Java Security

by Scott Oaks
O'Reilly & Associates 1998
456 pages. Index, four appendices. $32.95. ISBN 1-56592-403-7

Reviewed by Robert Bruen, Cipher Book Review Editor

Java was intended to be a secure environment from the beginning, but as we all know, there is no perfect security. Several Java related security holes were made public fairly early on. Along with the general evolution of the Java environment, its security model has continued to mature with many significant changes. Scott Oaks has tried to capture the state of affairs at Java version 1.2, which at this point is not as widely available as I would like.

The initial chapters lay out the philosophical basis for Java security providing definitions that may not be what you expect. Given the way security seems to work, one must have a clear context which contains the goals for that particular security model. If the goals are met through the methods employed, then the model can be called secure. This is not the same as saying that the model is secure compared to any other idea of security. Since I consider it important to have such a context provided, it was a good sign that this book does so. It helps to alleviate criticism that comes from unrelated sectors that are based on different assumptions.

There are thirteen chapters, the first three cover Application Security, Language Security and Class Loaders, all of which are helpful in understanding Java itself in addition to the security aspects. Chapters four, five and six introduce the Security Manager and the Access Controller and the implementation of security policies. Chapters seven through twelve show how to implement cryptography, message digests, keys and certificates, and digital signatures, the underlying reasons for having a security model. The architecture of the Security Provider in explained in chapter eight. The last chapter on encryption is worth reading as a precursor to Jonathan Knudsen's new book Java Cryptography.

Java security is complex and it is changing. Version 1.2 has added some features such as encryption along with changes in the way one handled security policy. Version 1.1 had already added authentication as a change to version 1.0. Of course we can expect more changes in the future. While this is not surprising for software, it does mean that one must pay continuing attention as it all progresses. For example, the implementation of the security manager in an application will have serious downstream implications, if was not done without careful thought. Proper implementation by application programmers will take a bit of effort, but the author has provided an excellent resource.

The language has many built in features, but not everything is included. However, there are hooks available, for example, if you want to use your own encryption algorithms. Oaks provides a good explanation on how to do this as well as many other things.

The book has nice flow from the top level concepts down to the actual code as you progress through the book. I never felt surprised by the introduction of a new idea where I had to try to figure out what its relationship was to the previous train of thought. It is not overly long and verbose, but it is not a brief introduction to the topic either. There are lots of examples of code throughout the book that are not just filling up space. Although this book is Java specific, it is worth reading for the purpose of understanding the design and implementation of a security model in a language environment. I can cheerily recommend this book as necessary for anyone who develops Java applications or wants to increase their knowledge of Java security.