Advanced Java Programming
description
Transcript of Advanced Java Programming
![Page 1: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/1.jpg)
Advanced Java Programming
Security
![Page 2: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/2.jpg)
2
About Security Application Security Java Security from the Ground Up Standalone Java Application Techniques
Agenda
![Page 3: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/3.jpg)
3
Common Security ThreatsThree concepts of CIA security modelDefinition of security
About Security
![Page 4: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/4.jpg)
4
Identity interceptionSteal your identity and use it as their own
MasqueradingGrab your identity and use it elsewhere with the intention of perpetrating fraud
Replay attackCapture your request and replay that request
Data interception and manipulationRead your data (such as credit card info)
Common Security Threats
![Page 5: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/5.jpg)
5
RepudiationDeny your/his completed transaction
Denial of ServiceTerminate the service
Common Security Threats
![Page 6: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/6.jpg)
Three concepts of CIA security model
![Page 7: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/7.jpg)
7
CIA Triad
![Page 8: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/8.jpg)
8
Three concepts of CIA security model
Confidentiality information must not be disclosed to any unauthorized
person Integrity
authorized actions (unauthorized data changes) separation and protection for resources error detection and correction (data corruption)
Availability presence of objects or service in a usable form capacity to meet service needs adequate timeliness of a service
![Page 9: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/9.jpg)
9
Definition of security
Detect Detect how, when and where intrusion has taken place
Protect Manage people and the Information System in an
effective manner so as to protect against unauthorized usage
![Page 10: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/10.jpg)
10
Definition of security
React react to an intrusion ensure that penetration does not happen again. vulnerability is eliminated
Recover recover all data and programs from a breach in security
![Page 11: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/11.jpg)
11
Application Security - Not just technology; it’s a process… -
System-level Security Vs.
Application-level Security
Operating System
JVM
Java/J2EE APIs
Application code Application
Level{
System Level{
![Page 12: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/12.jpg)
12
System-level Security Vs. Application-level Security
Defeating System-level security may not provide attackers with appropriate access to the application-level data, logic, or methods that they seek
Attacker
Sy
ste
m-
lev
el
s
ecu
rity
Ap
plic
ati
on
-le
ve
l
Se
curi
ty
E
nte
rpri
se
Da
ta
![Page 13: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/13.jpg)
13
System-level Security Vs. Application-level Security
(cont.) Work together to build a secure system/application
combination
Attacker
Sy
ste
m-
lev
el
s
ecu
rity
Ap
plic
ati
on
-le
ve
l
Se
curi
ty
E
nte
rpri
se
Da
ta
Attacker
![Page 14: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/14.jpg)
14
System-level Security Vs. Application-level Security (cont.)
It is more efficient to push some security responsibilities up to the application level instead of handling them at the operating-system level
OS (Solaris)
JVM (Solaris)
Java/J2EE APIs
Application code
OS (IBM AIX)
JVM (IBM AIX)
Java/J2EE APIs
Application code
OS (MS Window)
JVM (MS Window)
Java/J2EE APIs
Application code
![Page 15: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/15.jpg)
15
Java Security from the Ground Up
Java Language Safety Features Java Security Model Java Security Architecture
![Page 16: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/16.jpg)
16
Java Language Safety Features
Objects have access levels: private: Accessible by defining class package (default): Accessible by classes in the same
package protected: Same as package, with addition of access by
any subclass public: Accessible by any class
![Page 17: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/17.jpg)
17
Java Language Safety Features
Access methods are strictly adhered to No pointers (no access to arbitrary memory and
automatic garbage collection) “final” methods or variables cannot be changed Variables MUST be initialized before use Array bounds are enforced Strict object casting rules
![Page 18: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/18.jpg)
18
Java Security Enforcement
![Page 19: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/19.jpg)
19
Java Security Enforcement
Enforcement happens at different times Compile time enforcement Class load time enforcement Runtime enforcement
![Page 20: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/20.jpg)
20
Compile Time Enforcement
Java Source
Java Compiler Bytecode
Class Loader Bytecode
Verifier
Java Virtual Machine
Runtime
![Page 21: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/21.jpg)
21
Compile Time Enforcement
Validate language syntaxEnforce method and variable access rulesEnforce variable initializationEnforce some casting operations
![Page 22: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/22.jpg)
22
Class Load Time Enforcement Java Source
Java Compiler Bytecode
Class Loader Bytecode
Verifier
Java Virtual Machine
Runtime
![Page 23: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/23.jpg)
23
Class Load Time Enforcement
Bytecode verificationVerifies class file formatAccesses objects as correct typeFinal classes are not subclassedFinal methods are not overriddenEvery class has a single superclass Verify that casting legality checks are in place
![Page 24: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/24.jpg)
24
Class Load Time Enforcement
No operand stack overflowsAll field and method accesses are legalMethod calls use correct number & types of arguments
![Page 25: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/25.jpg)
25
Runtime Enforcement
Java Compiler
Java Source
BytecodeClass Loader Bytecode
Verifier
Java Virtual Machine
Runtime
Java Compiler
![Page 26: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/26.jpg)
26
Runtime Enforcement
Array bounds checkingThrows ArrayIndexOutOfBoundsException
Object castingThrows ClassCastException
Security ManagerThrows SecurityExceptionDepends on the Access Controller
![Page 27: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/27.jpg)
27
Java Security Model
Sandbox – a strictly defined arena where they cannot affect other system resources. It provides virtually no flexibility.
![Page 28: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/28.jpg)
28
Java Security Model (cont.)
![Page 29: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/29.jpg)
What does this code do?
![Page 30: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/30.jpg)
Using java security mechanisms
Applets are restricted to the sandbox by default: Can only phone home and create pop-up window
with warning Cannot read/write/delete local files, run another
program, connecting to a server other than its home server, …
More permissions can be granted with Security policy file Code signing
![Page 31: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/31.jpg)
What happens when executing ? Use caution when executing Applets as Applications
public class BadApplet extends Applet{ public void init(){ try { Runtime.getRuntime().exec(“rmdir
foo”); } catch (Exception e) { System.out.println(e); } } public static void main(String args[]) { BadApplet a = new BadApplet(); a.init(); } }
1. Exception thrown if run in an Applet container
2. Exception thrown if run as an application using Applet security
Java –Djava.security.manager BadApplet
3. OK if run as an application Java BadApplet
![Page 32: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/32.jpg)
Security Policy Files Consist of a sequence of grant entries.
Each gives some specific permissions to applets from a specific location and/or signed by a specific person
A grant entry has the following general form:grant signedBy “name”, codeBase “file source”{ permission1; permission2; …}
signedBy part omitted if signatures not required for this entry. codeBase part omitted if the entry applies to code from all sources
![Page 33: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/33.jpg)
Security Policy Files codeBase examples:
grant codeBase “http://www.cs.ust.hk/~liao/comp201/”{ } //premission entry for all classes under the directory grant codeBase “http://www.cs.ust.hk/~liao/comp201/tmp.jar”{ }
// permission entry for tmp.jar
grant codeBase “file:C:/dir/tmp” { }grant codeBase “file:/C:/dir/tmp” { }grant codeBase “file://C:/dir/tmp” { }/* permission entry for tmp on local machine */
Note: Forward slash even for the Windows OSCode signing will be discussed later.
![Page 34: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/34.jpg)
Security Policy Files General form for permissions:
permission className tagetName, actionList;className must be fully qualified.
Examples: permission java.io.FilePermission "D:\\-","read, write"; // permission to read and write all files in D drive
permission java.awt.AWTPermission "showWindowWithoutWarningBanner";
// permission to create pop-up window without warning
permission java.net.SocketPermission “*:8000-8999", “connect";
//permission to connect to any host via port 8000 - 8999.
![Page 35: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/35.jpg)
Security Policy Files Permission classes:
java.io.FilePermission java.awt.AWTPermission java.net.SocketPermissionjava.net.NetPermissionjava.util.PropertyPermissionjava.lang.RuntimePermissionjava.security.AllPermission….
See page 712 for details
![Page 36: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/36.jpg)
Security Policy Files java.io.FilePermission
Targets:File a fileDirectory a directoryDirectory/* all files in the directory* all files in current directoryDirectory/- all files in this and all its subdirectories- all files in current directory and all its subs<<ALL FILES>> all files in the file system
In Windows OS, use \\ as file separator Actions
read, write, delete, execute
![Page 37: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/37.jpg)
Security Policy Files java.net.SocketPermission
Targets: (hostRange:portRange)HostName or IPAddreses a single hostlocalhost or empty local host*.domainSuffix all hosts whose domain names end
with the suffix . E.g. *.com* all hosts
:n single port:n1-n2 all ports in the range
Actions:accept, connect, listen
![Page 38: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/38.jpg)
Security Policy Files An example policy filegrant codeBase
"http://www.cs.ust.hk/~liao/comp201/codes/secu/awt/" { permission java.awt.AWTPermission
"showWindowWithoutWarningBanner";};
grant codeBase "http://www.cs.ust.hk/~liao/comp201/codes/secu/file/" {
permission java.awt.AWTPermission "showWindowWithoutWarningBanner";
permission java.io.FilePermission "<<ALL FILES>>", "read, write";
};
grant codeBase "http://www.cs.ust.hk/~liao/comp201/codes/secu/socket/" {
permission java.net.SocketPermission "*", "connect";};
![Page 39: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/39.jpg)
Security Policy Files policytool: a utility for creating policy files
![Page 40: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/40.jpg)
Security Policy FilesLocation of policy file: On client machine Method 1:
${user.home}/.java.policy
On XP: C:\Documents and Settings\liao\.java.policy${java.home}/lib/security/java.policy on my machine: C:\Program Files\j2sdk1.4.0\jre\lib\security
Method 2: place a policy file on the internet or on local machine, add to the master security properties file: ${java.home}/jre/lib/security/java.security
the a link to the policy file. E.g.: policy.url.3=http://www.cs.ust.hk/~liao/comp201/codes/secu/applet.policy
Manage the policy file at a single location. Good for intranet.
![Page 41: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/41.jpg)
Permission Granting Examples AWT Permission example: (check code page)
Normally, pop-up windows created by applets come with warning banners.
However, the pop-up window created by the applet from
http://www.cs.ust.hk/~liao/comp201/codes/secu/awt/
has no warning banner if one includes the following entry into thepolicy filegrant codeBase "http://www.cs.ust.hk/~liao/comp201/codes/secu/awt/" { permission java.awt.AWTPermission
"showWindowWithoutWarningBanner"; };
![Page 42: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/42.jpg)
Permission Granting Examples File Permission example:
Normally, applets cannot read and write local files. However, FileIOApplet from
http://www.cs.ust.hk/~liao/comp201/codes/secu/file/ can read and write local files if one includes the following grant entry
in the policy file: grant codeBase "http://www.cs.ust.hk/~liao/comp201/codes/secu/file/" { permission java.io.FilePermission “<<ALL FILES>> ",
"read,write"; permission java.awt.AWTPermission
"showWindowWithoutWarningBanner"; };
![Page 43: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/43.jpg)
Permission Granting Examples Socket Permission example:
Normally, applets cannot connect to a server other than its home server.
However, SocketApplet from
http://www.cs.ust.hk/~liao/comp201/codes/secu/socket/
can connect to other http servers if one includes the following grant entry in the policy file:
grant codeBase “http://www.cs.ust.hk/~liao/comp201/codes/secu/socket/” { permission java.net.SocketPermission "*", "connect"; };
![Page 44: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/44.jpg)
In your paper try to explain the contents following permission policy file
![Page 45: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/45.jpg)
![Page 46: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/46.jpg)
![Page 47: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/47.jpg)
Outline Using java security mechanisms
Security policy files Code signing
![Page 48: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/48.jpg)
Public Private Key Encryption
Bob
Alice
![Page 49: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/49.jpg)
![Page 50: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/50.jpg)
Code Signing Developer
Generates a certificate, which contains a pair of keys, a public key and a private key.
Send the public key to its users. Sign applets with the private key.
Client Gets public key from the developer Adds the public key to his/her own public key collection Modify its own security policy file to give more permissions to
applets signed by THE developer.
![Page 51: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/51.jpg)
Code Signing /Developer
Java comes with the keytool program for managing keystore – database of certificates.
To generate a keystore liao.store and generate a pair of keys with alias liao use the command:keytool –genkey –keystore liao.store –alias liao
A dialog follows and liao.store created.
Keep liao.store at a safe location!
![Page 52: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/52.jpg)
Enter keystore password: 123456 What is your first and last name? [Unknown]: Renlan LiaoWhat is the name of your organizational unit? [Unknown]: Computer ScienceWhat is the name of your organization? [Unknown]: Hong Kong University of Science and TechnologyWhat is the name of your City or Locality? [Unknown]: Hong KongWhat is the name of your State or Province? [Unknown]: Hong KongWhat is the two-letter country code for this unit? [Unknown]: CNIs <CN=Renlan Liao, OU=Computer Science, O=Hong Kong University of
Science and Technology, L=Hong Kong, ST=Hong Kong, C=CN> correct? [no]: yes
Enter key password for <Renlan>
(RETURN if same as keystore password):
Code Signing /Developer
![Page 53: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/53.jpg)
Export the public key to a certificate file and sent it to user.keytool –export –keystore liao.store –alias liao –file liao.cert
What is inside?D:\Users\public_html\COMP201\codes\secu>keytool -printcert -
file liao.certOwner: CN=Renlan Liao, OU=Computer Science, O=Hong Kong University of
Science and Technology, L=Hong Kong, ST=Hong Kong, C=cnIssuer: CN=Renlan Liao, OU=Computer Science, O=Hong Kong University
of Science and Technology, L=Hong Kong, ST=Hong Kong, C=cnSerial number: 40a08a25Valid from: Tue May 11 16:09:09 GMT+08:00 2004 until: Mon Aug 09
16:09:09 GMT+08:00 2004Certificate fingerprints: MD5: A0:60:35:22:28:42:3B:18:77:12:EB:43:13:B1:D7:C6 SHA1: 9:34:84:4C:F0:32:B5:B1:17:55:3B:0C:03:FC:87:FE:EC:69:A0:6F
Code Signing /Developer
![Page 54: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/54.jpg)
Sign applets
Create a jar filejar cvf MyApplet.jar *.class
Run the jarsigner tooljarsigner –keystore Liao.store MyApplet.jar Liao
Keystore containing private key
Alias of private key
Code Signing /Developer
![Page 55: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/55.jpg)
Add public key received to his/her store of public keyskeytool –import –keystore certs.store –alias liao –file liao.cert
Include location of public key store to policy fileKeystore “keystoreURL”, “keystoreType”;
Ex: keystore “file:C:\Windows\cert.store”, "JKS";
keystore "http://www.cs.ust.hk/~liao/comp201/codes/secu/certs.store", "JKS";
JKS: type of keystore generated by keytool
Code Signing /Client
![Page 56: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/56.jpg)
Add signedBy “alias” to grant clauses in policy file
grant signedBy “liao" { permission java.awt.AWTPermission "showWindowWithoutWarningBanner"; };
What if client’s policy file does not grant permissions to signed applets Browser will ask for permissions when loading the applets Example: http://www.cs.ust.hk/~liao/comp201/codes/secu/sign2/
Code Signing /User
![Page 57: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/57.jpg)
Security packages in Java Separate packages that are included as part of
JDK: JCE - Java Cryptography classes JAAS - Java Authentication and Authorization Services Java GSS API - Java Generic Security Services API Java Certification Path API JSSE - Java Secure Sockets Extension
![Page 58: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/58.jpg)
JCE
JCE covers encryption and decryption
– symmetric bulk encryption, such as DES, RC2, and IDEA – Symmetric stream encryption, such as RC4– Asymmetric encryption, such as RSA– Password-based encryption (PBE)
key agreement Message Authentication Code (MAC)
![Page 59: Advanced Java Programming](https://reader035.fdocuments.in/reader035/viewer/2022062810/56815c63550346895dca6f6b/html5/thumbnails/59.jpg)
JAAS can be used for two purposes:1. for authentication of users, to reliably and securely determine who is
currently executing Java code, regardless of whether the code is running as an application, an applet, a bean, or a servlet; and
2. for authorization of users to ensure they have the access control rights (permissions) required to do the actions performed.
JAAS authentication is performed in a pluggable fashion Permits Java applications to remain independent from underlying
authentication technologies.
The implementation is specified in a login configuration file
JavaTM Authentication and Authorization Service (JASS)
It is an important topic but , Unfortunately, I have to skip it because it needs a solid background in Security .