Java Security Policies for network based Applications

Java Security Policies for network based Applications

Abstract:

Security is important in almost any application especially in those that are accessible to the network. This paper focus on the basic security policies to design network based application in Java.

Java provides the capability to specify a security policy for both Applets & application. This capability gives s/w developers a great deal of flexibility in the functionality that they can incorporate into their Applets & Applications. In this paper we introduce Java Security on the network & shortly describe The Sandbox Model. We focus on the Cryptography & Key In fracture & Security Extensions in Java, to communicate on the Network. The problem of mallious Applet & its solution is also discussed. A new mechanism for security- A Protection Domain is included with Advance technologies in new version of java for Network Security.

Introduction of java security:

The designer of java realized from start that security would be important because the language is to be used on the internet. Therefore they designed security features into java from the ground up. So far java is the only computer language with security built in. As the platform has grown and widened its range of deployment, the Java security architecture has correspondingly evolved to support an expanding set of services. Today the architecture includes a large set of application programming interfaces (APIs), tools, and implementations of commonly-used security algorithms, mechanisms, and protocols. This provides the developer a comprehensive security framework for writing applications & communicates securely on network. It also provides the user or administrator a set of tools to securely manage applications.

The Java security APIs spans a wide range of areas. Cryptographic and public key infrastructure (PKI) interfaces provide the underlying basis for developing secure applications. Interfaces for performing authentication and access control enable applications to guard against unauthorized access to protected resources.
The APIs allow for multiple interoperable implementations of algorithms and other security services.

The Java platform includes a number of providers that implement a core set of security services. It also allows for additional custom providers to be installed. This enables developers to extend the platform with new security mechanisms.
Java virtual machine [JVM] provides three main lines of defense i.e., The Sandbox Model against attack by mallious programs- the class verifier, the class loader & the security manager.


for more info visit.
http://www.enjineer.com/forum