Tollas Ferenc - Java security


Published on

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Tollas Ferenc - Java security

  1. 1. Java Security Ferenc Tollas Sun Certified Developer for Java 2 Platform Sun Certified Programmer for JSE 5.0
  2. 2. “Java is secure”
  3. 3. Agenda● Java goals● Java Sandbox● Java Language Security● Bytecode verifier● Class loaders● Java Security Manager● Access Controller● JAAS● Java Cryptographic Extension (JCE)
  4. 4. Java goals● Originally developed by James Gosling● Goals: – It should be "simple, object-oriented and familiar" – It should be "robust and secure" – It should be "architecture-neutral and portable" – It should execute with "high performance" – It should be "interpreted, threaded, and dynamic"● JDK 1.0 : January, 1996
  5. 5. Security requirementsSafe from malevolent programsPrograms should not be allowed to harm a users computing environment, such asTrojan horses and harmful programs that replicate, like computer viruses.Non−intrusivePrograms should be prevented from discovering private information on the hostcomputer or the host computers networkAuthenticated, Encrypted, Audited, Well-defined security specification.....● Only the first two were within the province of Javas 1.0 default security model!● The other requirements were added in later versions of JavaHow to provide the security related requirements:● Java Language security● Java sandbox implementation● Pluggable Security Extensions
  6. 6. Java Sandbox● provide an environment where the program can play● must be configurable by an end user or system administrator● Protect: – Memory – Files – Network● Minimal Sandbox: program has access to the CPU, the screen, keyboard, mouse and memory● Default Sandbox: CPU and its own memory as well as access to the web server from which it was loaded● Open sandbox : the program has access to whatever resources the host machine normally has access to● In early versions of Java, only applets were run within a sandbox.● In the Java 2 platform, all programs have the potential to run in a sandbox
  7. 7. Which is faster? Javas new or Cs malloc?
  8. 8. Anatomy of a Java application Bytecode Verifier:Java class files follow the rules of the Java language Class Loader: loads all Java classes and can set permissions for each class it loads. Security package: ● SPI ● Message digest ● Key and certificate handling ● Digital signatures ● Encryption : JCE, JSSE ● Authentication : JAAS Security Manager:the primary interface between the core API and the operating system Access Controller: allows or prevents most access from the core API to the operating system, uses the policy files..Debug what happens in the background: −
  9. 9. What is this: jre/lib/[arch]/client/clases.jsa
  10. 10. Elements of a sandbox● A sandbox is composed of five elements: – Permissions : a specific action that code can perform ● type, name and action: permission "/tmp/foo", "read"; ● every Java class carries a set of permissions that defines the activities that the class is allowed to perform ● core Java API are always given permission to perform any action ● application can define its own permissions – Code sources:location from which a class has been loaded. Combination of codebases and signers(alias listed in keystore). – Protection domains: basic concept of sandbox, it is an association of permissions with a particular code source DEMO
  11. 11. Elements of a sandbox– Policy files : contains one or more entries that define a protection domain. ● Global policy file:$JREHOME/lib/security/java.policy ● User specific: $HOME/.java.policy ● Result: union of permissions contained in the global and user policy files ● IMPORTANT: deny setting new policy file: : policy.allowSystemProperty=true– Keystores: The certificates themselves are held in a location (usually a file) called the keystore. java − −<URL>
  12. 12. Java language security● Question: how Java operates on things that are in memory?● Objects, primitive types has access level: public, protected, default/package or private● Programs cannot access arbitrary memory locations, no pointer and casting between int and Object is illegal.● Entities that are declared as final must not be changed.● Variables may not be used before they are initialized->instance variables are initialized automatically● Array bounds must be checked on all array accesses.● Object serialization....Mark with, and use keyword “transient”● These rules must be enforced! Compiler enforcement. Is it enough???
  13. 13. Bytecode verifier● No interface, users/coders cannot interact with it● Checks: – The class file has the correct format – Final classes are not subclassed, and final methods are not overridden. – Every class (except for java.lang.Object) has a single superclass. – There is no illegal data conversion of primitive data types (e.g., int to Object) – There are no operand stack overflows or underflows● Delayed bytecode verification● Runtime verification:array bounds checking, object casting
  14. 14. Class loaders● mechanism by which files are read into the JVM and converted into class definitions● Responsibility: – The security manager is consulted to see if this program is allowed to access the class in question – Loads the class – The security manager is consulted to see if this program is allowed to create the class in question – The appropriate protection domain is created for the class
  15. 15. Java Security Manager● determines whether many particular operations should be permitted or rejected● − option installs a security manager● Partnership between the Ja5va API and the application● The SecurityException class is a subclass of the RuntimeException public FileInputStream(String name) throws FileNotFoundException { SecurityManager security = System.getSecurityManager( ); if (security != null) { security.checkRead(name); } try { open(name); // open( ) is a private method of this class } catch (IOException e) { throw new FileNotFoundException(name); } }
  16. 16. Access Controller● Security Manager is based entirely on access controller● Uses the policy file; is built on permissions, protection domains, code sources and policies● the access controller can do everything the security manager can do; historic reasons● the access controller is only available in Java 1.2● Applications always interact with the SecurityManager
  17. 17. JAAS● Java Authentication and Authorization Service● enforce access controls based on who runs the code(policy files: where code came from)● Features: – Single sign-on support – Pure Java – Pluggable Authentication Module framework fir authentication
  18. 18. JCE● Java Cryptographic Extension● Features: – Support for a wide range of standard algorithms including RSA, DSA, AES, Triple DES, SHA, PKCS#5, RC2, and RC4. – Comprehensive API with support for a wide range of cryptographic services including digital signatures, message digests, ciphers (symmetric, asymmetric, stream & block), message authentication codes, key generators and key factories
  19. 19. JSSE● Java Secure Socket Extension● APIs and implementations for : – Transport Layer Security (TLS), – Secure Sockets Layer (SSL), – Kerberos (accessible through GSS-API) and – full support for HTTPS over SSL/TLS.
  20. 20. Questions?