Download Java Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
Document related concepts

Piggybacking (Internet access) wikipedia , lookup

Wireless security wikipedia , lookup

Computer security wikipedia , lookup

Transcript 
Security Defined
• “Freedom from undesirable events”.
(Neumann)
• There are usually three elements to
security :
 Confidentiality
 Integrity
 Availability
What is Security?
• Safe from malevolent programs
• Non-intrusive
• Authenticated
• Encrypted
• Audited
• Verified
• C2 or B1 certified
Why Java Security is important?
• Java security is important to a number
of distinct sets of people
• Web users
• Developers of Java code
• System administrators
Guidelines for Java Web Users
• Web sites visited
• Learn about Java security
• Java environment
• Security updates
• Security alerts
• Apply drastic measures
• Assess your risks
Guidelines for Java Developers
• Rule 1: Don't Depend on Initialization
• Rule 2: Limit Access
• Rule 3: Make Everything Final
• Rule 4: Don't Depend on Package Scope
Developers of Java Code Cont.
• Rule 5: Don't Use Inner Classes
• Rule 6: Avoid Signing Your Code
• Rule 7: Archive file
Rule 8:Classes Uncloneable
public final void clone() throws
java.lang.CloneNotSupportedException {
throw new
java.lang.CloneNotSupportedException();
}
Rule 9: Classes Unserializeable
private final void
writeObject(ObjectOutputStream out)
throws java.io.IOException {
throw new java.io.IOException("Object
cannot be serialized");
}
Rule 10: Classes Undeserializeable
private final void
readObject(ObjectInputStream in) throws
java.io.IOException { throw new
java.io.IOException("Class cannot be
deserialized");
}
Rule 11:Don't Compare Classes by Name
if(a.getClass( ) == b.getClass()){ // objects
have the same class }else{ // objects have
different classes }
• Rule 12: Secrets Stored in Your Code
Won't Protect You
Other People Security Effects
System Administrator
– Install, configure and manage the products
– For managers who decide which products are
developed and they are developed.
Java Security Manager
• Class that allows applications to
implement a security policy
• Useful to determine a possibly unsafe
or sensitive operation
• The application can allow or disallow
the operation
Java Security Manager
• Descends from class
java.lang.SecurityManager
• For each potentially unsafe action,
there is a method in the security
manager that defines whether or not
that action is allowed by the sandbox.
Method’s Classification
• The methods in the Security Manager
can be broadly classified into groups
 Methods protecting file access
• e.g. checkRead(String file)
 Methods protecting network access:
• e.g. checkAccept(String host, int port)
Method’s Classification
 Methods protecting program threads
 Methods protecting the JVM
• e.g. checkExit(int status)
 Methods protecting system resources
• e.g. checkPrintJobAccess( )
 Methods protecting Java security aspects
• e.g. checkSystemClipboardAccess( )
Anatomy of a Java Application
Anatomy of a Java Application
• The bytecode verifiers
• The class loader
• The access controller
• The security manager
• The security package
• The key database
The Bytecode Verifier
 The bytecode verifier ensures that
Java class files follow the rules of the
Java language.
 In terms of resources, the bytecode
verifier helps enforce memory
protections for all Java programs.
Class Loader / Access
Controller
• The class loader
One or more class loaders load classes that
are not found on the CLASSPATH
• The access controller
The access controller allows (or prevents)
most access from the core API to the
operating system.
The Security Manager
• Primary interface between the core API
and the operating system
• Allowing or preventing access to all
system resources
• The access controller used for decision
making
• Responsibility on actions
Security Package / Key Database
• Security Package
Basis for authenticating signed Java
classes.
 The security provider interface
• Message digests
• Keys and certificates
• Digital signatures
• Encryption (an optional extension to the
security package)
• The key database / digital signature
Potential Threats
There are four basic categories of
potential attacks Java applets could
facilitate:
 Attacks that modify the system
 Attacks that invade a user's privacy
 Attacks that deny legitimate use of the
machine by hogging resources
 Attacks that antagonize a user
Potential Threats
ATTACK
CLASS
EXPLANATION AND
CONSEQUENCES
JAVA
DEFENSE
Invasion of
Privacy
If you value your privacy, this attack class
may be particularly odious. They are
implemented by malicious applets. Include
mail forging. Consequences of these attacks:
moderate.
Strong
Denial of Service
Also serious but not severely so, these attacks
can bring a machine to a standstill. Also
implemented by malicious applets. May
require reboot. Consequences of these
attacks: moderate.
Weak
Antagonism
Merely annoying, this attack class is the most
commonly encountered. Implemented by
malicious applets. May require restart of
browser. Consequences of these attacks: light
to moderate.
Weak
Invasion of Privacy
• Disclosing information about a user or
host machine that should not be
publicized
 On Unix machines, if someone gains
access to the /etc/passwd file (which
contains usernames and encrypted
passwords) he or she could mount a
password - cracking attack.
• A successful password - cracking
attack
Denial of Service
• System resources become unavailable.
• There are many subcategories of denial of
service attacks. Some examples include:
 Completely filling a file system
 Using up all available file pointers
 Allocating all of a system's memory
 Creating thousands of windows, effectively
denying access to the output screen or window
event queue
 Using all of the machine's cycles (CPU time) by
creating many high-priority threads
Antagonism
• Sometimes seemingly antagonistic
attacks may be the result of simple
programming errors.
• Examples:
 Playing unwanted sound files through a
speaker
 displaying obscene pictures on a monitor
Java Risks in Perspective
• Stopping the worst potential attacks
that hostile applets might carry out
• System modification and invasion of
privacy attacks
• One kind of mobile code that everyone
wants to avoid is a computer virus
Java Sandbox
• Restriction of programs
• Damage can be done in the sandbox,
but will not affect other applications,
system resources, and files.
• Three steps of defense:
 Byte Code Verifier
 Class Loader
 Security Manager
• They depend on each other
• Each part must do its job properly
Java Sandbox
• Java is designed so that programs
can be dynamically loaded over the
network and run locally
• Restriction on programs
• Damage can be done in the sandbox,
but will not affect other applications,
system resources, and files.
Java Sandbox
• Three steps of defense:
 Byte Code Verifier
 Class Loader
 Security Manager
• They depend on each other
• Each part must do its job properly
Type Safety
• Programs are prevented from
accessing memory in inappropriate
ways
• A program cannot perform an
operation on an object unless that
operation is valid for that object
• Most essential element of Java’s
security
Type Safety Example
Type Safety
• Class tag / Dynamic type checking
• Static type checking
• Guarantees security
• Prevent arbitrary access to memory
using typing constraints
• Encapsulation
Where to Find More
Information on Java
•
•
•
•
•
securingjava.com
developer.com
javaWorld.com
unix.org.ua
Jia, Xiaoping. Object-Oriented Software
Development Using Java. 2nd Ed.
Addison Wesley. 2001
Related documents
Chapter 1 questions
Chapter 1 questions
Introduction to Java - Brookwood High School
Introduction to Java - Brookwood High School
A Java Environment for High-Performance Computing
A Java Environment for High-Performance Computing
Programming
Programming
Name - ReachIvy
Name - ReachIvy
Academic Vocabulary Chap 1-3
Academic Vocabulary Chap 1-3
Our direct client has an urgent need for Java Developer for
Our direct client has an urgent need for Java Developer for
Java Basic Syntax
Java Basic Syntax
Java – Course Syllabus Standard Edition
Java – Course Syllabus Standard Edition
CENG494 : Special Topics: Object
CENG494 : Special Topics: Object
Java Basics
Java Basics
Java Development Kit and Installation Instructions for
Java Development Kit and Installation Instructions for