Java Reference
In-Depth Information
the trust of the stakeholders involved as it is in repelling (real or imagined) attacks on
one's intellectual property and commercial resources, such as content, storage, services,
and personal information.
Designing a secure application requires both an in-depth understanding of the
risks to your application as well as the countermeasures you can adopt to mitigate those
risks. Put simply, a
risk
is any possible event that can cause a loss. Risks are associated
with
threat
—a method of triggering a risk event. The following are examples of threats
of risk:
• A user gaining access to your application without paying for it
• A user's personal data (such as identity information) being given to an unautho-
rized third party, with or without your knowledge
• A third party masquerading as you when interacting with your customers
In today's highly networked world, most people pay attention to the risks that are
made manifest by networked applications, but of course that need not be the only ones
that apply. Consider the case of a user losing her mobile device and a third party access-
ing its record store to obtain personal data.
You address threats through the adoption of
countermeasures
that attempt to stop a
threat from triggering a risk, such as the following:
• Only offering your application and content through a trusted distribution service
to devices that prevent redistribution
• Encrypting vulnerable personal data before transmitting it across the network or
storing it on the device's record store
• Using secure network protocols such as HTTPS with signed certificates to verify
identity when interacting with customers
Central to the design of countermeasures is the notion of cost: when you select
countermeasures, you aim to make it more expensive for a hypothetical opponent to
perform some task than the task is worth after factoring in the likelihood that the actual
risk event will take place. You must strike a fine balance between the costs that security
imposes (higher complexity, larger footprint, and greater user complexity) and the cost
of a realized security threat.
A key tool in today's efforts to secure applications is
cryptography
: the art and
practice of hiding information. Cryptographic solutions, largely based on recent
advances in number theory, offer several tools for addressing security threats, including
the following:
