University of Nijmegen Jaap-Henk Hoepman Department of Computer Science University of Nijmegen, the Netherlands Secure.

Slides:



Advertisements
Similar presentations
RPC Robert Grimm New York University Remote Procedure Calls.
Advertisements

Java Card Technology Ch07: Applet Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Computer Science & Engineering.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptography and Network Security
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts Amherst Operating Systems CMPSCI 377 Lecture.
Copyright © 2001 Qusay H. Mahmoud RMI – Remote Method Invocation Introduction What is RMI? RMI System Architecture How does RMI work? Distributed Garbage.
15-May-15 RMI Remote Method Invocation. 2 “The network is the computer” Consider the following program organization: If the network is the computer, we.
What iS RMI? Remote Method Invocation. It is an approach where a method on a remote machine invokes another method on another machine to perform some computation.
Java Remote Method Invocation (RMI) In Java we implement object systems: O1O2 O3 thread 1thread 2 execution scheme JVM 1JVM 2 distribution scheme.
Java Remote Object Invocation (RMI) Overview of RMI Java RMI allowed programmer to execute remote function class using the same semantics as local functions.
Remote Method Invocation
Remote Object Invocation Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Jason Javacards as secure objects network by Richard Brinkman.
Remote Method Invocation Chin-Chih Chang. Java Remote Object Invocation In Java, the object is serialized before being passed as a parameter to an RMI.
Java RMI. What is RMI? RMI is an RPC system for an object based language. Objects provide a natural granularity for the binding of functions. –RMI allows.
Advanced Java Class Network Programming. Network Protocols Overview Levels of Abstraction –HTTP protocol: spoken by Web Servers and Web Clients –TCP/IP:
EEC-681/781 Distributed Computing Systems Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Introduction to Remote Method Invocation (RMI)
Java Remote Object Invocation (RMI) Overview of RMI Java RMI allowed programmer to execute remote function class using the same semantics as local functions.
How Does Remote Method Invocation Work? –Systems that use RMI for communication typically are divided into two categories: clients and servers. A server.
Communication in Distributed Systems –Part 2
CS255 Programming Project 1. Programming Project 1 Due: Friday Feb 8 th (11:59pm)‏ – Can use extension days Can work in pairs – One solution per pair.
Programming Languages and Paradigms Object-Oriented Programming.
Understanding the CORBA Model. What is CORBA?  The Common Object Request Broker Architecture (CORBA) allows distributed applications to interoperate.
Jaeki Song ISQS6337 JAVA Lecture 16 Other Issues in Java.
+ A Short Java RMI Tutorial Usman Saleem
Cli/Serv.: rmiCORBA/131 Client/Server Distributed Systems v Objectives –introduce rmi and CORBA , Semester 1, RMI and CORBA.
CS 390- Unix Programming Environment CS 390 Unix Programming Environment Topics to be covered: Distributed Computing Fundamentals.
1 Java RMI G53ACC Chris Greenhalgh. 2 Contents l Java RMI overview l A Java RMI example –Overview –Walk-through l Implementation notes –Argument passing.
Spring/2002 Distributed Software Engineering C:\unocourses\4350\slides\DefiningThreads 1 RMI.
Client Call Back Client Call Back is useful for multiple clients to keep up to date about changes on the server Example: One auction server and several.
RMI remote method invocation. Traditional network programming The client program sends data to the server in some intermediary format and the server has.
RMI Remote Method Invocation Distributed Object-based System and RPC Together 2-Jun-16.
Java Remote Object Invocation (RMI) Overview of RMI Java RMI allowed programmer to execute remote function class using the same semantics as local functions.
 Remote Method Invocation  A true distributed computing application interface for Java, written to provide easy access to objects existing on remote.
CSE 451: Operating Systems Winter 2015 Module 22 Remote Procedure Call (RPC) Mark Zbikowski Allen Center 476 © 2013 Gribble, Lazowska,
Java Remote Method Invocation (RMI) Overview of RMI Java RMI allowed programmer to execute remote function class using the same semantics as local functions.
Remote Method Invocation Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Tatung University.
 Java RMI Distributed Systems IT332. Outline  Introduction to RMI  RMI Architecture  RMI Programming and a Sample Example:  Server-Side RMI programming.
UMBC Distributed Computing with Objects RMI/Corba CMSC 432 Shon Vick.
Remote Method Invocation RMI architecture stubs and skeletons for remote services RMI server and client in Java Creating an RMI Application step-by- step.
1 RMI Russell Johnston Communications II. 2 What is RMI? Remote Method Invocation.
1 Lecture 15 Remote Method Invocation Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Tatung Institute of Technology.
CSC 480 Software Engineering Lab 6 – RMI Nov 8, 2002.
Topic 5: CORBA RMI Dr. Ayman Srour
RMI1 Remote Method Invocation Adapted from “Core Java 2” by Cay Horstmann.
1 Example security systems n Kerberos n Secure shell.
A service Oriented Architecture & Web Service Technology.
Topic 4: Distributed Objects Dr. Ayman Srour Faculty of Applied Engineering and Urban Planning University of Palestine.
Distributed Web Systems Distributed Objects and Remote Method Invocation Lecturer Department University.
1. Presentation Agenda  Identify Java Card Technology  Identify Elements of Java Card applications  Communicating with a Java Card Applet  Java Card.
Distributed Computing
Java Remote Method Invocation (RMI)
Remote Method Invocation
What is RMI? Remote Method Invocation
Remote Method Invocation
CSE 451: Operating Systems Winter 2006 Module 20 Remote Procedure Call (RPC) Ed Lazowska Allen Center
CSE 451: Operating Systems Autumn 2003 Lecture 16 RPC
CSE 451: Operating Systems Winter 2007 Module 20 Remote Procedure Call (RPC) Ed Lazowska Allen Center
Architecture Competency Group
CSE 451: Operating Systems Winter 2004 Module 19 Remote Procedure Call (RPC) Ed Lazowska Allen Center
CSE 451: Operating Systems Spring 2012 Module 22 Remote Procedure Call (RPC) Ed Lazowska Allen Center
CSE 451: Operating Systems Autumn 2009 Module 21 Remote Procedure Call (RPC) Ed Lazowska Allen Center
CSE 451: Operating Systems Autumn 2010 Module 21 Remote Procedure Call (RPC) Ed Lazowska Allen Center
Java Remote Method Invocation
CSE 451: Operating Systems Winter 2003 Lecture 16 RPC
CSE 451: Operating Systems Messaging and Remote Procedure Call (RPC)
STATEL an easy way to transfer data
Presentation transcript:

University of Nijmegen Jaap-Henk Hoepman Department of Computer Science University of Nijmegen, the Netherlands Secure Method Invocation in JASON

J.H. Hoepman Secure Method Invocation in JASON 2 ContentsContents  JavaCard: Promises and Problems  JASON vision  JASON secure method invocation  Discussion

J.H. Hoepman Secure Method Invocation in JASON 3 JavaCard: Promises and Problems  Promises  Object oriented programming of smart card applications  Better chance of application separation through Java Virtual Machine  Problems  Object orientation invisible outside smart card. Still the same paradigm: Select application Send APDU command

J.H. Hoepman Secure Method Invocation in JASON 4 JASON Vision  Objectives  Viewing a smart card system as a collection of named, networked, objects  Truly object-oriented smart card programming  Automatically enforce security requirements at method granularity as specified by programmer “Javacards As Secure Objects Network” …towards a smart card OS…

J.H. Hoepman Secure Method Invocation in JASON 5 Related work  JCCAP (VandeWalle)  Capability based access control  VISA Open Platform Specification  Secure loading, installation and deletion of smart card applications  PC/SC / OpenCard  Transparently handle multiple smart cards  JiniCard  Download terminal plugins to accept any smart card

J.H. Hoepman Secure Method Invocation in JASON 6 JASON Secure Method Invocation  Role based access control  Independent, per method  Role = ownership of key  Protecting parameters and results  Confidentiality  Authenticity Integrity no-replay

J.H. Hoepman Secure Method Invocation in JASON 7 JASON Architecture dispatcher APDU dispatcher terminalcard keys skel capplet stub

J.H. Hoepman Secure Method Invocation in JASON 8 Generating stubs/skeleton  JASON Definition File  JAVA Interface  Specify roles at start of class file  Extra keywords accessible to authentic confidential “ JASON definition file JASON definition file compiler java stub java stub java skeleton java skeleton

J.H. Hoepman Secure Method Invocation in JASON 9 Example: specifying a purse public interface Purse { roles: BANK, MERCHANT, OWNER ; accessible to ALL: confidential authentic short getBalance () ; accessible to MERCHANT authentic void decreaseBalance ( authentic short amount ) ; accessible to BANK authentic void increaseBalance ( confidential authentic short amount ) ; }

J.H. Hoepman Secure Method Invocation in JASON 10 The authentic keyword  Guarantees  Authenticity  Integrity  Freshness No replay  For results  It guarantees that the called method was actually executed at this time in the proper way with the intended side effect cf. a decrease purse command

J.H. Hoepman Secure Method Invocation in JASON 11 Example: calling a purse try { Purse purse = (Purse) SMINaming.connect("smi://smartcard/Purse", Purse.MERCHANT, purseKeyStore) ; try { purse.decreaseBalance(10); System.out.println("You have paid"); } catch (UserException ue) { System.out.println ("Transaction failed. You have not paid."); } catch (RemoteException re) { System.out.println("Failed to connect to service."); }

J.H. Hoepman Secure Method Invocation in JASON 12 Behind the scenes (1)  Connect(, )  Negotiate ciphers  Authenticate caller role  Establish authenticated caller/callee id’s  Exchange session keys privately  Return handle of skeleton

J.H. Hoepman Secure Method Invocation in JASON 13 Behind the scenes (2)  Method call  stub converts call to secured APDU stream (only when necessary) Using session keys and message counters  Dispatcher forwards APDU stream to skeleton  skeleton verifies/decrypts parameters and calls method

J.H. Hoepman Secure Method Invocation in JASON 14 Behind the scenes (3)  Cryptography  Keys in separate key file  Authentication based on Public key crypto (Diversified) symmetric key crypto Determined by key type in key file  Symmetric session keys

J.H. Hoepman Secure Method Invocation in JASON 15 Behind the scenes (4)  Efficient protection by reshuffling

J.H. Hoepman Secure Method Invocation in JASON 16 SMI vs RMI… SMI RMI SMI stub RMISMI stub or

J.H. Hoepman Secure Method Invocation in JASON 17 DiscussionDiscussion  SMI Extensions  Transaction support  Transaction tickets  Logging & auditing  Naming and brokerage  Not finalised yet  Multi-threading method calls  Outbound calls too  JASON not limited to smart cards  Client-server  Embedded/Ambient systems

J.H. Hoepman Secure Method Invocation in JASON 18 Closing remarks  ml

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.