Table of Contents

Foreword by Judy Lin (Executive Vice President, Versign)
Foreword by Joseph Uniejewski (SVP and Chief Technology Officer, RSA Security)
Preface 
Acknowledgments 
About the Authors

Chapter 1:  Security by Default

Business Challenges around Security 
What are the Weakest Links? 
The Network Services 
The Host Operating System (OS) 
The Application or Service 
The Impact of Application Security 
Critical Application Security Flaws and Exploits 
The Four W’s 
WHICH applications are we protecting? 
WHO are we protecting the applications from? 
WHERE should we protect them? 
WHY are we protecting them ? 
Strategies for Building Robust Security 
Unified Process for Security Design 
Design Patterns 
Best Practices 
Reality Checks 
Proactive Assessment 
Profiling 
Defensive Strategies 
Recovery and Continuity Strategies 
Proactive and Reactive Security 
The Importance of Security Compliance 
Sarbanes-Oxley Act 
Gramm-Leach-Bliley Act 
HIPPA 
The Children’s Online Privacy Protection Act 
EU Directive on Data Protection 
California’s Notice of Security Breach (1798.29) 
Security Compliance in Other Countries 
The Importance of Identity Management 
Identity Provisioning Services 
Identity Data Synchronization Services 
Access Management Services 
Federation Services 
Directory Services 
Auditing and Reporting Services 
Secure Personal Identification 
Smart Card Identity 
Biometric Identity 
RFID-Based Identity 
The Importance of Java Technology 
Security in the Java Platform 
Making Security a “Business Enabler” 
Case 1 – Justifying Identity and Access Management 
Case 2 – Justifying Proactive Security Approaches 
Case 3 – Justifying Security Compliance 
Summary 
References

Chapter 2:  Basics of Security

Security Requirements and Goals 
Confidentiality 
Integrity 
Authentication 
Authorization 
Non-repudiation 
The Role of Cryptography in Security 
Cryptographic Algorithms 
The Role of Secure Sockets Layer (SSL) 
The Importance and Role of LDAP in Security 
The Role of LDAP in J2EE 
Common Challenges in Cryptography 
Random Number Generation 
Key Management 
Certificate Revocation Issues 
Trust Models 
Threat Modeling 
Identity Management 
Single Sign-on (SSO) 
Federated SSO 
Summary 
References 

Chapter 3:  The Java 2 Platform Security

Java Security Architecture

The Java Virtual Machine (JVM)

The Java Language

Java Built-in Security Model

Java Applet Security

Signed Applets

Java Web Start Security

Java Security Management tools

Java Keystore

Keytool

Policytool

Jarsigner

J2ME Security Architecture

J2ME Configurations

J2ME Profiles

MIDlet Security

Java Card Security Architecture

Understanding Smart Cards

Java Card Technology in Smart Cards

Java Card Platform Security Model

Java Card Applets

Securing the Java Code

Reverse Engineering: Disassembling and Decompiling

Code Obfuscation

Summary

References

Chapter 4:  Java Extensible Security Architecture & APIs

Java Extensible Security Architecture 
Java Cryptography Architecture (JCA) 
JCA Cryptographic Services 
Understanding JCA API Programming Model 
Java Cryptographic Extensions (JCE) 
JCE Cryptographic Service Provider 
Understanding the JCE API Programming Model 
JCE Hardware Acceleration and Smart Card Support 
Using Smart Cards as Java Key Stores 
Strong vs. Unlimited Strength Cryptography 
Java Certification Path API (CertPath) 
Java CertPath – Classes & Interfaces 
Java CertPath API Programming Model 
Java Secure Socket Extension (JSSE) 
JSSE Provider (SunJSSE) 
JSSE Classes and Interfaces 
Understanding the JSSE API Programming Model 
Java Authentication and Authorization Service (JAAS) 
JAAS Classes and Interfaces 
Understanding the JAAS API Programming Model
Implementing a JAAS LoginModule 
Java Generic Secure Services API (JGSS) 
Comparing JGSS with JSSE and JAAS 
Simple Authentication and Security Layer (SASL) 
Java SASL 
Summary 
References

Chapter 5:   J2EE Security Architecture

J2EE Architecture & Its Logical Tiers 
J2EE Security Definitions 
J2EE Security Infrastructure 
J2EE Container-Based Security 
Declarative Security 
Programmatic Security 
J2EE Authentication 
Protection Domains 
J2EE Authorization 
Java Authorization Contract for Client Containers (JACC) 
Transport Layer Security 
J2EE Component/Tier-Level Security 
Users, Groups, Roles, and Realms 
Web- or Presentation-Tier Security 
Web tier authentication mechanisms
Using JAAS for Web-tier Authentication
Using Agent based Web-tier Authentication
Single Sign-On Authentication for Web Applications
HTTP Session Tracking, Cookies and URL Rewriting
Web-Tier Authorization mechanisms
J2EE Client Security 
HTTPS Connection
Implementing JAAS Client Callbacks
Secure J2ME Clients
EJB Tier or Business Component Security 
EJB Declarative Authorization 
EJB Programmatic Authorization 
Anonymous or Unprotected EJB Resources 
Principal Delegation in EJBs 
EIS Integration Tier
Securing J2EE Connector and EIS 
Securing JMS 
Securing JDBC 
J2EE Architecture - Network Topology 
Designing for Security with Horizontal Scalability 
Designing for Security with Vertical Scalability 
J2EE Web Services Security – Overview 
Summary 
References

Chapter 6:  Web Services Security – Standards and Technologies

Web Services Architecture and its Building Blocks 
Web Services Operational Model 
Core Web Services Standards 
Web Services Communication Styles 
Web Services Security – Core Issues 
Web Services – Threats, Vulnerabilities and Risks 
Web Services Security Requirements 
Authentication 
Authorization and Entitlement
Auditability and Traceability 
Data Integrity 
Data Confidentiality 
Non-repudiation 
Availability and Service Continuity 
Single Sign-on and Delegation 
Identity and Policy Management 
Security Interoperability 
Web Services Security Standards 
XML Signature
Motivation of XML Signature 
The Anatomy of XML Signature 
Algorithms 
XML Signature Examples 
Creating an XML Signature 
Verifying and Validating an XML Signature 
XML Encryption 
Motivation of XML Encryption 
The Anatomy of XML Encryption 
XML Encryption Algorithms 
XML Encryption: Example Scenarios 
XML Key Management System (XKMS) 
Motivation of XKMS 
XKMS Specification Overview 
XML Key Information Services (X-KISS) 
XML Key Registration Service (X-KRSS) 
X-BULK 
XKMS Service Security Considerations 
OASIS Web Services Security (WS-Security) 
Motivation of WS-Security 
WS-Security Definitions 
Using Digital Signatures in WS-Security 
Using Encryption in WS-Security 
Using Security Tokens in WS-Security 
WS-Security: The Anatomy of SOAP Message Security 
WS-I Basic Security Profile 
Java-based Web services Security Providers 
Sun JWSDP 
Sun Java System Access Manager 
VeriSign TSIK and XKMS Services 
RSA BSAFE Secure-WS 
XML-Aware Security Appliances 
XML Firewall 
Summary 
References

Chapter 7:   Identity Management Standards and Technologies

Identity Management – Core Issues 
Understanding Network Identity and Federated Identity
The Importance of Identity Management 
Introduction to SAML 
The Motivation of SAML 
The Role of SAML in SSO 
SAML 1.0 
SAML 1.1 
SAML 2.0 
SAML Profiles 
SAML Architecture 
SAML Assertions 
SAML Domain Model 
SAML Architecture 
Policy Enforcement Point 
Policy Administration Point 
SAML Request-Reply Model 
SAML Authentication Assertion 
SAML Attribute Assertion 
SAML Authorization Decision Assertion 
XML signatures in SAML 
SAML Usage Scenarios 
Security Threats and Countermeasures
The Role of SAML in J2EE-based Applications and Web Services
Introduction to Liberty Alliance and their Objectives
Liberty Phase 1 
Liberty Phase 2 
Liberty Alliance Architecture 
Relationships 
Web Redirection 
Web Services 
Meta-Data and Schemas 
Security Mechanisms 
Liberty Usage Scenarios 
Federation Management 
Liberty Single Sign-on 
Federated Single Sign-on 
Global Logout 
Example - SAML and Liberty Using Sun Java System Access Manager
The Nirvana of Access Control and Policy Management 
IETF Policy Management Working Group 
Distributed Management Task Force (DMTF) 
Parlay Group 
Enterprise Privacy Authorization Language (EPAL) 
Web Services Policy – WS-Policy and WSPL
Introduction to XACML 
XACML 2.0
XACML Data Flow and Architecture 
XACML Architecture 
XACML Usage Scenarios 
Policy Store 
Centralizing Security Policy for Web Services Security 
Collaborating with SAML 
ebXML Registry 
Example - XACML Using Sun's XACML Kit 
Sample Scenario 
Sample Request 
Sample Policy 
Use of XACML 2.0 with SAML 2.0 
Summary 
References 

Chapter 8:  The Alchemy of Security Design: Methodology, Patterns, and Reality Checks

The Rationale 
The Security Wheel 
Secure UP 
Secure UP - Artifacts 
Risk Analysis (RA) 
Trade-off Analysis (TOA) 
Security Patterns 
Understanding Existing Security Patterns 
Security Patterns for J2EE, Web Services, Identity Management, and Service Provisioning 
Security Patterns Catalog 
Security Patterns and their Relationships 
Patterns-Driven Security Design 
Security Design Processes 
Policy Design 
Classification and Security Labeling
Application Security Assessment Model 
Reality Checks 
Security Testing 
Black Box Testing 
White Box Testing 
Adopting a Security Framework 
Application Security Provider 
Refactoring Security Design 
Service Continuity and Recovery 
Conclusion 
References 
Unified Process 
Security Principles 
Security Patterns 
Others

Chapter 9:   Securing the Web Tier: Design Strategies and Best Practices

Web-tier Security Patterns 
Authentication Enforcer 
Authorization Enforcer 
Intercepting Validator 
Secure Base Action 
Secure Logger 
Secure Pipe 
Secure Service Proxy 
Intercepting Web Agent 
Best Practices and Pitfalls 
Infrastructure 
Communication 
Application 
References 

Chapter 10:   Securing the Business Tier: Design Strategies and Best Practices

Security Considerations in the Business Tier 
Business Tier Security Patterns 
Audit Interceptor 
Container Managed Security 
Dynamic Service Management 
Obfuscated Transfer Object 
Policy Delegate 
Secure Service Façade 
Secure Session Object 
Best Practices and Pitfalls 
Infrastructure 
Architecture 
Policy 
Pitfalls 
References 

Chapter 11:   Securing Web Services: Design Strategies and Best Practices

Web Services Security Protocols Stack 
Network-Layer Security 
Transport-Layer Security 
Message-Layer Security 
Web Services Security Infrastructure 
Network Perimeter Security 
XML Firewall 
Web Services Infrastructure 
Identity Provider 
Directory Services 
Web Services Security Patterns 
Message Interceptor Gateway 
Message Inspector 
Secure Message Router 
Best Practices and Pitfalls 
Best Practices 
Pitfalls 
References 

Chapter 12:   Securing the Identity: Design Strategies and Best Practices

Identity Management Security Patterns 
Assertion Builder Pattern 
Single Sign-on (SSO) Delegator Pattern 
Credential Tokenizer Pattern 
Best Practices and Pitfalls 
Best Practices 
Pitfalls 
References 

Chapter 13:    Secure Service Provisioning: Design Strategies and Best Practices

Business Challenges 
Scope of Service Provisioning 
Relationship with Identity Management 
A Typical Scenario of User Account Provisioning 
Current Approaches to User Account Provisioning 
User Account Provisioning Architecture 
Centralized Model versus Decentralized Model 
Logical Architecture 
Portal Integration 
Integrating with an Identity Provider Infrastructure 
Other Integration Capability 
Differentiators for Service Provisioning Products 
Introduction to SPML 
Service Provisioning Operations 
Features in SPML 
Adopting a SAML implementation 
Service Provisioning Security Pattern 
Password Synchronizer Pattern 
Related Patterns 
Best Practices and Pitfalls 
Application Design 
Quality of Service 
Server Sizing Consideration 
Security Risk Mitigation 
Summary 
References 
General 
Some Security Service Provisioning Vendors
Some Password Management or Password
Synchronization Vendor Products

Chapter 14:   Building End-to-End Security Architecture: A Case Study

Overview
Understanding the Security Challenges 
Assumptions 
Use Case Scenarios 
Choosing the Right Methodology 
Identifying the Requirements
Identifying the Security Requirements 
System Constraints 
Security Use Cases 
System Environment 
Application Architecture
Conceptual Security Model 
Security Architecture 
Risk Analysis and Mitigation 
Trade-Off Analysis (TOA) 
Applying Security Patterns 
Security Architecture – Detailed Components 
Design 
Policy Design 
Factor Analysis 
Security Infrastructure 
Tier Analysis 
Trust Model 
Threat Profiling 
Security Design 
Development 
Unit and Integration Testing 
Testing 
White Box Testing 
Black Box Testing 
Deployment 
Configuration 
Monitoring 
Auditing 
Summary 
Lessons Learned 
Pitfalls 
Conclusion 
References 

Chapter 15:    Secure Personal Identification Strategies: Using Smart Cards and Biometrics

Physical and Logical Access Control 
The Role of Smart Cards in Access Control
The Role of Biometrics in Access Control 
Enabling Technologies 
Java Card API 
Global Platform 
PC/SC Framework 
OpenCard Framework (OCF) 
OpenSC 
BioAPI 
Pluggable Authentication Module (PAM) 
Graphical Identification and Authentication (GINA) 
Java Authentication and Authorization Service (JAAS) 
Smart Card-Based Identification and Authentication 
Architecture and Implementation Model 
Operational Model 
Using Smart Cards for Physical Access Control 
Biometric Identification and Authentication 
Understanding the Biometric Verification Process 
Accuracy of a Biometric Verification Process 
Architecture and Implementation
Operational Model 
Biometric SSO Strategy 
Multi-factor Authentication Using Smart Cards and Biometrics 
Match-on-the-Card Biometrics Strategy 
Match-off-the-Card Biometrics Strategy 
Best Practices and Pitfalls 
Using Smart Cards 
Using Biometrics 
Pitfalls
References
About Us | Copyright Notice | Contact Us | ©2005 Core Security Patterns - All rights reserved