HM
Uploaded byHossein Mobasher
893 views

Advanced Java

This document discusses security features in Java. It covers applets, security implications of applets running locally, the sandbox model, bytecode verification, class loading, the security manager, language features that enhance security, and signed JAR files. The key points are that applets are restricted to prevent harm, the bytecode is verified before execution, and digital signatures allow verification of untrusted code sources.

Embed presentation

Downloaded 24 times
Advanced Java
Contents Introduction 3 Applets 4 Security Implications 5 Sandbox 8 Bytecode Verifier 9 Class Loader 13 Security Manager 15 Language Features 17 Security Through Obscurity 19 Security Through Openness 20 Signed JAR files21
Introduction Write Once, Run Any Where Capability.
Applets  Web Applets are one of the most exciting uses of the Java Platform.  Applets are small pieces of executable code which may be included in Web pages and which run inside of the user’s browser.  While traditional web pages have been limited to simple text and graphics, applets allow web publishers to include sophisticated, interactive applications in their pages.  Example ?
Security Implications In traditional environments, companies could protect themselves by controlling physical and network access to their computers by establishing policies for what kinds of software can be used on their machines. These steps include building a firewall between the Internet and the company’s intranet, obtaining software only from known and trusted sources, and using anti-virus programs to check all new software. Internet Firewall Intranet
Security Implications An employee searching an external Web site for information might inadvertently load and execute an applet without being aware that the site contains executable code. This automatic distribution of executable makes it very likely that software will be obtained from untrusted third parties. Since the applet is imported into the user’s web browser and runs locally, this software could potentially steal or damage information stored in the user’s machine on a network file server. Also, since this software is already behind the Company’s firewall, the applet could attack other unprotected machines on a corporate intranet. These attacks would not be stopped by traditional security measures.
Security Implications Solutions :  Java protects its users from these dangers by placing strict limits on applets. Applets cannot read from or write to the local disk. These limits prevent malicious applets from stealing information, spreading viruses, or acting as Trojan horses  Applets are also prohibited from making network connections to other computers on the corporate intranet. This prevents malicious applets from exploiting security flaws that might exist behind the firewall or in the underlying operating system.
Sandbox  The sandbox is an insulation layer that implements a control policy preventing unsafe access to hardware and operating system resources.  The sandbox model is to run untrusted code in a trusted environment so that if a user accidentally imports a hostile applet, that applet cannot damage the local machine.  The applet’s actions are restricted to its sandbox an area of the web browser dedicated to that applet. The applet may do anything it wants within its sandbox, but cannot read or alter any data outside of its sandbox.
Bytecode Verifier Three components of the bytecode verifier  Java is not compiled into machine code, but rather into an intermediate format for a virtual machine.  Hardware access is mediated by a set of API classes that implement a suitable access control policy.  Before execution, the bytecode is statically verified to ensure that it does not bypass the two security measures.
Bytecode Verifier  Before running a newly imported applet, the class loader invokes the verifier. The verifier checks that the applet conforms to the Java language specification and that there are no violations of the Java language rules or name space restrictions.  The verifier also checks for common violations of memory management, like stack underflows o overflows, and illegal data type casts, which could allow a hostile applet to corrupt part of the security mechanism or to replace part of the system with its own code.
Bytecode Verifier Correct types ◦ All bytecode instructions are provided with arguments of the type they expect on operand stack, registers, and heap. No overflow and underflow ◦ No instruction tries to retrieve a value from an empty stack, no instruction tries to put more elements on the stack than statically specified in the method, and no instruction accesses more registers than statically specified in the method.
Bytecode Verifier Initialized objects ◦ Before fields or methods of an object can be accessed, its constructor must be called. Each constructor in turn must first call the superclass constructor before it accesses fields and methods of the object.
Class Loader Class loading is a feature of the JVM that is interesting for bytecode verification because the class loader is part of the name space for class resolving (together with the package and class name). When an applet is to be imported from the network, the web browser calls the applet class loader.
Class Loader and Bytecode Verifier By tricking the BV into believing that two classes loaded by different class loaders are equal, type safety could be broken. The BV in this thesis takes the approach used on the JavaCard platform and assumes that all classes of the program have been preloaded and that no dynamic class loading at runtime is possible.
Security Manager  The security manager enforces the boundaries around the sandbox.  Whenever an applet tries to perform an action which could corrupt the local machine or access information, the Java Virtual Machine first asks the security manager if this action can be performed safely. If the security manager approves the action the virtual machine will then perform the action. Otherwise, the virtual machine raises a security exception and writes an error to the Java console.
Security Manager  The security manager will not allow an untrusted applet to read or write to a file, delete a file, get any information about a file, execute operating system commands or native code, load a library, or establish a network connection to any machine other than the applet’s home server.  An application or a web browser can only have one security manager. This assures that all access checks are made by a single security manager enforcing a single security policy. The security manager is loaded at start-up and cannot be extended, overridden or replaced. For obvious reasons, applets can not create their own security managers
Language Features  Java has several language features which protect the integrity of the security system and which prevent several common attacks.  For example, Java programs are not allowed to define their own memory pointers or to access physical memory directly.  The Java language also has several other checks for memory and pointer abuse which could weaken the security system.
Language Features Studies have shown that 40% to 50% of all bugs are caused by errors in memory management. By automating memory management, Java eliminates a large class of bugs. This results in more stable and reliable code.
Security Through Obscurity  In the past, many computer and network systems tried to maintain security by hiding the inner works and policies of the system. This practice, known as security through obscurity.  The existence of the CERT/CC and a number of well publicized network attacks in recent years demonstrate that this assumption is unfounded.  This is especially true for commercially successful systems. For such widely used systems, too many people know the internal workings of the system for the details to remain secret and the rewards for breaking into the system are too great.
Security Through Openness  Sun took the opposite approach, and published all the details of Java security model when Java was first released.  This approach, dubbed security through openness, was intended to encourage security researchers to examine the Java model and to report any security flaws found. The flaws could be fixed before attacks based on those flaws could become endemic on the Web.  Security through openness also allows any organization to study the Java security model.  FAQ http://java.sun.com/sfaq
Signed JAR files All networked systems are potentially vulnerable to the “Man-in-the-Middle” attack In this attack, a client contacts a legitimate server on the network and requests some action. The attacker, or man in the middle, notices this request and waits for the server to respond. The attacker then intercepts the response and supplies a bogus reply to the client. The client then acts on the bogus information, or possibly runs the program supplied by the attacker, giving the attacker access to the client machine. Example ?
Signed JAR files Signed Applets give us the same level of confidence in network distributed software. To sign an applet, the producer first bundles all the Java code and related files into a single file called a Java Archive, or JAR. The producer then creates. a string called a digital signature based on the contents of the JAR. JAR files solve another problem. Currently, many Java applets take a very long time to download and begin running. This can be annoying even for those users with a very high speed link to the Internet. The problem is that current Internet protocols move web pages across the Internet one file at a time. Since there is some overhead associated with each request for a file, web pages and Java applets which are composed of many small files might spend more time requesting those files and waiting for replies than they spend actually moving the information. Since a JAR file bundles all the information needed by the applet and its web page into a single file, the entire page can be downloaded with a single request. For many pages this will greatly reduce download times.
Signed JAR files JARs and digital signatures can also be used for Java applications. While Java applications are more trustworthy than applets because they do not travel over the Internet and are subject to an organizations traditional security policies, applications are subject to several types of attack. For example, viruses spread by modifying existing applications to include a copy of the virus. Since a virus would not be able to produce a valid signature for the altered program, the Java system could detect that a signed application has been tampered with, and refuse to run it.
Thank You! By: Hossein Mobasher Hamid Mozaffari

More Related Content

PPT
Advanced java
byNA
 
PPTX
Advance Java Topics (J2EE)
byslire
 
PPTX
Java/Servlet/JSP/JDBC
byFAKHRUN NISHA
 
PDF
Advanced java programming-contents
bySelf-Employed
 
PDF
S313265 - Advanced Java API for RESTful Web Services at JavaOne Brazil 2010
byArun Gupta
 
PPTX
Advance java prasentation
bydhananajay95
 
PDF
Servlets
byRavi Kant Sahu
 
PPT
Java Servlets
byNitin Pai
 
Advanced java
byNA
 
Advance Java Topics (J2EE)
byslire
 
Java/Servlet/JSP/JDBC
byFAKHRUN NISHA
 
Advanced java programming-contents
bySelf-Employed
 
S313265 - Advanced Java API for RESTful Web Services at JavaOne Brazil 2010
byArun Gupta
 
Advance java prasentation
bydhananajay95
 
Servlets
byRavi Kant Sahu
 
Java Servlets
byNitin Pai
 

What's hot

PPTX
Advance java Online Training in Hyderabad
byUgs8008
 
PPT
Java Servlets
byBG Java EE Course
 
PPT
Web Tech Java Servlet Update1
byvikram singh
 
DOC
Java Servlets & JSP
byManjunatha RK
 
PPS
Advance Java
byVidyacenter
 
PDF
Servlet and JSP
byGary Yeh
 
PDF
Jsp servlets
byRajavel Dhandabani
 
DOC
JDBC
byManjunatha RK
 
PDF
JAVA EE DEVELOPMENT (JSP and Servlets)
byTalha Ocakçı
 
PPTX
Core web application development
byBahaa Farouk
 
PPT
An Introduction To Java Web Technology
byvikram singh
 
PDF
Java servlets
byMukesh Tekwani
 
PPTX
Servletarchitecture,lifecycle,get,post
byvamsi krishna
 
PPT
1 java servlets and jsp
byAnkit Minocha
 
PPTX
Servlet.ppt
byVMahesh5
 
PPTX
Servlets
byZainabNoorGul
 
PPTX
Java Servlets
byuniversity of education,Lahore
 
PPTX
Chapter 3 servlet & jsp
byJafar Nesargi
 
PPT
Java servlets
bylopjuan
 
Advance java Online Training in Hyderabad
byUgs8008
 
Java Servlets
byBG Java EE Course
 
Web Tech Java Servlet Update1
byvikram singh
 
Java Servlets & JSP
byManjunatha RK
 
Advance Java
byVidyacenter
 
Servlet and JSP
byGary Yeh
 
Jsp servlets
byRajavel Dhandabani
 
JDBC
byManjunatha RK
 
JAVA EE DEVELOPMENT (JSP and Servlets)
byTalha Ocakçı
 
Core web application development
byBahaa Farouk
 
An Introduction To Java Web Technology
byvikram singh
 
Java servlets
byMukesh Tekwani
 
Servletarchitecture,lifecycle,get,post
byvamsi krishna
 
1 java servlets and jsp
byAnkit Minocha
 
Servlet.ppt
byVMahesh5
 
Servlets
byZainabNoorGul
 
Java Servlets
byuniversity of education,Lahore
 
Chapter 3 servlet & jsp
byJafar Nesargi
 
Java servlets
bylopjuan
 

Viewers also liked

DOC
Top 9 advanced java interview questions answers
byJobinterviews
 
PDF
advanced java programming(java programming tutorials)
byDaroko blog(www.professionalbloggertricks.com)
 
PPT
Core & advanced java classes in mumbai
byVibrant Technologies & Computers
 
PPTX
Advanced java online training
byGlory IT Technologies Pvt. Ltd.
 
ZIP
Introduction to the Java(TM) Advanced Imaging API
bywhite paper
 
PPTX
Learn advanced java programming
byTOPS Technologies
 
PPTX
Advanced JAVA
byRajvi Vaghasiya
 
PDF
Core java course syllabus
byPapitha Velumani
 
Top 9 advanced java interview questions answers
byJobinterviews
 
advanced java programming(java programming tutorials)
byDaroko blog(www.professionalbloggertricks.com)
 
Core & advanced java classes in mumbai
byVibrant Technologies & Computers
 
Advanced java online training
byGlory IT Technologies Pvt. Ltd.
 
Introduction to the Java(TM) Advanced Imaging API
bywhite paper
 
Learn advanced java programming
byTOPS Technologies
 
Advanced JAVA
byRajvi Vaghasiya
 
Core java course syllabus
byPapitha Velumani
 

Similar to Advanced Java

PPT
Sandboxing (Distributed computing)
bySri Prasanna
 
ODP
Tollas Ferenc - Java security
byveszpremimeetup
 
PDF
Secure JEE Architecture and Programming 101
byMario-Leander Reimer
 
PDF
Javantura v4 - Security architecture of the Java platform - Martin Toshev
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
PDF
Java Platform Security Architecture
byRamesh Nagappan
 
PPT
Chapter three Java_security.ppt
byHaymanotTadese
 
PPTX
How java is better than other languages according to history and uses.
byMAAN Softwares INC.
 
PPTX
Security Аrchitecture of Тhe Java Platform
byMartin Toshev
 
DOCX
OBJECT ORIENTED ROGRAMMING With Question And Answer Full
byManas Rai
 
PPTX
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
byMartin Toshev
 
PPT
Java Security
byelliando dias
 
PPT
java-card20232024999999999999999999999999999999999999999999999999999999999999...
byouahibakellou
 
PPTX
Martin Toshev - Java Security Architecture - Codemotion Rome 2019
byCodemotion
 
PPTX
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
byMartin Toshev
 
PDF
Class loaders
byThesis Scientist Private Limited
 
PDF
Java: A Secure Programming Language for Today’s Market
byUncodemy
 
PDF
Secure Computing With Java
bywhite paper
 
PDF
JAVA INTRODUCTION
byProf Ansari
 
PDF
JAVA INTRODUCTION
byProf Ansari
 
PDF
Class notes(week 10) on applet programming
byKuntal Bhowmick
 
Sandboxing (Distributed computing)
bySri Prasanna
 
Tollas Ferenc - Java security
byveszpremimeetup
 
Secure JEE Architecture and Programming 101
byMario-Leander Reimer
 
Javantura v4 - Security architecture of the Java platform - Martin Toshev
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Java Platform Security Architecture
byRamesh Nagappan
 
Chapter three Java_security.ppt
byHaymanotTadese
 
How java is better than other languages according to history and uses.
byMAAN Softwares INC.
 
Security Аrchitecture of Тhe Java Platform
byMartin Toshev
 
OBJECT ORIENTED ROGRAMMING With Question And Answer Full
byManas Rai
 
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
byMartin Toshev
 
Java Security
byelliando dias
 
java-card20232024999999999999999999999999999999999999999999999999999999999999...
byouahibakellou
 
Martin Toshev - Java Security Architecture - Codemotion Rome 2019
byCodemotion
 
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
byMartin Toshev
 
Class loaders
byThesis Scientist Private Limited
 
Java: A Secure Programming Language for Today’s Market
byUncodemy
 
Secure Computing With Java
bywhite paper
 
JAVA INTRODUCTION
byProf Ansari
 
JAVA INTRODUCTION
byProf Ansari
 
Class notes(week 10) on applet programming
byKuntal Bhowmick
 

More from Hossein Mobasher

PPT
Shive
byHossein Mobasher
 
PDF
CodeIgniter
byHossein Mobasher
 
PPTX
ISR
byHossein Mobasher
 
ODP
Database
byHossein Mobasher
 
PDF
Association Rule Mining in Social Network Data
byHossein Mobasher
 
PDF
Live API Documentation
byHossein Mobasher
 
PPTX
Presentation
byHossein Mobasher
 
Shive
byHossein Mobasher
 
CodeIgniter
byHossein Mobasher
 
ISR
byHossein Mobasher
 
Database
byHossein Mobasher
 
Association Rule Mining in Social Network Data
byHossein Mobasher
 
Live API Documentation
byHossein Mobasher
 
Presentation
byHossein Mobasher
 

Advanced Java

  • 1.
  • 2.
    Contents Introduction 3 Applets 4 SecurityImplications 5 Sandbox 8 Bytecode Verifier 9 Class Loader 13 Security Manager 15 Language Features 17 Security Through Obscurity 19 Security Through Openness 20 Signed JAR files21
  • 3.
    Introduction Write Once, RunAny Where Capability.
  • 4.
    Applets  Web Appletsare one of the most exciting uses of the Java Platform.  Applets are small pieces of executable code which may be included in Web pages and which run inside of the user’s browser.  While traditional web pages have been limited to simple text and graphics, applets allow web publishers to include sophisticated, interactive applications in their pages.  Example ?
  • 5.
    Security Implications In traditionalenvironments, companies could protect themselves by controlling physical and network access to their computers by establishing policies for what kinds of software can be used on their machines. These steps include building a firewall between the Internet and the company’s intranet, obtaining software only from known and trusted sources, and using anti-virus programs to check all new software. Internet Firewall Intranet
  • 6.
    Security Implications An employeesearching an external Web site for information might inadvertently load and execute an applet without being aware that the site contains executable code. This automatic distribution of executable makes it very likely that software will be obtained from untrusted third parties. Since the applet is imported into the user’s web browser and runs locally, this software could potentially steal or damage information stored in the user’s machine on a network file server. Also, since this software is already behind the Company’s firewall, the applet could attack other unprotected machines on a corporate intranet. These attacks would not be stopped by traditional security measures.
  • 7.
    Security Implications Solutions : Java protects its users from these dangers by placing strict limits on applets. Applets cannot read from or write to the local disk. These limits prevent malicious applets from stealing information, spreading viruses, or acting as Trojan horses  Applets are also prohibited from making network connections to other computers on the corporate intranet. This prevents malicious applets from exploiting security flaws that might exist behind the firewall or in the underlying operating system.
  • 8.
    Sandbox  The sandboxis an insulation layer that implements a control policy preventing unsafe access to hardware and operating system resources.  The sandbox model is to run untrusted code in a trusted environment so that if a user accidentally imports a hostile applet, that applet cannot damage the local machine.  The applet’s actions are restricted to its sandbox an area of the web browser dedicated to that applet. The applet may do anything it wants within its sandbox, but cannot read or alter any data outside of its sandbox.
  • 9.
    Bytecode Verifier Three componentsof the bytecode verifier  Java is not compiled into machine code, but rather into an intermediate format for a virtual machine.  Hardware access is mediated by a set of API classes that implement a suitable access control policy.  Before execution, the bytecode is statically verified to ensure that it does not bypass the two security measures.
  • 10.
    Bytecode Verifier  Beforerunning a newly imported applet, the class loader invokes the verifier. The verifier checks that the applet conforms to the Java language specification and that there are no violations of the Java language rules or name space restrictions.  The verifier also checks for common violations of memory management, like stack underflows o overflows, and illegal data type casts, which could allow a hostile applet to corrupt part of the security mechanism or to replace part of the system with its own code.
  • 11.
    Bytecode Verifier Correct types ◦All bytecode instructions are provided with arguments of the type they expect on operand stack, registers, and heap. No overflow and underflow ◦ No instruction tries to retrieve a value from an empty stack, no instruction tries to put more elements on the stack than statically specified in the method, and no instruction accesses more registers than statically specified in the method.
  • 12.
    Bytecode Verifier Initialized objects ◦Before fields or methods of an object can be accessed, its constructor must be called. Each constructor in turn must first call the superclass constructor before it accesses fields and methods of the object.
  • 13.
    Class Loader Class loadingis a feature of the JVM that is interesting for bytecode verification because the class loader is part of the name space for class resolving (together with the package and class name). When an applet is to be imported from the network, the web browser calls the applet class loader.
  • 14.
    Class Loader andBytecode Verifier By tricking the BV into believing that two classes loaded by different class loaders are equal, type safety could be broken. The BV in this thesis takes the approach used on the JavaCard platform and assumes that all classes of the program have been preloaded and that no dynamic class loading at runtime is possible.
  • 15.
    Security Manager  Thesecurity manager enforces the boundaries around the sandbox.  Whenever an applet tries to perform an action which could corrupt the local machine or access information, the Java Virtual Machine first asks the security manager if this action can be performed safely. If the security manager approves the action the virtual machine will then perform the action. Otherwise, the virtual machine raises a security exception and writes an error to the Java console.
  • 16.
    Security Manager  Thesecurity manager will not allow an untrusted applet to read or write to a file, delete a file, get any information about a file, execute operating system commands or native code, load a library, or establish a network connection to any machine other than the applet’s home server.  An application or a web browser can only have one security manager. This assures that all access checks are made by a single security manager enforcing a single security policy. The security manager is loaded at start-up and cannot be extended, overridden or replaced. For obvious reasons, applets can not create their own security managers
  • 17.
    Language Features  Javahas several language features which protect the integrity of the security system and which prevent several common attacks.  For example, Java programs are not allowed to define their own memory pointers or to access physical memory directly.  The Java language also has several other checks for memory and pointer abuse which could weaken the security system.
  • 18.
    Language Features Studies haveshown that 40% to 50% of all bugs are caused by errors in memory management. By automating memory management, Java eliminates a large class of bugs. This results in more stable and reliable code.
  • 19.
    Security Through Obscurity In the past, many computer and network systems tried to maintain security by hiding the inner works and policies of the system. This practice, known as security through obscurity.  The existence of the CERT/CC and a number of well publicized network attacks in recent years demonstrate that this assumption is unfounded.  This is especially true for commercially successful systems. For such widely used systems, too many people know the internal workings of the system for the details to remain secret and the rewards for breaking into the system are too great.
  • 20.
    Security Through Openness Sun took the opposite approach, and published all the details of Java security model when Java was first released.  This approach, dubbed security through openness, was intended to encourage security researchers to examine the Java model and to report any security flaws found. The flaws could be fixed before attacks based on those flaws could become endemic on the Web.  Security through openness also allows any organization to study the Java security model.  FAQ http://java.sun.com/sfaq
  • 21.
    Signed JAR files Allnetworked systems are potentially vulnerable to the “Man-in-the-Middle” attack In this attack, a client contacts a legitimate server on the network and requests some action. The attacker, or man in the middle, notices this request and waits for the server to respond. The attacker then intercepts the response and supplies a bogus reply to the client. The client then acts on the bogus information, or possibly runs the program supplied by the attacker, giving the attacker access to the client machine. Example ?
  • 22.
    Signed JAR files SignedApplets give us the same level of confidence in network distributed software. To sign an applet, the producer first bundles all the Java code and related files into a single file called a Java Archive, or JAR. The producer then creates. a string called a digital signature based on the contents of the JAR. JAR files solve another problem. Currently, many Java applets take a very long time to download and begin running. This can be annoying even for those users with a very high speed link to the Internet. The problem is that current Internet protocols move web pages across the Internet one file at a time. Since there is some overhead associated with each request for a file, web pages and Java applets which are composed of many small files might spend more time requesting those files and waiting for replies than they spend actually moving the information. Since a JAR file bundles all the information needed by the applet and its web page into a single file, the entire page can be downloaded with a single request. For many pages this will greatly reduce download times.
  • 23.
    Signed JAR files JARsand digital signatures can also be used for Java applications. While Java applications are more trustworthy than applets because they do not travel over the Internet and are subject to an organizations traditional security policies, applications are subject to several types of attack. For example, viruses spread by modifying existing applications to include a copy of the virus. Since a virus would not be able to produce a valid signature for the altered program, the Java system could detect that a signed application has been tampered with, and refuse to run it.
  • 24.