Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Slides:



Advertisements
Similar presentations
Public Key Infrastructure and Applications
Advertisements

Chapter 17: WEB COMPONENTS
SSL Implementation Guide Onno W. Purbo
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Java Applet Security Diana Dong CS 265 Spring 2004.
COEN 351: E-Commerce Security
Java Security CS-328. JDK 1.0 Security Model Sandbox Java Virtual Machine Local Code Remote Code Local Host System Resources (File System, Sockets, Printers…)
Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & ) Java Security on the Browser Java Security in the Enterprise.
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Cryptography and Network Security Chapter 17
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Chapter 8 Web Security.
1 Homework Study Java Cryptography by Reading the rest of slides and accessing Sun ’ s Java website:
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
JSSE API University of Palestine Eng. Wisam Zaqoot April 2010.
CSCI 6962: Server-side Design and Programming
CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
Security in Java Sunesh Kumra S
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
每时每刻 可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.
ECE509 Cyber Security : Concept, Theory, and Practice Cryptography Spring 2014.
Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.
Cryptography and Network Security (SSL)
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Java Security Model For Mobile Code Abdo Achkar. Mobile Code A mobile object is a “self contained piece” of executable code. Definition:  Code that can.
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
Chapter 7: Cryptographic Systems
1 Session 3 Module 4: Java Security Module 5: Cryptography.
Jaas Introduction. Outline l General overview of Java security Java 2 security model How is security maintained by Java and JVM? How can a programmer.
Java Security Session 19. Java Security / 2 of 23 Objectives Discuss Java cryptography Explain the Java Security Model Discuss each of the components.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Web Security CS-431.
Presentation transcript:

Java Security Model Lab#1 I. Omaima Al-Matrafi

Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic) Automatic garbage collection Array bounds checking Checking references for null (Accessing or modifying null obj.)

Java Sandbox It is the bounds of program play (run) area. Java software programs can run safely, without potential risk to systems or users. 3

The Security Model (JDK 1.0) The Java Security Model is made up of three primary pieces: ▫The Bytecode Verifier ▫The Class Loader ▫The Security Manager 4

These components serve the following purpose: The classes are in the correct format. Only the collect classes are loaded. Untrusted classes will not execute dangerous instructions. Untrusted classes are not allowed to access protected system resources.

Java security Java security technology includes a large set of APIs, tools, and implementations of commonly used security algorithms, mechanisms, and protocols. The Java security APIs span a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control.

Java SE Security Features Platform Security ▫Strong data typing ▫Automatic memory management ▫Bytecode verification ▫Secure class loading

Cryptography ▫Comprehensive API with support for a wide range of cryptographic services including:  digital signatures, message digests, ciphers (symmetric, asymmetric, stream & block), message authentication codes, key generators. ▫Support for a wide range of standard algorithms including RSA, DSA, AES, Triple DES, SHA, PKCS#5, RC2, and RC4.

Authentication and Access Control ▫Abstract authentication APIs that can incorporate a wide range of login mechanisms ▫A comprehensive policy and permissions API that allows the developer to create and administer applications

Secure Communications ▫APIs and implementations for the following standards-based secure communications protocols: Transport Layer Security (TLS), Secure Sockets Layer (SSL), ▫Full support for HTTPS over SSL/TLS is also included. ▫Authenticates peers over an untrusted network and protects the integrity and privacy of data transmitted between them.

Public Key Infrastructure (PKI) ▫Tools for managing keys and certificates.

New in 1.4 Separate packages that are now included as part of JDK ▫JCE - Java Cryptography classes ▫JSSE - Java Secure Sockets Extension ▫JAAS - Java Authentication and Authorization Services ▫More.. 12

JCE – Java Cryptography Extensions JCE covers ▫encryption and decryption  symmetric bulk encryption, such as DES, RC2, and IDEA  Asymmetric encryption, such as RSA  Password-based encryption (PBE) ▫key agreement ▫Message Authentication Code (MAC) 13

JSSE – Java Secure Sockets Extensions JSSE is a Java package that enables secure Internet communications. The Java platform provides protocols that includes functionality for data encryption, message integrity, server authentication, and optional client authentication. 14

JAAS - Java Authentication and Authorization Services JAAS can be used for two purposes: ▫for authentication of users, to reliably and securely determine who is currently executing Java code, regardless of whether the code is running as an application, an applet. ▫for authorization of users to ensure they have the access control rights (permissions) required to do the actions performed. 15

Sample Program.. This program demonstrates how to encrypt/decrypt input using the Blowfish Cipher with the Java Cryptograhpy.

Lab work Read from the user (using Scanner) at least 10 words and write your name and ID then save it in a txt file “lab1.txt”.

HomeWork1 Write a program “wordOccurrence” that reads a word from the user and search for it in a text file ”HW1.txt”. Then, display the number of occurrence for that word. Enter the word: and The number of occurrence is: 5 Write a text file “HW1.txt” with at least 30 words, and write your name and ID at the end. What to submit: wordOccurrence.java The text file “HW1.txt” printout of the output of this program