Successfully reported this slideshow.

Deep dive into Java security architecture

1,564 views

Published on

Deep dive into Java security architecture

Published in: Technology, News & Politics
  • Be the first to comment

Deep dive into Java security architecture

  1. 1. Prabath Siriwardena Twitter : @prabath
  2. 2. • Provide the Java platform as a secure, ready-built platform on which to run Java-enabled applications in a secure fashion. • Provide security tools and services implemented in the Java programming language that enable a wider range of security- sensitive applications, for example, in the enterprise world.
  3. 3. • Variables are initialized before they are used. • Method calls match the types of object references. • Rules for accessing private data and methods are not violated. • Local variable accesses fall within the runtime stack. • The runtime stack does not overflow.
  4. 4. • To create a sandbox environment for a given Java application Java Security Manager must be engaged. • System.setSecurityManager(new SecurityManager()); • java –Djava.security.SecurityManager MainClass
  5. 5. • If no policy is explicitly specified Java Security Manager uses its default security policy. • The location of the default security policy is picked from JAVA_HOME/lib/security/java.security file. #The default is to have a single system-wide policy file, # and a policy file in the user's home directory. policy.url.1=file:${java.home}/lib/security/java.policy policy.url.2=file:${user.home}/.java.policy
  6. 6. • By default everything is denied! • Explicitly grants permissions for the code in execution. • Permission = Resource (Target) + Action grant { permission java.io.FilePermission “mytext.txt", "read,write”; };
  7. 7. • Java Security Manager reads the security policy. • java –Djava.security.SecurityManager – Djava.security.policy=mypolicy.policy MainClass • java –Djava.security.SecurityManager – Djava.security.policy==mypolicy.policy MainClass • System.setProperty(“java.security.policy”,”mypolicy.policy”); System.setSecurityManager(new SecurityManager());
  8. 8. Syntax : permission className targetName actionList
  9. 9. Target: File Name Action List: read, write, execute, delete
  10. 10. Target: Address:Port_Or_PortRange Action List: accept, connect, listen, resolve
  11. 11. Target: Property Name Action List: read, write
  12. 12. Target: createClassLoader getClassLoader setContextClassLoader enableContextClassLoaderOverride createSecurityManager setSecurityManager exitVM getenv.variableName shutdownHooks setFactory setIO modifyThread stopThread modifyThreadGroup getProtectionDomain readFileDescriptor writeFileDescriptor loadLibrary.libraryName accessClassInPackage.packageName defineClassInPackage.packageName accessDeclaredMembers.className queuePrintJob getStackTrace setDefaultUncaughtExceptionHandler preferences usePolicy
  13. 13. Target: showWindowWithoutWarningBanner accessClipboard accessEventQueue createRobot fullScreenExclusive listenToAllAWTEvents readDisplayPixels replaceKeyboardFocusManager watchMousePointer setWindowAlwaysOnTop setAppletStub
  14. 14. Target: setDefaultAuthenticator specifyStreamHandler requestPasswordAuthentication setProxySelector getProxySelector setCookieHandler getCookieHandler setResponseCache getResponseCache
  15. 15. Target: suppressAccessChecks
  16. 16. Target: enableSubclassImplementation enableSubstitution
  17. 17. Target: createAccessControlContext getDomainCombiner getPolicy setPolicy getProperty.keyName setProperty.keyName insertProvider.providerName removeProvider.providerName setSystemScope setIdentityPublicKey setIdentityInfo addIdentityCertificate removeIdentityCertificate printIdentity clearProviderProperties.providerName putProviderProperty.providerName removeProviderProperty.providerName getSignerPrivateKey setSignerKeyPair
  18. 18. Target: (none) Action List: (none)
  19. 19. Target: doAs doAsPrivileged getSubject getSubjectFromDomainCombiner setReadOnly modifyPrincipals modifyPublicCredentials modifyPrivateCredentials refreshCredential destroyCredential createLoginContext.contextName getLoginConfiguration setLoginConfiguration refreshLoginConfiguration
  20. 20. Target: play record Action List: (none)
  21. 21. Target: control Action List: (none)
  22. 22. Target: setLog Action List: (none)
  23. 23. • Based on the location of the code • Based on the trust (code has to be signed) • Based on the user who runs the code
  24. 24. • Based on the location of the code grant codeBase "file:${my.code.base}/-" { permission java.security.AllPermission; }; grant codeBase "file://java-security/org.wso2.java.security/-" { permission java.security.AllPermission; }; grant codeBase "file:${java.ext.dirs}/*" { permission java.security.AllPermission; }; grant codeBase "file:${java.home}/lib/ext/area.jar" { permission java.io.PropertyPermission "user.home”,"read"; permission java.io.FilePermission "${user.home}${/}test${/}*", "write"; };
  25. 25. • Based on the user who runs the code grant principal com.sun.security.auth.UnixPrincipal "prabath" { permission java.security.AllPermission; }; grant principal javax.security.auth.x500.X500Principal "cn=Alice" { permission java.io.FilePermission "/home/Alice", "read, write"; };
  26. 26. • Based on the trust (code has to be signed) grant signedBy "wso2carbon" { permission java.security.AllPermission; }; keystore "file:///java-security/org.wso2.java.security/wso2carbon.jks"; keystorePasswordURL "file:///org.wso2.java.security/wso2carbon.pwd";
  27. 27. • Combinations grant signedBy "wso2carbon" , codeBase "file://java-security/org.wso2.java.security/-" , principal com.sun.security.auth.UnixPrincipal "prabath" { permission java.security.AllPermission; }; keystore "file:///java-security/org.wso2.java.security/wso2carbon.jks"; keystorePasswordURL "file:///org.wso2.java.security/wso2carbon.pwd";
  28. 28. • Allow to read all the system properties except java.home ? • Tom can access the getBeer() method only if he is older then 21 year?

×