Bibliography
Books and Articles:
- Chris
Hawblitzel, C.-C. C., Grzegorz Czajkowski, Deyu Hu, and Thorsten von
Eicken (1998). Implementing Multiple Protection Domains in Java. USENIX
Annual Technical Conference, New Orleans.
An example of extending JavaÕs sandbox
model to enhance the security of applets
- Gary
McGraw, E. F. Twelve rules for developing more secure Java code. 2004.
The basis of my project, a brief article detailing the basic java security
problems
http://www.javaworld.com/javaworld/jw-12-1998/jw-12-securityrules.html
- Gary
McGraw, E. F. (1999). Securing Java: Getting Down to Business with Mobile
Code, Wiley.
An extensive look at all aspects of Java security, from both the users and
programmers p.o.v.
- Gutschmidt,
T. Securing Java Code: Part 1. 2004.
Outline of a corporate policy to promote secure java
programming http://www.developer.com/java/article.php/741921
- J.
Steven Fritzinger, M. M. (1996). Java Security, Sun Microsystems, Inc.
The basic outline of the java security model
- John
Viega, G. M., Tom Mutdosch, Edward W. Felten (2000). "Statically
Scanning Java Code: Finding Security Vulnerabilities."
IEEE Software: 68-74.
An expanded version of [2] with information on static analysis
- Kalinovsky,
A. (2004). Covert Java, Sams.
A detailed look at the system of decompiling Java byte code and other
methods to compromise java programs
- McGraw,
G. (1998). Priviledged code in Java.
Explanation of the Priviledged code API and its use in Java programming
http://www.developer.com/java/other/article.php/604131
- McGraw,
G. (2004). "Software Security." IEEE Security & Privacy.
A look at the design process for developing secure software
- Nolan,
G. (2004). Decompiling Java, APress.
A good source for information on decompiling Java byte code
- S.
Doyon, M. D. (2000). "On object initialization in the Java
bytecode." Computer Communications(23): 1594-1605.
A look at the process of object initialization from a low level perspective
- Skrien,
D. (&&&). Intro
to OOD. ***
An introduction to programming
with an Object Oriented approach
Websites:
- Sun MicroSystems. Java Security
Architecture. 2004.
The up-to-date outline of Java security procedures
http://java.sun.com/security/index.jsp
- Sun MicroSystems. Security in
Object Serialization. 2004.
Security concerns when using the serialization API
http://java.sun.com/j2se/1.3/docs/guide/serialization/spec/security.doc3.html
- Sun
MicroSystems. Serialization
Specification. 2004.
The outline of the serialization API
http://java.sun.com/j2se/1.5.0/docs/guide/serialization/spec/serialTOC.html
- Sun
MicroSystems. Java Security
Architecture 1.5. 2004.
The security architecture in Java 1.5
http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-specTOC.fm.html
- Sun
MicroSystems. Applet
Security. 2004.
FAQ on applet security and privileges
http://java.sun.com/sfaq/
- Sun
MicroSystems. Handling Errors with Exceptions. 2004.
A general look
at the proper use of exceptions to deal with errors generated in java code
http://java.sun.com/docs/books/tutorial/essential/exceptions/
- Sun
MicroSystems. Reflection.
2004
Overview of the Reflection API
http://java.sun.com/j2se/1.3/docs/guide/reflection/
- Sun
MicroSystems. Working with
XML. 2004.
A general look at the use of the JAXP XML package
in Java
http://java.sun.com/xml/jaxp/dist/1.1/docs/tutorial/index.html
- Sun
MicroSystems. Java
Architecture for XML Binding (JAXB). 2004.
The overview of the JAXB XML package in Java
http://java.sun.com/developer/technicalArticles/WebServices/jaxb/index.html
- Sun
MicroSystems. Overview of the
JNI. 2004.
A look at use of the Java Native Interface API
http://java.sun.com/docs/books/tutorial/native1.1/concepts/index.html
- Sun
MicroSystems. Cloning Objects. 2004.
A look at the Cloneable API
http://java.sun.com/developer/JDCTechTips/2001/tt0306.html
- Tech
FAQ. How can I find security vulnerabilities in my source code? 2004.
A list of security scanners for C/C++ code
http://corky.net/2600/computers/source-code-security-vulnerabilities.shtml