csci5931 web security1 java security model (gs: ch. 7)
TRANSCRIPT
csci5931 Web Security 1
Java Security Model(GS: Ch. 7)
csci5931 Web Security 2
Topics
A. Basics of Java Security Model
B. Cryptographic Signatures
C. Permissions
Customized Permissions
csci5931 Web Security 3
Basics of Java Security Model
Java 2 security is policy-based.
The policy defined in java.policy file controls the
resources that Java codes have access to.
Codesource = codebase + signer
codebase: The location that the code comes from,
either locally or from a remote site.
signer: the entity that signed the code in question
csci5931 Web Security 4
Basics of Java Security Model
Permissions: specific actions that a codesource
is allowed to take (e.g., access a file, connect to
a machine)
Types of Java codes:
Java applications
Java applets
Java servlets
Java beans, JEB
csci5931 Web Security 5
Managing Cryptographic Signatures
Tools provided by Sun: keytool jarsigner
policytool
keytool (pp. 157-161):
An application that ships with JDK
It manages keystores and can create certificates.
It replaces javakey, found in Java 1.1.
Note: Keystores are linked to the provider (e.g., Sun’s JCA
provider). A keystore file generated by one provider will not
work with a keystore file generated by another provider.
csci5931 Web Security 6
Managing Cryptographic Signatures jarsigner
A signing and verification tool for Java archive (JAR) files
Attaches a specific signer to a specific set of codes
Usage: jarsigner [options] jar-file alias
jarsigner -verify [options] jar-file
[-keystore <url>] keystore location
[-storepass <password>] password for keystore integrity
[-storetype <type>] keystore type
[-keypass <password>] password for private key (if different)
[-sigfile <file>] name of .SF/.DSA file
[-signedjar <file>] name of signed JAR file
[-verify] verify a signed JAR file
...
csci5931 Web Security 7
Managing Cryptographic Signatures
Jarsigner
(a) It signs JAR files.
(b) It verifies signatures on JAR files.
JAR (Java Archive): a .zip file that supports signatures.
To sign a JAR file:
You must have a private key and a certificate in your keystore.
For your signed JAR file to be verifiable by others:
Your certificate must be signed by a CA.
csci5931 Web Security 8
Managing Cryptographic Signatures
A signed JAR file allows the user to determine whether
the Java codes contained in the JAR can be trusted or
not.
Applets are usually signed, if extra permissions (beyond
those defined as defaults) need to be granted.
In Java 1.2.1 or higher, every class within the same
package inside a signed JAR must be signed by the same
certificate. Q: Why is this important?
csci5931 Web Security 9
Managing Cryptographic Signatures
Steps in signing a JAR file:
A. Use jar to create a JAR file out of the .class file(s).
B. Use keytool to generate a keypair.
C. Use jarsigner to sign the JAR file with the private key and the
certificate.
To verify a signed JAR file: jarsigner –verify …
Example usage: p.179
csci5931 Web Security 10
Managing Cryptographic Signatures
When a JAR is signed, it is not the JAR itself that is
signed, but some or all of the files it contains.
A signed JAR contains three files:
The manifest (HelloWorld.mf)
The signature file (HelloWorld.sf)
The digital signature file (HelloWorld.dsf)
csci5931 Web Security 11
Managing Cryptographic Signatures
To view the content of a JAR file:
Use jar command> jar tvf HelloWorld.jar
140 Wed Mar 19 10:22:24 CST 2003 META-INF/MANIFEST.MF
193 Wed Mar 19 10:22:24 CST 2003 META-INF/EXAMPLES.SF
1013 Wed Mar 19 10:22:24 CST 2003 META-INF/EXAMPLES.DSA
0 Wed Mar 19 10:13:58 CST 2003 META-INF/
426 Wed Mar 19 10:13:30 CST 2003 HelloWorld.class
Use winzip or something like that
csci5931 Web Security 12
Managing Permissions
The Java security manager handles the checking of
permissions as needed.
The default implementation: java.lang.SecurityManager,
which can be sub-classed or overwritten if necessary.
Java enforces security by asking the security manager
for permissions before taking any action that is
considered potentially unsafe.
csci5931 Web Security 13
Managing Permissions
Permissions are defined in the java.policy file, which is
stored in $JAVA_HOME/jre/lib/security/java.policy.
Two ways to edit java.policy file:
A. Manually by using a text editor
B. Use policytool, which is a GUI tool for editing Java security
policies (See examples on pp.188-189)
An example: pp.182, 187 (FileWriteTest.java)
csci5931 Web Security 14
Managing Permissions
The syntax for the grant command in java.policy
file:grant signedBy “signer_names”, codeBase “URL” {
permission permission_class_name “target_name”, “action”, signedBy
“signer_names”;
…
}
See sample listing on pp.183-184.
More samples on p.186.
csci5931 Web Security 15
Managing Permissions
Default permission classes in Java: p.190
AllPermission
BasicPermission
FilePermission
SocketPermission
Subclasses of BasicPermission:
AudioPermission, AWTPermission, NetPermission, …
csci5931 Web Security 16
Managing Permissions
Customized Permissions:
You may want to restrict access to certain classes based
on the caller’s codesource.
To prevent untrusted codes from calling some sensitive
classes.
An example (p.191): extending BasicPermission by
creating a subclass.
csci5931 Web Security 17
Managing Permissions
Customized Permissions: Example> java -cp SecretWordTest.jar -Djava.security.manager -
Djava.security.policy=SecretWord.policy SecretWordTest
The secret word is: ossifrage
csci5931 Web Security 18
Managing Permissions
Security properties for the JVM are defined in the java.security
file, which is stored in
$JAVA_HOME/jre/lib/security/java.security.
Security providers, policy provider, keystore type, etc. (pp.194-
195)
csci5931 Web Security 19
Next
Team Presentations SSL (GS: 9) Applet security (GS: 7) Servlets security (GS: 8) …