




Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Material Type: Lab; Class: Operating Systems; Subject: Computer Science; University: University of Texas - San Antonio; Term: Unknown 2003;
Typology: Lab Reports
1 / 8
This page cannot be seen from the preview
Don't miss anything!





] Discussion of laboratory 3 ] Discussion of laboratory 4 ] Java security strategies ] Evolution of security models in Java ] Class loaders ] Permissions and policies ] Security managers and access controllers ] Signed and guarded objects
] Safety built into the language: \ Bounds checking \ Type conversion \ No pointer arithmetic ] Code is verified after byte-code translation ] Resource access is controlled by policy ] Code can be signed so that users can determine the source and whether or not it has been modified. ] The runtime system actively enforces security policies
All remote code runs in a sandbox which has very limited access to resources. Local code has full access to resources.
Diagram from Java TM^ 2 Platform Security Archicture
Signed applets (delivered as signed jar files) are recognized as trusted code and can run on the full virtual machine with local code. Other remote code must run in the sandbox.
Diagram from Java TM^ 2 Platform Security Archicture
] Fine-grained access control ] Configurable security policy ] Extensible access control ] Extends checks to all programs
Diagram from Java TM^ 2 Platform Security Archicture
] Convert source code into byte code for a target virtual machine ] Resolve classes (by loading all classes that a given class depends on) Three types of class loaders: \ Bootstrap - for the system classes (rt.jar), written in C \ Extension – for standard extensions (jre/lib/ext), written in Java \ Application or system – for classes in CLASSPATH ] Class loaders always ask their parent to load and only load if parent cannot, (thus, system classes are loaded first).
] AllPermission ] BasicPermission ] FilePermission ] PrivateCredentialPermission ] Service Permission ] SocketPermission ] UnresolvedPermission
] AudioPermission ] AuthPermission ] AWTPermission ] DelegationPermission ] LoggingPermission ] NetPermission ] PropertyPermission ] ReflectedPermission ] RuntimePermission ] SecurityPermission ] SerializablePermission ] SQLPermission
] java.io.FilePermission: read, write, execute ] java.net.SocketPermission: accept, connect, listen, resolve ] java.lang.RuntimePermission: createClassLoader, setSecurityManager, setFactory, modifyThread, … ] java.awt.AWTPermission: accessClipboard, accessEventQueue, listenToAllAWTEvents, … ] java.net.NetPermission: requestPasswordAuthentication, setDefaultAuthenticator, specifyStreamHandler
void checkPermission (Permission p)
void checkPermission(Permission p, Object context)
] A class that controls whether specific operations are allowed ] The default for running applications is no security manager ] The default for the appletviewer is the AppletSecurity manager ] You install a security manager by calling System.setSecurityManager ] Permissions are controlled with policy files
SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkXXX(argument,... ); }
For example, checkAccept(host, port) throws SecurityException if the thread is not permitted to accept a connection on port from host.
Signature signingEngine = Signature.getInstance(algorithm,provider); SignedObject so = new SignedObject(myobject, signingKey, signingEngine);
String algorithm = so.getAlgorithm(); Signature verificationEngine = Signature.getInstance(algorithm, provider); so.verify(verificationEngine);
Diagram from Java TM^ 2 Platform Security Archicture
] Checks that variable are initialized before use ] Verifies that method calls match types ] Verifies that the rules for accessing private data and methods are followed ] Checks that local variable accesses are in the runtime stack ] Checks that the runtime stack does not overflow
These checks are also performed at compile time, but class files could be modified!
] Read CDK 8.1-8.