Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security.

Published byAlicia Neal Modified over 5 years ago

Similar presentations

Presentation on theme: "Security."— Presentation transcript:

1 Security

2 Java E-Commerce © Martin Cooke, 2003
This lecture Security requirements for e-commerce Java language features Java sandbox 24/04/2019 Java E-Commerce © Martin Cooke, 2003

3 Java E-Commerce © Martin Cooke, 2003
Later lectures Next: Authentication & authorisation Cryptography Cryptographic hash functions Encryption/decrption: symmetric and public key systems Applications Message digests digital signatures & certificates SSL and SET Java support for cryptography 24/04/2019 Java E-Commerce © Martin Cooke, 2003

4 Security requirements for e-commerce

5 Why security is a hot topic
Security threats have increased out of all recognition in the last 10 years, with virtually no aspect of life left untouched, leaving opportunities to snoop, sneal, clog up, impersonate, modify, delete, or simply make mistakes and wreak havoc …. Financial transactions eg credit card details Sensitive information eg exam papers Downloaded programs, including applets 24/04/2019 Java E-Commerce © Martin Cooke, 2003

6 Aspects not covered here
Nature of threats Tools for attacks Firewalls Virtual private networks (VPNs) Auditing for post-mortems See Ince (2001), ch 11 24/04/2019 Java E-Commerce © Martin Cooke, 2003

7 The purpose of security
Security is not used simply to protect against direct threats … … but is essential in establishing trust in transactions between unseen parties Security & trust are probably the most significant barriers to e-commerce 24/04/2019 Java E-Commerce © Martin Cooke, 2003

8 Four cornerstones of security & trust
authentication integrity & non- authorisation confidentiality repudiation 24/04/2019 Java E-Commerce © Martin Cooke, 2003

9 Java E-Commerce © Martin Cooke, 2003
Authentication authentication The identities of all parties involved in an operation should be verified (including code sources) 24/04/2019 Java E-Commerce © Martin Cooke, 2003

10 Java E-Commerce © Martin Cooke, 2003
Integrity authentication integrity ensure information has not been tampered with 24/04/2019 Java E-Commerce © Martin Cooke, 2003

11 Java E-Commerce © Martin Cooke, 2003
Non-repudiation authentication integrity & non- repudiation cannot deny that you are the sender of the info, or that it has been received 24/04/2019 Java E-Commerce © Martin Cooke, 2003

12 Java E-Commerce © Martin Cooke, 2003
Confidentiality authentication integrity & non- confidentiality repudiation only intended recipient can make sense of message or stored information 24/04/2019 Java E-Commerce © Martin Cooke, 2003

13 Java E-Commerce © Martin Cooke, 2003
Authorisation authentication integrity & non- authorisation confidentiality repudiation Is the user or code allowed to carry out certain operations? 24/04/2019 Java E-Commerce © Martin Cooke, 2003

14 Java E-Commerce © Martin Cooke, 2003
Security tradeoffs With unlimited resources, most forms of security can be broken Cost of breaking should outweigh reward Have to consider end-to-end security only as secure as weakest part Eg: encryption with private key is all very well, but weakness is often storage of private key Aim for simplicity Don’t want to frighten away legitimate users Easier to analyse and maintain 24/04/2019 Java E-Commerce © Martin Cooke, 2003

15 Common web scenarios and their security aspects

16 Scenario 1: online banking
Authentication: is this a valid user? Authorisation: does this user have permission to access account information? Confidentiality: is account information secure from attack? … but must still be easy to use 24/04/2019 Java E-Commerce © Martin Cooke, 2003

17 Scenario 2: Downloading code
Authentication: does the code come from a trusted source? Integrity: has the code been tampered with before or during downloading? Authorisation: does the code have permission to carry out certain operations? 24/04/2019 Java E-Commerce © Martin Cooke, 2003

18 Scenario 3: online credit card transactions
Authentication: does the credit card belong to the customer? Is the merchant valid? Is the merchant bank valid? Integrity: have any details been altered en route? Non-repudiation: can any of the parties deny that any aspects of the transaction took place? Confidentiality: should the merchant have access to credit card details? Should the bank have access to purchase details? 24/04/2019 Java E-Commerce © Martin Cooke, 2003

19 But isn’t Java secure?

20 Java 2 security features
Configurable security policy to protect you from Java programs (this lecture) Authentication and authorisation framework to protect you against end users (next lecture) Integrity checks for data Digital signatures Digital certificates Key management Encryption/decryption (from 1.4) 24/04/2019 Java E-Commerce © Martin Cooke, 2003

21 Java E-Commerce © Martin Cooke, 2003
Core API class files remote class files local class files signed class files bytecode verifier class loader core Java API Security package Key db security manager & access controller operating system Source: Oaks, fig 1-2 24/04/2019 Java E-Commerce © Martin Cooke, 2003

22 Java E-Commerce © Martin Cooke, 2003
Core API class files remote class files local class files Bytecode verifier Ensures that Java class files follow the rules of Java eg memory protection Only applies to classes outside the core signed class files bytecode verifier class loader core Java API Security package Key db security manager & access controller operating system 24/04/2019 Java E-Commerce © Martin Cooke, 2003

23 Java E-Commerce © Martin Cooke, 2003
Core API class files remote class files local class files Class loader Does the obvious … … but can set permissions for each class loaded (so-called protection domains) so that access controller knows which classes have which permissions signed class files bytecode verifier class loader core Java API Security package Key db security manager & access controller operating system 24/04/2019 Java E-Commerce © Martin Cooke, 2003

24 Java E-Commerce © Martin Cooke, 2003
Core API class files remote class files local class files Security package java.security and subpackages Large, complex, API Message digests Keys and certificates Digital signatures Encryption authentication signed class files bytecode verifier class loader core Java API Security package Key db security manager & access controller operating system 24/04/2019 Java E-Commerce © Martin Cooke, 2003

25 Java E-Commerce © Martin Cooke, 2003
Core API class files remote class files local class files Security manager & access controller Responsible for allowing or preventing access to system resources Based on policies set by system admin Why 2? Security manager defers most actions to access controller SM exists for backwards compatibility signed class files bytecode verifier class loader core Java API Security package Key db security manager & access controller operating system 24/04/2019 Java E-Commerce © Martin Cooke, 2003

26 Java E-Commerce © Martin Cooke, 2003
Core API class files remote class files local class files Key database Set of keys used to create or verify digital signatures May exist as external file or database signed class files bytecode verifier class loader core Java API Security package Key db security manager & access controller operating system 24/04/2019 Java E-Commerce © Martin Cooke, 2003

27 Security features in the language
Every object has an access level Private, package, protected, public Cannot access arbitrary memory locations Immutable final objects Variables must be initialised before use Array-bound checking No arbitrary object casting 24/04/2019 Java E-Commerce © Martin Cooke, 2003

28 Enforcement 1: compiler
Every object has an access level Private, package, protected, public Cannot access arbitrary memory locations Immutable final objects Variables must be initialised before use Array-bound checking No arbitrary object casting 24/04/2019 Java E-Commerce © Martin Cooke, 2003

29 Enforcement 2: byte-code verifier
Necessary since it is possible to compile classes which, together, represent non-conforming Java code Internal part of JVM Proves that a series of bytecodes is a legal sequence of Java instructions Correct format for class No subclassing of finals Single superclass for each class No illegal primitive data conversion No illegal casting (*) No operand stack overflow/underflow (*) cannot test fully until runtime Every object has an access level Private, package, protected, public Cannot access arbitrary memory locations Immutable final objects Variables must be initialised before use Array-bound checking No arbitrary object casting 24/04/2019 Java E-Commerce © Martin Cooke, 2003

30 Enforcement 3: runtime system
Every object has an access level Private, package, protected, public Cannot access arbitrary memory locations Immutable final objects Variables must be initialised before use Array-bound checking No arbitrary object casting 24/04/2019 Java E-Commerce © Martin Cooke, 2003

31 The Java Sandbox

32 Java E-Commerce © Martin Cooke, 2003
The sandbox Originally, applied only to applets and was very ‘tight’ Since 1.1, offered fine-grained security authorisation to code Since 1.2, can be applied to applications as well as applets (only difference is that it is default for applets) Implemented by security manager 24/04/2019 Java E-Commerce © Martin Cooke, 2003

33 Elements of the sandbox
Permissions Code sources Protection domains Keystores Policy file 24/04/2019 Java E-Commerce © Martin Cooke, 2003

34 Elements of the sandbox
Permissions Code sources Protection domains Keystores Policy file Specific action that code is allowed to perform Specified as triple Type Name Actions specified in policy file permission java.security.AllPermission Allows code to do anything permission java.lang.RuntimePermission “stopThread”; permission java.io.FilePermission “/tmp/foo”,”read”; Self-evident 24/04/2019 Java E-Commerce © Martin Cooke, 2003

35 Elements of the sandbox
Permissions Code sources Protection domains Keystores Policy file Location from which class has been loaded Possibly including information about who signed the class java.security.CodeSource 24/04/2019 Java E-Commerce © Martin Cooke, 2003

36 Elements of the sandbox
Permissions Code sources Protection domains Keystores Policy file Maps permissions to code sources Eg code loaded from <URL> can do <X> 24/04/2019 Java E-Commerce © Martin Cooke, 2003

37 Elements of the sandbox
Permissions Code sources Protection domains Keystores Policy file Java code may be digitally signed (later) Uses keys, held in keystore 24/04/2019 Java E-Commerce © Martin Cooke, 2003

38 Elements of the sandbox
Permissions Code sources Protection domains Keystores Policy file Used to list permissions, identify keystore location, specify code sources and protection domains Global policy file: lib/security/java.policy Local policy file: .java.policy in home dir Policies based on union of the two 24/04/2019 Java E-Commerce © Martin Cooke, 2003

39 Java E-Commerce © Martin Cooke, 2003
Policy file example keystore “${user.home}${/}.keystore”; grant codeBase “ { permission java.io.FilePermission “/tmp”, “read”; permission java.lang.RuntimePermission “queuePrintJob”; }; grant signedBy “mpc” codeBase “ { permission java.security.AllPermission; grant signedBy “gjb” { permission java.net.SocketPermission “*:1024-”, “accept, connect, listen”; } grant { permission java.util.PropertyPermission “java.version”, “read”; 24/04/2019 Java E-Commerce © Martin Cooke, 2003

40 Java E-Commerce © Martin Cooke, 2003
Keystore keystore “${user.home}${/}.keystore”; grant codeBase “ { permission java.io.FilePermission “/tmp”, “read”; permission java.lang.RuntimePermission “queuePrintJob”; }; grant signedBy “mpc” codeBase “ { permission java.security.AllPermission; grant signedBy “gjb” { permission java.net.SocketPermission “*:1024-”, “accept, connect, listen”; } grant { permission java.util.PropertyPermission “java.version”, “read”; Consult keystore in home directory if need to check certificates 24/04/2019 Java E-Commerce © Martin Cooke, 2003

41 Java E-Commerce © Martin Cooke, 2003
Codebases keystore “${user.home}${/}.keystore”; grant codeBase “ { permission java.io.FilePermission “/tmp”, “read”; permission java.lang.RuntimePermission “queuePrintJob”; }; grant signedBy “mpc” codeBase “ { permission java.security.AllPermission; grant signedBy “gjb” { permission java.net.SocketPermission “*:1024-”, “accept, connect, listen”; } grant { permission java.util.PropertyPermission “java.version”, “read”; combination of signedBy and codeBase elements 24/04/2019 Java E-Commerce © Martin Cooke, 2003

42 Java E-Commerce © Martin Cooke, 2003
Permissions keystore “${user.home}${/}.keystore”; grant codeBase “ { permission java.io.FilePermission “/tmp”, “read”; permission java.lang.RuntimePermission “queuePrintJob”; }; grant signedBy “mpc” codeBase “ { permission java.security.AllPermission; grant signedBy “gjb” { permission java.net.SocketPermission “*:1024-”, “accept, connect, listen”; } grant { permission java.util.PropertyPermission “java.version”, “read”; 2, 3 or 4 parts Type, name, actions 24/04/2019 Java E-Commerce © Martin Cooke, 2003

43 Java E-Commerce © Martin Cooke, 2003
Protection domains keystore “${user.home}${/}.keystore”; grant codeBase “ { permission java.io.FilePermission “/tmp”, “read”; permission java.lang.RuntimePermission “queuePrintJob”; }; grant signedBy “mpc” codeBase “ { permission java.security.AllPermission; grant signedBy “gjb” { permission java.net.SocketPermission “*:1024-”, “accept, connect, listen”; } grant { permission java.util.PropertyPermission “java.version”, “read”; “allow code loaded from dcs to read /tmp and to queue print jobs” “allow code loaded from mpc.com and signed by mpc to do anything” “allow code signed by gjb, loaded from anywhere, to do 3 actions on any host, on all ports >1024” “Allow all code to read the java version” 24/04/2019 Java E-Commerce © Martin Cooke, 2003

44 Java E-Commerce © Martin Cooke, 2003
Default policy file 24/04/2019 Java E-Commerce © Martin Cooke, 2003

45 Java E-Commerce © Martin Cooke, 2003
PolicyTool 24/04/2019 Java E-Commerce © Martin Cooke, 2003

46 Launching the sandbox for applications
java -Djava.security.manager <app> java -Djava.security.manager \ -Djava.security.policy=<URL> <app> 24/04/2019 Java E-Commerce © Martin Cooke, 2003

47 Programming perspective: The access controller
Main mechanism used by Java API to implement the sandbox Simple to use 24/04/2019 Java E-Commerce © Martin Cooke, 2003

48 Java E-Commerce © Martin Cooke, 2003
Example import java.applet.*; import java.net.*; import java.security.*; public class AccessTest extends Applet { public void init() { SocketPermission sp = new SocketPermission( getParameter(“host”)+”:6000”,”connect”); try { AccessController.checkPermission(sp); System.out.print(“OK to open socket”); } catch (AccessControlException ace) { System.out.println(ace); } Source: Oaks, p102 24/04/2019 Java E-Commerce © Martin Cooke, 2003

49 Java E-Commerce © Martin Cooke, 2003
Example import java.applet.*; import java.net.*; import java.security.*; public class AccessTest extends Applet { public void init() { SocketPermission sp = new SocketPermission( getParameter(“host”)+”:6000”,”connect”); try { AccessController.checkPermission(sp); System.out.print(“OK to open socket”); } catch (AccessControlException ace) { System.out.println(ace); } 1. Construct permission (NB a permission instance is NOT the same as a permission!) Source: Oaks, p102 24/04/2019 Java E-Commerce © Martin Cooke, 2003

50 Java E-Commerce © Martin Cooke, 2003
Example import java.applet.*; import java.net.*; import java.security.*; public class AccessTest extends Applet { public void init() { SocketPermission sp = new SocketPermission( getParameter(“host”)+”:6000”,”connect”); try { AccessController.checkPermission(sp); System.out.print(“OK to open socket”); } catch (AccessControlException ace) { System.out.println(ace); } 1. Construct permission 2. Check it (static method of AccessController) Source: Oaks, p102 24/04/2019 Java E-Commerce © Martin Cooke, 2003

51 Java E-Commerce © Martin Cooke, 2003
Example import java.applet.*; import java.net.*; import java.security.*; public class AccessTest extends Applet { public void init() { SocketPermission sp = new SocketPermission( getParameter(“host”)+”:6000”,”connect”); try { AccessController.checkPermission(sp); System.out.print(“OK to open socket”); } catch (AccessControlException ace) { System.out.println(ace); } 1. Construct permission 2. Check it (static method of AccessController) 3. Catch exception Source: Oaks, p102 24/04/2019 Java E-Commerce © Martin Cooke, 2003

52 Constructing your own permissions
Think of this as similar to constructing own exceptions Powerful and flexible way to implement arbitrary, application-specific, security policies, which can be administered from a policy file Eg read, modify rows with particular fields from database Extend java.security.Permission Easier to extend java.security.BasicPermission 24/04/2019 Java E-Commerce © Martin Cooke, 2003

53 Java E-Commerce © Martin Cooke, 2003
Interim summary The Java language contains many features which make it difficult to subvert The sandbox concept applies to applets (always) and applications, using -Djava.security.manager A policy file specifies which permissions can be granted to code coming from specific locations and/or specific signers This adds up to protecting system resources from untrusted code But what about unstrusted users? 24/04/2019 Java E-Commerce © Martin Cooke, 2003

54 Java E-Commerce © Martin Cooke, 2003
Summary Authentication, authorisation, integrity and confidentiality are the cornerstones of security Java supports security in many ways, from language features to APIs, but is only as secure as the programmer makes it 24/04/2019 Java E-Commerce © Martin Cooke, 2003

55 Java E-Commerce © Martin Cooke, 2003
Resources Books Oaks (2001) Java Security (2nd edition) O’Reilly, Ince, ch 11 Norris & West (2001) eBusiness Essentials, Wiley, , chs 4 and 5 24/04/2019 Java E-Commerce © Martin Cooke, 2003

Download ppt "Security."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 16 Secure Coding in Java and.NET Part 1: Fundamentals.

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 16 Secure Coding in Java and.NET Part 1: Fundamentals.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Java Applet Security Diana Dong CS 265 Spring 2004.

Java Applet Security Diana Dong CS 265 Spring 2004.
Java security (in a nutshell)

Java security (in a nutshell)
Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.

Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.
COEN 351: E-Commerce Security

COEN 351: E-Commerce Security
Java Security CS-328. JDK 1.0 Security Model Sandbox Java Virtual Machine Local Code Remote Code Local Host System Resources (File System, Sockets, Printers…)

Java Security CS-328. JDK 1.0 Security Model Sandbox Java Virtual Machine Local Code Remote Code Local Host System Resources (File System, Sockets, Printers…)
Dan Sedlacek CTO, Systems Management Group Sterling Software Java Security and Encryption.

Dan Sedlacek CTO, Systems Management Group Sterling Software Java Security and Encryption.
Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & email) Java Security on the Browser Java Security in the Enterprise.

Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & ) Java Security on the Browser Java Security in the Enterprise.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
1 Lecture 4 George Koutsogiannakis/Summer 2011 CS441 CURRENT TOPICS IN PROGRAMMING LANGUAGES.

1 Lecture 4 George Koutsogiannakis/Summer 2011 CS441 CURRENT TOPICS IN PROGRAMMING LANGUAGES.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Java Security Updated May 2007. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.

Java Security Updated May Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.

Similar presentations

Ads by Google