SlideShare a Scribd company logo

Chapter three Java_security.ppt

Download as PPT, PDF
H
HaymanotTadese

security

Technology
1 of 24
Java security Chapter Three
2 Outline  components of Java  Java security models  main components of the Java security architecture – class loaders – byte code verification – the Security Manager
3 Components of Java  the development environment  development lifecycle  Java language features  class files and byte-code  the execution environment  the Java Virtual Machine (JVM)  interfaces and architectures e.g., Java beans, RMI(Remote Interface), JDBC, etc. Components of Java
4 Development lifecycle notes  Java is a high-level programming language  source code is English-like (syntax is similar to C)  Java is compiled and interpreted • source code is compiled into byte-code (low-level, platform independent code) • Byte-code is interpreted (real machine code produced at run time)  fast and portable (“write once run anywhere”)  dynamic linking (no link phase at compile time) • program consists of class definitions • each class is compiled into a separate class file • classes may refer to each other, references are resolved at run-time Java source code Java bytecode programmer compiler Components of Java / The Development Environment
5 Java language features  object-oriented  multi-threaded  strongly typed  exception handling  very similar to C/C++, but cleaner and simpler  no more struct and union  no more (stand alone) functions  no more multiple inheritance  no more operator overloading  no more pointers  garbage collection  objects no longer in use are removed automatically from memory Components of Java / The Development Environment
6 Class files  contain – magic number (0xCAFEBABE) – JVM major and minor version – constant pool • contains – constants (e.g., strings) used by this class – names of classes, fields, and methods that are referred to by this class • used as a symbol table for linking purposes • many bytecode instructions take as arguments numbers which are used as indexes into the constant pool – class information (e.g., name, super class, access flags, etc.) – description of interfaces, fields, and methods – attributes (name of the source file) – bytecode Components of Java / The Development Environment
7 The Java Virtual Machine (JVM) class loader instance class file verifier JIT primordial class loader native method loader native method area execution engine Security Manager class area heap operating system Java code native code network untrusted classes trusted classes native methods local JVM Components of Java / The Execution Environment
8 JVM cont’d  class loaders – locate and load classes into the JVM – primordial class loader • loads trusted classes (system classes found on the boot class path) • integral part of the JVM – class loader instances • instances of java.net.URLClassLoader (which extends SecureClassLoader) • load untrusted classes from the local file system or from the network and passes them to the class file verifier • application developers can implement their own class loaders  class file verifier – checks untrusted class files • size and structure of the class file • bytecode integrity (references, illegal operations, …) • some run-time characteristics (e.g., stack overflow) – a class is accepted only if it passes the test Components of Java / The Execution Environment
9 JVM cont’d  native method loader – native methods are needed to access some of the underlying operating system functions (e.g., graphics and networking features) – once loaded, native code is stored in the native method area for easy access  the heap – memory used to store objects during execution – how objects are stored is implementation specific  execution engine – a virtual processor that executes bytecode – has virtual registers, stack, etc. – performs memory management, thread management, calls to native methods, etc. Components of Java / The Execution Environment
10 JVM cont’d  Security Manager – enforces access control at run-time (e.g., prevents applets from reading or writing to the file system, accessing the network, printing, ...) – application developers can implement their own Security Manager – or use the policy based SM implementation provided by the JDK  JIT – Just In Time compiler – performance overhead due to interpreting bytecode – translates bytecode into native code on-the-fly • works on a method-by-method basis • the first time a method is called, it is translated into native code and stored in the class area • future calls to the same method run the native code – all this happens after the class has been loaded and verified Components of Java / The Execution Environment
11 Java security models  the need for Java security  the sandbox (Java 1.0)  the concept of trusted code (Java 1.1)  fine grained access control (Java 2) Java security models
12 The need for Java security  code mobility can be useful (though not indispensable) – may reduce bandwidth requirements – improve functionality of web services  but downloaded executable content is dangerous – the source may be unknown hence untrusted – hostile applets may modify or destroy data in your file system – hostile applets may read private data from your file system – hostile applets may install other hostile code on your system (e.g., virus, back-door, keyboard sniffer, …) – hostile applets may try to attack someone else from your system (making you appear as the responsible for the attack) – hostile applets may use (up) the resources of your system (DoS) – all this may happen without you knowing about it Java security models
13 The sandbox idea: limit the resources that can be accessed by applets – introduced in Java 1.0 – local code had unrestricted access to resources – downloaded code (applet) was restricted to the sandbox • cannot access the local file system • cannot access system resources, • can establish a network connection only with its originating web server JVM sandbox resources remote code (applets) local code Java security models
14 The concept of trusted code idea: applets that originate from a trusted source could be trusted – introduced in Java 1.1 – applets could be digitally signed – unsigned applets and applets signed by an untrusted principal were restricted to the sandbox – local applications and applets signed by a trusted principal had unrestricted access to resources JVM sandbox resources remote code (applets) local code signed and trusted unsigned, or signed and untrusted Java security models
15 Fine grained access control idea: every code (remote or local) has access to the system resources based on what is defined in a policy file – introduced in Java 2 – a protection domain is an association of a code source and the permissions granted – the code source consists of a URL and an optional signature – permissions granted to a code source are specified in the policy file grant CodeBase “http://java.sun.com”, SignedBy “Sun” { permission java.io.FilePermission “${user.home}${/}*”, “read, write”; permission java.net.SocketPermission “localhost:1024-”, “listen”;}; JVM resources local or remote code (signed or unsigned) class loaders policy file Java security models
16 The three pillars of Java security  the Security Manager  class loaders  the bytecode verifier Components of the Java security architecture
17 The Security Manager  ensures that the permissions specified in the policy file are not overridden  implements a checkPermission() method, which – takes a permission object as parameter, and – returns a yes or a no (based on the code source and the permissions granted for that code source in the policy file)  checkPermission() is called from trusted system classes – e.g., if you want to open a socket you need to create a Socket object – the Socket class is a trusted system class that always invokes the checkPermission() method  this requires that – all system resources are accessible only via trusted system classes – trusted system classes cannot be overwritten (ensured by the class loading mechanism) Components of the Java security architecture
18 The Security Manager cont’d  the JVM allows only one SM to be active at a time  there is a default SM provided by the JDK  Java programs (applications, applets, beans, …) can replace the default SM by their own SM only if they have permission to do so – two permissions are needed: • create an instance of SecurityManager • set an SM instance as active – example: grant CodeBase “…”, SignedBy “…” { permission java.lang.RuntimePermission “createSecurityManager”; permission java.lang.RuntimePermission “setSecurityManager”;}; – invoking the SecurityManager constructor or the setSecurityManager() method will call the checkPermissions() method of the current SM and verify if the caller has the needed permissions Components of the Java security architecture
19 Class loaders  separate name spaces – classes loaded by a class loader instance belong to the same name space – since classes with the same name may exist on different Web sites, different Web sites are handled by different instances of the applet class loader – a class in one name space cannot access a class in another name space  classes from different Web sites cannot access each other  establish the protection domain (set of permissions) for a loaded class  enforce a search order that prevents trusted system classes from being replaced by classes from less trusted sources – see next two slide … Components of the Java security architecture
20 Class loading process when a class is referenced  JVM: invokes the class loader associated with the requesting program  class loader: has the class already been loaded? – yes: • does the program have permission to access the class? – yes: return object reference – no: security exception – no: • does the program have permission to create the requested class? – yes: » first delegate loading task to parent » if parent returns success, then return (class is loaded) » if parent returned failure, then load class and return – no: security exception Components of the Java security architecture
21 Class loading task delegation primordial class loader (searches on the boot class path) a class loader instance started at JVM startup (searches on the class path) a class loader instance associated with a URL (searches on the site specified by the URL) class request 1 2 3 loads class from boot class path 4a failure 4b loads class from class path 5a success / failure 5b loads class from URL 6 Components of the Java security architecture
22 Byte code verifier  performs static analysis of the bytecode – syntactic analysis • all arguments to flow control instructions must cause branches to the start of a valid instruction • all references to local variables must be legal • all references to the constant pool must be to an entry of appropriate type • all opcodes must have the correct number of arguments • exception handlers must start at the beginning of a valid instruction • … – data flow analysis • attempts to reconstruct the behavior of the code at run time without actually running the code • keeps track only of types not the actual values in the stack and in local variables – it is theoretically impossible to identify all problems that may occur at run time with static analysis Components of the Java security architecture
23 Comparison with ActiveX  ActiveX controls contain native code  security is based on the concept of trusted code – ActiveX controls are signed – if signer is trusted, then the control is trusted too – once trusted, the control has full access to resources  not suitable to run untrusted code – no sandbox mechanism
Thank you End of Chapter Three any Q. 24

Recommended

Tollas Ferenc - Java security
Tollas Ferenc - Java securityTollas Ferenc - Java security
Tollas Ferenc - Java securityveszpremimeetup
 
Sandboxing (Distributed computing)
Sandboxing (Distributed computing)Sandboxing (Distributed computing)
Sandboxing (Distributed computing)Sri Prasanna
 
Java Platform Security Architecture
Java Platform Security ArchitectureJava Platform Security Architecture
Java Platform Security ArchitectureRamesh Nagappan
 
FEATURES OF JAVA
FEATURES OF JAVAFEATURES OF JAVA
FEATURES OF JAVARhythm Suiwal
 
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)Martin Toshev
 
Security Аrchitecture of Тhe Java Platform
Security Аrchitecture of Тhe Java PlatformSecurity Аrchitecture of Тhe Java Platform
Security Аrchitecture of Тhe Java PlatformMartin Toshev
 
Martin Toshev - Java Security Architecture - Codemotion Rome 2019
Martin Toshev - Java Security Architecture - Codemotion Rome 2019Martin Toshev - Java Security Architecture - Codemotion Rome 2019
Martin Toshev - Java Security Architecture - Codemotion Rome 2019Codemotion
 
Class loaders
Class loadersClass loaders
Class loadersThesis Scientist Private Limited
 

Recommended

Tollas Ferenc - Java security
Tollas Ferenc - Java securityTollas Ferenc - Java security
Tollas Ferenc - Java securityveszpremimeetup
 
Sandboxing (Distributed computing)
Sandboxing (Distributed computing)Sandboxing (Distributed computing)
Sandboxing (Distributed computing)Sri Prasanna
 
Java Platform Security Architecture
Java Platform Security ArchitectureJava Platform Security Architecture
Java Platform Security ArchitectureRamesh Nagappan
 
FEATURES OF JAVA
FEATURES OF JAVAFEATURES OF JAVA
FEATURES OF JAVARhythm Suiwal
 
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)Martin Toshev
 
Security Аrchitecture of Тhe Java Platform
Security Аrchitecture of Тhe Java PlatformSecurity Аrchitecture of Тhe Java Platform
Security Аrchitecture of Тhe Java PlatformMartin Toshev
 
Martin Toshev - Java Security Architecture - Codemotion Rome 2019
Martin Toshev - Java Security Architecture - Codemotion Rome 2019Martin Toshev - Java Security Architecture - Codemotion Rome 2019
Martin Toshev - Java Security Architecture - Codemotion Rome 2019Codemotion
 
Class loaders
Class loadersClass loaders
Class loadersThesis Scientist Private Limited
 
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....Martin Toshev
 
Unit8 security (2) java
Unit8 security (2) javaUnit8 security (2) java
Unit8 security (2) javaSharafat Husen
 
Javantura v4 - Security architecture of the Java platform - Martin Toshev
Javantura v4 - Security architecture of the Java platform - Martin ToshevJavantura v4 - Security architecture of the Java platform - Martin Toshev
Javantura v4 - Security architecture of the Java platform - Martin ToshevHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Java Security
Java SecurityJava Security
Java Securityelliando dias
 
Auscert 2022 - log4shell and history of Java deserialisation RCE
Auscert 2022 - log4shell and history of Java deserialisation RCEAuscert 2022 - log4shell and history of Java deserialisation RCE
Auscert 2022 - log4shell and history of Java deserialisation RCEDavid Jorm
 
java2days 2014: Attacking JavaEE Application Servers
java2days 2014: Attacking JavaEE Application Serversjava2days 2014: Attacking JavaEE Application Servers
java2days 2014: Attacking JavaEE Application ServersMartin Toshev
 
Java Class Loader
Java Class LoaderJava Class Loader
Java Class LoaderBhanu Gopularam
 
Advanced Java
Advanced JavaAdvanced Java
Advanced JavaHossein Mobasher
 
From java to android a security analysis
From java to android a security analysisFrom java to android a security analysis
From java to android a security analysisPragati Rai
 
oop unit1.pptx
oop unit1.pptxoop unit1.pptx
oop unit1.pptxsureshkumara29
 
CS8392 OOP
CS8392 OOPCS8392 OOP
CS8392 OOPDhanalakshmiVelusamy1
 
Java Virtual Machine - Internal Architecture
Java Virtual Machine - Internal ArchitectureJava Virtual Machine - Internal Architecture
Java Virtual Machine - Internal Architecturesubnesh
 
j-chap1-Basics.ppt
j-chap1-Basics.pptj-chap1-Basics.ppt
j-chap1-Basics.pptSmitaBorkar9
 
JAVA_Day1_BasicIntroduction.pptx
JAVA_Day1_BasicIntroduction.pptxJAVA_Day1_BasicIntroduction.pptx
JAVA_Day1_BasicIntroduction.pptxMurugesh33
 
JAVAPart1_BasicIntroduction.pptx
JAVAPart1_BasicIntroduction.pptxJAVAPart1_BasicIntroduction.pptx
JAVAPart1_BasicIntroduction.pptxMurugesh33
 
OOP with Java
OOP with JavaOOP with Java
OOP with JavaOmegaHub
 
Java & The Android Stack: A Security Analysis
Java & The Android Stack: A Security AnalysisJava & The Android Stack: A Security Analysis
Java & The Android Stack: A Security AnalysisPragati Rai
 
JAVA PROGRAM CONSTRUCTS OR LANGUAGE BASICS.pptx
JAVA PROGRAM CONSTRUCTS OR LANGUAGE BASICS.pptxJAVA PROGRAM CONSTRUCTS OR LANGUAGE BASICS.pptx
JAVA PROGRAM CONSTRUCTS OR LANGUAGE BASICS.pptxAALIM MUHAMMED SALEGH COLLEGE OF ENGINEERING
 
1 Introduction To Java Technology
1 Introduction To Java Technology 1 Introduction To Java Technology
1 Introduction To Java Technology dM Technologies
 
1 Introduction To Java Technology
1 Introduction To Java Technology 1 Introduction To Java Technology
1 Introduction To Java Technology dM Technologies
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

More Related Content

Similar to Chapter three Java_security.ppt

Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....Martin Toshev
 
Unit8 security (2) java
Unit8 security (2) javaUnit8 security (2) java
Unit8 security (2) javaSharafat Husen
 
Auscert 2022 - log4shell and history of Java deserialisation RCE
Auscert 2022 - log4shell and history of Java deserialisation RCEAuscert 2022 - log4shell and history of Java deserialisation RCE
Auscert 2022 - log4shell and history of Java deserialisation RCEDavid Jorm
 
java2days 2014: Attacking JavaEE Application Servers
java2days 2014: Attacking JavaEE Application Serversjava2days 2014: Attacking JavaEE Application Servers
java2days 2014: Attacking JavaEE Application ServersMartin Toshev
 
From java to android a security analysis
From java to android a security analysisFrom java to android a security analysis
From java to android a security analysisPragati Rai
 
Java Virtual Machine - Internal Architecture
Java Virtual Machine - Internal ArchitectureJava Virtual Machine - Internal Architecture
Java Virtual Machine - Internal Architecturesubnesh
 
j-chap1-Basics.ppt
j-chap1-Basics.pptj-chap1-Basics.ppt
j-chap1-Basics.pptSmitaBorkar9
 
JAVA_Day1_BasicIntroduction.pptx
JAVA_Day1_BasicIntroduction.pptxJAVA_Day1_BasicIntroduction.pptx
JAVA_Day1_BasicIntroduction.pptxMurugesh33
 
JAVAPart1_BasicIntroduction.pptx
JAVAPart1_BasicIntroduction.pptxJAVAPart1_BasicIntroduction.pptx
JAVAPart1_BasicIntroduction.pptxMurugesh33
 
OOP with Java
OOP with JavaOOP with Java
OOP with JavaOmegaHub
 
Java & The Android Stack: A Security Analysis
Java & The Android Stack: A Security AnalysisJava & The Android Stack: A Security Analysis
Java & The Android Stack: A Security AnalysisPragati Rai
 
1 Introduction To Java Technology
1 Introduction To Java Technology 1 Introduction To Java Technology
1 Introduction To Java Technology dM Technologies
 
1 Introduction To Java Technology
1 Introduction To Java Technology 1 Introduction To Java Technology
1 Introduction To Java Technology dM Technologies
 

Similar to Chapter three Java_security.ppt (20)

Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
 
Unit8 security (2) java
Unit8 security (2) javaUnit8 security (2) java
Unit8 security (2) java
 
Javantura v4 - Security architecture of the Java platform - Martin Toshev
Javantura v4 - Security architecture of the Java platform - Martin ToshevJavantura v4 - Security architecture of the Java platform - Martin Toshev
Javantura v4 - Security architecture of the Java platform - Martin Toshev
 
Java Security
Java SecurityJava Security
Java Security
 
Auscert 2022 - log4shell and history of Java deserialisation RCE
Auscert 2022 - log4shell and history of Java deserialisation RCEAuscert 2022 - log4shell and history of Java deserialisation RCE
Auscert 2022 - log4shell and history of Java deserialisation RCE
 
java2days 2014: Attacking JavaEE Application Servers
java2days 2014: Attacking JavaEE Application Serversjava2days 2014: Attacking JavaEE Application Servers
java2days 2014: Attacking JavaEE Application Servers
 
Java Class Loader
Java Class LoaderJava Class Loader
Java Class Loader
 
Advanced Java
Advanced JavaAdvanced Java
Advanced Java
 
From java to android a security analysis
From java to android a security analysisFrom java to android a security analysis
From java to android a security analysis
 
oop unit1.pptx
oop unit1.pptxoop unit1.pptx
oop unit1.pptx
 
CS8392 OOP
CS8392 OOPCS8392 OOP
CS8392 OOP
 
Java Virtual Machine - Internal Architecture
Java Virtual Machine - Internal ArchitectureJava Virtual Machine - Internal Architecture
Java Virtual Machine - Internal Architecture
 
j-chap1-Basics.ppt
j-chap1-Basics.pptj-chap1-Basics.ppt
j-chap1-Basics.ppt
 
JAVA_Day1_BasicIntroduction.pptx
JAVA_Day1_BasicIntroduction.pptxJAVA_Day1_BasicIntroduction.pptx
JAVA_Day1_BasicIntroduction.pptx
 
JAVAPart1_BasicIntroduction.pptx
JAVAPart1_BasicIntroduction.pptxJAVAPart1_BasicIntroduction.pptx
JAVAPart1_BasicIntroduction.pptx
 
OOP with Java
OOP with JavaOOP with Java
OOP with Java
 
Java & The Android Stack: A Security Analysis
Java & The Android Stack: A Security AnalysisJava & The Android Stack: A Security Analysis
Java & The Android Stack: A Security Analysis
 
JAVA PROGRAM CONSTRUCTS OR LANGUAGE BASICS.pptx
JAVA PROGRAM CONSTRUCTS OR LANGUAGE BASICS.pptxJAVA PROGRAM CONSTRUCTS OR LANGUAGE BASICS.pptx
JAVA PROGRAM CONSTRUCTS OR LANGUAGE BASICS.pptx
 
1 Introduction To Java Technology
1 Introduction To Java Technology 1 Introduction To Java Technology
1 Introduction To Java Technology
 
1 Introduction To Java Technology
1 Introduction To Java Technology 1 Introduction To Java Technology
1 Introduction To Java Technology
 

Recently uploaded

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Recently uploaded (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

Chapter three Java_security.ppt

  • 2. 2 Outline  components of Java  Java security models  main components of the Java security architecture – class loaders – byte code verification – the Security Manager
  • 3. 3 Components of Java  the development environment  development lifecycle  Java language features  class files and byte-code  the execution environment  the Java Virtual Machine (JVM)  interfaces and architectures e.g., Java beans, RMI(Remote Interface), JDBC, etc. Components of Java
  • 4. 4 Development lifecycle notes  Java is a high-level programming language  source code is English-like (syntax is similar to C)  Java is compiled and interpreted • source code is compiled into byte-code (low-level, platform independent code) • Byte-code is interpreted (real machine code produced at run time)  fast and portable (“write once run anywhere”)  dynamic linking (no link phase at compile time) • program consists of class definitions • each class is compiled into a separate class file • classes may refer to each other, references are resolved at run-time Java source code Java bytecode programmer compiler Components of Java / The Development Environment
  • 5. 5 Java language features  object-oriented  multi-threaded  strongly typed  exception handling  very similar to C/C++, but cleaner and simpler  no more struct and union  no more (stand alone) functions  no more multiple inheritance  no more operator overloading  no more pointers  garbage collection  objects no longer in use are removed automatically from memory Components of Java / The Development Environment
  • 6. 6 Class files  contain – magic number (0xCAFEBABE) – JVM major and minor version – constant pool • contains – constants (e.g., strings) used by this class – names of classes, fields, and methods that are referred to by this class • used as a symbol table for linking purposes • many bytecode instructions take as arguments numbers which are used as indexes into the constant pool – class information (e.g., name, super class, access flags, etc.) – description of interfaces, fields, and methods – attributes (name of the source file) – bytecode Components of Java / The Development Environment
  • 7. 7 The Java Virtual Machine (JVM) class loader instance class file verifier JIT primordial class loader native method loader native method area execution engine Security Manager class area heap operating system Java code native code network untrusted classes trusted classes native methods local JVM Components of Java / The Execution Environment
  • 8. 8 JVM cont’d  class loaders – locate and load classes into the JVM – primordial class loader • loads trusted classes (system classes found on the boot class path) • integral part of the JVM – class loader instances • instances of java.net.URLClassLoader (which extends SecureClassLoader) • load untrusted classes from the local file system or from the network and passes them to the class file verifier • application developers can implement their own class loaders  class file verifier – checks untrusted class files • size and structure of the class file • bytecode integrity (references, illegal operations, …) • some run-time characteristics (e.g., stack overflow) – a class is accepted only if it passes the test Components of Java / The Execution Environment
  • 9. 9 JVM cont’d  native method loader – native methods are needed to access some of the underlying operating system functions (e.g., graphics and networking features) – once loaded, native code is stored in the native method area for easy access  the heap – memory used to store objects during execution – how objects are stored is implementation specific  execution engine – a virtual processor that executes bytecode – has virtual registers, stack, etc. – performs memory management, thread management, calls to native methods, etc. Components of Java / The Execution Environment
  • 10. 10 JVM cont’d  Security Manager – enforces access control at run-time (e.g., prevents applets from reading or writing to the file system, accessing the network, printing, ...) – application developers can implement their own Security Manager – or use the policy based SM implementation provided by the JDK  JIT – Just In Time compiler – performance overhead due to interpreting bytecode – translates bytecode into native code on-the-fly • works on a method-by-method basis • the first time a method is called, it is translated into native code and stored in the class area • future calls to the same method run the native code – all this happens after the class has been loaded and verified Components of Java / The Execution Environment
  • 11. 11 Java security models  the need for Java security  the sandbox (Java 1.0)  the concept of trusted code (Java 1.1)  fine grained access control (Java 2) Java security models
  • 12. 12 The need for Java security  code mobility can be useful (though not indispensable) – may reduce bandwidth requirements – improve functionality of web services  but downloaded executable content is dangerous – the source may be unknown hence untrusted – hostile applets may modify or destroy data in your file system – hostile applets may read private data from your file system – hostile applets may install other hostile code on your system (e.g., virus, back-door, keyboard sniffer, …) – hostile applets may try to attack someone else from your system (making you appear as the responsible for the attack) – hostile applets may use (up) the resources of your system (DoS) – all this may happen without you knowing about it Java security models
  • 13. 13 The sandbox idea: limit the resources that can be accessed by applets – introduced in Java 1.0 – local code had unrestricted access to resources – downloaded code (applet) was restricted to the sandbox • cannot access the local file system • cannot access system resources, • can establish a network connection only with its originating web server JVM sandbox resources remote code (applets) local code Java security models
  • 14. 14 The concept of trusted code idea: applets that originate from a trusted source could be trusted – introduced in Java 1.1 – applets could be digitally signed – unsigned applets and applets signed by an untrusted principal were restricted to the sandbox – local applications and applets signed by a trusted principal had unrestricted access to resources JVM sandbox resources remote code (applets) local code signed and trusted unsigned, or signed and untrusted Java security models
  • 15. 15 Fine grained access control idea: every code (remote or local) has access to the system resources based on what is defined in a policy file – introduced in Java 2 – a protection domain is an association of a code source and the permissions granted – the code source consists of a URL and an optional signature – permissions granted to a code source are specified in the policy file grant CodeBase “http://java.sun.com”, SignedBy “Sun” { permission java.io.FilePermission “${user.home}${/}*”, “read, write”; permission java.net.SocketPermission “localhost:1024-”, “listen”;}; JVM resources local or remote code (signed or unsigned) class loaders policy file Java security models
  • 16. 16 The three pillars of Java security  the Security Manager  class loaders  the bytecode verifier Components of the Java security architecture
  • 17. 17 The Security Manager  ensures that the permissions specified in the policy file are not overridden  implements a checkPermission() method, which – takes a permission object as parameter, and – returns a yes or a no (based on the code source and the permissions granted for that code source in the policy file)  checkPermission() is called from trusted system classes – e.g., if you want to open a socket you need to create a Socket object – the Socket class is a trusted system class that always invokes the checkPermission() method  this requires that – all system resources are accessible only via trusted system classes – trusted system classes cannot be overwritten (ensured by the class loading mechanism) Components of the Java security architecture
  • 18. 18 The Security Manager cont’d  the JVM allows only one SM to be active at a time  there is a default SM provided by the JDK  Java programs (applications, applets, beans, …) can replace the default SM by their own SM only if they have permission to do so – two permissions are needed: • create an instance of SecurityManager • set an SM instance as active – example: grant CodeBase “…”, SignedBy “…” { permission java.lang.RuntimePermission “createSecurityManager”; permission java.lang.RuntimePermission “setSecurityManager”;}; – invoking the SecurityManager constructor or the setSecurityManager() method will call the checkPermissions() method of the current SM and verify if the caller has the needed permissions Components of the Java security architecture
  • 19. 19 Class loaders  separate name spaces – classes loaded by a class loader instance belong to the same name space – since classes with the same name may exist on different Web sites, different Web sites are handled by different instances of the applet class loader – a class in one name space cannot access a class in another name space  classes from different Web sites cannot access each other  establish the protection domain (set of permissions) for a loaded class  enforce a search order that prevents trusted system classes from being replaced by classes from less trusted sources – see next two slide … Components of the Java security architecture
  • 20. 20 Class loading process when a class is referenced  JVM: invokes the class loader associated with the requesting program  class loader: has the class already been loaded? – yes: • does the program have permission to access the class? – yes: return object reference – no: security exception – no: • does the program have permission to create the requested class? – yes: » first delegate loading task to parent » if parent returns success, then return (class is loaded) » if parent returned failure, then load class and return – no: security exception Components of the Java security architecture
  • 21. 21 Class loading task delegation primordial class loader (searches on the boot class path) a class loader instance started at JVM startup (searches on the class path) a class loader instance associated with a URL (searches on the site specified by the URL) class request 1 2 3 loads class from boot class path 4a failure 4b loads class from class path 5a success / failure 5b loads class from URL 6 Components of the Java security architecture
  • 22. 22 Byte code verifier  performs static analysis of the bytecode – syntactic analysis • all arguments to flow control instructions must cause branches to the start of a valid instruction • all references to local variables must be legal • all references to the constant pool must be to an entry of appropriate type • all opcodes must have the correct number of arguments • exception handlers must start at the beginning of a valid instruction • … – data flow analysis • attempts to reconstruct the behavior of the code at run time without actually running the code • keeps track only of types not the actual values in the stack and in local variables – it is theoretically impossible to identify all problems that may occur at run time with static analysis Components of the Java security architecture
  • 23. 23 Comparison with ActiveX  ActiveX controls contain native code  security is based on the concept of trusted code – ActiveX controls are signed – if signer is trusted, then the control is trusted too – once trusted, the control has full access to resources  not suitable to run untrusted code – no sandbox mechanism
  • 24. Thank you End of Chapter Three any Q. 24