Lecture 27 Computer Security

1
Lecture 27Computer Security

• Phillip G. Bradford
• Computer Science
• The University of Alabama

2
Outline

• More on E-Auctions
• Java Security

3
Credits

• 1 Gary McGraw Edward W. Felten Securing
  Java, Wiley, 1999
• There is a new edition, too
• 2 Scott Oaks Java Security, OReilly, 2001

4
Grad StudentsFinal Project Expectations

• A well presented paper on Computer Security
• Abstract
• What you are investigating
• NOT why, no justification, just What you are
  discussing
• For example How public key encryption works on
  SSL

5
Grad StudentsFinal Project Expectations

• One Page Executive Summary
• Bullet points about what is covered in the paper
• Like an index
• Body of the paper
• Introduction
• Include justification or motivation
• Main Discussion

6
Grad StudentsFinal Project Expectations

• Body of the paper, continued
• Main Points
• Conclusion
• What did you learn or show?
• Refresh why it is interesting
• Where is it going?
• References
• Any references, Java Code, etc.

7
Grad StudentsFinal Project Expectations

• I am more than happy to help!
• I can help you find topics
• Consider our group meetings
• Friday mornings at 930 in 108 Houser
• Due In Last Lecture

8
Review of Nurmi and A. Salomaa (Yaos M-Protocol)

• Bob privately generates x,
• In a pre-agreed size-range
• Bob privately computes k ? eA(x)
• Sends (k-b) to Alice
• Alice privately computes
• yi dA(k-bi), for i in 1,2,,100
• Then finds a prime q lt x, so that
• zi yi mod q, for all i in 1,2,,100
• Also, zi zj gt 2, why?

9
Review

• Alice sends the list
• z1, , za, za1 1, z100 1, q to Bob
• Bob determines if zb x mod q

10
Verification

• Since Bob determined if zb x mod q
• Then Bob informs Alice of his conclusion
• Whose bid is larger?
• Of course, the Auctioneer plays a role here
• Recall the first step
• Open Question
• What motivates Bob?

11
Java and Security

• Java Code once run anywhere
• Two Sides
• Security of untrusted Java code on your machine
• Building Secure systems with Java
• Makes Encryption interesting for Java
• JAAS Authentication Authorization
• JCE Java Cryptography Extension
• JSSE Java Secure Socket Layer (SSL) Extension

12
Secure Java

• The Java Model
• The Java Sandbox
• The Java Language Rules
• The Security Manager
• Access Controller
• The Class Loader

13
Security with Java

• If we cant trust Java, then the issue of using
  Java for security is moot
• Has RSA, DES, triple DES, TwoFish, and lots of
  other crypts!
• SSL, etc.

14
Basics of the Java Model

• Mobile Code
• Many possible machines PDAs, Cell Phones, etc.
• Unanticipated applications
• Portable Byte Codes
• Java VM
• Language Design fixed size variables
• Why is does this help security?
• Garbage Collection

15
Java SandBox

• Applet-Based, Java Plugins, and Any Java
  Applications
• Permissions
• Three Parts
• Type
• Name
• Actions
• Example, see also 2
• permission java.io.FilePermission /etc/passwd,
  read

16
Java SandBox

• Larger sandboxes and smaller sandboxes
• Default sandboxes can be very limited
• No reading files on the host system
• No opening of new sockets or net connections
• No temporary files, no new directories
• Etc.

17
Java SandBox

• Levels of trust
• Different sized sandboxes
• Signed Applets
• Example a DBA could sign an Applet to have
  database access
• How might this work?
• How much effort will this take?

18
Java SandBox Signed Applets

• On demand security
• Grant least-necessary privileges
• Tweek security needs on an as-needed individual
  basis
• Well understood cryptographic primitives

19
Java SandBox Signed Applets

• From Oaks Book
• Grant signedBy finance_DBA, codebase
  http//cs.ua.edu/
• java.io.FilePermission -, Read,write
• What does this do?

20
Java SandBox Signed Applets

• How can we do this?
• Jarsigner
• Sign the class(es)
• URLClassLoader
• Check the signatures
• Security manager and/or access controller

21
Java SandBox

• Getting Permission
• All active Java classes have permissions set
• If we try to do a potentially restricted
  operation
• Then all active classes are queried
• Upon failure to get clearance, a security
  exception is thrown and the operation is
  terminated
• How expensive is this?
• How expensive would Java be without this?

22
Java SandBox

• Key Restrictions for untrusted code
• File Access Example we just saw
• Network Access Dont allow a untrusted process
  to open sockets from our machine!
• Stack Run-Time Checks No instantiation of
  another class loader!
• Else, bring in your own untrusted code, etc!

23
Language RulesRunning Java Classes
Local Files
Signed Files
Remote Files
Byte code Verifier
Core API Class Files
Class Loader
Core Java API
Security Package
Security Manager/Access Controller
Key Database
Figure Based on that in Scott Oaks book 1
Operating System
24
Next Lecture

• More details on
• Security Manager
• Access Controller
• Digital Signatures in Java

25
Security Manager

• Main access to system resources
• Defers its actions to the access controller

26
Access Controller

• Gives or denies access to library and operating
  systems APIs