Research [2/2] :: ISC :: Mujahed Sebai

During the early nineties, a group of Sun engineers that was led by Patrick Naughton and James Gosling wanted to design a small computer language that could be used for consumer devices like cable TV switchboxes. These devices require little amount of power and memory, and therefore, the language had to be small and generate very tight code. In addition, since different manufactures may choose different central processing units, it was essential not to be tied down to any single architecture.

In the early days of PCs, Niklaus Wirth, the inventor of Pascal, attempted to design a portable language that generated intermediate code for a hypothetical machine. This intermediate code could then be used on any machine that had the correct interpreter. This model of Pascal implementation was resurrected by the team to satisfy the requirements for small, tight, and platform-neutral code.

Since Sun come from a UNIX background, the new language was based on C++ rather than Pascal. In more essence, they made the language object oriented rather than procedure oriented. Presumably because Gosling liked the look of an oak tree, the new language was named “Oak”. Since Oak language was the name of an exciting computer language, Sun decided to change the name to Java. As Java was developed by taking the best features of other programming languages, primarily C++, it utilises algorithms and methodologies that are already proven.

In the early days of Java, there was a huge disconnect between publicity and the actual ability of Java. As Java is maturing, the technology is becoming even more stable and reliable, and exceptions are increasingly becoming reasonable. The language is being gradually more used for “middleware” to communicating clients and server resources, i.e. databases, which is primarily due to Java’s portability and multithreading and networking capabilities that can add real value. It has become a very popular programming language for its security, reliability, and portability features.

In this section, some of the relevant Java features, which are were used for the implementation of this project, are discussed.

Thread is a single sequential flow of control that can execute independently within a program. It can be thought of threads as light weight process (LWP) within an application or process; hence, intercommunication and synchronization between threads is possible. The primary purpose of using threads is to provide the ability to break down a program into separate tasks, each of which executes as an independent thread. When multiple threads execute different instruction sequences within a program, the action is called multi-threading. [10]

Java programming language has incorporated thread support in the language itself that it is impossible to execute the simplest Java program without using threads; hence, Java provides robust support for threading. Java accomplish its multithreading feature through it java.lang.Thread class. Java threads have the following properties:

Þ Each thread executes predefined sequence of instructions from its starting location.

Þ Threads local variables cannot be shared amongst each other as they are considered as completely private. However, threads can share objects and their instance variables between each other; hence, provide the ability of intercommunication and synchronisation between threads.

An exception is the event which may occur during the execution time and interrupts the flow of a program’s instructions. In more essence, Java exceptions are a way to indicate to the running method that an abnormal condition has occurred. However, exceptions in Java are represented as object.

Java provides the ability to handle cases where abnormal conditions may occur during the execution of Java programs in order to prevent vital errors and to enable program recovery, as they may throw an exception. Throwing an exception is the process that is taken by a program due to a runtime error. Once an error has occurred, the program initials an exception object that hold the information about the occurred error. The exception object is then passed over to the runtime system to take the appropriate action. [12]

It is worth mentioning that not any Java object can be thrown, however, only objects of classes that are descended from Throwable can be thrown. From the figure above, Java language includes a Throwable class that serves as the base class for an entire family of classes that are defined in java.lang, which Java programs can use to handle exceptions for recovery. [11]

Java provides various means to enable application to communication amongst each other using socket programming. However, there are two communication protocols can be used for socket programming: datagram communication and stream communication. [10]

A socket is one endpoint of a two-way communication link between two programs running on the network. In order to enable the communication protocol to deliver data to the appropriate application, a socket is bound a port number.

The datagram communication protocol, known as User Datagram Protocol or UDP, is a connectionless protocol that requires additional information to be transmitted along with the data. Furthermore, datagram communication does not require a connection to be established for data transmission. However, for its simplicity, UDP connection does not guarantee the delivery of transmitted data; hence, unreliable.

In order for applications to establish a datagram communication channel, a UDP socket should be initiated on both side of the communication link and bounded to a specific port. In addition, data transmitted over a datagram channel is exchanges in the form of fixed datagram packets of size 64 kilobytes maximum. The following table (2.11) lists the constructors that can be used to initiate a Java DatagramSocket.

Constructor & Description

o DatagramSocket()

Constructs a datagram socket and binds it to any available port on the local host machine.

o DatagramSocket(int port)

Constructs a datagram socket and binds it to the specified port on the local host machine.

o DatagramSocket(int port, IntAddress address)

Creates a datagram socket, bound to the specified local address.

The stream communication protocol, known as Transmission Control Protocol or TCP, is a connection-oriented protocol that requires two pair of sockets to be initiated on both sides of the communication link before communicating. While one of the sockets (ServerSocket) listens for a connection request, the other one (Socket) request a connection. Once the connection has been setup, the two sockets can be used for data transmission in both directions.

The following table (2.12) lists some of the constructors that can be used to initiate a Java Socket.

Constructor & Description

o Socket()

Creates an unconnected socket, with the system-default type of SocketImpl.

o Socket(InetAddress address, int port)

Creates a stream socket and connects it to the specified port number at the specified IP address.

o Socket(String host, int port)

Creates a stream socket and connects it to the specified port number on the named host.

On the other hand, the following table (2.13) lists the constructors that may be used to construct a ServerSocket.

Constructor & Description

o ServerSocket(int port)

Creates a server socket on a specified port.

o ServerSocket(int port, int backlog)

Creates a server socket and binds it to the specified local port number..

o ServerSocket(int port, int backlog, InetAddress bindAddr)

Create a server with the specified port, listen backlog, and local IP address to bind to.

Unlike UDP, TCP requires a connection to be established before data can be transmitted; hence, a connection startup delay. However, TCP does not limit the size of packets that can be transferred. Furthermore, TCP provide a mechanism to guarantee the delivery of transmitted data in order to the receiver socket.

Sine its introduction, Java as versatile programming language has gained widespread acceptance. It is widely espoused as having the usual benefits: cross-platform portability, a fairly secure runtime environment, strong networking and connectivity APIs, etc.

However, Java platform is a multimedia power house. In fact, far from offering a robust set of multimedia APIs, Java as a platform is still adding new great features and gaining acceptance. Media support is only now beginning to roll into the core platform. The new developments show promise for Java’s media capabilities.

The Java Media Framework, JMF, is a set of three new APIs being so-defined by the JMF Working Group members (Sun, Silicon, Graphics, and Intel) that eventually include Java Media Player, Capture, and Conferencing. The Player API provides a framework for software developers to build media players and provide them in a standard way on all Java platforms. Due to its flexibility, JMF allows developers to extend players by adding their own nodes, including images filers and audio reverb effects, or to use the standard players without making any additions.

Before the JMF Player API, multimedia playback support in Java was extremely limited as developers had to generate their own GUI controls. Since the supported media types in the core Java API were limited, it was essential to implement players without any underlying framework to assist.

However, JMF Player API makes it simple to implement support for almost any audio or video format by building upon an established media playback framework. In addition, standard implementations provide built-in support for common Web audio and video formats -- for audio: muLaw, Apple, AIFF, and Microsoft PC WAV. For video: Apple QuickTime video, Microsoft AVI video, and Notion Picture Expert Group’s MPEG-1 and MPEG-2 --. Thus, JMF Players simplifies the use of any of these standard Web-based formats as with only few lines of code, developers can integrate multimedia playback into applets as well as applications. Furthermore, MDI is currently supported in the Silicon Graphics IRIX implementation and is slated for support in Intel’s Windows implementation.

In addition, the JMF is an application programming interface (API) for incorporating time-based media into Java applications. It provides a unified architecture and messaging protocol for capturing, processing and delivery of time-based media data. By exploiting the advantages of the Java platform, JMF ensure the characteristics of “Write Once, Run Anywhere”.

The high-level JMF architecture is illustrated above in figure 2.14. The application is built on top of the JFM Presentation and Processing API and RTP APIs, which is in turn built on top of the JMF Plug-In API. The JMF Plug-In API manages different plug-in’s such as De-multiplexers and Multiplexers, Codecs, Effect Filters, and Renders.

Motivated by the rapid development of computer models in the last few decades, the need for application security has increased in large-scale ecommerce and e-business systems. Therefore, as Java emerging as the Internet programming standard platform, the ability to securely more Java code around is fundamental.

From its inception, security was one of the primary tenets of the Javadistributed computing platform. The language implemented several features to enforce secure programming including range checking on strings and arrays, garbage collection and automatic memory management. Runtime code legitimacy is insured by the byte code verifier and the Java Virtual Machine (JVM). The security manager in conjunction with the class loader enforces strict access policy for code operating on a machine. The Java ‘sandbox’ of JDK 1.0 created a new trust model for distributed and potentially malicious code. That model has been extended and redefined in subsequent JDK versions. That is why Java has become the language of choice for the security minded application developer.

The latest Java JDK version, which is Java2 Standard Edition, combines within the language core security features to support confidentiality, integrity, and availability. The following security features of Java renew Java’s promise to secure programming.

The JCE provides an extensible framework for implementing various cryptographic operations and algorithms. JCE provides functionality to support encryption, key generation and agreement, and message authentication code (MAC).

JSSE provides implementations and support for Secure Sockets Layer (SSL) as well as Transport Layer Security (TLS). The inclusion of the SSLSocket and SSLServerSocket classes provides an easy transition to secure channel programming as it encryptes the communication between the client and server transparently to programmers. In addition, SSL operates between the TCP/IP communication protocol and the applications software. [2]

JAAS, as the name implies, is intended to be used for the authentication of users as well as resource access control (authorization). It is implemented in a modular fashion, isolating applications from the underlying authentication services.

Authentication involves a user providing some proof that they are indeed who they claim to be. This proof may take the form of smartcard, token, password, biometric, or a combination of these methods. As authentication methods change, it is important to minimize the impact on dependent application. The modular nature of JAAS provides such independence.

The Java GSS-API is the mechanism for secure message exchange between applications providing principal authentication, delegation, and message confidentiality and integrity assurance.

GSS-API and JSSE provide very similar security functionality. However, there are several factors that determine the best choice for a given application. For example, if the application requires a Kerberos Version 5 implementation that is used for authentication, GSS-API may be a better choice as JSSE does not support it. However, if the application is a socket based one and requires using a secure socket version, JSSE is probably the right choice.

The Java Certification Path API provides certificate validation and mapping functions. It can be used to create, build, and validate certification paths. It uses a similar modular architecture to the JCE, employing a provider-based architecture. Since e-commerce world is based upon the trust model that relies on the effective traversal of a list of certificates until an appropriate authority is located, Java Certificate Path API is considered as a very important asset.

The API includes interfaces and implementations for four certificate functions: Basic, Validation, Building, and Storage. The basic certification path classes contain the core functionality for representing and encoding certificate paths. The validation classes, as the name implies, handle certificate path validation. The building classes are for creating or automating the discovery of certificate paths. And finally, the storage classes allow for the storage of certificates and revocation list discovery.

One obvious advantage is a runtime environment that provides platform independence; the same written code can run on multiple platforms such as Windows, Macintosh, Linux, UNIX, etc. Another possible advantage is that the syntax of Java and C++ are fairly alike, making it easy for C and C++ programmers to learn Java. In addition, consider the following advantages.

Object oriented is simply a programming technique that emphasis on the data (objects) and on the interfaces to that object. This technique has proven its worth in the last thirty years as it is considered inconceivable that a modern programming language would not use such a technique. Certainly, the object-oriented features of Java are comparable to C++. However, the key difference between Java and C++ lies in multiple inheritance, for which Java has implemented a better solution, and in the Java metaclass model.

Java provides an extensive library of routines for coping with UDP and TCP/IP protocols, such as HTTP and FTP. Hence, Java applications are capable of accessing objects across networks via URLs with the same ease as accessing local files system. In addition, Java includes an elegant mechanism, called servlets that makes server-side processing extremely efficient. It is fact that Java networking capabilities are strong and easy to use.

Java is intended for writing programs that must be reliable in a variety of ways, which is achieved by putting more emphasis on early checking for possible problem. Followed by an early checking, a dynamic checking is performed at run-time to eliminate situations that are error-prone.

Java is also intended to be used in distributed environments. Hence, a lot of emphasis has been placed on security. The following are some of the Java’s security features that prevent Java programs from doing:

Þ Reading or writing local files when invoked through a security-conscious class loader that has been programmed to forbid this type of access.

Over time, a number of security features have been added to Java. One of the crucial Java security features, which was introduced since version 1.1, is the notation of digitally signed classes. Such a feature provides the ability to identify the author of the class. Once an author of a class is trusted by a machine, the class can be allowed more privileges on that machine. All of these features and in addition to other ones are in place and fore the most part seem to work as intended. Java is certainly the most secure programming language to date.

The Java compiler generates an architecture-neutral object file format; the compiled code is executable on many processors with the presence of the Java runtime system. This is achieved by generating bytecode instructions that do not depend on any particular computer architecture. Rather, they are designed to be both easy to interpret on any machine and easily translated into native machine code on the fly.

Unlike C and C++, there are no implementation dependant aspects of the specification. This is achieved as the sizes of the primitive data types are specified, as is the behavior of arithmetic on them. In other words, the libraries that are a part of the system define portable interfaces. Therefore, user interface toolkit has been completely rewritten so that it no longer relies on the host user interface.

The Java interpreter is able to execute bytecode directly on any machine to which the interpreter has been ported. Since linking is a more incremental and light-weight process, the development process can be much more rapid and exploratory.

Multithreading in Java is surprisingly much easier to implement and manage than any other language. Threads in Java also have the capacity to take advantage of multiprocessor systems if the based operating system does so. However, thread implementations on the major platforms differ widely, and Java makes no effort to be platform independence in this regard. Hence, Java offloads the implementations for multithreading to the underlying operating system or a thread library. Nonetheless, the ease of multithreading is one of the main reasons why Java is such an appealing language for server-side development.

Java is considered to be a more dynamic language than C or C++. It was designed to adapt to an evolving environment. Therefore, it is possible for libraries to freely add new methods and instance variables without any effect on their clients. In Java, finding out run time type information is straightforward.

The dynamic feature of Java is considered as a crucial feature in those situations where code needs to be added to an already-running program. In addition, current versions of Java give programmers full insight into both the structure and behavior of its object. This is extremely useful for systems that need to analyze objects at run time such as Java GUI builders, smart debuggers, pluggable components, and object databases.