Java Security

Java Security

CS-328

JDK 1.0 Security Model

Sandbox

Java Virtual MachineLocal Code

Remote Code

Local Host System Resources

(File System, Sockets, Printers…)


Sandbox

Java Virtual MachineLocal Code

Remote Untrusted Code



Remote Trusted Code

Full Access Limited Access


Sandbox

Java Virtual Machine



Full Access Limited Access

Security Policy Class Loader

All Code

Java Security Attributes

• Easy to use Fine Grained Access Control

• Easy to Configure Security Policy

• Easy to Extend Access Control Structure

• Easy to Extend Security Checks to Applications

The Security Model

• The Java Security Model is made up of three primary pieces:– The Bytecode Verifier– The Class Loader– The Security Manager

The Bytecode Verifier

• Once bytecodes have been loaded in to the machine but before they are run:– Opcodes are checked– Addresses are verified to access only memory

in the virtual machine– Strict type enforcement

• Only verified code is run on the JVM

The Class Loader

• Imported class are each run in their own namespace

• Built-in classes are all run in a single namespace

• Class loader always searches the built-in name space for a requested class first so as to avoid running a downloaded class with the same name.

• Built-in classes are considered to be “trusted” and are always run in preference of a downloaded class of the same name.

The Security Manager

• Each application can have an individual security policy

• Security policies are defined in external files that are accessible by the security manager

• The security manager enforces the specified security policy

• The application security is made up of two pieces:– A system piece, found in java.home\lib\security

– An application specific piece in user.home\lib\security (or anywhere you want to put it)

Policy Files

grant [signedBy “signer_names”,] [codebase “URL”] {

permission permission_class_name

“target_name”, [“action”]

[, signedBy “signer_names”];

Ex.

grant signedBy “ACME Software” codebase http://www.acme.com/-

{ permission java.io.FilePermission “c:\\autoexec.bat”,”read”;

permission java.lang.RunTimePermission “queuePrintJob”;

}

Permissions• java.security.AllPermission – allow the application to run with all

premissions; i.e. without any security restrictions

• java.awt.AWTPermission – allows access to GUI things, like the Windows clipboard

• java.io.FilePermission – allows code access to read and write files

• java.net.NetPermission – allows code to perform certain network related operations, such as requestPasswordAuthentication

• java.util.PropertyPermission – allows code access to property values (read/write)

• Java.lang.ReflectPermission – allows code to query information about classes (ex supressAccessChecks allows ability to find out about public, private and protected fields and methods

Permissions (more)

• java.lang.RuntimePermission – allows the ability for code to perform operations related to the performance of the JVM (ex. loadLibrary allows the dynamic linking to a specific library; queuePrintJob allows the queuing of a print job)

• java.security.SecurityPermission – allows code the ability to perform operations related to policy enforcement

• java.io.SerializablePermission – allows code to perform operations related to the serialization/deserialization of objects (ex. enableSubstitution allows one object to be substituted for another during serialization/deserialization).

• java.net.SocketPermission – allows code to perform operations related to establishing connections to host systems. Targets are ports or ranges of port numbers; actions are accept, connect, listen and resolve.

New in Java 1.4

• Separate packages that are now included as part of JDK

– JCE - Java Cryptography classes

– JSSE - Java Secure Sockets Extension

– JAAS - Java Authentication and Authorization Services

– Java GSS API - Java Generic Security Services API

– Java Certification Path API

JCE – Java Encryption Extensions

• JCE covers– encryption and decryption

• symmetric bulk encryption, such as DES, RC2, and IDEA

• Symmetric stream encryption, such as RC4

• Asymmetric encryption, such as RSA

• Password-based encryption (PBE)

– key agreement

– Message Authentication Code (MAC)

• Strong Cryptography is the default– unlimited is available (depending on export restrictions)

JSSE – Java Secure Sockets Extensions

• Provides support for communications using SSL (Secure Sockets Layer) and TLS (Transport Layer Security)– commonly thought of as HTTPS

• part of javax.net

• SSL (and thus HTTPS) permits encrypted traffic to be exchanged between the client and server.

– After an SSL client initiates a conversation with an SSL server, the server sends an X.509 certificate back to the client for authentication. The client then checks the validity of the certificate. Assuming the server is verified, the client generates a premaster secret key, encrypts it with the server's public key from the certificate, and sends the encrypted key back to the server. From this premaster key, the client and server generate a master key for the session. After some basic handshaking, the encrypted exchange can commence.

• The JSSE library hides these inner workings of the SSL protocol from you.

JAAS - Java Authentication and Authorization Services

• JAAS provides for the authentication of users and the authorization of tasks based upon that authentication

• Previously, anyone authenticated had access to the same security restrictions. Now, you can control what tasks are available for a specific authenticated user

• requires modification of security policies

Java GSS-API - Java Generic Security Services API

• adds Kerberos V5 support to the Java platform.

• Kerberos originated at the Massachusetts Institute of Technology (MIT) as project Athena back in 1987.

• Essentially, a network authentication protocol. – Defined in RFC 1510 from 1993

– biggest draw is not having to send passwords over the net.

– offers single sign-on within one domain -- if everything within the domain has been Kerberos-enabled.

– support is also provided for single sign-on across different security realms over a network.

– Used in conjunction with JAAS, once a user's identity is established, future authentication requests are no longer necessary.

Java Certification Path API

• Certification Path API provides classes for building and validating certificate chains, an important requirement of a Public Key Infrastructure (PKI).

• These certificates provide for the storage of security keys for users. By trusting the issuer of a certificate that holds the keys, and trusting the issuer of the certificate that trusts the original certificate, you establish chains of trust

• Building and validating certification paths is an important part of many standard security protocols, such as SSL/TLS, Secure/MIME (S/MIME), and IP Security (IPsec).

Java Security

Documents

Transcript of Java Security