JDK 1.0 Security Model Sandbox Java Virtual Machine Local Code Remote Code Local Host System Resources (File System, Sockets, Printers…)
JDK 1.1 Security Model Sandbox Java Virtual Machine Local Code Remote Untrusted Code Local Host System Resources (File System, Sockets, Printers…) Remote Trusted Code Full AccessLimited Access
JDK 1.2 Security Model Sandbox Java Virtual Machine Local Host System Resources (File System, Sockets, Printers…) Full AccessLimited Access Security PolicyClass Loader All Code
Java Security Attributes Easy to use Fine Grained Access Control Easy to Configure Security Policy Easy to Extend Access Control Structure Easy to Extend Security Checks to Applications
The Security Model The Java Security Model is made up of three primary pieces: –The Bytecode Verifier –The Class Loader –The Security Manager
The Bytecode Verifier Once bytecodes have been loaded in to the machine but before they are run: –Opcodes are checked –Addresses are verified to access only memory in the virtual machine –Strict type enforcement Only verified code is run on the JVM
The Class Loader Imported class are each run in their own namespace Built-in classes are all run in a single namespace Class loader always searches the built-in name space for a requested class first so as to avoid running a downloaded class with the same name. Built-in classes are considered to be “trusted” and are always run in preference of a downloaded class of the same name.
The Security Manager Each application can have an individual security policy Security policies are defined in external files that are accessible by the security manager The security manager enforces the specified security policy The application security is made up of two pieces: –A system piece, found in java.home\lib\security –An application specific piece in user.home\lib\security (or anywhere you want to put it)
Permissions java.security.AllPermission – allow the application to run with all premissions; i.e. without any security restrictions java.awt.AWTPermission – allows access to GUI things, like the Windows clipboard java.io.FilePermission – allows code access to read and write files java.net.NetPermission – allows code to perform certain network related operations, such as requestPasswordAuthentication java.util.PropertyPermission – allows code access to property values (read/write) Java.lang.ReflectPermission – allows code to query information about classes (ex supressAccessChecks allows ability to find out about public, private and protected fields and methods
Permissions (more) java.lang.RuntimePermission – allows the ability for code to perform operations related to the performance of the JVM (ex. loadLibrary allows the dynamic linking to a specific library; queuePrintJob allows the queuing of a print job) java.security.SecurityPermission – allows code the ability to perform operations related to policy enforcement java.io.SerializablePermission – allows code to perform operations related to the serialization/deserialization of objects (ex. enableSubstitution allows one object to be substituted for another during serialization/deserialization). java.net.SocketPermission – allows code to perform operations related to establishing connections to host systems. Targets are ports or ranges of port numbers; actions are accept, connect, listen and resolve.
New in Java 1.4 Separate packages that are now included as part of JDK –JCE - Java Cryptography classes –JSSE - Java Secure Sockets Extension –JAAS - Java Authentication and Authorization Services –Java GSS API - Java Generic Security Services API –Java Certification Path API
JCE – Java Encryption Extensions JCE covers –encryption and decryption symmetric bulk encryption, such as DES, RC2, and IDEA Symmetric stream encryption, such as RC4 Asymmetric encryption, such as RSA Password-based encryption (PBE) –key agreement –Message Authentication Code (MAC) Strong Cryptography is the default –unlimited is available (depending on export restrictions)
JSSE – Java Secure Sockets Extensions Provides support for communications using SSL (Secure Sockets Layer) and TLS (Transport Layer Security) –commonly thought of as HTTPS part of javax.net SSL (and thus HTTPS) permits encrypted traffic to be exchanged between the client and server. –After an SSL client initiates a conversation with an SSL server, the server sends an X.509 certificate back to the client for authentication. The client then checks the validity of the certificate. Assuming the server is verified, the client generates a premaster secret key, encrypts it with the server's public key from the certificate, and sends the encrypted key back to the server. From this premaster key, the client and server generate a master key for the session. After some basic handshaking, the encrypted exchange can commence. The JSSE library hides these inner workings of the SSL protocol from you.
JAAS - Java Authentication and Authorization Services JAAS provides for the authentication of users and the authorization of tasks based upon that authentication Previously, anyone authenticated had access to the same security restrictions. Now, you can control what tasks are available for a specific authenticated user requires modification of security policies
Java GSS-API - Java Generic Security Services API adds Kerberos V5 support to the Java platform. Kerberos originated at the Massachusetts Institute of Technology (MIT) as project Athena back in 1987. Essentially, a network authentication protocol. –Defined in RFC 1510 from 1993 –biggest draw is not having to send passwords over the net. –offers single sign-on within one domain -- if everything within the domain has been Kerberos-enabled. –support is also provided for single sign-on across different security realms over a network. –Used in conjunction with JAAS, once a user's identity is established, future authentication requests are no longer necessary.
Java Certification Path API Certification Path API provides classes for building and validating certificate chains, an important requirement of a Public Key Infrastructure (PKI). These certificates provide for the storage of security keys for users. By trusting the issuer of a certificate that holds the keys, and trusting the issuer of the certificate that trusts the original certificate, you establish chains of trust Building and validating certification paths is an important part of many standard security protocols, such as SSL/TLS, Secure/MIME (S/MIME), and IP Security (IPsec).