This course examines security topics in the context of the Java language with emphasis on security services such as confidentiality, integrity, authentication, access control, and non-repudiation. Specific topics include mobile code, mechanisms for building "sandboxes" (e.g., class loaders, namespaces, bytecode verification, access controllers, protection domains, policy files), symmetric and asymmetric data encryption, hashing, digital certificates, signature and MAC generation/verification, code signing, key management, SSL, and object-level protection. Various supporting APIs are also considered, including the Java Cryptography Architecture (JCA) and Java Cryptography Extension (JCE). Security APIs for XML and web services, such as XML Signature and XML Encryption, Security Assertions Markup Language (SAML), and Extensible Access Control Markup Language (XACML), are also surveyed. The course includes multiple programming assignments and a project.
605.681 Principles of Enterprise Web Development or equivalent. Basic knowledge of XML. 695.601 Foundations of Information Assurance or 695.622 Web Security would be helpful but is not required.