1.59k likes | 1.81k Views
Java & J2EE Application Security. Dr. Waitak Wong Department of Information Management Chung Hua University, Hsinchu, Taiwan. Today's Agenda. About Security Application Security Java Security from the Ground Up Standalone Java Application Techniques
E N D
Java & J2EE Application Security Dr. Waitak Wong Department of Information Management Chung Hua University, Hsinchu, Taiwan
Today's Agenda • About Security • Application Security • Java Security from the Ground Up • Standalone Java Application Techniques • Hacking Java Client-Sever Application • Java Network Applications: RMI
Today's Agenda (cont.) • Exploiting Java Web Tier Components • Web Services Security • Enterprise Java Beans Security
About Security Common Security Threats Three concepts of CIA security model Definition of security
Common Security Threats • Identity interception • Steal your identity and use it as their own • Masquerading • Grab your identity and use it elsewhere with the intention of perpetrating fraud • Replay attack • Capture your request and replay that request • Data interception and manipulation • Read your data (such as credit card info)
Common Security Threats • Repudiation • Deny your/his completed transaction • Denial of Service • Terminate the service
Three concepts of CIA security model • Confidentiality • information must not be disclosed to any unauthorized person • Integrity • authorized actions (unauthorized data changes) • separation and protection for resources • error detection and correction (data corruption) • Availability • presence of objects or service in a usable form • capacity to meet service needs • adequate timeliness of a service
Definition of security • Deter • Generate a feasible and believable deterrence • Detect • Detect how, when and where intrusion has taken place • Protect • Manage people and the Information System in an effective manner so as to protect against unauthorized usage
Definition of security • React • react to an intrusion • ensure that penetration does not happen again. • vulnerability is eliminated • Recover • recover all data and programs from a breach in security
Application code { Application Level Java/J2EE APIs JVM { System Level Operating System Application Security- Not just technology; it’s a process… - • System-level Security Vs. Application-level Security
System-level Security Vs. Application-level Security • Defeating System-level security may not provide attackers with appropriate access to the application-level data, logic, or methods that they seek Application-level Security Enterprise Data System-level security Attacker
System-level Security Vs. Application-level Security (cont.) • Work together to build a secure system/application combination Application-level Security System-level security Enterprise Data Attacker Attacker
Application code Application code Application code Java/J2EE APIs Java/J2EE APIs Java/J2EE APIs JVM (Solaris) JVM (IBM AIX) JVM (MS Window) OS (Solaris) OS (IBM AIX) OS (MS Window) System-level Security Vs. Application-level Security (cont.) • It is more efficient to push some security responsibilities up to the application level instead of handling them at the operating-system level
Java Security from the Ground Up • Java Language Safety Features • Java Security Model • Java Security Architecture
Java Language Safety Features • Objects have access levels: • private: Accessible by defining class • package (default): Accessible by classes in the same package • protected: Same as package, with addition of access by any subclass • public: Accessible by any class
Java Language Safety Features • Access methods are strictly adhered to • No pointers (no access to arbitrary memory and automatic garbage collection) • “final” methods or variables cannot be changed • Variables MUST be initialized before use • Array bounds are enforced • Strict object casting rules
Java Security Enforcement • Enforcement happens at different times • Compile time enforcement • Class load time enforcement • Runtime enforcement
Java Source Bytecode Bytecode Verifier Java Compiler Class Loader Java Virtual Machine Runtime Compile Time Enforcement
Compile Time Enforcement Validate language syntax Enforce method and variable access rules Enforce variable initialization Enforce some casting operations
Java Source Bytecode Bytecode Verifier Java Compiler Class Loader Java Virtual Machine Runtime Class Load Time Enforcement
Class Load Time Enforcement • Bytecode verification • Verifies class file format • Accesses objects as correct type • Final classes are not subclassed • Final methods are not overridden • Every class has a single superclass Verify that casting legality checks are in place
Class Load Time Enforcement • No operand stack overflows or underflows • All field and method accesses are legal • Method calls use correct number & types of arguments
Java Source Bytecode Bytecode Verifier Java Compiler Class Loader Java Compiler Java Virtual Machine Runtime Runtime Enforcement
Runtime Enforcement • Array bounds checking • Throws ArrayIndexOutOfBoundsException • Object casting • Throws ClassCastException • Security Manager • Throws SecurityException • Depends on the Access Controller
Java Security Model Sandbox – a strictly defined arena where they cannot affect other system resources. It provides virtually no flexibility.
Components work with Sandbox • Class loader • first link in the security chain • enforces the name space hierarchy • Byte code verification • checks that there are violations like stack overflows, name space violations, illegal data type casts, etc. • Security manager • It enforces the boundary of the sandbox
Java Security Model (cont.) JDK 1.1 security model Applets either received unlimited access or were confined to the sandbox – there was no option for selective access to resources.
Java Security Model (cont.) Introduces the concept of a ProtectionDomain, which permits a highly flexible security policy decoupled from its implementation
Java Security Architecture • The J2SE 1.3 introduced • policy-based access control • X.509 v3 implementation of certificate interfaces • tools for creating and managing security keys and certificates
Java Security Architecture • J2SE 1.4 continued by adding • Java Authentication and Authorization Service (JAAS) • Java Cryptography Extension (JCE) • Java Secure Socket Extension (JSSE) • Features for Kerberos communication
Java Security Architecture Road Map 1 5 7 4 6 2 3