Java Language Security - Operating Systems - Slides | CS 5523, Lab Reports of Operating Systems

Material Type: Lab; Class: Operating Systems; Subject: Computer Science; University: University of Texas - San Antonio; Term: Unknown 2003;

Typology: Lab Reports

Pre 2010

Uploaded on 07/30/2009

koofers-user-fz7
koofers-user-fz7 🇺🇸

10 documents

1 / 8

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
CS 5523 Lecture 21:
Java Language Security
]Discussion of laboratory 3
]Discussion of laboratory 4
]Java security strategies
]Evolution of security models in Java
]Class loaders
]Permissions and policies
]Security managers and access controllers
]Signed and guarded objects
Java security strategies:
]Safety built into the language:
\Bounds checking
\Type conversion
\No pointer arithmetic
]Code is verified after byte-code translation
]Resource access is controlled by policy
]Code can be signed so that users can determine the
source and whether or not it has been modified.
]The runtime system actively enforces security policies
Java 1.0 security model:
All remote code runs in a sandbox which has very limited
access to resources. Local code has full access to resources.
Diagram from JavaTM 2 Platform Security Archicture
pf3
pf4
pf5
pf8

Partial preview of the text

Download Java Language Security - Operating Systems - Slides | CS 5523 and more Lab Reports Operating Systems in PDF only on Docsity!

CS 5523 Lecture 21:

Java Language Security

] Discussion of laboratory 3 ] Discussion of laboratory 4 ] Java security strategies ] Evolution of security models in Java ] Class loaders ] Permissions and policies ] Security managers and access controllers ] Signed and guarded objects

Java security strategies:

] Safety built into the language: \ Bounds checking \ Type conversion \ No pointer arithmetic ] Code is verified after byte-code translation ] Resource access is controlled by policy ] Code can be signed so that users can determine the source and whether or not it has been modified. ] The runtime system actively enforces security policies

Java 1.0 security model:

All remote code runs in a sandbox which has very limited access to resources. Local code has full access to resources.

Diagram from Java TM^ 2 Platform Security Archicture

Java 1.1 security model:

Signed applets (delivered as signed jar files) are recognized as trusted code and can run on the full virtual machine with local code. Other remote code must run in the sandbox.

Diagram from Java TM^ 2 Platform Security Archicture

Java 2 security model:

] Fine-grained access control ] Configurable security policy ] Extensible access control ] Extends checks to all programs

Diagram from Java TM^ 2 Platform Security Archicture

Java class loaders:

] Convert source code into byte code for a target virtual machine ] Resolve classes (by loading all classes that a given class depends on) Three types of class loaders: \ Bootstrap - for the system classes (rt.jar), written in C \ Extension – for standard extensions (jre/lib/ext), written in Java \ Application or system – for classes in CLASSPATH ] Class loaders always ask their parent to load and only load if parent cannot, (thus, system classes are loaded first).

Permission is an abstract class with subclasses:

] AllPermission ] BasicPermission ] FilePermission ] PrivateCredentialPermission ] Service Permission ] SocketPermission ] UnresolvedPermission

BasicPermission is an abstract class with subclasses

] AudioPermission ] AuthPermission ] AWTPermission ] DelegationPermission ] LoggingPermission ] NetPermission ] PropertyPermission ] ReflectedPermission ] RuntimePermission ] SecurityPermission ] SerializablePermission ] SQLPermission

Examples of types of permissions:

] java.io.FilePermission: read, write, execute ] java.net.SocketPermission: accept, connect, listen, resolve ] java.lang.RuntimePermission: createClassLoader, setSecurityManager, setFactory, modifyThread, … ] java.awt.AWTPermission: accessClipboard, accessEventQueue, listenToAllAWTEvents, … ] java.net.NetPermission: requestPasswordAuthentication, setDefaultAuthenticator, specifyStreamHandler

Permission checks:

Permission properties are checked by a security manager.

All of the permissions are checked by one of the following

calls in the security manager:

void checkPermission (Permission p)

void checkPermission(Permission p, Object context)

Security managers:

] A class that controls whether specific operations are allowed ] The default for running applications is no security manager ] The default for the appletviewer is the AppletSecurity manager ] You install a security manager by calling System.setSecurityManager ] Permissions are controlled with policy files

Security managers can check allowed operations:

Check an operation by calling the security manager:

SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkXXX(argument,... ); }

For example, checkAccept(host, port) throws SecurityException if the thread is not permitted to accept a connection on port from host.

The GuardedObject class:

] Used when consumer of object different from producer

and cannot get a context

] A GuardedObject encapsulates the resource and checks

the security.

] Its encapsulated resource is retrieved by the getObject

method that automatically checks the guard before returning

the object.

The SignedObject class:

] Contains the Serializable object to

be signed and its signature

] The signed object is a deep copy of

an original object.

Signing:

Signature signingEngine = Signature.getInstance(algorithm,provider); SignedObject so = new SignedObject(myobject, signingKey, signingEngine);

Verification:

String algorithm = so.getAlgorithm(); Signature verificationEngine = Signature.getInstance(algorithm, provider); so.verify(verificationEngine);

Diagram from Java TM^ 2 Platform Security Archicture

Java byte code verification:

] Checks that variable are initialized before use ] Verifies that method calls match types ] Verifies that the rules for accessing private data and methods are followed ] Checks that local variable accesses are in the runtime stack ] Checks that the runtime stack does not overflow

These checks are also performed at compile time, but class files could be modified!

For next time:

] Read CDK 8.1-8.