Introduction
Java’s functionalities as a programming language have increased tremendously. The current version releases have enhanced the functionalities of the program by including new features. These new features enable a user to build up and set up java application programs that run on desktops and servers. The latest versions of java platforms have enabled the development of Java programs that maintain compatibility, stability and quality; they also compromise the ease of development theme. Latest java platforms have enabled the integration of web services which enable developers to generate web pages using java applets. Latest Java platforms have not only enhanced management but have also enhanced serviceability and also increased developer productivity.
Improvement of security features has been a major concern in developing new java platforms. Java security mainly includes two aspects. First is the provision of the Java platform as a secure, ready-built platform on which to run java enabled applications in a secure fashion. The second aspect is the provision of security tools and services implemented in the Java programming language that enable a wide range of security-sensitive applications.
Java architecture
Java covers a lot of security concerns in its various mechanisms one of the mechanisms is its java APIs such as JCE, JCA and many others. Java also provides policies that control access to system files ports and printers by java applications. Because java is extensible, for it to conform to the additional needs of organizations java platforms need to support the development of application programs that will fully satisfy organizations.
The sandbox is the name which refers to the java security model. The sandbox importance is to provide local code with trust to gain access to important system resources while remote code which is down loaded is not trusted and will only access limited resources existing in the sandbox. The model of the sandbox was developed through the java development kit (JDK). The sandbox was then adopted by java application programs built with the JDK 1.0 platform.
There exist several mechanisms which enforce security. One of the mechanisms is designing of the language to allow easy usage and type safe. The possibility of a developer making mistakes is minimized unlike other programming languages like C or C++. Safe code is enabled through garbage collection, managing of memory and array and string changing.
Evolving sandbox
The java 2 platform has increased many purposes. Some of the changes include fine grained access control, configurable security policy which is done with a lot of ease, extension on access control structure and lastly security checks for all java programs that is both applications and java applets.
Java Security Features
Java ensures that only legitimate java code is executed by providing an automatic garbage collection, increase on the robustness of application code and a secure class loading and verification mechanism.
The java secondary architecture comprises substantial number of Application Programming Interfaces (APIs), apparatuses as well as components of security algorithms that are used frequently, including mechanisms and protocols that equip the “Java software developer with a compressive framework for writing applications and also provide the user or administrator with a set of tools to securely manage applications”. Cryptographic and public key infrastructure (PKI)
Interfaces offer the platform within which to construct applications that are fully secure. The java design also makes available interfaces for authenticating and controlling applications that enable java developed applications secure protected resources against any foreign intrusions.
The API allows for compound execution of algorithms including other vital security features. Services are executed in providers that are generally hooked into the Java platform through an ordinary interface that effortlessly enable the applications to acquire security services without necessarily understanding about their implementations. This allows developers to focus on how to integrate security into their applications, rather than on how to actually implement complex security mechanisms (Doug 49).
The Java platform also allows for additional custom providers to be installed which in many ways is helpful to the developers because they are able to extend the platform with unique and newer mechanisms. Some of the security features present in Java platform include.
Java language security and Byte code verification
Java language provides automatic memory management, garbage collection and range checking on arrays. This reduces the amount of code used by developers which in turn reduces programming errors and encourages the development of safe and robust code.
The “java language defines access modifiers such as private, public and protected which can be assigned to java classes, methods, and fields to enable software developers restrict access to there class implementations as appropriate”. Public allows access to anyone. However in private access instance, access is denied for any outsider who is not a private member. Also the modifier that is protected allows admission to any category “or to other classes within the same package” (ibid). The Package-level access only gives admission to those classes that are within similar packages.
During the execution of a java program, a compiler will translate the java program into a machine independent code representation known as byte code. A byte code verifier ensures that the byte codes are in agreement to the java language specification and “do not violate java language rules or namespace restrictions” (ibid). The byte code verifier also checks any form of “memory management violations, stack underflows or overflows, and illegal data typecasts. Once byte codes have been verified, the Java runtime prepares them for execution” (Doug 34).
Authentication and authorization
Authentication in java platform refers to the procedure of determining the characteristics of a user of a java application program. The java platform provides API which “enables an application perform user authentication”. The class that is used for authentication is called Login Context class. “Applications call into this class which in turn references a configuration.” (www.java.sun.com)
The configuration component denotes the login module that will be utilized to perform the actual authentication. It is a security feature provided by the java platform it ensures that users of an application only access files that they have been authorized to access, authorization also ensures that an application user does not perform certain functions on a file that he is not supposed to.
Cryptography
Cryptography as one of the security features in Java refers to the he art of protecting information by transforming it into an unreadable format, called cipher text. It includes APIs that provides many services which include; message digest algorithms, symmetric bulk encryption, password based encryption, key generators, message authentication codes and random number generators (Ken & James 86).
Public key infrastructure
This is generally defined as a security feature that enables a more safe exchange of information based on the public key cryptography. PKI allows the identities of people, organizations, etc. “to be bound to digital certificates and provides a means of verifying the authenticity of certificates”. “PKI includes keys, certificates, public key encryption, and trusted Certification Authorities who generate and digitally sign certificates (Ken & James 86).
Java 2 Platform Security Model
The java 2 platform (java 5.0 and java 6.0 versions) security model entails an uncomplicated “idea which is to make all code run under a security policy that grants different amounts of privilege to different programs”. “Java 2 code running on the new java virtual machines can be granted special permissions and have its access checked against policy as it runs” (ibid). Policy is the cornerstone of the system. Policy can be set by the user or the administrator and is presented in a class known as java Security Policy. Enabling users to set policies is a major setback because they are bound to make mistakes.
This problem is tackled by categorizing executable code based on its uniform resource locater (URL) and the private keys used to sign the code. The security policy charts a “set of access permissions to code characterized by particular origin/signature information” (ibid). Then the Protection domains can be fashioned when “required and are tied to code with particular Code Base and Signed By properties”.
The security design has the potentials that are not available in the previous java versions. One of the strengths is the “smooth access which refers to the capability to specify code with proper permissions e.g., an applet signed by a trusted key might be allowed to open network connections in a systematic way. “The other capability enabled by the java 2 platform is the configurable security policy which refers to the ability for application builders and users to configure and manage complex security policies”. Lastly java 2 platform provides security checks for all java programs this is a departure from the previous context that all java code should be trusted.
The features that we have stated above are present in previous java platforms because java is a powerful programming language and it has always offered powerful, complex, configurable, extensible security policies that are based on fine grained access control. What java 2 has generally done is to enable users and java developers who may not have extensible knowledge about java to be able to implement security features provided by Java.
Works Cited
Ken Arnold and James Gosling: The java programming language sun Microsystems press 1998. 81-100.
Doug Lea: Java design principles and patterns Addison-Wesley. 1999, 26-52.