Download Case Study: A Forensic Lesson for Web Security (MSS, part one)

Java Security Model
(GS: Ch. 7)
csci5931 Web Security
1
Topics
A.
Basics of Java Security Model
B.
Cryptographic Signatures
C.
Permissions

Customized Permissions
csci5931 Web Security
2
Basics of Java Security Model

Java 2 security is policy-based.

The policy defined in java.policy file controls the
resources that Java codes have access to.

Codesource = codebase + signer

codebase: The location that the code comes from,
either locally or from a remote site.

signer: the entity that signed the code in question
csci5931 Web Security
3
Basics of Java Security Model

Permissions: specific actions that a codesource
is allowed to take (e.g., access a file, connect to
a machine)

Types of Java codes:

Java applications

Java applets

Java servlets

Java beans, JEB
csci5931 Web Security
4
Managing Cryptographic Signatures

Tools provided by Sun: keytool jarsigner policytool

keytool (pp. 157-161):
An application that ships with JDK
It manages keystores and can create certificates.
It replaces javakey, found in Java 1.1.
Note: Keystores are linked to the provider (e.g., Sun’s JCA
provider). A keystore file generated by one provider will not
work with a keystore file generated by another provider.
csci5931 Web Security
5
Managing Cryptographic Signatures

jarsigner
A signing and verification tool for Java archive (JAR) files
Attaches a specific signer to a specific set of codes
Usage: jarsigner [options] jar-file alias
jarsigner -verify [options] jar-file
[-keystore <url>]
keystore location
[-storepass <password>]
[-storetype <type>]
keystore type
[-keypass <password>]
[-sigfile <file>]
[-signedjar <file>]
[-verify]
password for keystore integrity
password for private key (if different)
name of .SF/.DSA file
name of signed JAR file
verify a signed JAR file
...
csci5931 Web Security
6
Managing Cryptographic Signatures

Jarsigner
(a)
It signs JAR files.
(b)
It verifies signatures on JAR files.

JAR (Java Archive): a .zip file that supports signatures.

To sign a JAR file:
You must have a private key and a certificate in your keystore.

For your signed JAR file to be verifiable by others:
Your certificate must be signed by a CA.
csci5931 Web Security
7
Managing Cryptographic Signatures

A signed JAR file allows the user to determine whether
the Java codes contained in the JAR can be trusted or
not.

Applets are usually signed, if extra permissions (beyond
those defined as defaults) need to be granted.

In Java 1.2.1 or higher, every class within the same
package inside a signed JAR must be signed by the same
certificate. Q: Why is this important?
csci5931 Web Security
8
Managing Cryptographic Signatures

Steps in signing a JAR file:
A.
Use jar to create a JAR file out of the .class file(s).
B.
Use keytool to generate a keypair.
C.
Use jarsigner to sign the JAR file with the private key and the
certificate.

To verify a signed JAR file: jarsigner –verify …

Example usage: p.179
csci5931 Web Security
9
Managing Cryptographic Signatures

When a JAR is signed, it is not the JAR itself that is
signed, but some or all of the files it contains.

A signed JAR contains three files:

The manifest (HelloWorld.mf)

The signature file (HelloWorld.sf)

The digital signature file (HelloWorld.dsf)
csci5931 Web Security
10
Managing Cryptographic Signatures

To view the content of a JAR file:

Use jar command
> jar tvf HelloWorld.jar
140 Wed Mar 19 10:22:24 CST 2003 META-INF/MANIFEST.MF
193 Wed Mar 19 10:22:24 CST 2003 META-INF/EXAMPLES.SF
1013 Wed Mar 19 10:22:24 CST 2003 META-INF/EXAMPLES.DSA
0 Wed Mar 19 10:13:58 CST 2003 META-INF/
426 Wed Mar 19 10:13:30 CST 2003 HelloWorld.class

Use winzip or something like that
csci5931 Web Security
11
Managing Permissions

The Java security manager handles the checking of
permissions as needed.

The default implementation: java.lang.SecurityManager,
which can be sub-classed or overwritten if necessary.

Java enforces security by asking the security manager
for permissions before taking any action that is
considered potentially unsafe.
csci5931 Web Security
12
Managing Permissions

Permissions are defined in the java.policy file, which is
stored in $JAVA_HOME/jre/lib/security/java.policy.

Two ways to edit java.policy file:
A.
Manually by using a text editor
B.
Use policytool, which is a GUI tool for editing Java security
policies (See examples on pp.188-189)

An example: pp.182, 187 (FileWriteTest.java)
csci5931 Web Security
13
Managing Permissions

The syntax for the grant command in java.policy
file:
grant signedBy “signer_names”, codeBase “URL” {
permission permission_class_name “target_name”, “action”, signedBy
“signer_names”;
…
}

See sample listing on pp.183-184.

More samples on p.186.
csci5931 Web Security
14
Managing Permissions


Default permission classes in Java: p.190

AllPermission

BasicPermission

FilePermission

SocketPermission
Subclasses of BasicPermission:

AudioPermission, AWTPermission, NetPermission, …
csci5931 Web Security
15
Managing Permissions

Customized Permissions:

You may want to restrict access to certain classes based
on the caller’s codesource.

To prevent untrusted codes from calling some sensitive
classes.

An example (p.191): extending BasicPermission by
creating a subclass.
csci5931 Web Security
16
Managing Permissions

Customized Permissions: Example
> java -cp SecretWordTest.jar -Djava.security.manager Djava.security.policy=SecretWord.policy
SecretWordTest
The secret word is: ossifrage
csci5931 Web Security
17
Managing Permissions

Security properties for the JVM are defined in the java.security
file, which is stored in
$JAVA_HOME/jre/lib/security/java.security.

Security providers, policy provider, keystore type, etc. (pp.194-
195)
csci5931 Web Security
18
Next

Team Presentations
 SSL (GS:
9)
 Applet security (GS: 7)
 Servlets security (GS: 8)
…
csci5931 Web Security
19