Securing Java

Previous Page
Previous Page


Abadi, M., Burrows, M., Lampson, B., and Plotkin, G. (1993) A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15(4):706-734, September 1993.

Anderson, R. and Kuhn, M. (1996) Tamper resistance-a cautionary note. In The Second USENIX Workshop on Electronic Commerce Proceedings, pages 1-11. Also available on the Web at

Badger, L. and Kohli, M. (1995) Java: Holds great potential-but also security concerns. Data Security Letter, 3:12-15. The Data Security Letter (DSL) is published by Trusted Information Systems (TIS).

Boneh, D., DeMillo, A., and Lipton, R. (1997) On the Importance of checking cryptographic protocols for faults. In W. Funny (ed) Advances in Cryptology-Eurocrypt'97, Volume 1233 of Lecture Notes in Computer Science, pages 37-51, Springer-Verlag. Also available on the Web at

CERT (1996a) CA-96.05: Java applet security manager. See URL

CERT (1996b) CA-96.07: Java Security bytecode verifier. See URL

Daconta, M. (1996) Java for C++ Programmers. John Wiley & Sons, New York.

Dean, D., Felten, E., and Wallach D. (1996) Java Security: From Hotjava to Netscape and beyond. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, Oakland, CA.

Dean, D. (1998) Formal Aspects of Mobile Code Security. Ph.D. dissertation, Department of Computer Science, Princeton University.

Drossopoulou, S. and Eisenbach, S. (1998) Towards an Operations Semantics and Proof of Type Soundness for Java. A technical paper to be included in an as yet unnamed book. Available on the Web on-line at

Erdos, M., Hartman, B., and Mueller, M. (1996) Security Reference Model fo the Java Developer's Kit 1.0.2. Available from Sun Microsystems and also as a Web document on-line at

Fellisen, M. and Friedman, D. (1998) A Little Java, A Few Patterns. MIT Press, Cambridge, MA.

Felten, E., Balfanz, D., Dean, D., and Wallach, D. (1997) Web Spoofing: An Internet con game. In Proceedings of the 20th National Information Systems Security Conference, Baltimore, MD. An early version appeared as technical report 540-96 (revised), Department of Computer Science, Princeton University.

Flanagan, D. (1997) Java in a Nutshell, second edition. O'Reilly & Associates, Sebastopol, CA.

Flanagan, D. (1997) Java Examples in a Nutshell. O'Reilly & Associates, Sebastopol, CA.

Friedman, D., Wand, M., and Haynes, C. (1992) Essentials of Programming Languages. MIT Press/McGraw-Hill, Cambridge, MA.

Garfinkel, S. And Spafford, G. (1996) Practical Unix & Internet Security, second edition. O'Reilly & Associates, Sebastopol, CA.

Ghosh, A. (1998) E-Commerce Security: Weak Links, Best Defenses. John Wiley & Sons, New York.

Gong, L., Mueller, M., Prafullchandra, H., and Schemers, R. (1997) Going Beyond the Sandbox: An overview of the new security architecture in the Java Development Kit 1.2. In Proceedings of the USENIX Symposium on Internet Technologies and Systems. Monterey, CA.

Gong, L. and Schemers, R. (1998) Implementing Protection Domains in the Java Development Kit 1.2. In Proceedings of the Internet Society Symposium on Network and Distributed System Security, San Diego, CA.

Hastings, R. and Joyce, B. (1992) Purify: Fast detection of memory leaks and access errors. In Proceedings of the Winter USENIX Conference, ACM Press.

Horstmann, C. and Cornell, G. (1997) Core Java Volume I--Fundamentals. SunSoft Press, Mountain View, CA.

Hughes, L.J. (1995) Actually Useful Internet Security Techniques. New Riders, Indianapolis.

Hughes, M., Shoffner, M. and Winslow, M. (1997) Java Network Programming. Manning.

ISO7816 (1987) International Standards Organization, International Standard ISO 7816-1 through 7816-6 "Identification cards-Integrated circuit(s) cards with contacts". Available through ISO, New York.

LaDue, M. (1996) Java Security: Whose business is it? Published by Online Business Consultants and available as a Web document on-line at

Lewis, T. (1996) What's wrong with Java? IEEE Software, 29(6):8. Lewis's letter to the editor was in response to Java criticism originally printed by him in The NC phenomena: Scenes from your living room, IEEE Software, 29(6):8-10.

Lewis, T. (1998) Java Holy War '98. IEEE Computer, 31(3):126-128.

Macgregor, R., Durbin, D., Owlett, J. and Yeomans, A. (1998) Java Network Security. Prentice Hall, Saddle River, NJ.

Martin, D., Rajagopalan, S, and Rubin, A. (1997) Blocking Java Applets at the Firewall. Proceedings of the 1997 Network and Distributed System Security Symposium. San Diego, March 1997. Also available on the Web at

McGraw, G. and Felten, E. (1996) Java Security: Hostile Applets, Holes, and Antidotes. John Wiley & Sons, New York. (The first edition of this book.)

McGraw, G. (1998) Testing for security during development: why we should scrap penetrate and patch. IEEE Aerospace and Electronic Systems, 13(4):13-15, April 1998.

Neumann, P. (1995) Computer Related Risks. Addison-Wesley, Reading, MA.

Oaks, S. (1998) Java Security. O'Reilly & Associates, Sebastopol, CA.

Rubin, A, Geer, D. and Ranum, M. (1997) The Web Security Sourcebook. John Wiley & Sons, New York

Schneier, B. (1995) Applied Cryptography: Protocols, Alogorithms, and Source Code in C. John Wiley & Sons, New York. Second edition.

Shimomura, T. and Markoff, J. (1996) Takedown: The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw-By the Man Who Did It. Hyperion, New York.

Spafford, E. (1989) The Internet worm program: An analysis. Computer Communications Review, 19(1):17-57.

Stata, R. and Abadi, M. (1998) A type system for Java bytecode subroutines. In Proceedings of the 25th ACM Symposium on Principles of Programming Languages, pages 149-160, January 1998.

Sun Microsystems (1995) The Java language: An Overview. Available from Sun and also as a Web document on-line at

Sun Microsystems (1996b) The Java Virtual Machine specification. Web document at URL Available as a book by Lindholm and Yellin from Adison-Wesley.

Sun Microsystems (1996c) Low-level security in Java. Web document at URL by Frank Yellin.

Sun Microsystems (1997) Java card 2.0 programming concepts revision 1.0 final. Web document at URL

Venners, B. (1998) Inside the Java Virtual Machine. McGraw-Hill. New York.

Voas, J. and McGraw, G. (1998) Software Fault Injection: Inoculating Programs Against Errors. John Wiley and Sons. New York. See the Web site at

Wallach, D., Balfanz, D., Dean, D. and Felten, E. (1997) Extensible Security Architectures for Java. In Proceedings of the 16th Symposium on Operating Systems Principles (Saint-Malo, France), October, 1997.

Wallach, D. and Felten, E. (1998) Understanding Java Stack Inspection. In Proceedings of the 1998 IEEE Symposium on Security and Privacy, Oakland, CA.

Wallach, D. (1998) A New Approach to Mobile Code Security. Ph.D. dissertation, Department of Computer Science, Princeton University.

Young, Boebert, and Kain (1985) Article in an IEEE Tutorial on Computer Network Security. IEEE Press.

Web sites Referenced in the Text

All of the following links can be found on a page of the companion Web site for this book at

Chapter 1
Don't Push Me: The Security Implications of Push. TechFocus article by Gary McGraw.

Java Developer's Kit (JDK) available free from Javasoft. Also other official Java information.

Javasoft's Frequently Asked Questions: Applet Security

Security Tradeoffs: Java versus ActiveX. Princeton Safe Internet Programming FAQ. Also see Appendix A.

JavaScript Problems I've Discovered. John LoVerso's JavaScript Security site., an on-line publication for Java developers.

JavaWorld, an on-line publication for Java enthusiasts and developers.

MindQ, an on-line training company specializing in Java.

Yahoo! An excellent starting point for Web surfing. A large Web index.

AltaVista. One of the top search engines on the Web.

Java Security Hotlist. Also see Appendix B.

Princeton's Secure Internet Programming Team. Includes the Java Security FAQ.

The Java Books list. An extensive list of all books published about Java (way too many).

The Java Security Web Site. This book's companion Web site. Includes the Java Security Hotlist.

Chapter 2
The Hostile Applets Home Page, a collection of hostile applets written by Mark LaDue.

Chapter 3
Understanding Java Stack Inspection by Wallach and Felten.

Sun's document explaining the security API change.

Chapter 4
The Hostile Applets Home Page

DigiCrime (disable Java and JavaScript before you surf this site)

The Java Security Hotlist: Hostile Applets and Other Toys

Digicrime's Blue Screen of Death page.

The actual byte code of the bluescreen applet.

Ahpah Software makes the SourceAgain decompiler.

Earthweb's Java applet database. Sun Microsystem's Frequently Asked Questions - Java Security

Princeton's Java Security: Frequently Asked Questions (included as Appendix A)

Princeton's Security Tradeoffs: Java vs. ActiveX (included as Appendix A)

The Java Security Web Site, companion Web site for this book

Chapter 5
An archive of the security-related bugtraq archive

Javasoft's Frequently Asked Questions: Java Security

Princeton Secure Internet Programming Team's Java Security FAQ. Also see Appendix A.

Major Malfunction and Ben Laurie explain the security holes they discovered

Princeton's Secure Internet Programming Team

University of Washington's Kimera Project

Type safety problems discovered in Sun's Verifier by the Kimera Project

Ben Mesander's applet WhereDoYouWantToGoToday

Chapter 6
Princeton's seminal paper, Java Security: From HotJava to Netscape and Beyond

Formalizing the JVM at Computational Logic, Inc.

Javasoft's Security Reference Model for JDK 1.0.2

The Jasmin byte code assembler

Ahpah Software sells the SourceAgain Java Decompiler

Finjan Software, Ltd.

Mark LaDue takes on Finjan

Mark LaDue takes on Finjan again




Cult of the Dead Cow produces the Back Orifice exploit


Princeton Secure Internet Programming Team's Java Filter Class Loader

International Computer Security Association

Marcus Ranum discusses firewall certification

Mark LaDue's Hostile Applet Mutation Generator

Chapter 7
The Java Security Web Site, companion site for this book

The Java Security Hotlist

Sun's Java Security FAQ

Martin et al.'s paper Blocking Java Applets at the Firewall

Chapter 8
Gemplus: JavaCard and GemXpresso

Schlumberger: Cyberflex

Javasoft: Java Card Technology, specifications for Card Java can be found here

Boneh, DeMillo, and Lipton's On the Importance of Checking Cryptographic Protocols for Faults

Anderson and Kuhn's Tamper Resistance-A Cautionary Note

Crptography Research, Inc. information on Differential Power Analysis

Previous Page
Previous Page

The Web


Menu Map -- Text links below

Chapter... Preface -- 1 -- 2 -- 3 -- 4 -- 5 -- 6 -- 7 -- 8 -- 9 -- A -- B -- C -- Refs
Front -- Contents -- Help

Copyright ©1999 Gary McGraw and Edward Felten.
All rights reserved.
Published by John Wiley & Sons, Inc.