Java Security

1
Java Security

• CS-328

2
JDK 1.0 Security Model
Local Code
Java Virtual Machine
Remote Code
Sandbox

Local Host System Resources (File System,
Sockets, Printers)
3
JDK 1.1 Security Model
Local Code
Java Virtual Machine
Remote Untrusted Code
Sandbox

Remote Trusted Code
Full Access
Limited Access
Local Host System Resources (File System,
Sockets, Printers)
4
JDK 1.2 Security Model
All Code
Security Policy
Class Loader
Java Virtual Machine
Sandbox


Full Access
Limited Access
Local Host System Resources (File System,
Sockets, Printers)
5
Java Security Attributes

• Easy to use Fine Grained Access Control
• Easy to Configure Security Policy
• Easy to Extend Access Control Structure
• Easy to Extend Security Checks to Applications

6
The Security Model

• The Java Security Model is made up of three
  primary pieces
• The Bytecode Verifier
• The Class Loader
• The Security Manager

7
The Bytecode Verifier

• Once bytecodes have been loaded in to the machine
  but before they are run
• Opcodes are checked
• Addresses are verified to access only memory in
  the virtual machine
• Strict type enforcement
• Only verified code is run on the JVM

8
The Class Loader

• Imported class are each run in their own
  namespace
• Built-in classes are all run in a single
  namespace
• Class loader always searches the built-in name
  space for a requested class first so as to avoid
  running a downloaded class with the same name.
• Built-in classes are considered to be trusted
  and are always run in preference of a downloaded
  class of the same name.

9
The Security Manager

• Each application can have an individual security
  policy
• Security policies are defined in external files
  that are accessible by the security manager
• The security manager enforces the specified
  security policy
• The application security is made up of two
  pieces
• A system piece, found in java.home\lib\security
• An application specific piece in
  user.home\lib\security (or anywhere you want to
  put it)

10
Policy Files
grant signedBy signer_names, codebase URL
permission permission_class_name target_name
, action , signedBy signer_names Ex.
grant signedBy ACME Software codebase
http//www.acme.com/- permission
java.io.FilePermission c\\autoexec.bat,read
permission java.lang.RunTimePermission
queuePrintJob
11
Permissions

• java.security.AllPermission allow the
  application to run with all premissions i.e.
  without any security restrictions
• java.awt.AWTPermission allows access to GUI
  things, like the Windows clipboard
• java.io.FilePermission allows code access to
  read and write files
• java.net.NetPermission allows code to perform
  certain network related operations, such as
  requestPasswordAuthentication
• java.util.PropertyPermission allows code access
  to property values (read/write)
• Java.lang.ReflectPermission allows code to
  query information about classes (ex
  supressAccessChecks allows ability to find out
  about public, private and protected fields and
  methods

12
Permissions (more)

• java.lang.RuntimePermission allows the ability
  for code to perform operations related to the
  performance of the JVM (ex. loadLibrary allows
  the dynamic linking to a specific library
  queuePrintJob allows the queuing of a print job)
• java.security.SecurityPermission allows code
  the ability to perform operations related to
  policy enforcement
• java.io.SerializablePermission allows code to
  perform operations related to the
  serialization/deserialization of objects (ex.
  enableSubstitution allows one object to be
  substituted for another during serialization/deser
  ialization).
• java.net.SocketPermission allows code to
  perform operations related to establishing
  connections to host systems. Targets are ports or
  ranges of port numbers actions are accept,
  connect, listen and resolve.

13
New in Java 1.4

• Separate packages that are now included as part
  of JDK
• JCE - Java Cryptography classes
• JSSE - Java Secure Sockets Extension
• JAAS - Java Authentication and Authorization
  Services
• Java GSS API - Java Generic Security Services API
• Java Certification Path API

14
JCE Java Encryption Extensions

• JCE covers
• encryption and decryption
• symmetric bulk encryption, such as DES, RC2, and
  IDEA
• Symmetric stream encryption, such as RC4
• Asymmetric encryption, such as RSA
• Password-based encryption (PBE)
• key agreement
• Message Authentication Code (MAC)
• Strong Cryptography is the default
• unlimited is available (depending on export
  restrictions)

15
JSSE Java Secure Sockets Extensions

• Provides support for communications using SSL
  (Secure Sockets Layer) and TLS (Transport Layer
  Security)
• commonly thought of as HTTPS
• part of javax.net
• SSL (and thus HTTPS) permits encrypted traffic to
  be exchanged between the client and server.
• After an SSL client initiates a conversation with
  an SSL server, the server sends an X.509
  certificate back to the client for
  authentication. The client then checks the
  validity of the certificate. Assuming the server
  is verified, the client generates a premaster
  secret key, encrypts it with the server's public
  key from the certificate, and sends the encrypted
  key back to the server. From this premaster key,
  the client and server generate a master key for
  the session. After some basic handshaking, the
  encrypted exchange can commence.
• The JSSE library hides these inner workings of
  the SSL protocol from you.

16
JAAS - Java Authentication and Authorization
Services

• JAAS provides for the authentication of users and
  the authorization of tasks based upon that
  authentication
• Previously, anyone authenticated had access to
  the same security restrictions. Now, you can
  control what tasks are available for a specific
  authenticated user
• requires modification of security policies

17
Java GSS-API - Java Generic Security Services API

• adds Kerberos V5 support to the Java platform.
• Kerberos originated at the Massachusetts
  Institute of Technology (MIT) as project Athena
  back in 1987.
• Essentially, a network authentication protocol.
• Defined in RFC 1510 from 1993
• biggest draw is not having to send passwords over
  the net.
• offers single sign-on within one domain -- if
  everything within the domain has been
  Kerberos-enabled.
• support is also provided for single sign-on
  across different security realms over a network.
• Used in conjunction with JAAS, once a user's
  identity is established, future authentication
  requests are no longer necessary.

18
Java Certification Path API

• Certification Path API provides classes for
  building and validating certificate chains, an
  important requirement of a Public Key
  Infrastructure (PKI).
• These certificates provide for the storage of
  security keys for users. By trusting the issuer
  of a certificate that holds the keys, and
  trusting the issuer of the certificate that
  trusts the original certificate, you establish
  chains of trust
• Building and validating certification paths is an
  important part of many standard security
  protocols, such as SSL/TLS, Secure/MIME (S/MIME),
  and IP Security (IPsec).