Presentation is loading. Please wait.

Presentation is loading. Please wait.

Administrivia Final exam: Wed, May 12, 3:00-5:00, in this room Q&A on it today Playoffs: Fri, May 14, noon-2:00, FEC 141 Post-class survey (anonymous)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Administrivia Final exam: Wed, May 12, 3:00-5:00, in this room Q&A on it today Playoffs: Fri, May 14, noon-2:00, FEC 141 Post-class survey (anonymous)"— Presentation transcript:

1 Administrivia Final exam: Wed, May 12, 3:00-5:00, in this room Q&A on it today Playoffs: Fri, May 14, noon-2:00, FEC 141 Post-class survey (anonymous)

2 The Java Security Model Playing in the sandbox...

3 Notions of security What does it mean for a program to be “secure”? Nobody can convince the program to do “evil things” Corrupt data Release private data Elevate privileges The program itself is not allowed to do evil things Read files it shouldn’t Talk to hosts it shouldn’t Replicate

4 The role of security in Java Java security model is 2nd case Theoretically: program can’t do evil  no user can make it do evil In practice, not so clearcut Hard to let program do “good” things w/o also making possible “bad” things E.g., file accesses, etc.

5 The sandbox mark I (Java  1.0) Old security model: “Sandbox” “Untrusted” code (e.g., downloaded from web) Idea: code shouldn’t be allowed to do very risky things -- touch files, talk to network, etc. Predetermined list of risky stuff JVM denies (exception) those accesses Good: all prog activities have to pass through JVM  all risky stuff is caught and blocked Bad: Fixed “black list” Not granular enough for general use

6 Sandbox mark I Kernel/OS API Normal JVM Trusted Java Code

7 Sandbox mark I Kernel/OS API Normal JVM Trusted Java Code

8 Sandbox mark I Kernel/OS API Normal JVM Trusted Java Code

9 Sandbox mark I Kernel/OS API Normal JVM Trusted Java Code

10 Sandbox mark I Kernel/OS API Normal JVM Trusted Java Code

11 Sandbox mark I Kernel/OS API Normal JVM Secure JVM (appletviewer/ browser) Trusted Java Code Untrusted Java Code

12 Sandbox mark I Kernel/OS API Normal JVM Secure JVM (appletviewer/ browser) Trusted Java Code Untrusted Java Code

13 Sandbox mark I Kernel/OS API Normal JVM Secure JVM (appletviewer/ browser) Trusted Java Code Untrusted Java Code

14 Sandbox mark I Kernel/OS API Normal JVM Secure JVM (appletviewer/ browser) Trusted Java Code Untrusted Java Code

15 Sandbox mark I Kernel/OS API Normal JVM Secure JVM (appletviewer/ browser) Trusted Java Code Untrusted Java Code

16 Sandbox mark I Kernel/OS API Normal JVM Secure JVM (appletviewer/ browser) Trusted Java Code Untrusted Java Code

17 Problems with mark I Too coarse Disallows all file accesses Disallows all process spawning Etc. Can’t distinguish between different users Can’t distinguish “trusted” from “untrusted” code Can’t say “I trust code from site X, but nobody else” or “I don’t trust code from site Y”

18 Sandbox revisited: security mark II New model: security manager General Java class that decides on per- operation basis what’s legal Configurable by host program/host JVM Can ID users & track their permissions Also: support for “signed” applets/mobile code Cryptographic signature attached to code Use to verify sender of the code Can attach permissions to code authors (sites) Supported in Jar file format

19 Sandbox mark II Kernel/OS API Normal JVM (signed) Java Code Security manager object Permissions database

20 Sandbox mark II Kernel/OS API Normal JVM (signed) Java Code Security manager object Permissions database

21 Sandbox mark II Kernel/OS API Normal JVM (signed) Java Code Security manager object Permissions database

22 Sandbox mark II Kernel/OS API Normal JVM (signed) Java Code Security manager object Permissions database

23 Sandbox mark II Kernel/OS API Normal JVM (signed) Java Code Security manager object Permissions database

24 Sandbox mark II Kernel/OS API Normal JVM (signed) Java Code Security manager object Permissions database

25 Sandbox mark II Kernel/OS API Normal JVM (signed) Java Code Security manager object Permissions database

26 Customizable security Security database Which sites can send trusted code Which operations are allowed to specific users Security manager object Defined by java.lang.SecurityManager Can sub-class to modify behavior Maybe add security checks?

27 Other Java security tools Crypto Public & private key Encryption, decryption, secure hash fns Signing, certificates PKI (limited support) Pluggable crypto algorithms Policies Generalized permission objects Access control lists Security databases Customizable policy objects

Download ppt "Administrivia Final exam: Wed, May 12, 3:00-5:00, in this room Q&A on it today Playoffs: Fri, May 14, noon-2:00, FEC 141 Post-class survey (anonymous)"

Similar presentations

InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team 2001.09.18 (Nanjing)

InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team (Nanjing)
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Innovations in OSGi How to prevent patent applications.

Innovations in OSGi How to prevent patent applications.
Java Applet Security Diana Dong CS 265 Spring 2004.

Java Applet Security Diana Dong CS 265 Spring 2004.
Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.

Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.

Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Similar presentations

Ads by Google