Upload
prabath-siriwardena
View
521
Download
2
Embed Size (px)
DESCRIPTION
Deep dive into Java security architecture
Citation preview
Java Platform Security – Deep Dive
Prabath Siriwardena
Twitter : @prabath
• Provide the Java platform as a secure, ready-built platform on which to run Java-enabled applications in a secure fashion.
• Provide security tools and services implemented in the Java programming language that enable a wider range of security-sensitive applications, for example, in the enterprise world.
Objectives
A Secured Platform
Byte Code Verifier
• Variables are initialized before they are used.• Method calls match the types of object
references.• Rules for accessing private data and methods are
not violated.• Local variable accesses fall within the runtime
stack.• The runtime stack does not overflow.
Java Sandbox Model
Java Sandbox Model
Java Sandbox Model
Java Security Manager
Java Security Manager
• To create a sandbox environment for a given Java application Java Security Manager must be engaged.
• System.setSecurityManager(new SecurityManager());
• java –Djava.security.SecurityManager MainClass
Policy Based Access Controlling
• If no policy is explicitly specified Java Security Manager uses its default security policy.
• The location of the default security policy is picked from JAVA_HOME/lib/security/java.security file.# The default is to have a single system-wide policy
file,# and a policy file in the user's home directory.policy.url.1=file:${java.home}/lib/security/java.policypolicy.url.2=file:${user.home}/.java.policy
Java Security Policy
• By default everything is denied!• Explicitly grants permissions for the code in
execution.• Permission = Resource (Target) + Action
grant { permission java.io.FilePermission “mytext.txt",
"read,write”;};
Java Security Policy
• Java Security Manager reads the security policy.
• java –Djava.security.SecurityManager –Djava.security.policy=mypolicy.policy MainClass
• java –Djava.security.SecurityManager –Djava.security.policy==mypolicy.policy MainClass
• System.setProperty(“java.security.policy”,”mypolicy.policy”);
System.setSecurityManager(new SecurityManager());
Permissions
Permissions
Syntax :
permission className targetName actionList
Java.io.FilePermission
Target:
File Name
Action List:
read, write, execute, delete
java.net.SocketPermission
Target:
Address:Port_Or_PortRange
Action List:
accept, connect, listen, resolve
java.util.PropertyPermission
Target:
Property Name
Action List:
read, write
java.lang.RuntimePermission
Target: createClassLoadergetClassLoadersetContextClassLoaderenableContextClassLoaderOverridecreateSecurityManagersetSecurityManagerexitVMgetenv.variableNameshutdownHookssetFactorysetIOmodifyThreadstopThreadmodifyThreadGroupgetProtectionDomainreadFileDescriptorwriteFileDescriptorloadLibrary.libraryNameaccessClassInPackage.packageNamedefineClassInPackage.packageNameaccessDeclaredMembers.classNamequeuePrintJobgetStackTracesetDefaultUncaughtExceptionHandlerpreferencesusePolicy
java.lang.AWTPermission
Target: showWindowWithoutWarningBanneraccessClipboardaccessEventQueuecreateRobotfullScreenExclusivelistenToAllAWTEventsreadDisplayPixelsreplaceKeyboardFocusManagerwatchMousePointersetWindowAlwaysOnTopsetAppletStub
java.lang.NetPermission
Target: setDefaultAuthenticatorspecifyStreamHandlerrequestPasswordAuthenticationsetProxySelectorgetProxySelectorsetCookieHandlergetCookieHandlersetResponseCachegetResponseCache
java.lang.reflect.ReflectPermission
Target:
suppressAccessChecks
java.io.SerializablePermission
Target:
enableSubclassImplementationenableSubstitution
java.security.SecurityPermission
Target: createAccessControlContextgetDomainCombinergetPolicysetPolicygetProperty.keyNamesetProperty.keyNameinsertProvider.providerNameremoveProvider.providerNamesetSystemScopesetIdentityPublicKeysetIdentityInfoaddIdentityCertificateremoveIdentityCertificateprintIdentityclearProviderProperties.providerNameputProviderProperty.providerNameremoveProviderProperty.providerNamegetSignerPrivateKeysetSignerKeyPair
java.security.AllPermission
Target:
(none)
Action List:
(none)
javax.security.auth.AuthPermission
Target: doAsdoAsPrivilegedgetSubjectgetSubjectFromDomainCombinersetReadOnlymodifyPrincipalsmodifyPublicCredentialsmodifyPrivateCredentialsrefreshCredentialdestroyCredentialcreateLoginContext.contextNamegetLoginConfigurationsetLoginConfigurationrefreshLoginConfiguration
javax.audio.AudioPermission
Target:
playrecord
Action List:(none)
java.uitil.logging.LoggingPermission
Target:
control
Action List:
(none)
java.sql.SQLPermission
Target:
setLog
Action List:
(none)
Fine-grained Access Control
• Based on the location of the code • Based on the trust (code has to be signed)• Based on the user who runs the code
Fine-grained Access Control
• Based on the location of the code grant codeBase "file:${my.code.base}/-" { permission java.security.AllPermission;};
grant codeBase "file://java-security/org.wso2.java.security/-" { permission java.security.AllPermission;};
grant codeBase "file:${java.ext.dirs}/*" {permission java.security.AllPermission;
};
grant codeBase "file:${java.home}/lib/ext/area.jar" { permission java.io.PropertyPermission "user.home”,"read"; permission java.io.FilePermission "${user.home}${/}test${/}*", "write";};
Fine-grained Access Control
• Based on the user who runs the code
grant principal com.sun.security.auth.UnixPrincipal "prabath" { permission java.security.AllPermission;};
grant principal javax.security.auth.x500.X500Principal "cn=Alice" { permission java.io.FilePermission "/home/Alice", "read, write";};
Fine-grained Access Control
• Based on the trust (code has to be signed)
grant signedBy "wso2carbon" { permission java.security.AllPermission;};
keystore "file:///java-security/org.wso2.java.security/wso2carbon.jks";keystorePasswordURL "file:///org.wso2.java.security/wso2carbon.pwd";
Fine-grained Access Control
• Combinations
grant signedBy "wso2carbon" , codeBase "file://java-security/org.wso2.java.security/-" , principal com.sun.security.auth.UnixPrincipal "prabath" { permission java.security.AllPermission;};
keystore "file:///java-security/org.wso2.java.security/wso2carbon.jks";keystorePasswordURL "file:///org.wso2.java.security/wso2carbon.pwd";
Extending Java Security Platform
• Allow to read all the system properties except java.home ?
• Tom can access the getBeer() method only if he is older then 21 year?
Thank You…!!!