Java Security

Java Security David A. Wheeler [email_address] (703) 845-6662 April 24, 2000

Outline ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

What’s Java? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Compiler Source code Class files Virtual Machine Libraries Typical Use User Developer

Java Modes of Use ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Language ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Virtual Machine (VM) and Class File Format ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Libraries ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Class and Method Access Control Modifiers

Implications of Java Basics ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Notes on Java Implementations ,[object Object],[object Object],[object Object],[object Object],[object Object]

Java: Caught in Political Cross-fire ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java: Current Political Situation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Security-Related Capabilities (1 of 2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Security-Related Capabilities (2 of 2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java 1.0 Security Policy ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

SecurityManager ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Bytecode Verifier ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

ClassLoader ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Archive (JAR) Format (1.1) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Cryptography Architecture (Added in 1.1) ,[object Object],[object Object],[object Object],[object Object]

Problems with 1.0 through 1.1 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Netscape Extensions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Microsoft Extensions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Security-Related Capabilities in Java 2 (SDK 1.2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Sample Fine-Grained Security Policy for One User

Java 2: Each Class Has A ProtectionDomain Class1 ClassLoader1 Policy Instance1 Instance2 Class2 1 ... ... 1 1 1 Asks ProtectionDomain1 PermissionCollection CodeSource ProtectionDomain2 PermissionCollection CodeSource

ProtectionDomain Class ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

CodeSource Class ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Policy Class ,[object Object],[object Object],[object Object]

How a Class and ProtectionDomain Are Loaded ,[object Object],[object Object],[object Object],[object Object],[object Object]

Java 2 Runtime Security Check Algorithm ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Examples of Algorithm At Work ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Context ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Algorithm Implications ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Warning: Don’t Mix Protected Variables and Permission Checks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Permission Class ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Permission Subclasses: FilePermission Class ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Permission Subclasses: SocketPermission ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Permission Subclasses: PropertyPermission ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Permission Subclasses: Other Permission Subclasses ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

SecurityManager Changes ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

GuardedObject (1 of 3) ,[object Object],[object Object],requesting class GuardedObject Guard object-to-guard getObject() 2 checkGuard() 3 reply with object-to- guard 1

GuardedObject (2 of 3) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

GuardedObject (3 of 3) ,[object Object],[object Object],[object Object],[object Object]

Java Cryptography Architecture (JCA) Changes in 1.2 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Cryptography Extension (JCE) ,[object Object],[object Object],[object Object],[object Object]

Other Areas In Development: JSSE and JAAS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Past Java Security Breaches (1 of 2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Past Java Security Breaches (2 of 2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Malicious Applets (Staying Within the Sandbox) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Advantages ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Security Disadvantages (1 of 3) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Security Disadvantages (2 of 3) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Security Disadvantages (3 of 3) ,[object Object],[object Object],[object Object],[object Object]

Key Points ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Useful References ,[object Object],[object Object],[object Object]

Useful Websites ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

About this Briefing ,[object Object],[object Object],[object Object],[object Object]

Java Naming and Directory Interface (JNDI) ,[object Object],[object Object],Application JNDI Impl. Manager Service API SPI

Java Card (Smart Cards) ,[object Object],[object Object],[object Object],[object Object],[object Object]

Java Security

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Java Security

Similaire à Java Security (20)

Plus de elliando dias

Plus de elliando dias (20)

Dernier

Dernier (20)

Java Security