Presentation is loading. Please wait.

Presentation is loading. Please wait.

Java Security and the Java 2 Platform Stuart Fitz-Gerald With thanks to Chris Reade Java Security Java 2 Platform (overview) Network Examples with Sockets.

Published by Modified over 10 years ago

Similar presentations

Presentation on theme: "Java Security and the Java 2 Platform Stuart Fitz-Gerald With thanks to Chris Reade Java Security Java 2 Platform (overview) Network Examples with Sockets."— Presentation transcript:

1 Java Security and the Java 2 Platform Stuart Fitz-Gerald With thanks to Chris Reade Java Security Java 2 Platform (overview) Network Examples with Sockets and Web

2 Stuart Fitz-Gerald (2005)2 JVM and Security History –JDK 1.02 applications trusted applets untrusted –JDK 1.1 applications + signed applets trusted unsigned applets untrusted –JDK 1.2 (Full control over trust) SandBox Approach to untrusted code –Verification of byte code –Class Loader –Security manager

3 Stuart Fitz-Gerald (2005)3 The Byte Code Verifier The first prong of the Java Security Model –Java program compiled down to platform independent Java byte code –The code is verified before it can run to ensure the compiler had played by the rules –The is a mechanism for checking untrusted outside code –Verifier checks byte code at a number of different levels Checks format of byte-code fragment is correct A built-in theorem prover is applied to each fragment This works in tandem with security features built into the language through the compiler

4 Stuart Fitz-Gerald (2005)4 The Applet Class Loader The second prong of the Java Security Model –All Java objects belong to classes –The class loader determines when and how an applet can add classes to a running Java environment –Aim is to stop applet from trying to replace elements of the Java run-time environment –The Applet Class Loader loads all applets and the classes they reference –When an applet loads across the network, the Applet Class Loader receives the binary data and instantiates it as a new class.

5 Stuart Fitz-Gerald (2005)5 The Security Manager The third prong of the Java Security Model –This restricts the ways in which an applet can use visible interfaces –The Security Manager is a single module that can perform run- time checks on “dangerous” methods –Code in the Java library consults the Security Manager whenever a dangerous operation is about to be attempted –The Security Manager is given a chance to veto the operation by generating a security exception Decisions made by the Security Manager take into account which Class Loader loaded the requesting class Built-in classes are given more privilege than classes that have been loaded over the net

6 Stuart Fitz-Gerald (2005)6 Untrusted and Banished to the Sandbox The three parts of the Java Security Model make up the SANDBOX The idea is to restrict what an applet can do and make sure it plays by the rules The SANDBOX idea is appealing because it is meant to allow you to run untrusted code on your machine without worrying about it The result is that you can surf the Web with impunity -- as long as the Java SANDBOX has no holes in it!

7 Stuart Fitz-Gerald (2005)7 Java Virtual Machine JVM is a program which acts as a virtual machine to interpret and run Java class files. It accesses resources provided by the operating system through a fixed API. OS can protect against some software problems, but not sufficient for full protection. JVM must do more. RAMCACHES DISCs OS JVM Physical Memory other resources ports/peripherals API

8 Stuart Fitz-Gerald (2005)8 JVM Runtime Memory Abstract view of runtime memory as seen/managed by JVM HEAP Method area constant pool class instances stack pc stack pc stack pc Filestore class files Runtime Threads class loader

9 Stuart Fitz-Gerald (2005)9 Threads Java is unique among popular general-purpose languages in that it makes concurrency primitives available to the applications programmer The programmer specifies that applications contain threads of execution Each thread designates a portion of a program that may execute concurrently with other threads This capability is called multi-threading C and C++ are single-threaded languages

10 Stuart Fitz-Gerald (2005)10 Stacks An area for keeping intermediate values, arguments and results of operations and keeping track of methods that have been invoked (but not finished). One for each thread. Longer term data is in heap. current stack frame pc stack frame … contains inner operand stack operands for current method points to next instruction in method area

11 Stuart Fitz-Gerald (2005)11 JVM starting a Java program load –uses a classloader to read bytecode file and place binary rep into heap memory. link –verify (checking well-formed class file and some semantic constraints). may require loading further classes –prepare (allocate some storage, tables, data) –resolve (check symbolic links) usually replacing by direct pointer for efficiency may require loading further classes initialise

12 Stuart Fitz-Gerald (2005)12 Why Verify? JVM can assume (when running): –All arguments for instructions are type correct –No overflow or underflow of runtime operand stack –All loads and stores of variables are valid (e.g. according to final/private/…) Could check while running - but dangerous.) Could check this while compiling, so why verify when linking? –Version problems –Untrusted source

13 Stuart Fitz-Gerald (2005)13 Verification Pass 1 –checks file format is correct (and no extra bytes) Pass 2 - checking non-code attributes, such as –final not subclassed or overridden, –all classes have a superclass (except Object), –constant pool properly indexed, and properly typed Pass 3 - Data flow analysis of methods - essentially a proof. Requires simulating parts of program flow with type information on operand stacks - not values. Establishes that: At each point in the program (however arrived at) –Operand stack has the same size and types of values –Opcodes have correctly typed values on operand stack –No local variable is accessed before initialised –Methods invoked with appropriate args –Fields assigned with correctly typed values Pass 4 - allows for delay of some verification to run time - e.g. when loading further classes.

14 Stuart Fitz-Gerald (2005)14 Sandbox and Security Manager Class files (untrusted code) Class Loader Verifier Security Manager Java Source Files Class Files Java Compiler Internet JVM Protected Resources Security manager controls access to protected resources. In JDK 1.0 Sandbox for remote, unrestricted local; In JDK 1.1 signed (JAR) files - signed remote could be unrestricted; Now Security policy (preferences of user) to assign different access rights (still managed by security manager)

15 Stuart Fitz-Gerald (2005)15 Some Subtleties New class-loaders can be defined in Java, but these must not allow any undermining of verification (Masquerading). –Loaded classes need to record their loader (so equivalences can be checked). –core classes can only be loaded with standard class-loader (so core classes - including security manager will behave as designed). Types and Verification are central to security –Properly loaded and verified code cannot by-pass the security manager, because the only means to access protected resources resides in typed methods which are part of security manager –Deliberate underflow/overflow stack errors are a common means of undermining security by changing intended behaviour/restrictions in other runtime systems.

16 Stuart Fitz-Gerald (2005)16 Essential Language Features Type System Garbage Collection (no errors of user-controlled heap management) Structured Memory Access Reference types and type checking ensure no manufactured references (no pointer arithmetic) Privacy guarantees (public/private…attributes are checked and enforced) Run Time –array bound checking –casts type checking

17 Stuart Fitz-Gerald (2005)17 Summary Types and Language Design Class Loader Verification Security Manager Security relies on a carefully designed combination of

18 Stuart Fitz-Gerald (2005)18 Java 2 Platform Standard Edition (desktop) –J2SE 1.4.2 (1.5 coming soon) and is also a foundation for: Enterprise Edition –features for server components (enterprise beans, web services) –J2EE 1.4 Micro Edition –used in (hundreds of) millions of mobile phones/PDAs/set-top boxes… –highly optimised runtime environment

19 Stuart Fitz-Gerald (2005)19 Java 2 Standard Edition See original at http://java.sun.com/j2se/overview.html http://java.sun.com/j2se/overview.html

20 Stuart Fitz-Gerald (2005)20 Java 2 Enterprise Edition Large number of technologies for multi- tier enterprise systems, including –Java Server pages –Servlets –Transactions –Java Enterprise Beans (components) –Web Services

21 Stuart Fitz-Gerald (2005)21 Example from Core: Networking (java.net) Classes using TCP –URL, –URLConnection, –Socket –ServerSocket classes Classes using UDP –DatagramPacket –DatagramSocket –MulticastSocket Application HTTP, FTP, Telnet Transport TCP, UDP,… Network IP,… Link (device driver, …) java.net provides primitives at application level (details of TCP do not need to be known)

22 Stuart Fitz-Gerald (2005)22 Sockets (SocketAddress created e.g. using IP address + port number) Socket new connection listener Client1 Server Server- Socket Client2 (TCP) connection is set up

23 Stuart Fitz-Gerald (2005)23 Sockets (Client)... try { Socket server = new Socket( foo.bar.com,1234 ); OutputStream out = server.getOutputStream( ); InputStream in = server.getInputStream( ); // write a byte out.write ( 42 ); // write a string and newline Printwriter pout = new PrintWriter(out, true ); pout.println("Hello!"); // read a byte byte back = (byte) in.read(); …

24 Stuart Fitz-Gerald (2005)24 Sockets (Client ctd)... // read a line as a string BufferedReader bin = new BufferedReader(new InputStreamReader( in )); String response = bin.readLine(); // send an object ObjectOutputStream oout = new ObjectOutputStream(out ); oout.writeObject( new java.util.Date( ) ); oout.flush( ); server.close( ); } catch ( IOException e ) {...}...

25 Stuart Fitz-Gerald (2005)25 Sockets (Server) … // at foo.bar.com try { ServerSocket listener = new ServerSocket(1234 ); while( !finished ) {// wait for a connection Socket client = listener.accept( ); OutputStream out = client.getOutputStream( ); InputStream in = client.getInputStream( ); // read a byte byte someByte = (byte) in.read( ); // read a string and newline BufferedReader bin = new BufferedReader(new InputStreamReader( in )); String someString = bin.readLine(); // write a byte out.write(43);

26 Stuart Fitz-Gerald (2005)26 Sockets (Server ctd.) … // say goodbye Printwriter pout = new PrintWriter(out, true ); pout.println("Goodbye"); // read a serialised object ObjectInputStream oin = new ObjectInputStream(in ); Date date = (Date) oin.readObject( ); client.close( ); } listener.close( ); } catch ( IOException e ) {...} catch (ClassNotFoundException e2 ) {…} …

27 Stuart Fitz-Gerald (2005)27 Tiny HTTP Daemon //file: TinyHttpd.java import java.net.*; import java.io.*; import java.util.*; public class TinyHttpd { public static void main( String argv[] ) throws IOException { ServerSocket ss = new ServerSocket( Integer.parseInt(argv[0]) ); while ( true ) new TinyHttpdConnection(ss.accept()).start( ); } } // end of class TinyHttpd

28 Stuart Fitz-Gerald (2005)28 Tiny HTTP Daemon (ctd. 1) class TinyHttpdConnection extends Thread { Socket client; TinyHttpdConnection ( Socket client ) throws SocketException { this.client = client; setPriority( NORM_PRIORITY - 1 ); } public void run( ) { try { BufferedReader in = new BufferedReader( new InputStreamReader(client.getInputStream( ), "8859_1" )); OutputStream out = client.getOutputStream( ); PrintWriter pout = new PrintWriter( new OutputStreamWriter(out, "8859_1"), true ); String request = in.readLine( ); System.out.println( "Request: "+request );

29 Stuart Fitz-Gerald (2005)29 Tiny HTTP Daemon (ctd. 2) StringTokenizer st = new StringTokenizer( request ); if ((st.countTokens() >= 2)&& st.nextToken().equals("GET")){ if ( (request = st.nextToken( )).startsWith("/") ) request = request.substring( 1 ); if ( request.endsWith("/") || request.equals("") ) request = request + "index.html"; try { FileInputStream fis = new FileInputStream ( request ); byte [] data = new byte [ fis.available( ) ]; fis.read( data ); out.write( data ); out.flush( ); } catch ( FileNotFoundException e ) { pout.println( "404 Object Not Found" ); } } else pout.println( "400 Bad Request" ); client.close( ); } catch ( IOException e ) {System.out.println( "I/O error " + e ); } }

30 Stuart Fitz-Gerald (2005)30 Web Programming Example URL class Applets Web Client Application (talking to CGI prog. with GET or POST) Servlets

31 Stuart Fitz-Gerald (2005)31 HelloClient Servlet //file: HelloClient.java import java.io.*; import javax.servlet.ServletException; import javax.servlet.http.*; public class HelloClient extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // must come first response.setContentType("text/html"); PrintWriter out = response.getWriter( ); out.println( " Hello Client" + " " + " Hello Client " + " " ); out.close( ); } See ShoppingCart servlet on p. 355 of Learning Java

Download ppt "Java Security and the Java 2 Platform Stuart Fitz-Gerald With thanks to Chris Reade Java Security Java 2 Platform (overview) Network Examples with Sockets."

Similar presentations

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 16 Secure Coding in Java and.NET Part 1: Fundamentals.

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 16 Secure Coding in Java and.NET Part 1: Fundamentals.
Java Network Programming Vishnuvardhan.M. Dept. of Computer Science - SSBN Java Overview Object-oriented Developed with the network in mind Built-in exception.

Java Network Programming Vishnuvardhan.M. Dept. of Computer Science - SSBN Java Overview Object-oriented Developed with the network in mind Built-in exception.
Java Applet Security Diana Dong CS 265 Spring 2004.

Java Applet Security Diana Dong CS 265 Spring 2004.
Java security (in a nutshell)

Java security (in a nutshell)
Java Virtual Machine (JVM). Lecture Objectives Learn about the Java Virtual Machine (JVM) Understand the functionalities of the class loader subsystem.

Java Virtual Machine (JVM). Lecture Objectives Learn about the Java Virtual Machine (JVM) Understand the functionalities of the class loader subsystem.
Introduction to JAVA Vijayan Sugumaran School of Business Administration Oakland University Rochester, MI 48309.

Introduction to JAVA Vijayan Sugumaran School of Business Administration Oakland University Rochester, MI
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Lab Information Security Using Java (Review) Lab#0 Omaima Al-Matrafi.

Lab Information Security Using Java (Review) Lab#0 Omaima Al-Matrafi.
Lab#1 (14/3/1431h) Introduction To java programming cs425

Lab#1 (14/3/1431h) Introduction To java programming cs425
Introduction to Java Kiyeol Ryu Java Programming Language.

Introduction to Java Kiyeol Ryu Java Programming Language.
Remote Method Invocation Chin-Chih Chang. Java Remote Object Invocation In Java, the object is serialized before being passed as a parameter to an RMI.

Remote Method Invocation Chin-Chih Chang. Java Remote Object Invocation In Java, the object is serialized before being passed as a parameter to an RMI.
1 Java Networking – Part I CS 236607, Spring 2008/9.

1 Java Networking – Part I CS , Spring 2008/9.
Programming Applets How do Applets work ? This is an HTML page This is the applet’s code It has a link to an applet.

Programming Applets How do Applets work ? This is an HTML page This is the applet’s code It has a link to an applet.
JVM-1 Java Virtual Machine Reading Assignment: Chapter 1: All Chapter 3: Sections.

JVM-1 Java Virtual Machine Reading Assignment: Chapter 1: All Chapter 3: Sections.
JVM-1 Introduction to Java Virtual Machine. JVM-2 Outline Java Language, Java Virtual Machine and Java Platform Organization of Java Virtual Machine Garbage.

JVM-1 Introduction to Java Virtual Machine. JVM-2 Outline Java Language, Java Virtual Machine and Java Platform Organization of Java Virtual Machine Garbage.
Introduction to Servlet & JSP

Introduction to Servlet & JSP
Unit 061 Java Virtual Machine (JVM) What is Java Virtual Machine? The Class Loader Subsystem Linking oVerification oPreparation oResolution Class Initialization.

Unit 061 Java Virtual Machine (JVM) What is Java Virtual Machine? The Class Loader Subsystem Linking oVerification oPreparation oResolution Class Initialization.
Java Server and Servlet CS616 Team 9 Kim Doyle, Susan Kroha, Arunima Palchowdhury, Wei Xu.

Java Server and Servlet CS616 Team 9 Kim Doyle, Susan Kroha, Arunima Palchowdhury, Wei Xu.
1 Software Testing and Quality Assurance Lecture 31 – SWE 205 Course Objective: Basics of Programming Languages & Software Construction Techniques.

1 Software Testing and Quality Assurance Lecture 31 – SWE 205 Course Objective: Basics of Programming Languages & Software Construction Techniques.
Session-02. Objective In this session you will learn : What is Class Loader ? What is Byte Code Verifier? JIT & JAVA API Features of Java Java Environment.

Session-02. Objective In this session you will learn : What is Class Loader ? What is Byte Code Verifier? JIT & JAVA API Features of Java Java Environment.

Similar presentations

Ads by Google