1 / 20

Java Security

Chris Durham CSCI 297 May 26 th 2005. Java Security. Java Security , David Wheeler, April 2000 [A4] JAC: An Aspect Based Distributed Dynamic Framework , R. Pawlak et. al., December 2002 [A5]. Papers. Overview. Language Support (and problems) w/r/t Security [A4]

kirima
Download Presentation

Java Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chris Durham CSCI 297 May 26th 2005 Java Security

  2. Java Security, David Wheeler, April 2000 [A4] JAC: An Aspect Based Distributed Dynamic Framework, R. Pawlak et. al., December 2002 [A5] Papers

  3. Overview Language Support (and problems) w/r/t Security [A4] • 1.0, 1.1, 2; Sun vs Netscape vs MS • Protection Domains • several 'new' enhancements Environmental and 'aspect' security w/JAC [A5] • protection from/for environment and 'incorrectness' • what is an 'aspect'? • wrappers, example

  4. Java 1.0 Security Policy • Applets in a Sandbox • no access to filesystem, libraries or programs, cannot manipulate basic classes • network access only to source of load • Applications no limits; can code a policy • SecurityManager class, check____() methods. • If no security Manager class, then all privs granted • ByteCodeVerifier, ClassLoader

  5. Java 1.1 • Jar files: collect and optionally sign multiple files • JCA: Java Cryptography Architecture, Framework for crypto providers, minimal key and certificate management

  6. Problems? 1.0 and 1.1 Issues

  7. Problems with 1.0 and 1.1 • New Privileges hard to implement – methods added to SecurityManager class. • Sandbox limits functionality • so-called 'trusted' programs given a lot of leeway Netscape: Capbilities API: request privilege, UI asks for confirmation, privilege disabled on method return Microsoft: CAB vs JAR, Trust-based: zones (local, Intranet, Internet) and priv sets (High, Med, Low)

  8. Java 2: Protection Domains • Policy object for a user: • CodeSource: Where code comes from (+ opt. signature) • Permissions: What user can do • ProtectionDomain: each class has one, contains set of permissions + CodeSource

  9. Java 2: Protection Domains • If an object calls a method in a different object that requires a particular permission, and the two objects' classes are in different Protection Domains, what happens? • if permission exists in each Domain, then allow it, (based on intersection of permissions) • GuardedObject class protects individual instances of an object

  10. Standard Permission (sub)Classes • FilePermission • file, directory, all files in a directory, paths, etc • rights: read,write,execute,delete • SocketPermission • IP/network or host(s)/domain(s) • ports (range) • rights: accept, connect, listen, resolve ... • PropertyPermission

  11. lack of formal security model; insecure defaults hard to prove correctness dependencies weak against DoS, slow Sec Policy mgmt difficult Sec Policy mgmt flexible Java Security +/- 's • allows 'controlled' execution of other code • portability • Sun's source viewable • fine grained perms • Sec Policy mgmt flexible

  12. 'Future' (in 2000) • JAAS: PAM-like Authentication and Authorization service; user-centric as opposed to code centric control • JSSE: SSL for Java, (I don't see it much at all)

  13. JAC: Java Aspect Components None of what we have talked about so far protects your code from things such as: • environmental issues • incorrect coding • dynamic reconfiguration concerns Aspect Programming can Help - How? http://www.onjava.com/pub/a/onjava/2004/01/14/aop.html

  14. JAC Framework • 'wrap' existing code with new functionality • can use pre-defined wrappers (counters, authentication, trace and debug) etc. or write your own. • JAC is a framework, do not have to modify existing code, your code runs within the framework, framework 'intercepts' calls to methods • pre-defined wrappers require only a config file • Differs from similar project AspectJ in that JAC has the predefined aspects and can be dynamically 'woven', also works in a distributed environment, whereas AspectJ cannot

  15. JAC/AOP: Terms • pointcut: Place in code where issues/concerns arise/need to be addressed .. pointcut() is a method in the aspect class that defines what classes and methods are going to be affected by the aspect • advice: the additional code • aspect: pointcut + advice (where + what) • wrapper: a class you extend to provide code (advice) that will be executed when a pointcut() occurs • weave: process of adding/removing aspects • crosscutting concerns: things that concern 'independent' objects

  16. Example w/ Predefined Aspects JAC Source: http://jac.openweb.org Adventure game from Csci 210: Keep track of the number of times you pick up any treasure JAC file: adventure.jac applicationName: Adventure launchingClass: Adventure aspects: \ org.objectweb.jac.aspects.tracing.SimpleCountingWrapper counter.acc true

  17. acc file counter.acc file: addTrace "ALL" "*StdCmds*", "*get*"; execution: java -jar jac.jar -C ./Adventure.jar adventure.jac But I cannot instantiate SimpleCountingWrapper ! argh

  18. PreDefined Aspects • AuthenticationAC • ConfirmationAC • TransactionAC others... see: http://jac.objectweb.org/docs/programmer_guide_body.html

  19. Hand-Written Aspects See: MyAC.java

  20. Summary for JACS JACS provides a way to 'extend' existing code without having to recompile it. Takes existing code into a Framework and executes it there, thus allowing methods to be 'intercepted' at some predefined points to do checking or add additional functionality

More Related