Download Example Title of the Presentation

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
Document related concepts
no text concepts found
Transcript 
Java Security
Shmuel Babad
CEO MidLink Computing LTD
[email protected]
Middleware Lecturer at John Bryce Training
A MidLink presentation
Goals
Java security components and
architecture
JAAS within Java Security
Concepts and components of JAAS
Look beyond JAAS
A short demo of JAAS
Beginning
2
A MidLink presentation
Speaker’s Qualifications
• Middleware expert
• Over 7 years of experience in designing developing
and administration of middleware tools and
• Over 4 years of using J2EE implementation
• Currently working for
–
–
–
–
John Bryce
Pelephone
Amdocs
Orange
• CEO of MidLink – a middleware services company
• Lectures on advanced J2EE topics at
John Bryce training
Beginning
4
A MidLink presentation
Security issues
What is our biggest
security problem?
The one
we don’t know about yet!
Beginning
5
A MidLink presentation
Evolving security needs
• Driven by Integration
– Internal Applications (EAI)
– External systems
• More transaction are performed over
communications
• A bigger threat
–
–
–
–
Beginning
6
More valuable information
Sophisticated hacking
Available large scale hacking
Terror oriented attacks
A MidLink presentation
Presentation Outline
• Security basics
• Java security basic concepts
• Cryptography in Java
• JAAS
• Beyond JAAS
• JAAS Demo
Beginning
7
A MidLink presentation
Security involves
• Authentication
– Verifying the users’ identity via Certificate
User/Password or other credentials
• Authorization
– Verifying whether a user has access to
protected resources
• Encoding / Encryption
• Monitoring / Logging
Middle
8
A MidLink presentation
Java Security
• Java provides an evolving and expending model
currently (1.4) based on:
– Native java.security package
– JAAS
• Java Authentication and Authorization Service
– JCE
• Java Cryptography Extension
– JSSE
• Java Secure Socket Extension
– JAVA GSS-API
• Use Kerberos V5 mechanism
– Java Certification Path API
• Build and validate certification paths ("certificate
chains")
Middle
9
A MidLink presentation
Java Security Architecture
• Fine-grained access control
• Configurable security policy
• Extensible access control
structure
• Checks to all Java programs,
including applications (also
good for server side)
All without writing code
10
A MidLink presentation
Java Security Concepts
• Protection Domain
– Application domain
– System domain
• Principal (identity)
• Permission (class)
• Policy
• SecurityManager and
AccessController
11
A MidLink presentation
JCA
Java Cryptography Architecture
• Design principles
– Implementation independence and interoperability
– Algorithm independence and extensibility
• Provided algorithms include:
– Digital Signature Algorithm (DSA) including:
• Public and private keys generator
• Parameter generator & parameter manager
• Key factory providing bi-directional conversions
– MD5 and SHA-1 message digest algorithms
– A "SHA1PRNG" pseudo-random number generation
algorithm
12
A MidLink presentation
JCA
Provided algorithms (cont)
– A certificate path builder & validator for PKIX (X.509)
– A certificate factory for X.509 certificates and
Certificate Revocation Lists (CRLs)
– A certificate store for retrieving certificates and CRLs
from Collection and LDAP directories (PKIX LDAP
V2 Schema)
– A proprietary keystore called JKS
13
A MidLink presentation
What is JAAS
• Java Authentication and Authorization Service
• Introduced as an optional package in J2SE 1.3
• Integrated into J2SE 1.4
• Implements a Java Pluggable Authentication
Module (PAM) framework
• Access decisions are based on CodeSource and
the User running the code
14
A MidLink presentation
Before JAAS
• Security and
Authorization
decisions were
based on
– Code origin
– Who signed it
Code Source Based Authorization
File
System
Library X
Network
Sockets
Trusted
Library
System
Properties
Applet
• A Trusted Library may be given access
to sensitive resources while an Applet
or another Library may have that
access restricted
15
A MidLink presentation
After introducing JAAS
• With the integration
of JAAS and J2SE
Security model,
authorization
decisions can be
made based on:
– Code origin
– Who signed it
– Who is running the
code
Code Source and Principal Based
Authorization
File
System
Network
Sockets
System
Properties
Library X
Andy
Bart
• A Library may not have access privileges to
resources when running without a User
context or when being executed by User Bart,
but when User Andy executes the Library
those permissions may be granted
16
A MidLink presentation
JAAS Features
• Pure Java implementation
• Flexible access control policy for userbased, group-based, and role-based
authorization
• Single sign-on support
• Pluggable Authentication Module (PAM)
framework implementation for
authenticating users
17
A MidLink presentation
JAAS – Core classes
• Common Classes
– Subject
– Principals
– Credentials
• Authentication Classes
–
–
–
–
LoginContext
LoginModule
CallbackHandler
Callback
• Authorization Classes
– Policy
– AuthPermission
– PrivateCredentialPermission
Middle
18
A MidLink presentation
JAAS – Subject
• Subject represent the
source of a request
• The Subject is a
container for
– associated Principals
– Public Credentials
(public keys)
– Private Credentials
(passwords, private
keys)
• doAs methods can be
called to perform as a
particular subject
(delegation)
19
A MidLink presentation
The Subject in Detail
Principal
Principal
Principal
Subject
Public
Public
Credential
Public
Credential
Credential
Private
Private
Credential
Private
Credential
Credential
JAAS – Principal
• A Principal identifies a Subject. The Subject
can be
– A person
– A corporation
– An application
• A single Subject may have many Principals that
serve to identify the entity
• A user can have Principals like
– User name
– Employee id
– Social security number
20
A MidLink presentation
PAM
Pluggable Authentication Modules
• The PAM framework enables
multiple authentication
technologies to be added
without changing any of the
login services
• The application calls the PAM
API
• The request is forwarded to
the appropriate authentication
model – one or more (stack)
• Configuration is done via a
pam.conf file
21
A MidLink presentation
Pluggable Authentication Modules
• An application
using JAAS for
authentication
can remain
independent of
the underlying
authentication
technology
22
A MidLink presentation
Pluggable Authentication
Application
Login Context
Login Modules
NTLogin
Module
UnixLogin
Module
MyLogin
Module
JndiLogin
Module
Krb5Login
Module
DbLogin
Module
NT
Authentication
Unix
Authentication
Biometric
Authentication
LDAP Server
Kerberos
Authentication
RDBMS
JAAS – Authentication
1.
2.
The application
creates a
LoginContext and
calls login()
The LoginContext
refers to the
LoginConfiguration
to set up the
appropriate
LoginModules
Authentication Participants
Login
Context
Login
Configuration
Callback
Handler
Login
Login
Module
Login
Module
Module
Application
3.
The LoginContext delegates the authentication to the LoginModules
4.
The LoginModules use the CallbackHandler to communicate with the
application
5.
Once the login succeeds you can get the Subject from the
LoginContext and get the authenticated Principals from the Subject
24
A MidLink presentation
JAAS Authorization - Outline
• CodeSource
• Protection Domains
• Access control
• Permissions
• Policy
• Privileged Actions by Subjects
26
A MidLink presentation
CodeSource & ProtectionDomain
• The CodeSource of a piece
of Java code is the URL
location that the code was
loaded from and the
Certificates that we used to
sign the code
• The ProtectionDomain is a
holder for the CodeSource
and a Principal
• Each class is assigned a
ProtectionDomain upon
being loaded. The
Principal is null when the
class is first loaded.
27
A MidLink presentation
CodeSource
URL
Code
Source
Certificate
ProtectionDomain
Class
Code
Source
Protection
Domain
Principal
AccessControlContext – a Context
for Authorization Decisions
• When making access
Stack Snapshot
Context
decisions, the security
AccessController.checkPermission()
Class
PD
system looks at every
java.io.FileInputStream()
Class
PD
ProtectionDomain
java.io.FileReader()
Class
PD
involved in the call.
Access is granted only if
ReadTestFileUseCase.apply()
Class
PD
every ProtectionDomain in
AuthorizationTestHarness.run()
Class
PD
the Context can have
...
Class
PD
access.
• A less privileged PD can not gain privilege by calling a
more privileged PD. And a more privileged PD must
lose privilege when calling a less privileged PD. This is
the principle of least privilege.
Authorization Context
28
A MidLink presentation
Permissions
• Permissions represent access to resources
• All Permission objects have a name
• The meaning of the name parameter varies
between implementations
• Typically the name identifies the resource to be
accessed
• An “action” parameter can be used to define the
type of access to the resource allowed
• A special permission exists to indicate unrestricted
access to all resource: java.security.AllPermission
29
A MidLink presentation
Policy
30
Policy Holds a Mapping of ProtectionDomain to
Permissions
• The mapping
between PDs and
associated
Permissions is
stored by the
Policy
Protection
Domain
Permission
Collection
Permission
Permission
Permission
Protection
Domain
Permission
Collection
Permission
Permission
Permission
• Policy is a
Singleton
Protection
Domain
Permission
Collection
Permission
Permission
Permission
A MidLink presentation
Policy
Policy
1. grant [CodeBase <URL>,] [Signedby <signers>,]
2.
[Principal <Principal_Class> <Principal_Name>] {
3.
Permission <Permission_Class> [<Target_Name>]
4.
[, <Permission_Actions>]
5.
[, signedBy <Signer_Name>];
6. };
• The default implementation of Policy accepts text based
configuration in the above format
• Each grant entry is composed of an optional CodeSource,
Signers, Principals, and a list of Permissions
• Default security policy is <JRE_HOME>/lib/security/java.policy
• Can provide supplemental policy file location via
– -Djava.security.policy=<file> JVM parameter
• Can override the default policy file with:
– -Djava.security.policy==<file> JVM parameter
31
A MidLink presentation
AccessController
• The AccessController
embodies the access
control algorithm
• It obtains the current
AccessControlContext,
which has an array of
PDs and then for each
PD checks whether the
PD has the requested
permission
Authorization Participants
Access
Controller
Code
Source
Class
Principal
Access
Control
Context
Protection
Domain
Permission
Collection
Policy
Permission
Permission
Permission
• Verify that the current context has a permission:
1. MyPermission p = new MyPermission(fileName, "display");
2. AccessController.checkPermission(p);
32
A MidLink presentation
Beyond JAAS –
Instance-Based Security
• Instance-based security is an authorization
mechanism for protecting access to resources
based on the identity of the resource
• This is a step forward from class-based security
that protects access to resources based on the
class of the resource
Instance Based Security
Order Instances
Andy
35
A MidLink presentation
Order
101
Order
102
Order
104
Order
103
Beyond JAAS – JACC
• The Java Authorization Contract for Containers
defines
– New java.security.Permission classes to satisfy the
J2EE authorization model
– The binding of container access decisions to
operations on instances of the new permission
classes
– The installation and configuration of authorization
providers for use by containers
– The interfaces that a provider must make available to
allow container deployment tools to create and
manage permission collections corresponding to
roles
• The spec is in it’s final draft stages
36
A MidLink presentation
Summary
• Java security is ever evolving, as are security
problems, Thus we must implement new
technologies and methodologies
• JAAS is the latest package added to improve
Authentication Authorization and most of all control
over applications
• JAAS allows you to manipulate resource access of
code according to
– Who signed it
– Where it came from
– who’s running it!
End
38
A MidLink presentation
If You Only Remember One Thing…
Security is like blood pressure
At first you do not feel any pain
And when you do - it Is too late....
End
39
A MidLink presentation
Thank You!
Shmuel Babad
[email protected]
054-963313
MidLink
Middleware
Infrastructure & Administration
End
40
A MidLink presentation
Related documents
ECSP – EC-Council Certified Secure Programmer
ECSP – EC-Council Certified Secure Programmer
Java Authentication and Authorization System
Java Authentication and Authorization System
Chapter 1 questions
Chapter 1 questions
Java SE Security
Java SE Security
A Java Environment for High-Performance Computing
A Java Environment for High-Performance Computing
Java QUIZ
Java QUIZ
slides
slides
powerpoint 1
powerpoint 1
D square recruits Flex - junior
D square recruits Flex - junior
Programming
Programming
Some Thoughts to Consider 1
Some Thoughts to Consider 1
Looking to hire a full-time permanent Java Software Engineer for... Salary $120K-$150K, excellent benefits. They can sponsor H1B visas and...
Looking to hire a full-time permanent Java Software Engineer for... Salary $120K-$150K, excellent benefits. They can sponsor H1B visas and...