Newsletter sign-up

Sign up for our technology specific newsletters.

Enterprise Java
View all newsletters
Email Address:
JavaWorld.com > Java Development Tools >

Java security evolution and concepts, Part 1: Security nuts and bolts

Learn computer security concepts and terms in this introductory overview

By Raghavan N. Srinivas, JavaWorld.com, 04/28/00

Computing models have changed drastically in the last few decades, and with the changes has come a greater need for application security in large-scale ecommerce and ebusiness systems, as the recent spate of denial of service (DoS) attacks on several popular sites demonstrates. More specific to the Java community, with Java emerging as the de facto standard platform for Internet programming, the ability to securely move Java code around is fundamental.

Java security evolution and concepts: Read the whole series!



This article, the first in a series, will cover the general concepts of computer security and cryptography. Although mobile code is not a revolutionary concept, Java and the Internet present some unique challenges to computer security. The evolution of Java architecture and its impact on security, the different security APIs and tools, and applet security will be covered in the subsequent articles.

This security series does not intend to provide a comprehensive guide to computer security. Computer security is a multifaceted issue touching several disciplines, departments, and cultures. Investments in technologies should be followed up with investments in personnel training, strict policy enforcement, and periodic review of the overall security policy.

Note: See the "Sidebar 1: Crypto Algorithm for the Twenty-first Century" for more on algorithm development and the "Sidebar 2: Does the Length of a Key Matter?" for a discussion on the importance of key length in security.

What is computer security?

To understand what computer security means in general, what security means in everyday life is worth considering. Some of the general rules for security in day-to-day life also apply to computer security, as we'll see.

The limits of computer security

Is there such a thing as absolute computer security? In a word, no. The term secure systems is a misnomer since it implies that systems are either secure or not. Security, in truth, is a trade-off. Given unlimited resources, any form of security can be broken. While more and more resources are becoming available to the attacker, in the real world those resources remain finite. With that in mind, we should design systems in such a way that the cost of breaking them would far outweigh the rewards.

End-to-end security

What is end-to-end security? In a multitier system, each tier should have its own security and work in tandem with the other tiers. Designing security where different systems and middleware come together is quite a challenge. Simply put, system security is only as strong as the weakest link and, unless you consider security from an end-to-end viewpoint, it is subject to being broken.

Simplicity

Will a complex security design work? It might seem that the best way to stop an unauthorized user might be to design a very complex security scheme, but that's not true. Not only will the cost of designing a complex security system be prohibitive, it might be so complex that legitimate users will try to find a way around it. Simple systems, on the other hand, are easier understood and better analyzed.

Good system design requires security

Is it possible to retrofit security? The answer is rarely. Quite often it may be impossible to retrofit security without having to redesign substantial parts of the system. In almost all cases, retrofitting will be very expensive. Therefore, security should never be an afterthought -- it must be an integral part of the system design from the start.

Computer security basics

It's useful to understand what computer security protects against, the respective defense mechanisms, and the different terminologies associated with it.

Threats

Threats -- attacks against computer security -- can be broadly categorized as:

  • Secrecy attacks: Attempts to steal confidential information either by exploiting weaknesses in cryptographic algorithms or by other means.
  • Integrity attacks: Attempts to alter information with some selfish or malicious intent. Integrity attacks, it should be noted, can also be accidental.
  • Availability attacks: Attempts to disrupt a system's normal operations. Availability attacks are also referred to by the recently popularized term, denial of service (DoS) attacks.


Several attacks fall into one or more of the categories mentioned above. Examples include:

  • A brute force attack typically involves searching every key until the right one unlocks the door. While that may seem like an expensive operation, in reality it is possible to preen the search using specialized tools.
  • A Trojan horse attack involves planting an enemy as an insider in such a way that it's not apparently noticeable. A computer virus serves as a common Trojan horse example.
  • A person-in-the-middle attack intercepts communication between two parties without their knowledge. They assume that they're communicating normally.


Other attacks include: birthday attack, dictionary attack, meet-in-the-middle attack, and so on. (For a more comprehensive discussion, see Bruce Schneier's Applied Cryptography in Resources.)

Protections

To shield against security threats, there are a variety of protection mechanisms. Historically, defense mechanisms have involved erecting some sort of a wall or boundary, commonly referred to as a perimeter defense.

Firewalls, a fairly successful example of perimeter defense, separate internal (private) and external (public) networks, and provide a central point of control for a corporate policy. However, firewalls increasingly allow select forms of traffic -- HTTP for example -- to cross over.

A virtual private network (VPN), which provides the same security level as a private network while still using a shared network, serves as another protection example.

Cryptography

Cryptography and cryptanalysis, its related field, concerns itself with the design and analysis of algorithms for encrypting and decrypting information. We'll discuss cryptography's vital relationship to security in the sections below.

Confidentiality

Confidentiality is the process of protecting data from unauthorized use or users. Simply put, it means that only the intended recipient of a message can make sense of it.

If you're exchanging sensitive information with someone else, you want to be absolutely sure that only the intended recipient of the message can make sense of the message and, in the eventuality that it falls into wrong hands, the message becomes effectively useless. Confidentiality is accomplished by some form of cryptographic technique.

Authentication

The authentication process confirms the user's identity. The user could be a software entity or a human. A principal is the party whose identity is verified. Associated with a principal is a set of credentials. Usually, authentication confirms identity by some secret information -- a password, for example -- known only to the user and the authenticator. Beyond passwords, more sophisticated security schemes employ advanced techniques such as smart cards or biometrics (finger printing, retinal scans, and so on) for authentication.

Once authentication is established, access to the user (or generally principal) is governed by the access control mechanisms in force.

Kerberos -- based on keys and encryption -- demonstrates an early authentication technology. It uses timestamps -- sessions remain valid for a defined time period -- to achieve that. To work properly, Kerberos fundamentally assumes that the clocks in a distributed system are synchronized.

Public key infrastructure (PKI), discussed in sections below, represents a more general authentication solution.

The Java Authentication and Authorization Service (JAAS) framework supplements the Java 2 platform with user-based authentication and access control capabilities. JAAS is a standard extension to the Java 2 Software Development Kit, v 1.3.

Integrity

Let's say that you sent an electronic check. When the bank ultimately receives the check, it needs to be sure that the payment amount has not been tampered, a security concept known as integrity.

Nonrepudiation

In the electronic check scenario outlined above, if you indeed sent the check, there ought to be no way you can deny it. Nonrepudiation provides undeniable evidence of actions such as proof of origin of data to the recipient or receipt of data to the sender.

Auditing and logs

Keeping a record of resource access that was granted or denied might be useful for audit purposes later. To that end, auditing and logs serve the useful purposes of preventing a break-in or analyzing a break-in post mortem.

Policy and access control

A security policy focuses on controlling access to protected data. It's important that the security enforcing mechanisms should be flexible enough to enforce the policy. That is referred to as keeping the policy separate from the mechanism. While that decision might be based on authorizing access to a resource based on the identity of principal, it is often easier to administer access control based on roles. Each principal is mapped to a unique role for the purposes of access control. It is often implemented as a list or matrix enumerating the access that different users/roles have to the different protected resources.

Resources