deep dive into java security architecture

Java Platform Security – Deep Dive

Prabath Siriwardena

Twitter : @prabath

• Provide the Java platform as a secure, ready-built platform on which to run Java-enabled applications in a secure fashion.

• Provide security tools and services implemented in the Java programming language that enable a wider range of security-sensitive applications, for example, in the enterprise world.

Objectives

A Secured Platform

Byte Code Verifier

• Variables are initialized before they are used.• Method calls match the types of object

references.• Rules for accessing private data and methods are

not violated.• Local variable accesses fall within the runtime

stack.• The runtime stack does not overflow.

Java Sandbox Model

Java Sandbox Model

Java Sandbox Model

Java Security Manager

Java Security Manager

• To create a sandbox environment for a given Java application Java Security Manager must be engaged.

• System.setSecurityManager(new SecurityManager());

• java –Djava.security.SecurityManager MainClass

Policy Based Access Controlling

• If no policy is explicitly specified Java Security Manager uses its default security policy.

• The location of the default security policy is picked from JAVA_HOME/lib/security/java.security file.# The default is to have a single system-wide policy

file,# and a policy file in the user's home directory.policy.url.1=file:${java.home}/lib/security/java.policypolicy.url.2=file:${user.home}/.java.policy

Java Security Policy

• By default everything is denied!• Explicitly grants permissions for the code in

execution.• Permission = Resource (Target) + Action

grant { permission java.io.FilePermission “mytext.txt",

"read,write”;};

Java Security Policy

• Java Security Manager reads the security policy.

• java –Djava.security.SecurityManager –Djava.security.policy=mypolicy.policy MainClass

• java –Djava.security.SecurityManager –Djava.security.policy==mypolicy.policy MainClass

• System.setProperty(“java.security.policy”,”mypolicy.policy”);

System.setSecurityManager(new SecurityManager());

Permissions

Permissions

Syntax :

permission className targetName actionList

Java.io.FilePermission

Target:

File Name

Action List:

read, write, execute, delete

java.net.SocketPermission

Target:

Address:Port_Or_PortRange

Action List:

accept, connect, listen, resolve

java.util.PropertyPermission

Target:

Property Name

Action List:

read, write

java.lang.RuntimePermission

Target: createClassLoadergetClassLoadersetContextClassLoaderenableContextClassLoaderOverridecreateSecurityManagersetSecurityManagerexitVMgetenv.variableNameshutdownHookssetFactorysetIOmodifyThreadstopThreadmodifyThreadGroupgetProtectionDomainreadFileDescriptorwriteFileDescriptorloadLibrary.libraryNameaccessClassInPackage.packageNamedefineClassInPackage.packageNameaccessDeclaredMembers.classNamequeuePrintJobgetStackTracesetDefaultUncaughtExceptionHandlerpreferencesusePolicy

java.lang.AWTPermission

Target: showWindowWithoutWarningBanneraccessClipboardaccessEventQueuecreateRobotfullScreenExclusivelistenToAllAWTEventsreadDisplayPixelsreplaceKeyboardFocusManagerwatchMousePointersetWindowAlwaysOnTopsetAppletStub

java.lang.NetPermission

Target: setDefaultAuthenticatorspecifyStreamHandlerrequestPasswordAuthenticationsetProxySelectorgetProxySelectorsetCookieHandlergetCookieHandlersetResponseCachegetResponseCache

java.lang.reflect.ReflectPermission

Target:

suppressAccessChecks

java.io.SerializablePermission

Target:

enableSubclassImplementationenableSubstitution

java.security.SecurityPermission

Target: createAccessControlContextgetDomainCombinergetPolicysetPolicygetProperty.keyNamesetProperty.keyNameinsertProvider.providerNameremoveProvider.providerNamesetSystemScopesetIdentityPublicKeysetIdentityInfoaddIdentityCertificateremoveIdentityCertificateprintIdentityclearProviderProperties.providerNameputProviderProperty.providerNameremoveProviderProperty.providerNamegetSignerPrivateKeysetSignerKeyPair

java.security.AllPermission

Target:

(none)

Action List:

(none)

javax.security.auth.AuthPermission

Target: doAsdoAsPrivilegedgetSubjectgetSubjectFromDomainCombinersetReadOnlymodifyPrincipalsmodifyPublicCredentialsmodifyPrivateCredentialsrefreshCredentialdestroyCredentialcreateLoginContext.contextNamegetLoginConfigurationsetLoginConfigurationrefreshLoginConfiguration

javax.audio.AudioPermission

Target:

playrecord

Action List:(none)

java.uitil.logging.LoggingPermission

Target:

control

Action List:

(none)

java.sql.SQLPermission

Target:

setLog

Action List:

(none)

Fine-grained Access Control

• Based on the location of the code • Based on the trust (code has to be signed)• Based on the user who runs the code

Fine-grained Access Control

• Based on the location of the code grant codeBase "file:${my.code.base}/-" { permission java.security.AllPermission;};

grant codeBase "file://java-security/org.wso2.java.security/-" { permission java.security.AllPermission;};

grant codeBase "file:${java.ext.dirs}/*" {permission java.security.AllPermission;

};

grant codeBase "file:${java.home}/lib/ext/area.jar" { permission java.io.PropertyPermission "user.home”,"read"; permission java.io.FilePermission "${user.home}${/}test${/}*", "write";};

Fine-grained Access Control

• Based on the user who runs the code

grant principal com.sun.security.auth.UnixPrincipal "prabath" { permission java.security.AllPermission;};

grant principal javax.security.auth.x500.X500Principal "cn=Alice" { permission java.io.FilePermission "/home/Alice", "read, write";};

Fine-grained Access Control

• Based on the trust (code has to be signed)

grant signedBy "wso2carbon" { permission java.security.AllPermission;};

keystore "file:///java-security/org.wso2.java.security/wso2carbon.jks";keystorePasswordURL "file:///org.wso2.java.security/wso2carbon.pwd";

Fine-grained Access Control

• Combinations

grant signedBy "wso2carbon" , codeBase "file://java-security/org.wso2.java.security/-" , principal com.sun.security.auth.UnixPrincipal "prabath" { permission java.security.AllPermission;};

keystore "file:///java-security/org.wso2.java.security/wso2carbon.jks";keystorePasswordURL "file:///org.wso2.java.security/wso2carbon.pwd";

Extending Java Security Platform

• Allow to read all the system properties except java.home ?

• Tom can access the getBeer() method only if he is older then 21 year?

Thank You…!!!

prabath@wso2.com