security incubator - current status and future plan
DESCRIPTION
Security Incubator - Current Status and Future Plan. Tom Watson – IBM Lotus. Long term mission. Provide a range of signature-based code authorization solutions Allow deployers to trade security/complexity vs. performance - PowerPoint PPT PresentationTRANSCRIPT
© 2002 IBM Corporation
Confidential | Date | Other Information, if necessary© Copyright 2007 IBM Corp. ; made available under Creative Commons Att. Nc Nd 2.5 license
Security Incubator - Current Status and Future Plan
Tom Watson – IBM Lotus
The Equinox Project © Copyright 2007 IBM Corp.; made available under Creative Commons Att. Nc Nd 2.5 license
Long term mission
Provide a range of signature-based code authorization solutions Allow deployers to trade security/complexity vs. performance
Decision points include install-time (current), bundle load-time, and code run-time (Java2 permissions)
Provide an integrated user authentication framework Platform login configuration and lifecycle
Provide mechanisms for user credential management Manage trusted roots, private keys, passwords, etc
Enabled through Java security provider architecture wherever appropriate (KeyStore, CertStore, etc) within a dynamic OSGi environment
http://www.eclipse.org/equinox/incubator/security/
The Equinox Project © Copyright 2007 IBM Corp.; made available under Creative Commons Att. Nc Nd 2.5 license
Quick Overview: Signed code
Java JarFiles can support signatures over their contents Java's SecureClassloader validated signatures via the JarFile API Equinox provides its own signature checking engine
Check signatures and verify content at install-time and optionally at load-time
Disable bundles which are not trusted The Java SecurityManager can then use the signer information to enforce checkPermission()
calls at run-time (ConditionalPermissionAdmin using BundleSignerCondition) Additional complexity inserting doPrivileged() calls
Supports “Principle of least privilege”
Classic example: access to log api, log file access wrapped in a doPrivileged call so that all callers do not need permission to access the specific file (only the logger signer does)
Tooling is needed to help developers write “secure” code
The Equinox Project © Copyright 2007 IBM Corp.; made available under Creative Commons Att. Nc Nd 2.5 license
Quick Overview: JAAS
Java Authentication and Authorization Service Generic and pluggable
I.e.: application code can be agnostic of authentication mechanism Stackable login support
Enables single sign-on, password expiration, etc Externalized configuration
Authentication mechanism not hard-wired into application Enforces a clear separation between backend and user interface
'LoginModule' classes implement authentication
I.e.: KeyStore, LDAP, Notes ID File 'CallbackHandler' classes implement user interface
Use 'LoginContext' object to login JAAS 'Subject' is result, contains user's names and credentials
Extends standard permission model to do user-based permissions
The Equinox Project © Copyright 2007 IBM Corp.; made available under Creative Commons Att. Nc Nd 2.5 license
Quick Overview: JCA
Java Cryptography Architecture Allows pluggable implementations of cryptographic engines
Traditional:
MessageDigest (MD5,SHA-1,etc) Cipher (3DES, AES, etc)
Other:
KeyStore (JKS,JCEKS,PKCS12) CertStore (LDAP,etc)
Bootstrapped by 'java.security' file in JRE Lists 'Providers' which contribute services
Accessed via the java.security.Security object
For example:
KeyStore.getInstance(“JKS”) asks Security object for a provider that implements the 'JKS' type of the 'KeyStore' algorithm
The Equinox Project © Copyright 2007 IBM Corp.; made available under Creative Commons Att. Nc Nd 2.5 license
Current 3.4 Plan
Support Provider Framework (199330) JCA implementations from bundles (153843)
Viewing and editing security configuration (196359) Support User Authentication (153850) Support for Signature checking at bundle load-time (153847)
Signature check, policy callout, alert UI User Credential Management in support of load-time (153851)
Trust model (cacerts/.keystore), Manage trust roots, etc
The Equinox Project © Copyright 2007 IBM Corp.; made available under Creative Commons Att. Nc Nd 2.5 license
Current 3.4 Status
Provider work relatively complete in HEAD o.e.e.security.provider-feature
o.e.e.security.provider o.e.e.security.boot.jre15x o.e.e.security.boot.jre14x (needs more work:)
Login framework and sample available o.e.e.security.auth
o.e.e.security.sample Junit tests available to exercise provider
o.e.e.security.junit M1 demo available at Equinox site
http://www.eclipse.org/equinox/incubator/security/releases/3.4.0/update.php?target=M1 M2 closes on Sept. 28th
The Equinox Project © Copyright 2007 IBM Corp.; made available under Creative Commons Att. Nc Nd 2.5 license
Areas to get involved
User Authentication How to integrate into product lifecycle?
What to use for authorization? Bundles? Extensions?
How to integrate into core concepts? Bundles? Jobs? Credential Management
Trust management for SSL connections?
Consistent look & feel security alert UI? Trust for provisioning-based signature checking?
How is it managed (Trust model, UI, etc)? How does it mesh with load-time (same trust model?)?
The Equinox Project © Copyright 2007 IBM Corp.; made available under Creative Commons Att. Nc Nd 2.5 license
Questions