Richard G Baldwin (512) 223-4758, baldwin@austin.cc.tx.us, http://www2.austin.cc.tx.us/baldwin/

Security, A Brief Introduction

Java Programming, Lecture Notes # 700, Revised 4/16/99.


Preface

Students in Prof. Baldwin's Advanced Java Programming classes at ACC will be responsible for knowing and understanding all of the material in this lesson beginning with the spring semester of 1999.

This lesson was originally written on March 28, 1999 and has been updated many times since then.

The purpose of this lesson is to serve as a backdrop for subsequent lessons that will deal with specific aspects of security.

Disclaimer

I claim absolutely no expertise in the area of security. I am simply a college professor attempting to gather information about Java on one hand and present it to my students on the other. I disclaim any responsibility for any security problems that may occur as a result of anyone using any of the material in any of my tutorial lessons.

You are responsible for your own actions. With regard to security, you should study not only the material that I will present, but also material provided by others who possess expertise in the security area. Hopefully my material will be useful in getting you started in that direction.

Two good books on security published by O'Reilly & Associates are:

I highly recommend both of these books.

Communication Security

When you place sensitive information onto a network, you should probably be concerned with the following three issues regarding communications:

Platform Security

In addition to security issues regarding communications, you should also be concerned with preventing unauthorized persons from gaining access to your machine for the purpose of stealing resources, planting viruses, or taking other actions to damage your resources.

Future Plans

The overall topic of security is a large one, with entire books being written on the subject. My plan is to break the topic down into a series of smaller lessons where each lesson concentrates on a particular aspect of security. As mentioned above, I am hopeful that the information that I provide will introduce you to the subject and get you started down the path of studying more reliable and more extensive information provided by others.

Cryptography

In the lessons that follow, I will have quite a bit to say about Authentication and Integrity. However, it is difficult to provide much in the way of technical information about Confidentiality without getting involved in cryptography.

Sun provides an extension to JDK 1.2 (named the JCE) that provides the ability to encrypt and decrypt messages for the purpose of maintaining confidentiality. However, it is a violation of U.S Federal law to export the JCE (or electronic documentation describing the JCE) outside of the United States and Canada. Since I have no way (and no desire) to restrict the electronic distribution of my tutorial lessons to the U.S and Canada, I will have to be very careful how much information I provide regarding the JCE.

Therefore, it won't be possible for me to provide programming examples that make direct use of the JCE. However, if you understand the programming examples that I will provide, that don't make direct use of the JCE, and you are able to download the JCE, you should have no difficulty making use of the JCE to extend those programs.

-end-