Download Yongquian Li`s presentation

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
Document related concepts
no text concepts found
Transcript 
Signing, Sealing, and
Guarding JavaTM Objects
Li Gong and Roland Schemers
Javasoft, Sun Microsystems, Inc.
“In This Paper, We Describe a Few New Constructs for
Signing, Sealing, and Guarding Java Objects. These
Constructs Enrich the Existing Java Security APIs So
That a Wide Range of Security-aware Application Can
Be Significantly Easier to Build.”
Presented by Yongqiang Li
A Tutorial of
Three Java Security Classes:
• java.security.SignedObject
• java.security.GuardedObject
• javax.crypto.SealedObject
Outline
 Introduction
 Signing Java Objects
 Sealing Java Objects
 Guarding Java Objects
 Conclusion
 Questions
Introduction
 Java language is widely used to build applications
– JDK: JVM, javac, APIs, simplicity
 “…the base platform provides a consistent security model that supports…”
– policy based
– configurable
– extensible
– fine-grained access control
 Protection provided by the underlying object orientation
– Data encapsulation
– Object name space partition
– Type safety
 Distributed Java application
– “…protect the state of an object for integrity and confidentiality”
• Runtime system
• Transit
• Stored externally
Introduction 2
 java.security.SignedObject
 java.security.GuardedObject
} JDK1.2
 Javax.crypto.SealedObject
- JCE1.2
Signing Java Objects 1
 Protect object integrity
 A serializable object - original object
 SignedObject
– Signed Object
• Deep copy of original
• In serialized form
– Signature
• Sign algorithm
signature
Original object
SignedObject
– DSA(Digital Signature Algorithm) (NIST FIPS 186)
– SHA-1(RFC 1321) message digest algorithm
– MD5(NIST FIPS 180-1) message digest algorithm
– Immutable
What is the difference between object signing and code signing ?
Signing Java Objects 2
 Potential applications of a SignObject
– as an unforgeable authorization token in any
Java runtime
– “…transmitted across JVMs and authenticity an
still be verified”
– “… to sign and serialize an object for storage
outside the java runtime”
– “A series of nested SignedObject can be used to
construct a logical sequence of signatures”
Signing Java Objects 3
 API Design
– Class SignedObject
• public SignedObject(Serializable object, PrivateKey
signingKey, Signature signingEngine)
• public final void sign(PrivateKey signingKey, Signature
signingEngine);
• public final Object getContent();
• public final byte[] getSignature();
• public final String getAlgorithm();
• public final boolean verify(PublicKey verificationKey,
Signature verificationEngine);
Signing Java Objects 4
Examples
– Signing
Signature signingEngine =
Signature.getInstance(algorithm, provider);
SignedObject so = new SignedObject(myobject,
privatekey, signingEngine);
– Verifying
Signature verificationEngine =
Signature.getInstance(algorithm, provider);
if(so.verify(publicKey, verificationEngine))
try {
Object myobj = so.getContent();
} catch (ClassNotFoundException e) {};
Signing Java Objects 5
 Performance
512-bit SHA-1/DSA
Verification
(ms)
1024-bit SHA-1/DSA
Object size
(bytes)
Serialization
(ms)
Signing
(ms)
Signing Verification
(ms)
(ms)
10
0
25
43
80
151
100
0
26
44
83
157
10K
1
134
153
189
260
100K
9
1119
1138
1168
1237
-JDK1.2beta , 166MHZ Sun Sparc Ultra-1 ,Solaris 2.5.1, 1000 rounds
Sealing Java Objects 1
 Protect object confidentiality
 A serializable object
 A cryptographic algorithm
– A bulk(symmetric key) encryption
algorithm -DES, IDEA, RC4
Original object
 Encryption
 Decryption
 Deserialization
cipher text
SealedObject
Sealing Java Objects 2
 Using both SignedObject and
Original object
SealedObject provides integrity and
confidentiality
– First create SignedObject
– Then create SealedObject
Signature

Why is blindly signing
encrypted data sometimes
dangerous?
cipher text
SignedObject and
SealedObject
Sealing Java Objects 3
 API design
– Class SealedObject
• public SealedObject(Serializable object, Cipher c);
• public final Object getContent(Cipher c);
 Examples
– Encryption
KenGenerator keyGen = KeyGenerator.getInstance(“DES”);
SecretKey desKey = keyGen.generateKey();
Cipher cipher = Cipher.getInstance(“DES”);
Cipher.init(Cipher.ENCRYPT_MODE, desKey);
String s = new String(“Greeting”);
SealedObject so = new SealedObject(s, cipher);
– Decryption
Cipher.init(Cipher.DECRYPT_MODE), desKey);
try {
String s = (String)so.getContent(cipher);
} catch (ClassNotFoundException e) {};
Guarding Java Objects 1
Provider
Consumer
return object
Request object
IBM Compatible
IBM Compatible
Check permission
•Don’t know what
information needed by
provider
Provider
Consumer
return guardedObject
Request object
IBM Compatible
IBM Compatible
Check permission
Return object
•Don’t want a dialog
for each request
•Information too
security sensitive
•“… too much
information to pass on”
Guarding Java Objects 2
 What is the GuardedObject
– “A GuardedObject is an object that is used to
protect access to another object”
1.Request access
go.getObjedct()
requester
2. Check guard
g.checkGuard()
3. Return reference
Guard object
Protected object
GuardedObject
Guarding Java Objects 3
 Benefits of using GuardedObject
– “… access to a protected object is guaranteed to occur
in a context where the protection mechanism would
allow it”
– Simplify sever programs
– Replace access control lists with object stores
– “A guarded object class itself does not need to know its
own protection semantics”
– “…encapsulate protection mechanisms for an object,
which can differ for its different method invocations, all
inside a guard.”
Guarding Java Objects 4
 API design
– Interface Guard
• public abstract void checkGuard(Object object);
– Class GuardedObject
• public GuardedObject(Object object, Guard guard);
• public Object getObject();
Guarding Java Objects 5
 Examples
– Encapulate an objects protection semeantics inside a guard
FileInputStream fis = new FileInputStream(“/a/b/c”);
– Provider side
Public abstract Permission implements Guard{
…
Public void checkGuard{
AccessController.checkPermission(this);
}
}
FileInputStream fis = new FileInputStream(“/a/b/c”);
FilePermission = new FilePermission(“/a/b/c”, “read”);
GuardedObject g = new GuardedObject(fis,p);
– Consumer side
FileInputStream fis = (FileInputStream)g.getObject();
Conclusion
 “The constructs enrich the existing Java
security APIs so that security-aware
application can be much easier to build.”
 “The constructs are practical and usable in
commercial products.”
Question?
Related documents
Chapter 1 questions
Chapter 1 questions
A Java Environment for High-Performance Computing
A Java Environment for High-Performance Computing
Programming
Programming
Name - ReachIvy
Name - ReachIvy
Academic Vocabulary Chap 1-3
Academic Vocabulary Chap 1-3
Our direct client has an urgent need for Java Developer for
Our direct client has an urgent need for Java Developer for
Streams, File I/O, Standard Streams and Scanner class
Streams, File I/O, Standard Streams and Scanner class
Java Basic Syntax
Java Basic Syntax
Java – Course Syllabus Standard Edition
Java – Course Syllabus Standard Edition
CENG494 : Special Topics: Object
CENG494 : Special Topics: Object
The Java Class Library
The Java Class Library