Java and Security

unimagined volumes of data to users. It has also enabled access to services through new avenues in a timely fashion. It is now progressing to provide smarter services, which are sensitive to the environmental factors like user preferences, location, availability, cost etc. In providing such enhanced functionality to the users, it has also fundamentally changed the architecture of today's computing systems.
Software developers are no longer constrained by the monolithic, mainframe approach to computing or to the PC-centric, costly software distribution mechanisms. Rather, they are free to take advantage of a new development paradigm: distributed processing. This new architecture allows designers to segment applications into components, each of which may exist and execute on different processors and in separate locations. 

The tremendous new potential offered by distributed computing also carries with it the necessity to exercise certain security safeguards. As distributed, mobile components move among machines, the opportunity for security breaches increases dramatically. Examples are not difficult to find:
• Viruses can invade and destroy information on a user's disk, sometimes permanently
• Unauthorized agents can steal credit card numbers 
• Confidential business files can be copied or distributed in a way that directly affects revenues. 

Computer users and administrators should not be lulled into thinking that security is someone else's problem. Anyone who uses a browser can unwittingly download a "Trojan Horse" directly onto their systems. The resultant problems can range in severity from mildly mischievous to highly malicious. 

Leading the charge into this new era of computing is Java—a development platform born of the Net. Java technology is well-known for simplifying many operations for both users and developers. Through its unique design and streamlined implementation, Java has made distributed computing, especially on the Internet, a practical reality. As we shall examine here, Java also provides a full complement of powerful and highly flexible security features that make it uniquely capable in the area of the Internet and distributed computing systems. 

What is Security?

Security is the practice by which individuals and organizations protect their physical and intellectual property from all forms of attack and pillage. Although security concerns are not new, there is revived interest in the entire area of security in computing systems.
 
Why? Because today's information systems have become the repositories for both personal and corporate assets. Computers of all sizes and network configurations are providing new levels of access—and consequently new opportunities for unauthorized interaction and possible abuse. 
With respect to computing systems, there are a number of important attributes that are associated with good security practices. These include authentication, authorization, confidentiality, containment, auditing, and non-repudiation. Due to its inherent security architecture, the Java development platform is particularly well suited to implement all of these features. 

Java Security

In order to combat potential security threats, users need programs they can rely on. Moreover, developers look for a development platform that has been designed with security capabilities built in, not added as an afterthought. This is where the Java platform comes in. Java is designed from the ground up for network-based computing. Security measures are an integral part of Java's design. Other distributed solutions cannot make this claim. From their inception, other distributed solutions utilize a traditional execution model. As applications created by other solutions migrate toward the Net, developers must add security features as appliqués—without the many benefits of the Java security model. Besides, the extra effort required to secure such solutions makes it more likely that many aspects may not get addressed.
The deployment end of the Java security model is conveniently described by using the metaphor of the Sandbox. The sandbox comprises a number of cooperating system components, ranging from security managers that execute as part of the application, to security measures designed into the Java Virtual Machine* (JVM) and the language itself. The sandbox ensures that an untrusted—and possibly malicious—application cannot gain access to system resources. 

To implement sandboxes, the Java platform relies on three major components: the class loader, the byte-code verifier, and the security manager. Each component plays a key role in maintaining the integrity of the system. Broadly speaking, these components serve the following purposes: 
• Only the correct classes are loaded 
• The classes are in the correct format 
• Untrusted classes will not execute dangerous instructions 
• Untrusted classes are not allowed to access protected system resources 
Although Microsoft has attempted to provide similar security by defining a Common Language Runtime (CLR), it is a half-hearted attempt allowing mixing of "managed" and "unmanaged" code. One can see that currently legacy unmanaged code far exceeds managed code. Security being only as strong as the weakest link in the chain, this will not result in any significant improvement in security.

Also fundamental to the Java security model is the concept of a Java Protected Domain. Its unique characteristics can serve to extend the Java sandbox into the file system thereby offering a powerful and independently flexible facility. Java Protected Domains enable the use of "permissions" by the user or can use a pre-configured default setting. This type of capability serves to extend Java's existing fine-grained control by allowing multiple and unique permissions for individual applications. 

From the application developers' perspective, the containment and control inherent in the features listed above allows one to gain the trust of those in charge of deployment. In addition, it also provides many features and frameworks that make it easy for developers to write secure applications. Java Security APIs that were previously shipped as optional packages like Java Authentication and Authorization Service (JAAS), Java Cryptography Extension (JCE) and Java Secure Socket Extension (JSSE) have been integrated into J2SDK v1.4. They provide for Digital Signatures and Certificates that enable Authentication, Key manage-ment and Encryption that enable confidentiality and Message Digests which enable non-repudiation. They also provide for user-based, group-based or role-based authentication. New in J2SDK v1.4 are Java Certification Path API for building and validating certification paths, and Java GSS-API for securely exchanging messages between communicating applications using Kerberos. Support for single sign-on using Kerberos is also included.

For security architects who may want to design security with elements outside the default implementations, provider interfaces are provided which can be used to plug-in different implementations. 

Thus, one could replace the Kerberos implementation with a smart card-based or biometric authentication mechanism. Similarly, if a more robust encryption scheme is introduced in the future, the same can be easily incorporated into existing systems.More details can be found at http://java.sun.com/security

Summary

Effective security is not a discreet or static endeavor. It is an on-going process that requires diligence, the use of appropriate techniques, and a watchful eye on the context in which computing systems operate. Security measures can fail if not constantly reinforced by training and revision to address new types of vulnerabilities and challenges. 

The Java Security Model provides system designers with an extremely flexible and powerful security framework that is built-in to the Java platform. This means that developers can create fine-grained security policies and articulate independent permissions for individual applets -- all while appearing transparent to the end-user. 

The Java Security Roadmap has laid the groundwork for the continued delivery of refinements and new capabilities and in so doing, offers users a high level of confidence for the future. The Java platform is more secure than any other Internet access platform, including those that download native (binary) code, while continuing to deliver excellent usability.