1 Lecture 4 George Koutsogiannakis/Summer 2011 CS441 CURRENT TOPICS IN PROGRAMMING LANGUAGES
Examples of Programs Source code is available on the course’s web site under examples: –Mortgage Calculator- Border Layout –Mortgage Calculator – GridBagLayout –JTable – Editable Table –JTable – Selecting Rows/Columns –Mortgage Calculator Applet version – Using Appletviewer with Policy File. 2
Applets Java programs that are intended to be stored on the web server side but executed on the client side by a browser. Applets do not need a main method. Applet is actually a top graphical container. To create an Applet class we inherit the library class JApplet. 3
Applets 4 Web Server 1)Html file that calls the applet 2)Applet bytecodes file Browser with access to JRE 1)Asks for html file and interprets it. 2)Asks for applet.class file 3)Calls JRE to interpret it
Applets Example of creating an Applet class import java.swing.JApplet; class MyApplet extends JApplet { } 5
Applets Inside our class we can override one or more of the methods in the JApplet class that define an Applet’s lifecycle: –public MyApplet() Default constructor called by the Browser after the applet is loaded. –public void init() Used for initialization code i.e assigning initial values to variables. It is called by the Browser every time the page is visited including the first time it is loaded. 6
Applets –public void start() Called by the Browser right after int() or every time the web page is visited –public void stop() Called by the Browser when the page becomes inactive. –public void Destroy() Called by the Browser to exit the applet. –public void paint(Graphics g) Called by the Browser the first time that the Applet is drawn. Called by the Applet every time repaint is called. Called by the Applet if there is some action o n the screen like the clicking of mouse. 7
Calling an Applet from html To call an Applet program use an html file with the html tag: – 8
Applet Security Browser acts as a sandbox for an applet: –It does not allow an applet to make system calls. As a result it can’t for example: Open a File for reading or writing. Call exit to exit the applet program. Any other system call. The above restrictions can be removed if the applet is declared to be “trusted code”. –We will learn how to do that by using policy files and certificates. 9
Applets and Policy Files Appletviewer allows non-production testing of an applet. Behaves like a Browser. –We can provide security overrides via a policy file. –Policy file scan be created using the Policy Tool that comes with the jdk. –C:>policytool The above simple command activates the policy file tool 10
Java Security-Policy File Simple policy file to be used with appletviewer: grant { permission java.security.AllPermission; }; The policy file is saved as: policy_file_name.policy In the same directory as the applet class file. 11
Java Security- Policy File The policy file can be also written manually scripting using a text editor, no compilation is needed. Here is another example of a more elaborate policy file: grant signedBy “George”, codebase “file:C:\\myjavaprograms\cs441\.*” { permission java.security.SecurityPermission “Security.insertProvider.*”; permission java.security.SecurityPermission “Security.removeProvider.*”; Permission java.security.SecurityPermission “Security.setProperty.*”; } This policy file: indicates that code was packaged in a signed JAR file and placed in the directory (folder) cs441. The term signs implies that the JAR file was signed with a digital signature (will be explained later in more detail). The signature can be verified by using the “public key” (term to be explained later) referenced by the alias “George” 12
Java Security- Policy File The code can then access the security system of Java and change provider. –Provider= The class that implements security The code is allowed to change security properties. 13
Java Security Architecture Java security provided by the JVM and the language: –Applies to application programs. –Applets that are transferred over the web. –Network security. –Server side security. 14
Java Security Architecture Java Security Model characteristics: –Enforced via policy files. JVM resources can be controlled via the policy file. –It is a domain based security model. –Allows cryptographic digital signatures to be generated and attached to a JAR file. –Resources downloaded over the web (applets) have restricted access to local resources (sandbox). Those are un trusted resources. –i.e applets are not allowed system calls on local system –i.e applets are not allowed to connect back to the server they came from. 15
Java Security Architecture –Resources downloaded over the web can become trusted resources. Via digital signatures. Via certificates. Via policy files. Trusted resources override the sandbox restrictions. –All applications have full control of local system resources unless they are restricted access via a ProtectionDomain. ProtectionDomain are either ‘System Domains” or “Application Domains” They group classes into a group and associate them with permissions on specific resources. A Java application program can have both system and application specific domains (i.e. allow certain system calls but only on specific resources for this application). 16
Java Security Architecture –SecurityManager class (java.lang.Security) enforces the security policy of an application. An application ‘s security manager can be activated to use a specific policy file for an application by using the command: C:> java –Djava.security.manager –Djava.security.policy=mypolicy.policy MyJavaApplication –Every application gets a default security manager object. –You can create your own SecurityManager class and be a provider of security. –Java Web Start Security allows java applications to be deployed, launched, and updated from a web server. 17
Java Security Tools Tools are part of the jdk and facilitate the enforcement of security. –policytool: generates policy files. –keystore: a database where keys (encrypted passwords) can be stored along with certificates. –keytool: allows users to administer their own public/private keys and certificates. –jarsigner: digitally signs Java Archive Files (JAR files). 18
JAVA SECURITYARCHITECTURE 19 System Resources Security Manager Public Domain Sandbox Keystore Policy File User Classes Bytecodes Verifier Class Loader Trusted Code Non Trusted Code
Java System Security Master Files JSE SecurityFiles are located at: –/Program Files/Java/jdk1.6.0_11/jre/lib/security/ Files are: –cacerts: The default keystore that comes with the java system. Used to store keys and certificates. –java.policy: The default master policy file for the SecurityManager –java.security: The master property file that contains security related properties. File is read every time a program is executed. It identifies providers of security –javaaws.policy: The master policy file for Web Services. –local-policy.jar and Usexport-policy.jar: Used when an application needs to be used in another country. Some countries have restrictions on cryptography. 20
Java System Security- Security Properties File Properties file security.properties sets the properties to be used by the java.security library classes. The term “provider” refers to the user’ s cryptographic packages to be used by the java.security library classes. Example of properties: –#List of providers is given by property lines: security.provider.1=sun.security.provider.Sun Security.provider.2=com.sun.rsajca.Provider # where Sun and Provider are library classes that control the security and the cryptographic algorithms used. # Sun class identifies the signature algorithms available (i.e. DSA, DSS, SHA/DSA, MD5 etc.). 21
Java System Security- Security Properties File –# Provider class represents the provider of security in terms of implementing the cryptographic algorithms and the key generation. –# Provider class can be used by new security providers to register themselves in the properties file. –# A new Provider can implement new security services and add them to the security mechanism of Java. –# The specification “Java Cryptography Architecture API Specification and Reference” describes how a new provider with new services are added to the security mechanism. 22
Java System Security- Security Properties File –#Identification of the library class that will be used to instantiate the system policy Object: policy.provider.=sun.security.provider.PolicyFile –#The system policy file is identified by: policy.url.1=file:$(java.home)/lib/security/java.policy policy.url.2=file:$(user.home)/.java.policy –# We can add our own security policy file right underneath the previous policy files policy.url.3=file:/C:/MyJavaPrograms/cs441/mypolicy.policy Warning: Any changes to the properties file will apply to any java program executed on the local system. 23
Java System Security- Master Policy File Lists default permissions: permission java.util.PropertyPermission "java.version", "read"; permission java.util.PropertyPermission "java.vendor", "read"; permission java.util.PropertyPermission "java.vendor.url", "read"; permission java.util.PropertyPermission "java.class.version", "read"; permission java.util.PropertyPermission "os.name", "read"; permission java.util.PropertyPermission "os.version", "read"; The master policy file can be amended (not recommended!!). The master policy file applies to all java programs executed by the local system. 24
Java System Security- Master Policy File The Java Runtime System creates a global Policy Object which is used to encapsulate the permissions granted in the master policy file. We can set a different master policy file or add additional policy permissions to the default permissions for a one time execution when we start the interpreter with the command: >java –Djava.security.policy=“mypolicy.policy” MyJavaProgram Or >java –Djava.security.policy==“mypolicy.policy” MyJavaProgram Where single “=“ means add to existing permissions in master file and Double “ ==“ means use instead of master file permissions. This command adds the policy file that is in the current directory otherwise the url path to the file needs to be entered before the name of the policy file. 25
Policy File Syntax Besides permissions a Java Policy File can have some other entries: –Keystore entry: Identifies the keystore (database) where keys (passwords) and certificates are stored. It is used if the signer entry shows an alias name. The public key of the signer will be looked up in the keystore. i.e. keystore url with_respect_to_policy_file –After grant we can specify the signer : i.e. grand signedBy “signer_name”, codebase “URL” Where “signer_name” is the alias that was used when the certificate for the keystore was created and the “URL”is the path to where the code is located. No codebase URL entry means that permissions are granted to any code anywhere as opposed to the code stored at URL. 26
Importance of Security Questions that need to be answered: –Which applications are we protecting? –Who are we protecting the applications from? –Where should we protect these applications/? –Why are we protecting these applications? –Compliance with Federal and State laws Sarbanes_Oxley Act of companies must secure data Gramm-Leach-Bliley act of financial institutions must adapt strict privacy measures relating to customer data. 27
Requirements of Network Security –Privacy: did a third unauthorized party captured information transmitted between two parties? –Integrity: has the information transmitted from party A to party B altered on the way? –Authentication: how do the sender and the receiver of information prove their identity to each other? –Authorization: allow the user to access the information while preventing others from accessing. –Non-repudiation: how do we legally prove that a message was sent and received (i.e. a contract) ? –Prevent Breach of Availability: unauthorized distribution of data –Prevent Unauthorized usage of system resources. –Prevent Denial of Service: prevention of legitimate usage of message transferring 28
Java Implementation of Security Goals Security Tools: –Tools that create keystores, policy files, digital signatures (encrypted passwords), issuance of certificates. Special APIs (library classes) that extend the Security Architecture of Java: –JCE: Java Cryptography Extension provides java applications that allow: Secret key encryption ( using 3DES algorithm). Public key algorithms (Diffie-Hellman or RSA). Adding new algorithms. –JAAS: Java Authentication and Authorization Service addresses problems associated with authentication and controlling access to the information via the Pluggable Authentication Module (PAM). PAM supports kerberos, smart cards and other. 29
Java Implementation of Security Goals Security Manager API allows the generation of user defined permissions via a user defined SecurityManager class. SSL: Secure Socket Layer implements a public key using RSA algorithm and digital certificates to authenticate the server in a transaction and to protect private information. It also encrypts the TCP/IP packets sent over the network. It is part of java.net.ssl library package. 30
Study Guide Read the online Java Tutorial on Security html “Web Based Application Development” text –Chapter 3 –Chapter 10 As an example look at the Applet version of the Mortgage Calculator example. Download it from the course’s web site. 31
Appendix on JAR Allows compression of files. Allows execution of a java program in the jar file by clicking on the jar icon. Allows signing of the jar file for secured transmission. 32
Appendix -JAR Command to create a jar file: C:\current_directory>jar cf name_of_jar.jar.*class Compresses all files with extension.class in the current directory. Decompressing jar files: C:\current_directory>jar xvf name_of_jar.jar Viewing the files in a jar file: C:\current_directory>jar tvf name_of_jar.jar 33
Appendix -JAR To create a jar executable file (where the java program in the jar file is executed by clicking on the jar file icon): –Create a manifest file using Notepad i.e. Manifest-Version 2.0 Main-Class: MyProgram – Use command C:\current_directory> jar cfmv MyManifestFile.mf NameofJar.jar.*class 34