1 / 19

Java Security Model (GS: Ch. 7)

Java Security Model (GS: Ch. 7). Topics. Basics of Java Security Model Cryptographic Signatures Permissions Customized Permissions. Basics of Java Security Model. Java 2 security is policy-based .

thanh
Download Presentation

Java Security Model (GS: Ch. 7)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Java Security Model(GS: Ch. 7) csci5931 Web Security

  2. Topics • Basics of Java Security Model • Cryptographic Signatures • Permissions • Customized Permissions csci5931 Web Security

  3. Basics of Java Security Model • Java 2 security is policy-based. • The policy defined in java.policy file controls the resources that Java codes have access to. • Codesource = codebase + signer • codebase: The location that the code comes from, either locally or from a remote site. • signer: the entity that signed the code in question csci5931 Web Security

  4. Basics of Java Security Model • Permissions: specific actions that a codesource is allowed to take (e.g., access a file, connect to a machine) • Types of Java codes: • Java applications • Java applets • Java servlets • Java beans, JEB csci5931 Web Security

  5. Managing Cryptographic Signatures • Tools provided by Sun: keytool jarsigner policytool • keytool (pp. 157-161): An application that ships with JDK It manages keystores and can create certificates. It replaces javakey, found in Java 1.1. Note: Keystores are linked to the provider (e.g., Sun’s JCA provider). A keystore file generated by one provider will not work with a keystore file generated by another provider. csci5931 Web Security

  6. Managing Cryptographic Signatures • jarsigner A signing and verification tool for Java archive (JAR) files Attaches a specific signer to a specific set of codes Usage: jarsigner [options] jar-file alias jarsigner -verify [options] jar-file [-keystore <url>] keystore location [-storepass <password>] password for keystore integrity [-storetype <type>] keystore type [-keypass <password>] password for private key (if different) [-sigfile <file>] name of .SF/.DSA file [-signedjar <file>] name of signed JAR file [-verify] verify a signed JAR file ... csci5931 Web Security

  7. Managing Cryptographic Signatures • Jarsigner • It signs JAR files. • It verifies signatures on JAR files. • JAR (Java Archive): a .zip file that supports signatures. • To sign a JAR file: You must have a private key and a certificate in your keystore. • For your signed JAR file to be verifiable by others: Your certificate must be signed by a CA. csci5931 Web Security

  8. Managing Cryptographic Signatures • A signed JAR file allows the user to determine whether the Java codes contained in the JAR can be trusted or not. • Applets are usually signed, if extra permissions (beyond those defined as defaults) need to be granted. • In Java 1.2.1 or higher, every class within the same package inside a signed JAR must be signed by the same certificate. Q: Why is this important? csci5931 Web Security

  9. Managing Cryptographic Signatures • Steps in signing a JAR file: • Use jar to create a JAR file out of the .class file(s). • Use keytool to generate a keypair. • Use jarsigner to sign the JAR file with the private key and the certificate. • To verify a signed JAR file: jarsigner –verify … • Example usage: p.179 csci5931 Web Security

  10. Managing Cryptographic Signatures • When a JAR is signed, it is not the JAR itself that is signed, but some or all of the files it contains. • A signed JAR contains three files: • The manifest (HelloWorld.mf) • The signature file (HelloWorld.sf) • The digital signature file (HelloWorld.dsf) csci5931 Web Security

  11. Managing Cryptographic Signatures • To view the content of a JAR file: • Use jar command > jar tvf HelloWorld.jar 140 Wed Mar 19 10:22:24 CST 2003 META-INF/MANIFEST.MF 193 Wed Mar 19 10:22:24 CST 2003 META-INF/EXAMPLES.SF 1013 Wed Mar 19 10:22:24 CST 2003 META-INF/EXAMPLES.DSA 0 Wed Mar 19 10:13:58 CST 2003 META-INF/ 426 Wed Mar 19 10:13:30 CST 2003 HelloWorld.class • Use winzip or something like that csci5931 Web Security

  12. Managing Permissions • The Java security manager handles the checking of permissions as needed. • The default implementation: java.lang.SecurityManager, which can be sub-classed or overwritten if necessary. • Java enforces security by asking the security manager for permissions before taking any action that is considered potentially unsafe. csci5931 Web Security

  13. Managing Permissions • Permissions are defined in the java.policy file, which is stored in $JAVA_HOME/jre/lib/security/java.policy. • Two ways to edit java.policy file: • Manually by using a text editor • Use policytool, which is a GUI tool for editing Java security policies (See examples on pp.188-189) • An example: pp.182, 187 (FileWriteTest.java) csci5931 Web Security

  14. Managing Permissions • The syntax for the grant command in java.policy file: grant signedBy “signer_names”, codeBase “URL” { permission permission_class_name “target_name”, “action”, signedBy “signer_names”; … } • See sample listing on pp.183-184. • More samples on p.186. csci5931 Web Security

  15. Managing Permissions • Default permission classes in Java: p.190 • AllPermission • BasicPermission • FilePermission • SocketPermission • Subclasses of BasicPermission: • AudioPermission, AWTPermission, NetPermission, … csci5931 Web Security

  16. Managing Permissions • Customized Permissions: • You may want to restrict access to certain classes based on the caller’s codesource. • To prevent untrusted codes from calling some sensitive classes. • An example (p.191): extending BasicPermission by creating a subclass. csci5931 Web Security

  17. Managing Permissions • Customized Permissions: Example > java -cp SecretWordTest.jar -Djava.security.manager -Djava.security.policy=SecretWord.policy SecretWordTest The secret word is: ossifrage csci5931 Web Security

  18. Managing Permissions • Security properties for the JVM are defined in the java.security file, which is stored in $JAVA_HOME/jre/lib/security/java.security. • Security providers, policy provider, keystore type, etc. (pp.194-195) csci5931 Web Security

  19. Next • Team Presentations • SSL (GS: 9) • Applet security (GS: 7) • Servlets security (GS: 8) • … csci5931 Web Security

More Related