1 / 18

Java Security

Java Security. CS-328. JDK 1.0 Security Model. Local Code. Java Virtual Machine. Remote Code. Sandbox. Local Host System Resources (File System, Sockets, Printers…). JDK 1.1 Security Model. Local Code. Java Virtual Machine. Remote Untrusted Code. Sandbox. Remote Trusted Code.

remington-ronnie
Download Presentation

Java Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Java Security CS-328

  2. JDK 1.0 Security Model Local Code Java Virtual Machine Remote Code Sandbox Local Host System Resources (File System, Sockets, Printers…)

  3. JDK 1.1 Security Model Local Code Java Virtual Machine Remote Untrusted Code Sandbox Remote Trusted Code Full Access Limited Access Local Host System Resources (File System, Sockets, Printers…)

  4. JDK 1.2 Security Model All Code Security Policy Class Loader Java Virtual Machine Sandbox Full Access Limited Access Local Host System Resources (File System, Sockets, Printers…)

  5. Java Security Attributes • Easy to use Fine Grained Access Control • Easy to Configure Security Policy • Easy to Extend Access Control Structure • Easy to Extend Security Checks to Applications

  6. The Security Model • The Java Security Model is made up of three primary pieces: • The Bytecode Verifier • The Class Loader • The Security Manager

  7. The Bytecode Verifier • Once bytecodes have been loaded in to the machine but before they are run: • Opcodes are checked • Addresses are verified to access only memory in the virtual machine • Strict type enforcement • Only verified code is run on the JVM

  8. The Class Loader • Imported class are each run in their own namespace • Built-in classes are all run in a single namespace • Class loader always searches the built-in name space for a requested class first so as to avoid running a downloaded class with the same name. • Built-in classes are considered to be “trusted” and are always run in preference of a downloaded class of the same name.

  9. The Security Manager • Each application can have anindividual security policy • Security policies are defined in external files that are accessible by the security manager • The security manager enforces the specified security policy • The application security is made up of two pieces: • A system piece, found in java.home\lib\security • An application specific piece in user.home\lib\security (or anywhere you want to put it)

  10. Policy Files grant [signedBy “signer_names”,] [codebase “URL”] { permission permission_class_name “target_name”, [“action”] [, signedBy “signer_names”]; Ex. grant signedBy “ACME Software” codebase http://www.acme.com/- { permission java.io.FilePermission “c:\\autoexec.bat”,”read”; permission java.lang.RunTimePermission “queuePrintJob”; }

  11. Permissions • java.security.AllPermission – allow the application to run with all premissions; i.e. without any security restrictions • java.awt.AWTPermission – allows access to GUI things, like the Windows clipboard • java.io.FilePermission – allows code access to read and write files • java.net.NetPermission – allows code to perform certain network related operations, such as requestPasswordAuthentication • java.util.PropertyPermission – allows code access to property values (read/write) • Java.lang.ReflectPermission – allows code to query information about classes (ex supressAccessChecks allows ability to find out about public, private and protected fields and methods

  12. Permissions (more) • java.lang.RuntimePermission – allows the ability for code to perform operations related to the performance of the JVM (ex. loadLibrary allows the dynamic linking to a specific library; queuePrintJob allows the queuing of a print job) • java.security.SecurityPermission – allows code the ability to perform operations related to policy enforcement • java.io.SerializablePermission – allows code to perform operations related to the serialization/deserialization of objects (ex. enableSubstitution allows one object to be substituted for another during serialization/deserialization). • java.net.SocketPermission – allows code to perform operations related to establishing connections to host systems. Targets are ports or ranges of port numbers; actions are accept, connect, listen and resolve.

  13. New in Java 1.4 • Separate packages that are now included as part of JDK • JCE - Java Cryptography classes • JSSE - Java Secure Sockets Extension • JAAS - Java Authentication and Authorization Services • Java GSS API - Java Generic Security Services API • Java Certification Path API

  14. JCE – Java Encryption Extensions • JCE covers • encryption and decryption • symmetric bulk encryption, such as DES, RC2, and IDEA • Symmetric stream encryption, such as RC4 • Asymmetric encryption, such as RSA • Password-based encryption (PBE) • key agreement • Message Authentication Code (MAC) • Strong Cryptography is the default • unlimited is available (depending on export restrictions)

  15. JSSE – Java Secure Sockets Extensions • Provides support for communications using SSL (Secure Sockets Layer) and TLS (Transport Layer Security) • commonly thought of as HTTPS • part of javax.net • SSL (and thus HTTPS) permits encrypted traffic to be exchanged between the client and server. • After an SSL client initiates a conversation with an SSL server, the server sends an X.509 certificate back to the client for authentication. The client then checks the validity of the certificate. Assuming the server is verified, the client generates a premaster secret key, encrypts it with the server's public key from the certificate, and sends the encrypted key back to the server. From this premaster key, the client and server generate a master key for the session. After some basic handshaking, the encrypted exchange can commence. • The JSSE library hides these inner workings of the SSL protocol from you.

  16. JAAS - Java Authentication and Authorization Services • JAAS provides for the authentication of users and the authorization of tasks based upon that authentication • Previously, anyone authenticated had access to the same security restrictions. Now, you can control what tasks are available for a specific authenticated user • requires modification of security policies

  17. Java GSS-API - Java Generic Security Services API • adds Kerberos V5 support to the Java platform. • Kerberos originated at the Massachusetts Institute of Technology (MIT) as project Athena back in 1987. • Essentially, a network authentication protocol. • Defined in RFC 1510 from 1993 • biggest draw is not having to send passwords over the net. • offers single sign-on within one domain -- if everything within the domain has been Kerberos-enabled. • support is also provided for single sign-on across different security realms over a network. • Used in conjunction with JAAS, once a user's identity is established, future authentication requests are no longer necessary.

  18. Java Certification Path API • Certification Path API provides classes for building and validating certificate chains, an important requirement of a Public Key Infrastructure (PKI). • These certificates provide for the storage of security keys for users. By trusting the issuer of a certificate that holds the keys, and trusting the issuer of the certificate that trusts the original certificate, you establish chains of trust • Building and validating certification paths is an important part of many standard security protocols, such as SSL/TLS, Secure/MIME (S/MIME), and IP Security (IPsec).

More Related