1 / 16

Java Security Model

Java Security Model. Lab#1 I. Omaima Al- Matrafi. Safety features built into the JVM. Type-safe reference casting Structured memory access (no pointer arithmetic) Automatic garbage collection Array bounds checking Checking references for null (Accessing or modifying null obj.).

garan
Download Presentation

Java Security Model

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Java Security Model Lab#1 I. OmaimaAl-Matrafi

  2. Safety features built into the JVM • Type-safe reference casting • Structured memory access (no pointer arithmetic) • Automatic garbage collection • Array bounds checking • Checking references for null (Accessing or modifying null obj.)

  3. Java Sandbox • It is the bounds of program play (run) area . • Java software programs can run safely, without potential risk to systems or users.

  4. The Security Model (JDK 1.0) • The Java Security Model is made up of three primary pieces: • The Bytecode Verifier • The Class Loader • The Security Manager

  5. These components serve the following purpose: • The classes are in the correct format. • Only the collect classes are loaded. • Untrusted classes will not execute dangerous instructions. • Untrusted classes are not allowed to access protected system resources.

  6. Java security • Java security technology includes a large set of APIs, tools, and implementations of commonly used security algorithms, mechanisms, and protocols. • The Java security APIs span a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control.

  7. Java SE Security Features • Platform Security • Strong data typing • Automatic memory management • Bytecode verification • Secure class loading

  8. Cryptography • Comprehensive API with support for a wide range of cryptographic services including: • digital signatures, message digests, ciphers (symmetric, asymmetric, stream & block), message authentication codes, key generators. • Support for a wide range of standard algorithms including RSA, DSA, AES, Triple DES, SHA, PKCS#5, RC2, and RC4.

  9. Authentication and Access Control • Abstract authentication APIs that can incorporate a wide range of login mechanisms • A comprehensive policy and permissions API that allows the developer to create and administer applications

  10. Secure Communications • APIs and implementations for the following standards-based secure communications protocols: Transport Layer Security (TLS), Secure Sockets Layer (SSL), • Full support for HTTPS over SSL/TLS is also included. • Authenticates peers over an untrusted network and protects the integrity and privacy of data transmitted between them.

  11. Public Key Infrastructure (PKI) • Tools for managing keys and certificates.

  12. New in 1.4 • Separate packages that are now included as part of JDK • JCE - Java Cryptography classes • JSSE - Java Secure Sockets Extension • JAAS - Java Authentication and Authorization Services • More..

  13. JCE – Java Cryptography Extensions • JCE covers • encryption and decryption • symmetric bulk encryption, such as DES, RC2, and IDEA • Asymmetric encryption, such as RSA • Password-based encryption (PBE) • key agreement • Message Authentication Code (MAC)

  14. Sample Program.. This program demonstrates how to encrypt/decrypt input using the Blowfish Cipher with the Java Cryptograhpy.

  15. Lab work • Read from the user (using Scanner) at least 10 words and write your name and ID then save it in a txt file “lab1.txt”.

  16. HomeWork1 • Write a program “wordOccurrence” that reads a word from the user and search for it in a text file ”HW1.txt”. Then, display the number of occurrence for that word. Enter the word: and The number of occurrence is: 5 • Write a text file “HW1.txt” with at least 30 words, and write your name and ID at the end. What to submit: • wordOccurrence.java • The text file “HW1.txt” • printout of the output of this program

More Related