Download keystore

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
Document related concepts
no text concepts found
Transcript 
LAB#2
JAVA SECURITY OVERVIEW
Prepared by: I.Raniah Alghamdi
From first lab


Java security technology includes a large set of
APIs, tools, and implementations of commonly used
security algorithms, mechanisms, and protocols.
The Java security APIs span a wide range of areas,
including cryptography, public key infrastructure,
secure communication, authentication, and access
control.
Java Sandbox

The Java security model is based on a customizable
"sandbox" in which Java software programs can run
safely, without potential risk to systems or users.
Java Sandbox





The name comes from the fact that applets are
restricted to act only inside their "sandbox", a safe
playing area.
It provides a very restricted environment in which to run
untrusted code obtained from the open network.
The downloaded remote code (an applet) is not trusted
and can access only the limited resources provided
inside the sandbox.
The local code is trusted to have full access to vital
system resources (such as the file system).
The sandbox is not a one-size-fits-all model
Elements of Java Sandbox

The sandbox is composed of five elements:
1. Permissions
2. Keystores
3. Code sources
4. Protection domain
5. Policy files
Elements of Java Sandbox
1.

Permissions : A permission is a specific action that code
is allowed to perform.
Permissions are composed of three elements :
1- Type of the permission
2- Name
3- Action
e.x: permission java.security.Allpermission;
permission java.lang.RuntimePermission “stopThread”;
permission java.io.FilePermission “/tmp/abc”, “read” ;
Elements of Java Sandbox
2.


Keystores:
Code signing is one way which code can be granted more
latitude. Signed code depends on public key certificates, they
held in a location called a keystore.
Remember that public/private keys come in pairs. As we know,
code can be digitally signed by a person or organizatin. The
key used to actually sign the code is the signer's private key.
The key used to check the signature for validity is the signer's
public key.
Elements of Java Sandbox
3.
Code sources:



They are the location from which a class has been
loaded along with information about who signed the
class if applicable.
The location specified by a URL : From the file system
(file-based URL) or from network (network-based
URL).
java.security.CodeSource
Elements of Java Sandbox
4.
Protection domain: are the basic concept of the
default sandbox, Ex:
 code
loaded from www.oreilly.com allowed to read file
from my disk
 code loaded from www.sun.com allowed to initiate print
jobs
 java.security.ProtectionDomain
Elements of Java Sandbox
Policy files :
 Policy files are the administrative element that controls the
sandbox.

Policy files are simple files that can be created and modified by
text editor.
The policy is represented by a policy object as instantiated from the
class java.security.Policy
5.
grant [signedBy “signer_names”,] [codebase “URL”] {
permission permission_class_name
“target_name”, [“action”]
[, signedBy “signer_names”];
Ex.
grant signedBy “ACME Software”
codebase http://www.acme.com/-
{ permission java.io.FilePermission “c:\\autoexec.bat”,”read”;
permission java.lang.RunTimePermission “queuePrintJob”;
}
Java Security Model



The class loader
The Byte code verifier
The security manager
The class loader


One or more class loaders load classes that are not
found on the CLASSPATH
Built-in classes are considered to be “trusted” and
are always run in preference of a downloaded
class of the same name.
The bytecode Verifier



Ensures that Java class files follow the rules of the
Java language
helps enforce memory protections for all Java
programs
not all files are subject to bytecode verification
The security manager


It is the primary interface between the core API and
the operating system
It has the ultimate responsibility for allowing or
preventing access to all system resources
Each application can have an individual security policy
 Security policies are defined in external files that are
accessible by the security manager
 The security manager enforces the specified security
policy

Java Security APIs

Separate packages that are now included as part of
JDK 1.4
JCE - Java Cryptography classes
 JSSE - Java Secure Sockets Extension
 JAAS - Java Authentication and Authorization Services
 More..

JCE - Java Cryptography Extension


It is an extension of the JCA
JCE provides a framework and implementations for:
 encryption
and decryption
 symmetric bulk encryption, such as DES, RC2, and
IDEA
 Symmetric stream encryption, such as RC4
 Asymmetric encryption, such as RSA
 Password-based encryption (PBE)
 Key generation and key agreement
 Message Authentication Code (MAC) algorithms.
JSSE - Java Secure Socket Extension



It enables secure Internet communications.
It provides a framework and an implementation for
a Java version of the Secure Sockets Layer (SSL),
and Transport Layer Security (TLS) protocols.
It includes functionality for data encryption, server
authentication, message integrity, and optional
client authentication.
JAAS - Java Authentication and
Authorization Service


It is a framework for user-based authentication and
authorization.
It can be used for two purposes:
 authentication
of users, to reliably and securely
determine who is currently executing Java code,
regardless of whether the code is running as an
application or an applet
 authorization of users to ensure they have the access
control rights (permissions) required to do the actions
performed.
Lab work



Create any txt file (e.g :massage.txt) which
contains at least 10 lines
Then write a program that reads this file and prints
out the frequency of each alphapatic letter ( The
frequency of letter ‘a’ =…., The frequency of letter
‘b’ =….", etc). Your output should be easily
readable - maybe in tabular format in text file.
Write at the end of txt file your name and ID.
Related documents
Chapter 1 questions
Chapter 1 questions
A Java Environment for High-Performance Computing
A Java Environment for High-Performance Computing
Java QUIZ
Java QUIZ
Popular Programming Languages
Popular Programming Languages
My internship took place from 22/09/2006 to 23/12/2006 in the
My internship took place from 22/09/2006 to 23/12/2006 in the
slides
slides
Introduction to Java - Brookwood High School
Introduction to Java - Brookwood High School
slides
slides
powerpoint 1
powerpoint 1
D square recruits Flex - junior
D square recruits Flex - junior