Java Security Model GS: Ch. 7

1
Java Security Model(GS Ch. 7)
2
Topics

• Basics of Java Security Model
• Cryptographic Signatures
• Permissions
• Customized Permissions

3
Basics of Java Security Model

• Java 2 security is policy-based.
• The policy defined in java.policy file controls
  the resources that Java codes have access to.
• Codesource codebase signer
• codebase The location that the code comes from,
  either locally or from a remote site.
• signer the entity that signed the code in
  question

4
Basics of Java Security Model

• Permissions specific actions that a codesource
  is allowed to take (e.g., access a file, connect
  to a machine)
• Types of Java codes
• Java applications
• Java applets
• Java servlets
• Java beans, JEB

5
Managing Cryptographic Signatures

• Tools provided by Sun keytool jarsigner
  policytool
• keytool (pp. 157-161)
• An application that ships with JDK
• It manages keystores and can create certificates.
• It replaces javakey, found in Java 1.1.
• Note Keystores are linked to the provider (e.g.,
  Suns JCA provider). A keystore file generated
  by one provider will not work with a keystore
  file generated by another provider.

6
Managing Cryptographic Signatures

• jarsigner
• A signing and verification tool for Java archive
  (JAR) files
• Attaches a specific signer to a specific set of
  codes
• Usage jarsigner options jar-file alias
• jarsigner -verify options jar-file
• -keystore lturlgt keystore location
• -storepass ltpasswordgt password for
  keystore integrity
• -storetype lttypegt keystore type
• -keypass ltpasswordgt password for
  private key (if different)
• -sigfile ltfilegt name of .SF/.DSA
  file
• -signedjar ltfilegt name of signed JAR
  file
• -verify verify a signed JAR
  file
• ...

7
Managing Cryptographic Signatures

• Jarsigner
• It signs JAR files.
• It verifies signatures on JAR files.
• JAR (Java Archive) a .zip file that supports
  signatures.
• To sign a JAR file
• You must have a private key and a certificate in
  your keystore.
• For your signed JAR file to be verifiable by
  others
• Your certificate must be signed by a CA.

8
Managing Cryptographic Signatures

• A signed JAR file allows the user to determine
  whether the Java codes contained in the JAR can
  be trusted or not.
• Applets are usually signed, if extra permissions
  (beyond those defined as defaults) need to be
  granted.
• In Java 1.2.1 or higher, every class within the
  same package inside a signed JAR must be signed
  by the same certificate. Q Why is this
  important?

9
Managing Cryptographic Signatures

• Steps in signing a JAR file
• Use jar to create a JAR file out of the .class
  file(s).
• Use keytool to generate a keypair.
• Use jarsigner to sign the JAR file with the
  private key and the certificate.
• To verify a signed JAR file jarsigner verify
• Example usage p.179

10
Managing Cryptographic Signatures

• When a JAR is signed, it is not the JAR itself
  that is signed, but some or all of the files it
  contains.
• A signed JAR contains three files
• The manifest (HelloWorld.mf)
• The signature file (HelloWorld.sf)
• The digital signature file (HelloWorld.dsf)

11
Managing Cryptographic Signatures

• To view the content of a JAR file
• Use jar command
• gt jar tvf HelloWorld.jar
• 140 Wed Mar 19 102224 CST 2003
  META-INF/MANIFEST.MF
• 193 Wed Mar 19 102224 CST 2003
  META-INF/EXAMPLES.SF
• 1013 Wed Mar 19 102224 CST 2003
  META-INF/EXAMPLES.DSA
• 0 Wed Mar 19 101358 CST 2003 META-INF/
• 426 Wed Mar 19 101330 CST 2003
  HelloWorld.class
• Use winzip or something like that

12
Managing Permissions

• The Java security manager handles the checking of
  permissions as needed.
• The default implementation java.lang.SecurityMana
  ger, which can be sub-classed or overwritten if
  necessary.
• Java enforces security by asking the security
  manager for permissions before taking any action
  that is considered potentially unsafe.

13
Managing Permissions

• Permissions are defined in the java.policy file,
  which is stored in JAVA_HOME/jre/lib/security/jav
  a.policy.
• Two ways to edit java.policy file
• Manually by using a text editor
• Use policytool, which is a GUI tool for editing
  Java security policies (See examples on
  pp.188-189)
• An example pp.182, 187 (FileWriteTest.java)

14
Managing Permissions

• The syntax for the grant command in java.policy
  file
• grant signedBy signer_names, codeBase URL
• permission permission_class_name target_name,
  action, signedBy signer_names
• See sample listing on pp.183-184.
• More samples on p.186.

15
Managing Permissions

• Default permission classes in Java p.190
• AllPermission
• BasicPermission
• FilePermission
• SocketPermission
• Subclasses of BasicPermission
• AudioPermission, AWTPermission, NetPermission,

16
Managing Permissions

• Customized Permissions
• You may want to restrict access to certain
  classes based on the callers codesource.
• To prevent untrusted codes from calling some
  sensitive classes.
• An example (p.191) extending BasicPermission by
  creating a subclass.

17
Managing Permissions

• Customized Permissions Example
• gt java -cp SecretWordTest.jar -Djava.security.mana
  ger -Djava.security.policySecretWord.policy
  SecretWordTest
• The secret word is ossifrage

18
Managing Permissions

• Security properties for the JVM are defined in
  the java.security file, which is stored in
  JAVA_HOME/jre/lib/security/java.security.
• Security providers, policy provider, keystore
  type, etc. (pp.194-195)

19
Next

• Team Presentations
• SSL (GS 9)
• Applet security (GS 7)
• Servlets security (GS 8)