Presentation is loading. Please wait.

Presentation is loading. Please wait.

Java Applet Security Diana Dong CS 265 Spring 2004.

Published byKatrina Corron Modified over 9 years ago

Similar presentations

Presentation on theme: "Java Applet Security Diana Dong CS 265 Spring 2004."— Presentation transcript:

1 Java Applet Security Diana Dong CS 265 Spring 2004

2 The Problem Millions of users download Java applets everyday, sometimes without prior approval from the user How to ensure malicious applets will not wreak havoc on the local machine?

3 Sandbox Idea A place where Java applet code can be executed, but no areas outside of the sandbox can be accessed by the applet. Removes the responsibility of checking applet source from the user Ensures execution of malicious applet will not do damage to the local machine

4 Sandbox cont'd Sandbox prohibits: File system access Network access Creation of process Process acess

5 4 Major Components of the Sandbox Java Virtual Machine (JVM) built-in features Class loader Class file verifier Security manager

6 JVM Built-in Features Type-safe reference casting Structured memory access (no pointers) Automatic garbage collection (can't explicitly free allocated memory) Array bounds checking

7 Class Loader Responsible for importing binary data that defines the running program's classes and interfaces Two types of class loaders: primordial class loader and class loader objects

8 Class Loader cont'd Primordial class loader loads trusted classes, such as the Java API. Classes that are loaded this way becomes part of the JVM. Class loader objects are untrusted objects loaded into the JVM and instantiated like any other object

9 Class Loader cont'd

10 How does it protect? Prevents malicious code from interfering with benevolent code – namespace. Classes are loaded into its own namespace. No access to other classes outside of its own namespace. It guards the borders of the trusted class libraries. Customizable.

11 Class Verifier Checks the integrity of the class file to ensure no illegal bytecodes have been added Uses built-in theorem prover to check integrity

12 Class Verifier 4 passes 1. Class file is read into interpreter and basic format of class file is checked 2. Additional verification of the class file without looking at the bytecodes 3. Bytecode verification of each method 4. Additional bytecode verification at runtime

13 Security Manager Defines which requests are allowed or disallowed through methods which can be overridden Works hand-in-hand with the class loader to define the boundaries of the sandbox, i.e. what is allowed or disallowed.

14 Other Methods ActiveX uses code signing and digital signature. Verified signatures from trusted source imply reliable ActiveX control. Java too offer digital signature in addition to the sandbox.

15 Questions?

Download ppt "Java Applet Security Diana Dong CS 265 Spring 2004."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 16 Secure Coding in Java and.NET Part 1: Fundamentals.

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 16 Secure Coding in Java and.NET Part 1: Fundamentals.
CSci 1130 Intro to Computer Programming in Java

CSci 1130 Intro to Computer Programming in Java
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Portability and Safety Mahdi Milani Fard Dec, 2006 Java.

Portability and Safety Mahdi Milani Fard Dec, 2006 Java.
COS 461 Fall 1997 The Web and Mobile Code u originally, the Web delivered documents u now becoming a platform for programs –universal GUI interface u today’s.

COS 461 Fall 1997 The Web and Mobile Code u originally, the Web delivered documents u now becoming a platform for programs –universal GUI interface u today’s.
Java security (in a nutshell)

Java security (in a nutshell)
Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.

Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.
COEN 351: E-Commerce Security

COEN 351: E-Commerce Security
Dan Sedlacek CTO, Systems Management Group Sterling Software Java Security and Encryption.

Dan Sedlacek CTO, Systems Management Group Sterling Software Java Security and Encryption.
Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & email) Java Security on the Browser Java Security in the Enterprise.

Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & ) Java Security on the Browser Java Security in the Enterprise.
Introduction to JAVA Vijayan Sugumaran School of Business Administration Oakland University Rochester, MI 48309.

Introduction to JAVA Vijayan Sugumaran School of Business Administration Oakland University Rochester, MI
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Lab#1 (14/3/1431h) Introduction To java programming cs425

Lab#1 (14/3/1431h) Introduction To java programming cs425
The Java Language. Topics of this Course  Introduction to Java  The Java Language  Object Oriented Programming in Java  Exceptions Handling  Threads.

The Java Language. Topics of this Course  Introduction to Java  The Java Language  Object Oriented Programming in Java  Exceptions Handling  Threads.
Attacking Malicious Code: A Report to the Infosec Research Council Kim Sung-Moo.

Attacking Malicious Code: A Report to the Infosec Research Council Kim Sung-Moo.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Java: History and Introduction (Lecture # 1). History… Java – Based on C and C++ – Developed in 1991 for intelligent consumer electronic devices – Green.

Java: History and Introduction (Lecture # 1). History… Java – Based on C and C++ – Developed in 1991 for intelligent consumer electronic devices – Green.
Introduction to Java Kiyeol Ryu Java Programming Language.

Introduction to Java Kiyeol Ryu Java Programming Language.

Similar presentations

Ads by Google