Java Security Model For Mobile Code Abdo Achkar. Mobile Code A mobile object is a “self contained piece” of executable code. Definition:  Code that can.

Slides:



Advertisements
Similar presentations
Why Have The OSGi Specifications Been Based On Java Technology ? By Peter Kriens, CEO aQute OSGi Technology Officer
Advertisements

CSci 1130 Intro to Computer Programming in Java
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Portability and Safety Mahdi Milani Fard Dec, 2006 Java.
Introduction To Java Objectives For Today â Introduction To Java â The Java Platform & The (JVM) Java Virtual Machine â Core Java (API) Application Programming.
Java Applet Security Diana Dong CS 265 Spring 2004.
Java security (in a nutshell)
Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & ) Java Security on the Browser Java Security in the Enterprise.
Introduction to JAVA Vijayan Sugumaran School of Business Administration Oakland University Rochester, MI
Lab Information Security Using Java (Review) Lab#0 Omaima Al-Matrafi.
Lab#1 (14/3/1431h) Introduction To java programming cs425
The Java Language. Topics of this Course  Introduction to Java  The Java Language  Object Oriented Programming in Java  Exceptions Handling  Threads.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Object Orientated Programming
Java: History and Introduction (Lecture # 1). History… Java – Based on C and C++ – Developed in 1991 for intelligent consumer electronic devices – Green.
Introduction to By Mati Yanko. Primary Goals of Java Portable Secured Object Oriented.
Introduction to Java Programming
Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.
JETT 2003 Java.compareTo(C++). JAVA Java Platform consists of 4 parts: –Java Language –Java API –Java class format –Java Virtual Machine.
Programming Language Semantics Java Threads and Locks Informal Introduction The Java Specification Language Chapter 17.
JVM-1 Introduction to Java Virtual Machine. JVM-2 Outline Java Language, Java Virtual Machine and Java Platform Organization of Java Virtual Machine Garbage.
Session-02. Objective In this session you will learn : What is Class Loader ? What is Byte Code Verifier? JIT & JAVA API Features of Java Java Environment.
01 Introduction to Java Technology. 2 Contents History of Java What is Java? Java Platforms Java Virtual Machine (JVM) Java Development Kit (JDK) Benefits.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Java Security Updated May Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.
Introduction to Java Programming. Contents 1. Java, etc. 2. Java's Advantages 3. Java's Disadvantages 4. Types of Java Code 5. Java Bytecodes 6. Steps.
Intro to Java The Java Virtual Machine. What is the JVM  a software emulation of a hypothetical computing machine that runs Java bytecodes (Java compiler.
Embedded Java Research Geoffrey Beers Peter Jantz December 18, 2001.
JAVA v.s. C++ Programming Language Comparison By LI LU SAMMY CHU By LI LU SAMMY CHU.
Introduction to Java CSIS 3701: Advanced Object Oriented Programming.
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
Applets & Servlets.
CSCI 224 Introduction to Java Programming. Course Objectives  Learn the Java programming language: Syntax, Idioms Patterns, Styles  Become comfortable.
Introduction to Java Kumar Harshit. Objectives ( 목적지 ) At the end of the lesson, the student should be able to: ● Describe the features of Java technology.
Java Virtual Machine Java Virtual Machine A Java Virtual Machine (JVM) is a set of computer software programs and data structures that use.
C# Overview and Features. Content I.History of C# II.Architecture III.How to install IV.Features V.Code Sample VI.Microsoft.NET Platform VII.Why use C#
Java Introduction Lecture 1. Java Powerful, object-oriented language Free SDK and many resources at
Lecture 10 : Introduction to Java Virtual Machine
1 Module Objective & Outline Module Objective: After completing this Module, you will be able to, appreciate java as a programming language, write java.
University of Houston-Clear Lake Proprietary© 1997 Evolution of Programming Languages Basic cycle of improvement –Experience software difficulties –Theory.
Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.
POS 406 Java Technology And Beginning Java Code
Java 2 security model Valentina Casola. Components of Java the development environment –development lifecycle –Java language features –class files and.
CPRG 215 Introduction to Object-Oriented Programming with Java Module 1-Introduction to Java Topic 1.1 Basics of Java Produced by Harvey Peters, 2008 Copyright.
What Is Java? According to Sun in a white paper: Java: A simple, object-oriented, network-savvy, interpreted, robust, secure, architecture-neutral, portable,
Computer Programming 2 Why do we study Java….. Java is Simple It has none of the following: operator overloading, header files, pre- processor, pointer.
We will talking about story of JAVA language. By Kristsada Songpartom.
CT1513 Introduction To java © A.AlOsaimi.
Core Java Introduction Byju Veedu Ness Technologies httpdownload.oracle.com/javase/tutorial/getStarted/intro/definition.html.
1. An Introduction A Programming Language A Technology Java Development Kit Java API One Language: Three Editions Standard Edition Enterprise Edition.
Java – in context Main Features From Sun Microsystems ‘White Paper’
1 Manipulating Managed Execution Runtimes to support Self-Healing Systems Rean Griffith‡, Gail Kaiser‡ Presented by Rean Griffith
The Execution System1. 2 Introduction Managed code and managed data qualify code or data that executes in cooperation with the execution engine The execution.
Introduction to Programming 1 1 2Introduction to Java.
Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.
RealTimeSystems Lab Jong-Koo, Lim
SESSION 1 Introduction in Java. Objectives Introduce classes and objects Starting with Java Introduce JDK Writing a simple Java program Using comments.
Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.
Object Oriented Programming in
Internet and Java Foundations, Programming and Practice
Java security (in a nutshell)
Rean Griffith‡, Gail Kaiser‡ Presented by Rean Griffith
Introduction Enosis Learning.
Introduction Enosis Learning.
Units with – James tedder
Units with – James tedder
.Net Framework Details Imran Rashid CTO at ManiWeber Technologies.
COSC Assignment 3 - Part 1 Java Security Susan Kovacs 19 April 2019 COSC Assignment 3 - Part 1.
Chap 1. Getting Started Objectives
Computer Programming-1 CSC 111
Presentation transcript:

Java Security Model For Mobile Code Abdo Achkar

Mobile Code A mobile object is a “self contained piece” of executable code. Definition:  Code that can be transmitted across a network and executed on the other end. Mobile code is dynamically loaded and executed by standalone programs. Ex: Browsers

Advantages Of Mobile Code In Distributed Systems Eliminates installation problems of desktop applications. Favors portability to different platforms. Enhances scalability of client/server applications. Reduces software distribution costs.

Criteria For Mobile Code Safe environment of execution Platform independence Life cycle control Security

Safety features built into the JVM  Type-safe reference casting  Structured memory access  Automatic garbage collection  Array bounds checking Safety features built into the JVM  Type-safe reference casting  Structured memory access How Does Java Ensure These Criteria? Safety features built into the JVM  Type-safe reference casting  Structured memory access  Automatic garbage collection Safety features built into the JVM  Type-safe reference casting  Structured memory access  Automatic garbage collection  Array bounds checking  Checking references for null Safety features built into the JVM  Type-safe reference casting

How Does Java Ensure These Criteria? (Cont’) The class loader architecture  Primordial class loader (trusted) The class loader architecture  Primordial class loader (trusted)  Class loader for other classes (non trusted) Every namespace has its own loader The class loader checks to make sure that the class does not declare itself to be a member of a trusted package

How Does Java Ensure These Criteria? (Cont’)  The class-file verifier Checks format and internal consistency  The class-file verifier Checks format and internal consistency Bytecode verifier  The class-file verifier Checks format and internal consistency Bytecode verifier Checks that no local variable is accessed before instantiation  The class-file verifier Checks format and internal consistency Bytecode verifier Checks that no local variable is accessed before instantiation Checks that class’ fields are assigned values of proper type.  The class-file verifier Checks format and internal consistency Bytecode verifier Checks that no local variable is accessed before instantiation Checks that class’ fields are assigned values of proper type. Checks methods’ arguments number and type

Class Verifier (cont’) Phase two and dynamic linking  Finding the class being referenced Phase two and dynamic linking  Finding the class being referenced  Replacing symbolic references with direct references (and remembering them)

The security manager  Defines the limits of the “sandbox” How Does Java Ensure These Criteria? (Cont’) The security manager  Defines the limits of the “sandbox”  Is consulted for permission for every potentially dangerous action. The security manager  Defines the limits of the “sandbox”  Is consulted for permission for every potentially dangerous action.  List of possible dangerous behaviors supported by security managers: Accepting/Opening sockets Modifying/Creating threads Creating new class loaders Creating new process Loading DLLs. Deleting/reading/writing from and to a file

Advantages of using Java in mobile code Unlike traditional software, java allows working with software that come from sources you do not fully trust. Java’s openness allows security holes to be identified and patched. Unlike traditional software, java allows working with software that come from sources you do not fully trust. Java’s openness allows security holes to be identified and patched. Java is platform independent Unlike traditional software, java allows working with software that come from sources you do not fully trust. Java’s openness allows security holes to be identified and patched. Java is platform independent Java is free Unlike traditional software, java allows working with software that come from sources you do not fully trust. Java’s openness allows security holes to be identified and patched. Java is platform independent Java is free Java code is robust (otherwise the loader/verifier would throw exceptions)

Disadvantages of Java Slow due to all checkings it does Does not allow low level control of hardware without having to call natives. (can be a security advantage) Slow due to all checkings it does Does not allow low level control of hardware without having to call natives. (can be a security advantage) Every class extends the class Object. This adds a lot of overhead to the program.

Questions

References /jw-08-hood.html /jw-08-hood.html /jw-09-hood.html /jw-09-hood.html /jw-10-hood.html /jw-10-hood.html /jw-11-hood.html /jw-11-hood.html s/is206/f97/GroupC/java.html s/is206/f97/GroupC/java.html

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.