Java Applet Security Diana Dong CS 265 Spring 2004.

Slides:

Advertisements

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu

Advertisements

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 16 Secure Coding in Java and.NET Part 1: Fundamentals.

CSci 1130 Intro to Computer Programming in Java

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Portability and Safety Mahdi Milani Fard Dec, 2006 Java.

COS 461 Fall 1997 The Web and Mobile Code u originally, the Web delivered documents u now becoming a platform for programs –universal GUI interface u today’s.

Java security (in a nutshell)

Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.

COEN 351: E-Commerce Security

Dan Sedlacek CTO, Systems Management Group Sterling Software Java Security and Encryption.

Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & ) Java Security on the Browser Java Security in the Enterprise.

Introduction to JAVA Vijayan Sugumaran School of Business Administration Oakland University Rochester, MI

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee

Lab#1 (14/3/1431h) Introduction To java programming cs425

The Java Language. Topics of this Course  Introduction to Java  The Java Language  Object Oriented Programming in Java  Exceptions Handling  Threads.

Attacking Malicious Code: A Report to the Infosec Research Council Kim Sung-Moo.

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

Java: History and Introduction (Lecture # 1). History… Java – Based on C and C++ – Developed in 1991 for intelligent consumer electronic devices – Green.

Introduction to Java Kiyeol Ryu Java Programming Language.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Administrivia Final exam: Wed, May 12, 3:00-5:00, in this room Q&A on it today Playoffs: Fri, May 14, noon-2:00, FEC 141 Post-class survey (anonymous)

Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.

Session 1 CS-240 Data Structures Binghamton University Dick Steflik.

Session-02. Objective In this session you will learn : What is Class Loader ? What is Byte Code Verifier? JIT & JAVA API Features of Java Java Environment.

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Java Security Updated May Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.

Intro to Java The Java Virtual Machine. What is the JVM  a software emulation of a hypothetical computing machine that runs Java bytecodes (Java compiler.

JAVA v.s. C++ Programming Language Comparison By LI LU SAMMY CHU By LI LU SAMMY CHU.

Introduction to Java CSIS 3701: Advanced Object Oriented Programming.

Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.

Introduction to Java Kumar Harshit. Objectives ( 목적지 ) At the end of the lesson, the student should be able to: ● Describe the features of Java technology.

Security in Java Sunesh Kumra S

Java Virtual Machine Java Virtual Machine A Java Virtual Machine (JVM) is a set of computer software programs and data structures that use.

1 IEEE LAN/ MAN Banf 1998 Open Java-Based Intelligent Agent Architecture for Adaptive Networking Devices Tal Lavian, Bay Architecture Lab

Java Introduction Lecture 1. Java Powerful, object-oriented language Free SDK and many resources at

Introduction to Java CSIS 3701: Advanced Object Oriented Programming.

Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)

Introduction to the Java Virtual Machine 井民全. JVM (Java Virtual Machine) the environment in which the java programs execute The specification define an.

1 Comp 104: Operating Systems Concepts Java Development and Run-Time Store Organisation.

University of Houston-Clear Lake Proprietary© 1997 Evolution of Programming Languages Basic cycle of improvement –Experience software difficulties –Theory.

Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.

Introduction and Features of Java. What is java? Developed by Sun Microsystems (James Gosling) A general-purpose object-oriented language Based on C/C++

Lecture :2 1.  DEFENTION : Java is a programming language expressly designed for use in the distributed environment of the Internet. It was designed.

Java 2 security model Valentina Casola. Components of Java the development environment –development lifecycle –Java language features –class files and.

CPRG 215 Introduction to Object-Oriented Programming with Java Module 1-Introduction to Java Topic 1.1 Basics of Java Produced by Harvey Peters, 2008 Copyright.

CS 7: Introduction to Computer Programming Java and the Internet Sections ,2.1.

Java Security Model For Mobile Code Abdo Achkar. Mobile Code A mobile object is a “self contained piece” of executable code. Definition:  Code that can.

Computer Programming 2 Why do we study Java….. Java is Simple It has none of the following: operator overloading, header files, pre- processor, pointer.

CT1513 Introduction To java © A.AlOsaimi.

Core Java Introduction Byju Veedu Ness Technologies httpdownload.oracle.com/javase/tutorial/getStarted/intro/definition.html.

1. An Introduction A Programming Language A Technology Java Development Kit Java API One Language: Three Editions Standard Edition Enterprise Edition.

Java JDBC API. A Java API To Access almost any kind of tabular data To Access almost any kind of tabular data Trademarked (not an acronym) Trademarked.

Java Security Session 19. Java Security / 2 of 23 Objectives Discuss Java cryptography Explain the Java Security Model Discuss each of the components.

Java – in context Main Features From Sun Microsystems ‘White Paper’

Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems.

Introduction to Programming 1 1 2Introduction to Java.

Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.

Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.

Applications Active Web Documents Active Web Documents.

Object Oriented Programming in

Before You Begin Nahla Abuel-ola /WIT.

Outline What does the OS protect? Authentication for operating systems

Java security (in a nutshell)

Introduction Enosis Learning.

Topic: Java Security Models

Outline What does the OS protect? Authentication for operating systems

Introduction Enosis Learning.

COSC Assignment 3 - Part 1 Java Security Susan Kovacs 19 April 2019 COSC Assignment 3 - Part 1.

M S COLLEGE ART’S, COMM., SCI. & BMS

Presentation transcript:

Java Applet Security Diana Dong CS 265 Spring 2004

The Problem Millions of users download Java applets everyday, sometimes without prior approval from the user How to ensure malicious applets will not wreak havoc on the local machine?

Sandbox Idea A place where Java applet code can be executed, but no areas outside of the sandbox can be accessed by the applet. Removes the responsibility of checking applet source from the user Ensures execution of malicious applet will not do damage to the local machine

Sandbox cont'd Sandbox prohibits: File system access Network access Creation of process Process acess

4 Major Components of the Sandbox Java Virtual Machine (JVM) built-in features Class loader Class file verifier Security manager

JVM Built-in Features Type-safe reference casting Structured memory access (no pointers) Automatic garbage collection (can't explicitly free allocated memory) Array bounds checking

Class Loader Responsible for importing binary data that defines the running program's classes and interfaces Two types of class loaders: primordial class loader and class loader objects

Class Loader cont'd Primordial class loader loads trusted classes, such as the Java API. Classes that are loaded this way becomes part of the JVM. Class loader objects are untrusted objects loaded into the JVM and instantiated like any other object

Class Loader cont'd

How does it protect? Prevents malicious code from interfering with benevolent code – namespace. Classes are loaded into its own namespace. No access to other classes outside of its own namespace. It guards the borders of the trusted class libraries. Customizable.

Class Verifier Checks the integrity of the class file to ensure no illegal bytecodes have been added Uses built-in theorem prover to check integrity

Class Verifier 4 passes 1. Class file is read into interpreter and basic format of class file is checked 2. Additional verification of the class file without looking at the bytecodes 3. Bytecode verification of each method 4. Additional bytecode verification at runtime

Security Manager Defines which requests are allowed or disallowed through methods which can be overridden Works hand-in-hand with the class loader to define the boundaries of the sandbox, i.e. what is allowed or disallowed.

Other Methods ActiveX uses code signing and digital signature. Verified signatures from trusted source imply reliable ActiveX control. Java too offer digital signature in addition to the sandbox.

Questions?