Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Security Defined • “Freedom from undesirable events”. (Neumann) • There are usually three elements to security : Confidentiality Integrity Availability What is Security? • Safe from malevolent programs • Non-intrusive • Authenticated • Encrypted • Audited • Verified • C2 or B1 certified Why Java Security is important? • Java security is important to a number of distinct sets of people • Web users • Developers of Java code • System administrators Guidelines for Java Web Users • Web sites visited • Learn about Java security • Java environment • Security updates • Security alerts • Apply drastic measures • Assess your risks Guidelines for Java Developers • Rule 1: Don't Depend on Initialization • Rule 2: Limit Access • Rule 3: Make Everything Final • Rule 4: Don't Depend on Package Scope Developers of Java Code Cont. • Rule 5: Don't Use Inner Classes • Rule 6: Avoid Signing Your Code • Rule 7: Archive file Rule 8:Classes Uncloneable public final void clone() throws java.lang.CloneNotSupportedException { throw new java.lang.CloneNotSupportedException(); } Rule 9: Classes Unserializeable private final void writeObject(ObjectOutputStream out) throws java.io.IOException { throw new java.io.IOException("Object cannot be serialized"); } Rule 10: Classes Undeserializeable private final void readObject(ObjectInputStream in) throws java.io.IOException { throw new java.io.IOException("Class cannot be deserialized"); } Rule 11:Don't Compare Classes by Name if(a.getClass( ) == b.getClass()){ // objects have the same class }else{ // objects have different classes } • Rule 12: Secrets Stored in Your Code Won't Protect You Other People Security Effects System Administrator – Install, configure and manage the products – For managers who decide which products are developed and they are developed. Java Security Manager • Class that allows applications to implement a security policy • Useful to determine a possibly unsafe or sensitive operation • The application can allow or disallow the operation Java Security Manager • Descends from class java.lang.SecurityManager • For each potentially unsafe action, there is a method in the security manager that defines whether or not that action is allowed by the sandbox. Method’s Classification • The methods in the Security Manager can be broadly classified into groups Methods protecting file access • e.g. checkRead(String file) Methods protecting network access: • e.g. checkAccept(String host, int port) Method’s Classification Methods protecting program threads Methods protecting the JVM • e.g. checkExit(int status) Methods protecting system resources • e.g. checkPrintJobAccess( ) Methods protecting Java security aspects • e.g. checkSystemClipboardAccess( ) Anatomy of a Java Application Anatomy of a Java Application • The bytecode verifiers • The class loader • The access controller • The security manager • The security package • The key database The Bytecode Verifier The bytecode verifier ensures that Java class files follow the rules of the Java language. In terms of resources, the bytecode verifier helps enforce memory protections for all Java programs. Class Loader / Access Controller • The class loader One or more class loaders load classes that are not found on the CLASSPATH • The access controller The access controller allows (or prevents) most access from the core API to the operating system. The Security Manager • Primary interface between the core API and the operating system • Allowing or preventing access to all system resources • The access controller used for decision making • Responsibility on actions Security Package / Key Database • Security Package Basis for authenticating signed Java classes. The security provider interface • Message digests • Keys and certificates • Digital signatures • Encryption (an optional extension to the security package) • The key database / digital signature Potential Threats There are four basic categories of potential attacks Java applets could facilitate: Attacks that modify the system Attacks that invade a user's privacy Attacks that deny legitimate use of the machine by hogging resources Attacks that antagonize a user Potential Threats ATTACK CLASS EXPLANATION AND CONSEQUENCES JAVA DEFENSE Invasion of Privacy If you value your privacy, this attack class may be particularly odious. They are implemented by malicious applets. Include mail forging. Consequences of these attacks: moderate. Strong Denial of Service Also serious but not severely so, these attacks can bring a machine to a standstill. Also implemented by malicious applets. May require reboot. Consequences of these attacks: moderate. Weak Antagonism Merely annoying, this attack class is the most commonly encountered. Implemented by malicious applets. May require restart of browser. Consequences of these attacks: light to moderate. Weak Invasion of Privacy • Disclosing information about a user or host machine that should not be publicized On Unix machines, if someone gains access to the /etc/passwd file (which contains usernames and encrypted passwords) he or she could mount a password - cracking attack. • A successful password - cracking attack Denial of Service • System resources become unavailable. • There are many subcategories of denial of service attacks. Some examples include: Completely filling a file system Using up all available file pointers Allocating all of a system's memory Creating thousands of windows, effectively denying access to the output screen or window event queue Using all of the machine's cycles (CPU time) by creating many high-priority threads Antagonism • Sometimes seemingly antagonistic attacks may be the result of simple programming errors. • Examples: Playing unwanted sound files through a speaker displaying obscene pictures on a monitor Java Risks in Perspective • Stopping the worst potential attacks that hostile applets might carry out • System modification and invasion of privacy attacks • One kind of mobile code that everyone wants to avoid is a computer virus Java Sandbox • Restriction of programs • Damage can be done in the sandbox, but will not affect other applications, system resources, and files. • Three steps of defense: Byte Code Verifier Class Loader Security Manager • They depend on each other • Each part must do its job properly Java Sandbox • Java is designed so that programs can be dynamically loaded over the network and run locally • Restriction on programs • Damage can be done in the sandbox, but will not affect other applications, system resources, and files. Java Sandbox • Three steps of defense: Byte Code Verifier Class Loader Security Manager • They depend on each other • Each part must do its job properly Type Safety • Programs are prevented from accessing memory in inappropriate ways • A program cannot perform an operation on an object unless that operation is valid for that object • Most essential element of Java’s security Type Safety Example Type Safety • Class tag / Dynamic type checking • Static type checking • Guarantees security • Prevent arbitrary access to memory using typing constraints • Encapsulation Where to Find More Information on Java • • • • • securingjava.com developer.com javaWorld.com unix.org.ua Jia, Xiaoping. Object-Oriented Software Development Using Java. 2nd Ed. Addison Wesley. 2001