1 / 35

Java Security

Java Security. Shmuel Babad CEO M i dL i nk Computing LTD shmuel@midlink.co.il Middleware Lecturer at John Bryce Training. Goals. Java security components and architecture JAAS within Java Security Concepts and components of JAAS Look beyond JAAS A short demo of JAAS. Beginning.

milla
Download Presentation

Java Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Java Security Shmuel Babad CEO MidLink Computing LTD shmuel@midlink.co.il Middleware Lecturer at John Bryce Training A MidLink presentation

  2. Goals Java security components and architecture JAAS within Java Security Concepts and components of JAAS Look beyond JAAS A short demo of JAAS A MidLink presentation Beginning

  3. Speaker’s Qualifications • Middleware expert • Over 7 years of experience in designing developing and administration of middleware tools and • Over 4 years of using J2EE implementation • Currently working for • John Bryce • Pelephone • Amdocs • Orange • CEO of MidLink – a middleware services company • Lectures on advanced J2EE topics at John Bryce training A MidLink presentation Beginning

  4. Security issues What is our biggest security problem? The one we don’t know about yet! A MidLink presentation Beginning

  5. Evolving security needs • Driven by Integration • Internal Applications (EAI) • External systems • More transaction are performed over communications • A bigger threat • More valuable information • Sophisticated hacking • Available large scale hacking • Terror oriented attacks A MidLink presentation Beginning

  6. Presentation Outline • Security basics • Java security basic concepts • Cryptography in Java • JAAS • Beyond JAAS • JAAS Demo A MidLink presentation Beginning

  7. Security involves • Authentication • Verifying the users’ identity via Certificate User/Password or other credentials • Authorization • Verifying whether a user has access to protected resources • Encoding / Encryption • Monitoring / Logging A MidLink presentation Middle

  8. Java Security • Java provides an evolving and expending model currently (1.4) based on: • Native java.security package • JAAS • Java Authentication and Authorization Service • JCE • Java Cryptography Extension • JSSE • Java Secure Socket Extension • JAVA GSS-API • Use Kerberos V5 mechanism • Java Certification Path API • Build and validate certification paths ("certificate chains") A MidLink presentation Middle

  9. Java Security Architecture • Fine-grained access control • Configurable security policy • Extensible access control structure • Checks to all Java programs, including applications (also good for server side) All without writing code A MidLink presentation

  10. Java Security Concepts • Protection Domain • Application domain • System domain • Principal (identity) • Permission (class) • Policy • SecurityManager and AccessController A MidLink presentation

  11. JCAJava Cryptography Architecture • Design principles • Implementation independence and interoperability • Algorithm independence and extensibility • Provided algorithms include: • Digital Signature Algorithm (DSA) including: • Public and private keys generator • Parameter generator & parameter manager • Key factory providing bi-directional conversions • MD5 and SHA-1 message digest algorithms • A "SHA1PRNG" pseudo-random number generation algorithm A MidLink presentation

  12. JCAProvided algorithms (cont) • A certificate path builder & validator for PKIX (X.509) • A certificate factory for X.509 certificates and Certificate Revocation Lists (CRLs) • A certificate store for retrieving certificates and CRLs from Collection and LDAP directories (PKIX LDAP V2 Schema) • A proprietary keystore called JKS A MidLink presentation

  13. What is JAAS • Java Authentication and Authorization Service • Introduced as an optional package in J2SE 1.3 • Integrated into J2SE 1.4 • Implements a Java Pluggable Authentication Module (PAM) framework • Access decisions are based on CodeSource and the User running the code A MidLink presentation

  14. Before JAAS • Security and Authorization decisions were based on • Code origin • Who signed it • A Trusted Library may be given access to sensitive resources while an Applet or another Library may have that access restricted A MidLink presentation

  15. After introducing JAAS • With the integration of JAAS and J2SE Security model, authorization decisions can be made based on: • Code origin • Who signed it • Who is running the code • A Library may not have access privileges to resources when running without a User context or when being executed by User Bart, but when User Andy executes the Library those permissions may be granted A MidLink presentation

  16. JAAS Features • Pure Java implementation • Flexible access control policy for user-based, group-based, and role-based authorization • Single sign-on support • Pluggable Authentication Module (PAM) framework implementation for authenticating users A MidLink presentation

  17. JAAS – Core classes • Common Classes • Subject • Principals • Credentials • Authentication Classes • LoginContext • LoginModule • CallbackHandler • Callback • Authorization Classes • Policy • AuthPermission • PrivateCredentialPermission A MidLink presentation Middle

  18. JAAS – Subject • Subject represent the source of a request • The Subject is a container for • associated Principals • Public Credentials (public keys) • Private Credentials (passwords, private keys) • doAs methods can be called to perform as a particular subject (delegation) A MidLink presentation

  19. JAAS – Principal • A Principal identifies a Subject. The Subject can be • A person • A corporation • An application • A single Subject may have many Principals that serve to identify the entity • A user can have Principals like • User name • Employee id • Social security number A MidLink presentation

  20. PAMPluggable Authentication Modules • The PAM framework enables multiple authentication technologies to be added without changing any of the login services • The application calls the PAM API • The request is forwarded to the appropriate authentication model – one or more (stack) • Configuration is done via a pam.conf file A MidLink presentation

  21. Pluggable Authentication Modules • An application using JAAS for authentication can remain independent of the underlying authentication technology A MidLink presentation

  22. The application creates a LoginContext and calls login() The LoginContext refers to the LoginConfiguration to set up the appropriate LoginModules The LoginContext delegates the authentication to the LoginModules The LoginModules use the CallbackHandler to communicate with the application Once the login succeeds you can get the Subject from the LoginContext and get the authenticated Principals from the Subject JAAS – Authentication A MidLink presentation

  23. JAAS Authorization - Outline • CodeSource • Protection Domains • Access control • Permissions • Policy • Privileged Actions by Subjects A MidLink presentation

  24. CodeSource & ProtectionDomain • The CodeSource of a piece of Java code is the URL location that the code was loaded from and the Certificates that we used to sign the code • The ProtectionDomain is a holder for the CodeSource and a Principal • Each class is assigned a ProtectionDomain upon being loaded. The Principal is null when the class is first loaded. A MidLink presentation

  25. When making access decisions, the security system looks at every ProtectionDomain involved in the call. Access is granted only if every ProtectionDomain in the Context can have access. A less privileged PD can not gain privilege by calling a more privileged PD. And a more privileged PD must lose privilege when calling a less privileged PD. This is the principle of least privilege. AccessControlContext – a Context for Authorization Decisions A MidLink presentation

  26. Permissions • Permissions represent access to resources • All Permission objects have a name • The meaning of the name parameter varies between implementations • Typically the name identifies the resource to be accessed • An “action” parameter can be used to define the type of access to the resource allowed • A special permission exists to indicate unrestricted access to all resource: java.security.AllPermission A MidLink presentation

  27. Policy • The mapping between PDs and associated Permissions is stored by the Policy • Policy is a Singleton A MidLink presentation

  28. Policy • The default implementation of Policy accepts text based configuration in the above format • Each grant entry is composed of an optional CodeSource, Signers, Principals, and a list of Permissions • Default security policy is <JRE_HOME>/lib/security/java.policy • Can provide supplemental policy file location via • -Djava.security.policy=<file> JVM parameter • Can override the default policy file with: • -Djava.security.policy==<file> JVM parameter A MidLink presentation

  29. AccessController • The AccessController embodies the access control algorithm • It obtains the current AccessControlContext, which has an array of PDs and then for each PD checks whether the PD has the requested permission • Verify that the current context has a permission: A MidLink presentation

  30. Beyond JAAS – Instance-Based Security • Instance-based security is an authorization mechanism for protecting access to resources based on the identity of the resource • This is a step forward from class-based security that protects access to resources based on the class of the resource A MidLink presentation

  31. Beyond JAAS – JACC • The Java Authorization Contract for Containers defines • New java.security.Permission classes to satisfy the J2EE authorization model • The binding of container access decisions to operations on instances of the new permission classes • The installation and configuration of authorization providers for use by containers • The interfaces that a provider must make available to allow container deployment tools to create and manage permission collections corresponding to roles • The spec is in it’s final draft stages A MidLink presentation

  32. Summary • Java security is ever evolving, as are security problems, Thus we must implement new technologies and methodologies • JAAS is the latest package added to improve Authentication Authorization and most of all control over applications • JAAS allows you to manipulate resource access of code according to • Who signed it • Where it came from • who’s running it! A MidLink presentation End

  33. If You Only Remember One Thing… Security is like blood pressure At first you do not feel any pain And when you do - it Is too late.... A MidLink presentation End

  34. Thank You! Shmuel Babad shmuel@midlink.co.il 054-963313 MidLink MiddlewareInfrastructure & Administration A MidLink presentation End

More Related