - II
074 Cardholder Registration Process in SET
075 Merchant Registration Process in SET
076 Purchase Request Process in SET
077 Payment Authorization and Capture  Processes in SET
078 SSL and S/MIME
079 SSL from Netscape I
080 SSL from Netscape II
081 SSL from Netscape III
082 Netscape's Description of S/MIME
083 Generating Certificates on Unix-1
084 Generating Certificates on Unix-2
085 Sample Certificate and primary Key
086 Secure Server Example-NPAC Grading System-1
087 Secure Server Example-NPAC Grading System-2
088 Secure Server Example-NPAC Grading System-3
089 Secure Server Example-NPAC Grading System-4
090 Java Security Manager
091 Java Security Package
092 Java Digital Signatures-1
093 Java Digital Signatures-2
094 The Java Authentication Framework
095 The Java Authentication Framework-2
096 Generating Certificates in JDK
097 Generating Certificates in JDK-2
098 Browsing Signed Applets
099 Some Other Security Systems
100 SESAME Security System
101 Details on SESAME I
102 Details on SESAME II
103 The GSS-API Security Interface
104 Globus System Security Policy and Requirements -- Overview
105 Further Properties of Globus Entities
106 Globus Application Requirements
107 Relevant Components of Globus
108 Issues in the Globus Security Model
109 Elements of Globus Security Policy I
110 Elements of Globus Security Policy II
111 Globus Security Functional Requirements - I
112 Globus Security Functional Requirements - II
113 JavaScript Security Model
114 JavaScript Security Issues
115 Same Origin Policy
116 Signed Script Policy-1
117 Signed Script Policy-2
118 Signed Script Policy-3
119 Codebase Principals-1
120 Codebase Principals-2
121 Scripts Signed by Different Principals
122 Principals of Windows and Layers
123 Determining Container Principals
124 Identifying Signed Scripts
125 Using Expanded Privileges
126 Targets
127 Targets-2
128 Importing and Exporting Functions
129 Weaknesses in the JavaScript Model
130 Signing Scripts
131 Signing Scripts-2
132 Signing Scripts-3
133 Signing Scripts-4


© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Mon Apr 6 1998