Feel free to update any broken links and to add any new ones at the bottom of the list.
Ray's Orange Book Summary
JOS Security Requirements
http://www.jos.org/doc/security/ob_index.html
RayShpeley's compilation for JOS.
The Security Bibliography
http://julmara.ce.chalmers.se/Security/sec_bib.html
Extremely comprehensive bibliography of security related documents (Postscript)
Sun's Java Security Page
http://java.sun.com/security/
News and links to all manner of Java security topics
JDK 1.1 Security Documentation
http://java.sun.com/products/jdk/1.1/docs/guide/security/index.html
API documentation for JDK 1.1
JDK 1.2 Security Documentation
http://java.sun.com/products/jdk/1.2/docs/guide/security/index.html
API documentation for JDK 1.2
Java Security Hotlist
http://www.rstcorp.com/javasecurity/links.html
Links to various Java security issues
Low Level Security in Java
http://java.sun.com/sfaq/verifier.html
Written by Frank Yellin, this paper details how the bytecode verifier works in a Java VM
Security and the Class Verifier
http://www.javaworld.com/javaworld/jw-10-1997/jw-10-hood.html
JavaWorld article
Security and the Class Verifier
http://www.javaworld.com/javaworld/jw-10-1997/jw-10-hood.html
JavaWorld article
Understanding Java Stack Inspection
http://www.cs.princeton.edu/sip/pub/oakland98.html
Secure Internet Programming Laboratory. Mathemematically proves a better way to do Stack Inspection for implementing the JDK 1.2 Security Model. On first reading, I think we need to implement this in the JOS VM. - AveryRegier (15 Feb 99)
Other Readings