Presentation is loading. Please wait.

Presentation is loading. Please wait.

Java Security: From HotJava to Netscape and Beyond. Drew Dean Edward W. Felten Dan S. Wallach Department of Computer Science Princeton University Presented.

Published byGary Banks Modified over 9 years ago

Similar presentations

Presentation on theme: "Java Security: From HotJava to Netscape and Beyond. Drew Dean Edward W. Felten Dan S. Wallach Department of Computer Science Princeton University Presented."— Presentation transcript:

1 Java Security: From HotJava to Netscape and Beyond. Drew Dean Edward W. Felten Dan S. Wallach Department of Computer Science Princeton University Presented by Yuhong Cai

2 Introduction This article introduces many significant flaws found in HotJava, Netscape and JDK. Issues about java type-safe, independent name space and byte-code verifier are worth pages of explanation. The scenarios mentioned in the part of taxonomy of Java Bugs are not straightforward( it can’t be, otherwise the attackers will be too happy, but it’s also hard for us to understand them). I recommend one excellent on-line book www.securingjava.com which gives more details about java security.www.securingjava.com I also recommend www.digicrime.com and www.rstcorp.com/hostile- applets/ where we can have unforgettable experience.www.digicrime.comwww.rstcorp.com/hostile- applets/

3 Presentation Contents Java Semantics(The important concepts in java security) Three examples out of taxonomy of Java Bugs  Denial of Service (malicious applet which consumes all your resources )  Killing competent applets (malicious applet which kills other applets but themselves)  You're Not My Type (Attack applet which can bypass the Java SecurityManager and attack your system ) Java Language and Bytecode Weaknesses Conclusions

4 Java Semantics (Some corner stones of java security architecture) Java should always be type-safe language. Any code is trusted if it is loaded from the local filesystem Applets cannot directly make system calls SecurityManager module approves dangerous operations Applets are forbidden to access the file system open sockets, except back to their home interfere with other applets learn about the local environment

5 Example(1) (Denial of Service) Denial of Service (the next-best goal of crackers) Attacks that prevent someone from using his or her machine are called denial-of-service attacks in the security community. Various guises of denial of service: Consuming all available CPU cycles. Allocating every last bit of memory. Hogging all possible screen space. Netscape 3.0 is a denial-of-service victim of the applet on the next slide.

6 Example (1)(cont’d) Public class MaliciousApplet extends Applet implements Runnable { public void init() { // Determine how many seconds the thread should sleep before kicking in; } public void start(){ // Create and start the offending thread in the standard way; } public void stop(){ // Redefine the stop() method to null for the thread.; } public void run(){ // Start calculating in an infinite loop or any other naughty things; } Reference:http://www.rstcorp.com/hostile-applets/Consume.java

7 Example(2) (killing off the Competition) Killing Off the Competition An Assassin applet first spawns a monitoring thread to watch for applets from another site then kills the threads of any incoming applets. Main idea of this malicious applet  Starting with the current thread group, ascend to the root thread group.  From the root, recursively descend through all threads and thread groups below.  Kill each thread encountered (but not self)  Navigator 3.0 can be the victim of this applet. Reference:http://www.rstcorp.com/hostile-applets/AppletKiller.java

8 Example(3) (You’re not my type) You are Not My Type (A type-confusion attack, very dangerous)  An applet creates two pointers to the same object-with incompatible type tags.  The Java system is in trouble.  The applet can write into that memory address through one pointer, and read it through another pointer.  Finally the applet can bypass the typing rules of Java, completely undermining its security.  Navigator 3.0 beta 5.0 has this bug, but it’s fixed in Navigator 3.0 beta 6.0. To be continued

9 Example(3)(cont’d) If the following situation occurs in a java system, this type-confusion will results heavy system attack.( There is a good case to describe this problem in www.securingjava.com/chapter-five/chapter-five-7.html )

10 Java Language and Bytecode Weakness Public variables are dangerous  Why are they writable across name spaces? Java’s package mechanism  Not as useful as parameterized module system(e.g. Standard ML’s functors)  Hierarchical module system allows hierarchical protection. Abstract Syntax Trees vs. Bytecode ASTs easier to type check  No need for global dataflow analysis Asts have same semantics as language  Bytecode has its own semantics Comparable compilation speed

11 Conclusion Remote code is inevitable for the Web. Java is promising, but has important bugs and design issues. Like java applets which can be naughty on client side, the misbehavior of java servlets can results more serious problems on server side. Strong security measures can allow more functionality for untrusted applets without compromising privacy and integrity (Java 2 security package). Acknowledgement: I would like to thank professor Clark Thomborson, he’s given me many helpful suggestions to make this presentation clear and concise.

12 Questions Interesting questions: Have you ever suffered from malicious attack from java applets? Would you like to disable java or javascript in your browser for security aim? Tough question: **** Could you tell any difference between iexplorer security mechanism and netscape security mechanism?

Download ppt "Java Security: From HotJava to Netscape and Beyond. Drew Dean Edward W. Felten Dan S. Wallach Department of Computer Science Princeton University Presented."

Similar presentations

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Introducing JavaScript

Introducing JavaScript
Introduction To Java Objectives For Today â Introduction To Java â The Java Platform & The (JVM) Java Virtual Machine â Core Java (API) Application Programming.

Introduction To Java Objectives For Today â Introduction To Java â The Java Platform & The (JVM) Java Virtual Machine â Core Java (API) Application Programming.
Java Applet Security Diana Dong CS 265 Spring 2004.

Java Applet Security Diana Dong CS 265 Spring 2004.
Java security (in a nutshell)

Java security (in a nutshell)
Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.

Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.
Introduction to JAVA Vijayan Sugumaran School of Business Administration Oakland University Rochester, MI 48309.

Introduction to JAVA Vijayan Sugumaran School of Business Administration Oakland University Rochester, MI
MC697 Object-Oriented Programming Using Java. In this class, we will cover: How the class will be structured Difference between object-oriented programming.

MC697 Object-Oriented Programming Using Java. In this class, we will cover: How the class will be structured Difference between object-oriented programming.
Lab#1 (14/3/1431h) Introduction To java programming cs425

Lab#1 (14/3/1431h) Introduction To java programming cs425
Java Security: From HotJava to Netscape & Beyond Drew Dean, Edward W. Felten, Dan S. Wallach Department of Computer Science, Princeton University May,

Java Security: From HotJava to Netscape & Beyond Drew Dean, Edward W. Felten, Dan S. Wallach Department of Computer Science, Princeton University May,
The Java Language. Topics of this Course  Introduction to Java  The Java Language  Object Oriented Programming in Java  Exceptions Handling  Threads.

The Java Language. Topics of this Course  Introduction to Java  The Java Language  Object Oriented Programming in Java  Exceptions Handling  Threads.
got ? Research Project – April 1998 Hang Xia, Mark Wang, Richard S. Chang Updated: R Norman, August 1999.

got ? Research Project – April 1998 Hang Xia, Mark Wang, Richard S. Chang Updated: R Norman, August 1999.
Introduction to Java Kiyeol Ryu Java Programming Language.

Introduction to Java Kiyeol Ryu Java Programming Language.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Applets, Graphical User Interfaces, and Threads / Chapter 9 1 Applets, Graphical User Interfaces, and Threads.

Applets, Graphical User Interfaces, and Threads / Chapter 9 1 Applets, Graphical User Interfaces, and Threads.
The Safe-Tcl Security Model John K. Ousterhout Jacob Y. Levy Brent B. Welch Sun Microsystems Laboratories 2550 Garcia Avenue, MS UMTV-29-232 Mountain View,

The Safe-Tcl Security Model John K. Ousterhout Jacob Y. Levy Brent B. Welch Sun Microsystems Laboratories 2550 Garcia Avenue, MS UMTV Mountain View,
Java Security Updated May 2007. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.

Java Security Updated May Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.
CSC 142 A 1 CSC 142 Introduction to Java [Reading: chapter 0]

CSC 142 A 1 CSC 142 Introduction to Java [Reading: chapter 0]
Chapter 1 Coding Introduction.

Chapter 1 Coding Introduction.
Introduction to Java CSIS 3701: Advanced Object Oriented Programming.

Introduction to Java CSIS 3701: Advanced Object Oriented Programming.

Similar presentations

Ads by Google