Servlets and JavaServer Pages: The J2EE Technology Web Tier

What Do We Mean by Security?

There are several terms we have to introduce when talking about security. The first term is security principal or principal for short. A principal is one of the parties involved in a communication. It could be a human user or a machine or maybe a piece of software. In the security literature, principals are often given names. Alice and Bob are the two principals trying to communicate; Eve is an eavesdropper listening in on the communication; and Mallory is a malicious attacker trying to change the data being communicated or in someway disrupt the communication. This naming convention will be used by this chapter, and there are many principals that we will introduce.

Security in distributed systems is based on the principals being able to trust each other. Before they can trust each other, principals have to know who they are communicating withthat is, Alice has to be able to know it is Bob on the other end of the communication and vice versa. To do this Alice has to be able to prove that she is talking to Bob. This process is called Authentication. In a client/server scenario the server usually wants to authenticate the client. However, there are times when the client wants to authenticate the serverfor example, if the client is sending the server credit card details, the client must be able to trust the server. Also, there are occasions where mutual authentication is needed. To authenticate a principal, the principal has to provide a set of credentials. The credentials could be a user name/password pair, a fingerprint, a retinal scan, a certificate, or anything that can uniquely identify the principal. These credentials are then typically passed to a trusted authority (called Trent in security literature) to be checked. Trent could be a database holding the credentials, or it could be a Kerberos server, or some other third party such as a certifying authorityfor example, Thwate or Verisign.

Once a principal has been authenticated, the next problem that arises is this: Are they allowed to perform whatever action they have requested? Alice may have proved that she is talking to Bob, but is Bob allowed to perform the requested action? This step is called authorization.

When Alice and Bob are exchanging data, attackers may be able to change that data while it is in transit. Alice and Bob may need to know that the data has been changed. There are techniques that can be used to perform this checking. In security this is called data integrity.

And finally, suppose that the data exchange between Alice and Bob must be confidentialthat is, not only should Mallory not be able to change the data, but Eve should not be able to read it. In this case the data has to be Encrypted. In the world of HTTP the technique used to manage encryption is Transport Layer Security (TLS), formerly known as Secure Sockets Layer (SSL). This is used via the HTTPS protocol that will be examined later.

[ directory ]