Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Slides:

Advertisements

Similar presentations

Operating Systems Components of OS

Advertisements

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu

Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 16 Secure Coding in Java and.NET Part 1: Fundamentals.

Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.

Information System Security AABFS-Jordan Summer 2006 Mobile Code Security Prepared by: Mossab Al Hunaity Supervised by: Dr. Loai Tawalbeh.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Chapter 17: WEB COMPONENTS

Java Applet Security Diana Dong CS 265 Spring 2004.

Java security (in a nutshell)

Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Chapter 5 Security Threats to Electronic Commerce.

Security Threats to Electronic Commerce

The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI

Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science © Matt Bishop.

Java Security: From HotJava to Netscape & Beyond Drew Dean, Edward W. Felten, Dan S. Wallach Department of Computer Science, Princeton University May,

Attacking Malicious Code: A Report to the Infosec Research Council Kim Sung-Moo.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

1 Extensible Security Architectures for Java Authors: Dan S.Wallch, Dirk Balfanz Presented by Moonjoo Kim.

Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.

Computer Security and Penetration Testing

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Java Security Updated May Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Security in Java Sunesh Kumra S

October 15, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint SOEN321-Information-Systems Security Revision.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

Client Side Vulnerabilities Aka, The Perils of HTTP Lesson 14.

Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.

Java security model General: Java, introduced by Sun Microsystems 1995, is a very widely used programming language. We will not look at Java as a programming.

Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.

Java 2 security model Valentina Casola. Components of Java the development environment –development lifecycle –Java language features –class files and.

CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.

Course code: ABI 204 Introduction to E-Commerce Chapter 5: Security Threats to Electronic Commerce AMA University 1.

Compatibility and Interoperability Requirements

CS 7: Introduction to Computer Programming Java and the Internet Sections ,2.1.

Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Virtual Workspaces Kate Keahey Argonne National Laboratory.

14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,

1 Mobile Code l Java Review –Java code is platform independent and runs within a “sandbox”, or a set of restrictions that keep downloaded applets from.

M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan.

Java Security Session 19. Java Security / 2 of 23 Objectives Discuss Java cryptography Explain the Java Security Model Discuss each of the components.

1 Firewalls - Introduction l What is a firewall? –Firewalls are frequently thought of as a very complex system that is some sort of magical, mystical..

Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.

Role Of Network IDS in Network Perimeter Defense.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems.

Introduction to Programming 1 1 2Introduction to Java.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University

What is RMI? Remote Method Invocation

POPULAR POWER Security Issues of Peer-to-Peer Systems

Java security (in a nutshell)

Symantec Code Signing Certificate

OPERATING SYSTEMS CS 3502 Fall 2017

Topic: Java Security Models

Building Systems That Flexibly Control Downloaded Executable Content

Security in Java Real or Decaf? cs205: engineering software

Operating System Concepts

Presentation transcript:

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee

2 Contents Introduction The Sandbox Code Signing Hybrid: Sandboxes and Signatures Firewalling Proof-Carrying Code Conclusion

3 Introduction Mobile code –Web browser come with the ability to run general- purpose executables. –Written by anyone, execute on any machine Security perspective –General-purpose scripts on the Internet opens up a world of distributed applications. –Nothing more dangerous than global, homogeneous, general-purpose interpreter. –In worst case, allow an attacker to run native code without any restrictions.

4 Introduction (cont’d) Practical techniques for securing mobile code –Sandbox model Limiting the privileges of the executable to a small set of operations. –Code signing Obtaining assurance that the source of the executable is trusted. –Firewalling Examining executables as they enter a trusted domain and deciding whether or how to run them on the client –Proof-carrying code Mobile code carries with it a proof that it satisfies certain properties.

5 The Sandbox The Sandbox model –Containing mobile code in such a way that it cannot cause any damage to the executing environment. –Usually, restricting access to file system and limiting the ability to open network connections. –The most widespread implementation Java interpreter inside Web browser –Adhere to a security policy Describe the restrictions that should be placed on remote applet.

6 The Sandbox Security in Java interpreter –Three main components Class loader Verifier Security Manager

7 The Sandbox Class loader –Any class loaded from the network requires an associated class loader (subtype of Classloader) –The only way to add remote classes to a machine’s local class hierarchy is via the class loader.

8 The Sandbox Verifier –Verifier performs static checking on remote code Is valid virtual machine code, Stack overflow, underflow Improper usage of registers Illegal conversion of data types

9 The Sandbox Security Manager –Local classes are unrestricted –Remote classes are passed to security manager. –Classloader classifies operations as safe or potentially harmful. Safe operations are always allowed Potentially harmful ones defer a decision to the security manager. In effect, the security manager classes represent a security policy for remote applet.

10 The Sandbox

11 The Sandbox Problem with Sandbox –Error in security components can lead to a violation of the security policy. Two types of applets cause most problems –Attack applets Try to exploit software bugs in clients’ virtual machine. Breaks type safety, and buffer overflows –Malicious applets Designed to monopolize resources Cause inconvenience rather than actual loss.

12 Code Signing In code-signing –Client manages a list of trusted entities. –When mobile code is received, the client verifies that it was signed by an entity on the list. –If so, it run most often with all of the user’s priviliges. –Microsoft Authenticode system for ActiveX.

13 Code Signing Problems with code signing –ActiveX with full privileges. A legitimate ActiveX can easily open illegitimate traffic –Delayed attacks Malicious code can plant all manner of delayed attacks. Later, when problem occur, there is no way to tie them to back to a given ActiveX control run at some point in the past.

14 Code Signing Trust model –Code-signing assumes It is possible to distinguish trustworthy from untrustworthy authors of mobile code Trustworthy authors are incorruptible.

15 Hybrid: Sandboxes and Signatures Digitally signed applet (in JDK 1.1) –Treated as local code, if signature key is recognized as trusted. –This allows applets to access file system and establish network connections –However, same security problem inherent in the Active-X code signing approach.

16 Hybrid: Sandboxes and Signatures Flexible approach (in JDK 1.2) –In JDK 1.1, applets are still either totally trusted or severely limited. –Subjects all classes : local, remote, signed, unsigned –A security policy defines the access each piece of code has to resources on the client. –For example, signed code can run with different privileges based on the key. Trust model –All code is untrustworthy except for code from trustworthy supplier who is incorruptible.

17 Firewalling Firewalling approach –Selectively choosing whether or not to run a program at very point where it enters the client domain. –Malkhi et al. approach Java applets are divided into graphics actions and all other actions The former run on the client machine The latter run on a sacrificial playground machine

18 Firewalling

19 Proof-Carrying Code Proof-carrying codes (PCC) –Statically checking code to make sure that it does not violate some safety policies. –Untrusted code producer must supply with the code a safety proof that attests to the code’s adherence to a previously defined safety policy.

20 Proof-Carrying Code Overview of Proof-Carrying Code

21 Conclusion Each techniques provides different, and best approach is probably a combination of security mechanisms. None of the techniques can do much to protect users from social engineering attacks. User education is the only way to combat mobile code attacks that are based on social engineering.