Overview
- Java features extensive security architecture
- Features:
- Platform Security
- Authentication and Access Control
- Signing
1) Platform Security
- Safe and secury platform for running applications.
- In addition to strong datatyping and automatic memory
handling, Java features also:
- Secure class loading
- Bytecode verification
1) Platform Security » Class Loader
- JVM uses class loaders to load classes.
- Only necessary classes will be load
- Is responsible of
- Ensuring that the class is properly named
- Local classes are loaded preference to remote ones
- All loaded classes are cached
- It is possible to write your own class loader!
- To make additional safety checks or encrypt your classes
1) Platform Security » Class Loader
class MyClassLoader extends ClassLoader {
@overrides
protected synchronized Class loadClass(String name, boolean resolve) { ... }
}
...
ClassLoader loader = new MyClassLoader();
Class myClass = loader.loadClass("ClassName");
1) Platform Security » Bytecode Verification
- JRE checks that the Java code follows safety rules.
- Bytecode verifier checks partly the same things that
the compiler did... why?
- If you didn't compile the code, it is possible that someone
made changes to the compiled bytecode.
1) Platform Security » Bytecode Verification
2) Authentication and Access control
- Java Authentication and Authorization Service (JAAS), API
- For authentication and authorization of users (permissions)
- Security Manager and Policy files
- Controlling what application can and cannot do
2) Access control » Security Manager
- When the class is loaded, security manager checks that
the application is doing only permitted things.
- If there is a problem, security manager throws
AccessControlException
- By default, everything is allowed!
- Setting a security manager
System.setSecurityManager( new SecurityManager() ); orjava -Djava.security.manager MyApp
2) Access control » Policy Files
- Security Manager gets permissions from policy files
- In policy file, programmer determines what the app is allowed
to do
- SecurityManager reads permissions from Policy - objects. Policy-
objects loads permission information from policy - textfiles.
- Loading application with policy file:
Java D-java.security.policy==my.policy Application
2) Access control » Policy File, general form
[keystore "url" [, "type"] [,"provider"]]
grant [signedBy "signer"] [, codeBase "url"] {
permission className ["targetName"] [,"actionList"];
permission className ["targetName"] [,"actionList"];
...
};
2) Access control » Policy Files (examples)
// If the code is signed by "Duke", grant it read/write access to all
// files in /tmp:
grant signedBy "Duke" {
permission java.io.FilePermission "/tmp/*", "read,write";
};
// Code that was run from c:/temp can write to path /mydocuments/
grant codebase "file:c:/temp/" {
permission java.io.FilePermission "/mydocuments/*", "write";
};
See Policy File syntax
3) Signing » Message Digest
- To ensure that the given application came from
secure vendor.
- Message Digest is a "digital fingerprint" calculated
from some data, for example: compiled bytecode
- Calculate message digest from MyApp.class
- Send MyApp.class and calculated message digest to the
client
- Client calculates also the message digest from MyApp.class.
If the message digests are the same, everything is ok.
3) Signing » Picture
3) Cryptography » Using Message Digest
MessageDigest makedigest = MessageDigest.getInstance("SHA-1");
FileInputStream input = new FileInputStream("data.dat");
int readbyte;
while( ( readbyte = input.read() ) != -1 ) {
makedigest.update( (byte) readbyte );
}
byte [] digest = makedigest.digest();
3) Signing » Digital Signing
- What if the some one gets hold of the
digest and application before they arrive at
the client?
3) Signing » Digital Signing
- Digital signing is used to ensure that the
application came from trusted vendor and it was not
modified
3) Signing » Digital Signing
import java.security.*;
import java.io.*;
class SecureDemo {
public static void main(String [] args) throws Exception {
// 1. create keys
SecureRandom myrandom = new SecureRandom();
byte[] seed = new byte[20];
myrandom.setSeed(seed);
KeyPairGenerator generator = KeyPairGenerator.getInstance("DSA");
generator.initialize(512, myrandom);
KeyPair keys = generator.generateKeyPair();
PrivateKey privateKey = keys.getPrivate();
PublicKey publicKey = keys.getPublic();
// 2. Create digest from MyApp
Signature mysignature = Signature.getInstance("DSA");
mysignature.initSign(privateKey);
int readbyte;
FileReader reader = new FileReader("MyApp.class");
while((readbyte = reader.read()) != -1) {
mysignature.update((byte) readbyte);
}
byte[] signature = mysignature.sign();
reader.close();
// 3. Client ensures the signature using the public - key
Signature ensure = Signature.getInstance("DSA");
ensure.initVerify(publicKey);
FileReader reader2 = new FileReader("MyApp.class");
while((readbyte = reader2.read()) != -1) {
ensure.update((byte) readbyte);
}
boolean check = ensure.verify(signature);
System.out.println(check);
}
}
class MyApp {
public static void main(String [] args) {
System.out.println("Very secure app indeed!");
}
}
3) Signing » Certificates
- What if someone claims to be software vendor A and
sends you application and the location of the public
key?
- It's very easy to fake your identity in the internet
- Use third party certificates (VeriSign, Thawte etc).
- Third party verifies sender's identy!