Java Security

Java Security David A. Wheeler [email_address] (703) 845-6662 April 24, 2000

Outline ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

What’s Java? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Compiler Source code Class files Virtual Machine Libraries Typical Use User Developer

Java Modes of Use ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Language ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Virtual Machine (VM) and Class File Format ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Libraries ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Class and Method Access Control Modifiers

Implications of Java Basics ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Notes on Java Implementations ,[object Object],[object Object],[object Object],[object Object],[object Object]

Java: Caught in Political Cross-fire ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java: Current Political Situation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Security-Related Capabilities (1 of 2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Security-Related Capabilities (2 of 2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java 1.0 Security Policy ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

SecurityManager ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Bytecode Verifier ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

ClassLoader ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Archive (JAR) Format (1.1) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Cryptography Architecture (Added in 1.1) ,[object Object],[object Object],[object Object],[object Object]

Problems with 1.0 through 1.1 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Netscape Extensions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Microsoft Extensions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Security-Related Capabilities in Java 2 (SDK 1.2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Sample Fine-Grained Security Policy for One User

Java 2: Each Class Has A ProtectionDomain Class1 ClassLoader1 Policy Instance1 Instance2 Class2 1 ... ... 1 1 1 Asks ProtectionDomain1 PermissionCollection CodeSource ProtectionDomain2 PermissionCollection CodeSource

ProtectionDomain Class ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

CodeSource Class ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Policy Class ,[object Object],[object Object],[object Object]

How a Class and ProtectionDomain Are Loaded ,[object Object],[object Object],[object Object],[object Object],[object Object]

Java 2 Runtime Security Check Algorithm ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Examples of Algorithm At Work ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Context ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Algorithm Implications ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Warning: Don’t Mix Protected Variables and Permission Checks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Permission Class ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Permission Subclasses: FilePermission Class ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Permission Subclasses: SocketPermission ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Permission Subclasses: PropertyPermission ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Permission Subclasses: Other Permission Subclasses ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

SecurityManager Changes ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

GuardedObject (1 of 3) ,[object Object],[object Object],requesting class GuardedObject Guard object-to-guard getObject() 2 checkGuard() 3 reply with object-to- guard 1

GuardedObject (2 of 3) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

GuardedObject (3 of 3) ,[object Object],[object Object],[object Object],[object Object]

Java Cryptography Architecture (JCA) Changes in 1.2 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Cryptography Extension (JCE) ,[object Object],[object Object],[object Object],[object Object]

Other Areas In Development: JSSE and JAAS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Past Java Security Breaches (1 of 2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Past Java Security Breaches (2 of 2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Malicious Applets (Staying Within the Sandbox) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Advantages ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Security Disadvantages (1 of 3) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Security Disadvantages (2 of 3) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Java Security Disadvantages (3 of 3) ,[object Object],[object Object],[object Object],[object Object]

Key Points ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Useful References ,[object Object],[object Object],[object Object]

Useful Websites ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

About this Briefing ,[object Object],[object Object],[object Object],[object Object]

Java Naming and Directory Interface (JNDI) ,[object Object],[object Object],Application JNDI Impl. Manager Service API SPI

Java Card (Smart Cards) ,[object Object],[object Object],[object Object],[object Object],[object Object]

Java Security

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Java Security

Ähnlich wie Java Security (20)

Mehr von elliando dias

Mehr von elliando dias (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Java Security