Basic Security: Java vs .NET
Master SeminarAdvanced Software Engineering Topics
Prof. Jacques Pasquier-Rocha
Software Engineering GroupDepartment of Informatics
University of Fribourg, Switzerland
Author: David BuchmannSupervisor: Ghita Kouadri Mostéfaoui
15. Mai 2003
Overview
● Part 1: Theory– Introduction– Principles of Java and .NET– What kind of security?– Language security– Permission Management
● Part 2: Example with Java
Introduction
● Use downloaded code (web browser, distributed application)
● Need for strict control● Sandbox● Permission Management● Codebases resp. Trust zones
Overview
● Part 1: Theory– Introduction– Principles of Java and .NET– What kind of security?– Language security– Permission Management
● Part 2: Example with Java
Principles
● Compiler produces Byte Code
● Virtual Machine to interpret code
● Class Loader
● Code Verifier
● Access Control
● Interface for native code
Distribution
● Packages / Namespaces to avoid naming conflicts
● Reflection to analyse code● Code and resource libraries (JAR resp.
Assembly)
Remote Calls
● RMI resp. .NET Remoting● Use remote objects, marshalling of
parameter objects● Typical case of executing foreign code● See presentation of Robert Feldmann
Overview
● Part 1: Theory– Introduction– Principles of Java and .NET– What kind of security?– Language security– Permission Management
● Part 2: Example with Java
What kind of security?
Type Risk Solution Mechanism
Malevolent
Intrusive Spy out local system Sandbox
Faked
Spy on communication Encryption
Non-audited Safe logging
Incorrect Verify correctness
Destroy data, crash the system...
Check code before / while executing
VM, Virus Scanner
Restrict program to its own data
User trusts code not from expected origin
Authenticate author and user of code
Digital signatures
Unsafe channel
Encryption Standards
Remove traces of attack
Logging framework
Security holes, system crash
Human reviewing, no general solution
Overview
● Part 1: Theory– Introduction– Principles of Java and .NET– What kind of security?– Language security– Permission Management
● Part 2: Example with Java
Access to private data
● Public, protected, private, final
● Pointer, arrays● Casts, stack
corruption● Uninitialized
variables● Byte code verifier
Sandbox and native code
● .NET application domain, fixed at startup
● Java protection domain, dynamic● Old native code can be used, but not
controlled by the VM● Managed vs. unmanaged code
Overview
● Part 1: Theory– Introduction– Principles of Java and .NET– What kind of security?– Language security– Permission Management
● Part 2: Example with Java
Permissions
● Allow operations depending on protection domain
● Build groups of domains– Directory– URL– Signature– All Code
Determining the group in Java
● Dynamically determine group● Based on the protection domain of
classes on the execution stack
Permission Description Java .NET
File System Read / write files, execute binaries X X
Network Connect to hosts, open a listen port X X
System Properties Read / write system properties X X
Runtime System Print, stop threads X X
Change Security Create a c lass loader, set security manager X
Reflection X X
Window System Create windows, access UI events X X
X
File Dialog X
Isolated Storage Use a private virtual file system X
Directory Service Use the Microsoft active directory X
Registry Access the windows registry X
Manipulate windows services X
OleDb, SQLClient Database access using Ole resp. ODBC X
Use the reflection API (potential access to private fields)
Show without warning
Applet windows are per default displayed with a warning line "J ava Applet Window"
Access a file which the user selected in a file open dialog
Service
Managing groups and permissions
● Java: Policy file– Java -Djava.security.policy=<java.policy>
● .NET caspol.exe front end– caspol.exe -addgroup 1.3 -site www.unifr.ch FullTrust
– caspol.exe -security off
– caspol.exe -addpset MyCustomSet permissions.xml
<PermissionSet class=“System.Security.NamedPermissionSet“ version=“1“ Name=“MyCustomSet“ Description=“An example set“> <IPermission class=“System.Security.Permissions. EnvironmentPermission, mscorlib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c51934e089“ version=“1“ Unrestricted=“true“ /></PermissionSet>
Policy levels & flexibility
● .NET: machine, user, enterprise level – intersection of permissions
● Java: default policy, user - union of permissions
● Java can replace security manager, permission manager and class loader
Overview
● Part 1: Theory– Introduction– Principles of Java and .NET– What kind of security?– Language security– Permission Management
● Part 2: Example with Java
The calling stack
● Local code called by remote code is not trusted, but treated as if it was remote.
Conclusion
● Private and final not only for clean programming, but important for security
● Virtual machines to enforce proper code and access control
● Java and .NET very similar– Java more flexible– .NET better default framework – but no
replace
Java vs .NET
● Long used, security holes found
● Implement own security features
● Run on different platforms
● Integrate with different systems
● Many open source projects
● Integrated with windows infrastructure
● Good security implementation
● Use different languages
● Very professional Visual Studio .NET
● Will become important because of Microsofts marketing power
Top Related