q q q in Java

Encoding QR Code in Java q q q
q q q
Decode Quick Response Code In Java
Using Barcode Control SDK for Java Control to generate, create, read, scan barcode image in Java applications.
A set of cryptographic APIs for standard algorithms Cryptography engines that provide the guts for a small subset of the APIs A strong, stack-based security system
Make QR Code ISO/IEC18004 In Java
Using Barcode generator for Java Control to generate, create QR Code JIS X 0510 image in Java applications.
Although this book is not just a guide to Java's security APIs, we will discuss Java's security functionality in detail. In particular, we will emphasize that no computer language as powerful as Java makes writing security-critical code automatic or easy.
Scanning QR Code In Java
Using Barcode decoder for Java Control to read, scan read, scan image in Java applications.
Search the Book
Bar Code Encoder In Java
Using Barcode encoder for Java Control to generate, create bar code image in Java applications.
Previous Page
Barcode Recognizer In Java
Using Barcode recognizer for Java Control to read, scan read, scan image in Java applications.
Search Help
Create QR-Code In Visual C#.NET
Using Barcode generator for VS .NET Control to generate, create QR Code ISO/IEC18004 image in .NET applications.
Next Page
Paint QR Code In VS .NET
Using Barcode encoder for ASP.NET Control to generate, create Denso QR Bar Code image in ASP.NET applications.
... Preface -- 1 -- 2 -- 3 -- 4 -- 5 -- 6 -- 7 -- 8 -- 9 -- A -- B -- C -- Refs Front -- Contents -- Help
Quick Response Code Creator In VS .NET
Using Barcode drawer for VS .NET Control to generate, create Denso QR Bar Code image in .NET applications.
Copyright 1999 Gary McGraw and Edward Felten. All rights reserved. Published by John Wiley & Sons, Inc.
QR Code JIS X 0510 Encoder In VB.NET
Using Barcode creator for Visual Studio .NET Control to generate, create QR Code JIS X 0510 image in VS .NET applications.
Mobile Code and Security: Why Java Security Is Important
Print Data Matrix In Java
Using Barcode encoder for Java Control to generate, create Data Matrix image in Java applications.
CHAPTER SECTIONS: 1 / 2 / 3 / 4 / 5 / 6 / 7 / 8 / 9 / 10
UCC-128 Creator In Java
Using Barcode creator for Java Control to generate, create GTIN - 128 image in Java applications.
Previous Page
Bar Code Creation In Java
Using Barcode creator for Java Control to generate, create bar code image in Java applications.
Section 7 -- How Does Java Security Stack Up
Creating International Standard Serial Number In Java
Using Barcode printer for Java Control to generate, create ISSN image in Java applications.
Next Page
UCC - 12 Reader In Visual Studio .NET
Using Barcode recognizer for .NET framework Control to read, scan read, scan image in .NET framework applications.
As we have mentioned, Java is not the only game in town when it comes to mobile code. Other mobile code systems include JavaScript, Safe-Tcl, Telescript, Word macros, Excel macros, ActiveX, and Postscript. Of these systems, the one most often touted as a direct competitor to Java is Microsoft's ActiveX (sometimes called DNA depending on the whim of Microsoft marketeers). So what does ActiveX do for security, and how does it compare with Java's approach Besides ActiveX, what other mobile code systems present security risks
Recognize Barcode In VS .NET
Using Barcode recognizer for .NET Control to read, scan read, scan image in .NET applications.
ActiveX Security Issues
Encoding Barcode In C#
Using Barcode encoder for .NET Control to generate, create bar code image in VS .NET applications.
The first thing to know about ActiveX is that it does not have an enforcement-related security model. It has a trust model that may be able to help you implement your own security policy. So the real question is: How does a trust model like ActiveX's compare with a sandbox like Java's
Draw Data Matrix 2d Barcode In Visual C#
Using Barcode generation for Visual Studio .NET Control to generate, create Data Matrix image in Visual Studio .NET applications.
Sandboxes and Signatures There are two major approaches addressing the security concerns raised by mobile code systems: sandboxing and code signing. The first of these approaches, sandboxing, is an idea embraced by early implementations of Java (say, JDK 1.0.2). We extensively cover the Java sandbox in 2. The idea is simple: Make untrusted code run inside a box and limit its ability to do risky things. That is exactly what the Java security model aims to do. The second approach, code signing, is how the ActiveX Authenticode system works. Binary files, such as ActiveX controls or Java class files, can be digitally signed by someone who "vouches" for the code. If
Code-39 Recognizer In VS .NET
Using Barcode decoder for Visual Studio .NET Control to read, scan read, scan image in .NET applications.
you know and trust that person or organization, you may choose to trust the code that they vouch for. It is important to stress the fact that code signing is completely a matter of trust; there is no enforcement mechanism protecting you once you decide to trust a piece of code. The trust model implements authentication and authorization. What this means is that there is no such thing as ActiveX security enforcement! That's not to say signature-based trust models are not useful. They are. In fact, trust models will play an integral role in future security models for mobile code. Much more detail on code signing, especially as it relates to Java, is found in 3, "Beyond The Sandbox: Signed Code and Java 2."
Drawing Bar Code In Visual Studio .NET
Using Barcode printer for .NET framework Control to generate, create barcode image in .NET applications.
Code Signing and ActiveX ActiveX is a high-profile form of mobile code promoted by Microsoft. Note that in practice its "mobility" is completely constrained to one platform, however. As it is actually used today, ActiveX is language independent, but not platform independent, meaning that real ActiveX controls work only on Microsoft's Win32 platform (Windows 95, Windows 98, and Windows NT). Technically, these controls could be recompiled for other platforms, but virtually nobody currently produces controls for non-Win32 platforms. One caveat: Comparing ActiveX and Java is somewhat like comparing apples and oranges, even though everyone does it. ActiveX is a component-based software model while Java is a language/platform. ActiveX should really be compared with Java components, JavaBeans. (In fact, some argue that the real religious Holy War between Java and ActiveX is destined to take place in the middleware arena and will be decided by the battle of component models [Lewis, 1998].) ActiveX has been roundly criticized by computer security professionals since its approach to security is seen as lacking. Unlike the base Java security situation, in which an applet has to run in the sandbox and is limited in the sorts of things it can do, an ActiveX control has no limitations on its behavior once it is invoked. The upshot is that users of ActiveX must be very careful only to run completely trusted code. On the other hand, Java users have the luxury of running untrusted code fairly safely. The ActiveX approach relies on digital signatures, a kind of encryption technology in which arbitrary binary files can be "signed" by a developer, distributor, or certifier. Because a digital signature has special mathematical properties, it is very difficult to forge. That means a program like your browser can verify a signature, allowing you to be fairly certain who vouched for a piece of code (as long as people are carefully guarding and managing the private keys used to sign code). To make things easy, you can instruct your browser always to accept code signed by some party that you trust, or always to reject code signed by some party that you don't trust. The signature also supplies data integrity, meaning it can ensure that the code you received is the same as the code that was originally signed. Signed code cannot be easily hijacked and modified into a Trojan Horse. The ActiveX system provides a black-and-white trust model: Either you trust the code completely and allow it to run unhampered on your machine, or you don't. That means trusting the wrong sort of code just once is all it takes. Once an attack control runs on your system, it can rewrite your security policy in such a way that all future attacks will work. Of course, it can do anything at all, so this is only one of zillions of attack scenarios. Serious attacks using ActiveX have been seen in the wild (although their use is not
UPC - 13 Drawer In VS .NET
Using Barcode drawer for VS .NET Control to generate, create UPC - 13 image in Visual Studio .NET applications.
widespread). For an explanation of these attacks and more on ActiveX insecurity, see Anup Ghosh's book E-Commerce Security: Weak Links, Best Defenses [Ghosh, 1998].
Sandboxes versus Signatures Do digital signatures make ActiveX more attractive security-wise than Java No, especially in light of the fact that digital signature capability became available in Java's JDK 1.1 and, in combination with finegrained access control, plays a major role in Java 2 security. That means in Java, you get everything that ActiveX is doing for security plus the ability to run untrusted code fairly safely. Another significant factor is that the sandbox approach is more robust in the face of accidental bugs in mobile programs. Even if the sandbox isn't bulletproof, it will most likely prevent a bug in a mobile program from trouncing important data or programs by mistake. As we shall see in 3, when combined with access control, code signing allows applets to step outside the security sandbox gradually. In fact, the entire meaning of sandbox becomes a bit vague. As an example of how Java code-signing might work, an applet designed for use in an Intranet setting could be allowed to read and write to a particular company database as long as it was signed by the system administrator. Such a relaxation of the security model is important for developers who are chomping at the bit for their applets to do more. Writing code that works within the tight restrictions of the sandbox is a pain, and the original sandbox is very restrictive.
Microsoft's Authenticode and Security Zones When a signed ActiveX control is downloaded, the browser detaches the signature block (which is a signed one-way hash of the control packaged together with a standard X.509 certificate issued by a certificate authority) and performs checks on the identity of the signer using Authenticode. This is a twostep process. First the certificate is examined by checking the certificate authority's identity. Then the oneway hash is checked to ensure that the same code that was signed was the code that arrived. Note that these checks say nothing at all about whether a control will or will not behave maliciously. They only check the identity of the signer and that the code has not changed since signing. Microsoft Internet Explorer 4.x implements a security zone concept meant to ease the management of security policies for signed content such as ActiveX controls and Java applets. The system organizes Web sites into four "zones of trust" (or more if you customize): Local intranet zone, Trusted sites zone, Internet zone, and Restricted sites zone. Each zone can be configured with security levels of: High (most secure), Medium (more secure), Low, or Custom. The idea is to divide Web sites into these zones and assign the zones varying levels of trust. Figure 1.7 shows a dialog box from Microsoft Internet Explorer (MSIE) that allows a user to manage Authenticode security zones.
Figure 1.7 Authenticode's signature-based trust model implements the concept of security zones in order to aid in managing mobile code. Microsoft Internet Explorer provides a dialog box that users can access to manage security zones. Though the importance of powerful policy management tools cannot be overstated, some security professionals complain that allowing a user to set security levels is not a good idea-especially if high security correlates with high level of annoyance (through implementing, for example, too many security queries).
Zones are a useful tool that can help make a security policy more coherent. The concept may be particularly useful in non black-and-white policy situations currently beyond the scope of ActiveX. We think security zones are a useful tool that Java security systems beyond Microsoft's should support as well. In ActiveX with security zones, the security policy itself remains black and white: A mobile program is either fully privileged or completely banned from the system. Since most users are inclined to run coolsounding code just to check it out regardless of the risk, popping a dialog box in front of a user and requiring an instant security decision is not a good idea. As one of the authors (Felten) is known to say, "Given a choice between dancing pigs and security, users will pick dancing pigs every time." The Princeton team correctly warns that relying completely on a human-judgment-based approach to security in not likely to be as successful as blending judgment with technology-based enforcement, as newer Java systems do. See Figure 1.8.
Figure 1.8 Given the choice between dancing pigs and security, the world will pick dancing pigs every time." The dancing pigs applet, available through the book's Web site (www.securingjava.com), demonstrates the use of digital signatures in Java. See Appendix C.
One way in which Authenticode addresses this problem is to put the security decisions in the hands of a system administrator. Using the MSIE Administration Kit (IEAK), an administrator can preinstall a list of permitted certificates and block the installation of others. This is a step toward centralizing security policy management (which is something most corporate users demand). However, in the end, the ActiveX model is still only a trust model. Just for the record, Netscape now includes a similar site-wide policy administration system. We discuss these issues of trust, identity, and signatures again in more detail in 3, though the focus is on Java and not ActiveX.
More on ActiveX Security The Princeton Team has written an FAQ, reprinted in Appendix A, called Security Tradeoffs: Java versus ActiveX, in which a number of common questions about Java and ActiveX are answered. On the Web, the FAQ can be found at www.cs.princeton.edu/sip/java-vs-activex.html. Two other good places to look are in 2 of E-Commerce Security by Anup Ghosh [Ghosh, 1998] and page 18 of Web Security Sourcebook by Avi Rubin, Dan Geer, and Marcus Ranum [Rubin, Geer, and Ranum, 1997].