Bibliography

 

Books and Articles:

 

  1. Chris Hawblitzel, C.-C. C., Grzegorz Czajkowski, Deyu Hu, and Thorsten von Eicken (1998). Implementing Multiple Protection Domains in Java. USENIX Annual Technical Conference, New Orleans.

An example of extending JavaÕs sandbox model to enhance the security of applets

 

  1. Gary McGraw, E. F. Twelve rules for developing more secure Java code. 2004.

The basis of my project, a brief article detailing the basic java security problems

                  http://www.javaworld.com/javaworld/jw-12-1998/jw-12-securityrules.html

 

  1. Gary McGraw, E. F. (1999). Securing Java: Getting Down to Business with Mobile Code, Wiley.

An extensive look at all aspects of Java security, from both the users and programmers p.o.v.

http://www.securingjava.com/

 

  1. Gutschmidt, T. Securing Java Code: Part 1. 2004.

Outline of a corporate policy to promote secure java programming http://www.developer.com/java/article.php/741921

 

  1. J. Steven Fritzinger, M. M. (1996). Java Security, Sun Microsystems, Inc.

The basic outline of the java security model

 

  1. John Viega, G. M., Tom Mutdosch, Edward W. Felten (2000). "Statically Scanning Java Code: Finding Security                Vulnerabilities." IEEE Software: 68-74.

An expanded version of [2] with information on static analysis

 

  1. Kalinovsky, A. (2004). Covert Java, Sams.

A detailed look at the system of decompiling Java byte code and other methods to compromise java programs

 

  1. McGraw, G. (1998). Priviledged code in Java.

Explanation of the Priviledged code API and its use in Java programming

                  http://www.developer.com/java/other/article.php/604131

 

  1. McGraw, G. (2004). "Software Security." IEEE Security & Privacy.

A look at the design process for developing secure software

 

  1. Nolan, G. (2004). Decompiling Java, APress.

A good source for information on decompiling Java byte code

 

  1. S. Doyon, M. D. (2000). "On object initialization in the Java bytecode." Computer Communications(23): 1594-1605.

A look at the process of object initialization from a low level perspective

 

  1. Skrien, D. (&&&).  Intro to OOD. ***

An introduction to programming with an Object Oriented approach

 

Websites:

 

  1.  Sun MicroSystems. Java Security Architecture. 2004.

The up-to-date outline of Java security procedures

http://java.sun.com/security/index.jsp

 

  1.  Sun MicroSystems. Security in Object Serialization. 2004.

Security concerns when using the serialization API

http://java.sun.com/j2se/1.3/docs/guide/serialization/spec/security.doc3.html

 

  1. Sun MicroSystems.  Serialization Specification. 2004.

The outline of the serialization API

http://java.sun.com/j2se/1.5.0/docs/guide/serialization/spec/serialTOC.html

 

  1. Sun MicroSystems.  Java Security Architecture 1.5. 2004.

The security architecture in Java 1.5

http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-specTOC.fm.html

 

  1. Sun MicroSystems.  Applet Security. 2004.

FAQ on applet security and privileges

http://java.sun.com/sfaq/

 

  1. Sun MicroSystems. Handling Errors with Exceptions. 2004.

A general look at the proper use of exceptions to deal with errors generated in java code

http://java.sun.com/docs/books/tutorial/essential/exceptions/

 

  1. Sun MicroSystems.  Reflection. 2004

Overview of the Reflection API

http://java.sun.com/j2se/1.3/docs/guide/reflection/

 

  1. Sun MicroSystems.  Working with XML. 2004.

A general look at the use of the JAXP XML package in Java

http://java.sun.com/xml/jaxp/dist/1.1/docs/tutorial/index.html

 

  1. Sun MicroSystems.  Java Architecture for XML Binding (JAXB). 2004.

The overview of the JAXB XML package in Java

http://java.sun.com/developer/technicalArticles/WebServices/jaxb/index.html

 

  1. Sun MicroSystems.  Overview of the JNI. 2004.

A look at use of the Java Native Interface API

http://java.sun.com/docs/books/tutorial/native1.1/concepts/index.html

 

  1. Sun MicroSystems. Cloning Objects. 2004.

A look at the Cloneable API

                  http://java.sun.com/developer/JDCTechTips/2001/tt0306.html

 

  1. Tech FAQ. How can I find security vulnerabilities in my source code? 2004.

A list of security scanners for C/C++ code

http://corky.net/2600/computers/source-code-security-vulnerabilities.shtml