Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Slides:

Advertisements

Similar presentations

InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team (Nanjing)

Advertisements

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 16 Secure Coding in Java and.NET Part 1: Fundamentals.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Introduction To Java Objectives For Today â Introduction To Java â The Java Platform & The (JVM) Java Virtual Machine â Core Java (API) Application Programming.

COS 461 Fall 1997 The Web and Mobile Code u originally, the Web delivered documents u now becoming a platform for programs –universal GUI interface u today’s.

Java Applet Security Diana Dong CS 265 Spring 2004.

Java security (in a nutshell)

Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.

COEN 351: E-Commerce Security

Java Security CS-328. JDK 1.0 Security Model Sandbox Java Virtual Machine Local Code Remote Code Local Host System Resources (File System, Sockets, Printers…)

Dan Sedlacek CTO, Systems Management Group Sterling Software Java Security and Encryption.

Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & ) Java Security on the Browser Java Security in the Enterprise.

II.I Selected Database Issues: 1 - SecuritySlide 1/23 II. Selected Database Issues Part 1: Security Lecture 3 Lecturer: Chris Clack 3C13/D6.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

Lecture 2: Do you speak Java?. From Problem to Program Last Lecture we looked at modeling with objects! Steps to solving a business problem –Investigate.

Introduction to Java Kiyeol Ryu Java Programming Language.

Cryptographic Technologies

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

1 Chapter 3 Programs and Packages. 2 Java Virtual Machine (JVM) Java programs execute on the JVM. The JVM is a virtual rather than a physical machine,

Computer Security and Penetration Testing

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Chapter 9 Security Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.

Session-02. Objective In this session you will learn : What is Class Loader ? What is Byte Code Verifier? JIT & JAVA API Features of Java Java Environment.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Java Security Updated May Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.

Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)

Masud Hasan Secue VS Hushmail Project 2.

© GlobalSign. A GMO Internet Inc group company. Authentication. Security. Trust. Code Signing Distributing trustworthy software over the Internet.

Security in Java Sunesh Kumra S

Java Virtual Machine Java Virtual Machine A Java Virtual Machine (JVM) is a set of computer software programs and data structures that use.

1 22 August 2001 The Security Architecture of the M&M Mobile Agent Framework P. Marques, N. Santos, L. Silva, J. Silva CISUC, University of Coimbra, Portugal.

Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)

.NET Framework Danish Sami UG Lead.NetFoundry

Chapter 34 Java Technology for Active Web Documents methods used to provide continuous Web updates to browser – Server push – Active documents.

University of Houston-Clear Lake Proprietary© 1997 Evolution of Programming Languages Basic cycle of improvement –Experience software difficulties –Theory.

Basic Security: Java vs.NET Master Seminar Advanced Software Engineering Topics Prof. Jacques Pasquier-Rocha Software Engineering Group Department of Informatics.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.

Java 2 security model Valentina Casola. Components of Java the development environment –development lifecycle –Java language features –class files and.

JAVA SECURITY BASIC NETWORKING MULTITHREATING Deniz HASTORUN

CS 7: Introduction to Computer Programming Java and the Internet Sections ,2.1.

Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.

Java Security Model For Mobile Code Abdo Achkar. Mobile Code A mobile object is a “self contained piece” of executable code. Definition:  Code that can.

Web Pages with Features. Features on Web Pages Interactive Pages –Shows current date, get server’s IP, interactive quizzes Processing Forms –Serach a.

1 Mobile Code l Java Review –Java code is platform independent and runs within a “sandbox”, or a set of restrictions that keep downloaded applets from.

Java Security Session 19. Java Security / 2 of 23 Objectives Discuss Java cryptography Explain the Java Security Model Discuss each of the components.

Wireless and Mobile Security

Creating and Managing Digital Certificates Chapter Eleven.

The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.

1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent.

Java – in context Main Features From Sun Microsystems ‘White Paper’

Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems.

Introduction to Programming 1 1 2Introduction to Java.

Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.

1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.

Trusted Component Deployment Trusted Components Bernd Schoeller January 30 th, 2006.

Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.

ClickOnce Deployment (One-click Deployment)

Java security (in a nutshell)

Topic: Java Security Models

How java is better than other languages according to history and uses.

COSC Assignment 3 - Part 1 Java Security Susan Kovacs 19 April 2019 COSC Assignment 3 - Part 1.

ClickOnce Deployment (One-click Deployment)

Presentation transcript:

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License.

Page 2 Trusted software “Run this program. Trust me - it’s not a virus” –Is the program from a trusted source? –Do you want to restrict the capabilities that it can get from your system? Most operating systems rely on: –user access permissions per resource –user management

Page 3 Motivation Distributed software development –components –components may exist in different locations –code may be downloaded from remote machines Binary code –not easy to inspect or restrict as interpreted code –host can exercise limited control on binary modules

Page 4 Microsoft Authenticode A format for signing executable code (dll, exe, cab, ocx, class files) Software publisher: –Generate a public/private key pair –Get a digital certificate: VeriSign class 3 Commercial Software Publisher’s certificate –Generate a hash of the code to create a fixed-length digest –Encrypt the hash with your private key –Combine digest & certificate into a Signature Block –Embed Signature Block in executable Recipient: –Call WinVerifyTrust function to validate: Validate certificate, decrypt digest, compare with hash of downloaded code

Page 5 Microsoft Vista code integrity checks Check hashes for every page as it’s loaded File system driver Hashes in system catalog or embedded in file along with X.509 certificate. Check integrity of boot process –Kernel code must be signed or it won’t load –Drivers shipped with Windows must be certified or contain a certificate from Microsoft

Page 6 Java applets executable programs embedded in java-aware web pages downloaded and executed locally by browser one of main early motivations for using Java

Page 7 Java security model Java sandbox –class loader Fetches & instantiates classes from remote systems –byte-code verifier Tries to validate code –security manager Run-time component that validates access to resources

Page 8 The sandbox a restricted area where code can run: –allow users to download and execute untrusted applications with limited risk –restrictions can be placed on what an application is allowed to do in its sandbox –untrusted applications can execute in a trusted environment sandbox, ’san(d)-"bäks, noun. Date: 1688 : a box or receptacle containing loose sand: as a: a shaker for sprinkling sand on wet ink b: a box that contains sand for children to play in Public domain image from

Page 9 Byte-code verifier Java source –compiled into platform-independent byte code –interpreted by JVM before a class loader allows an applet to execute… code is verified by the byte-code verifier –ensures it conforms to language specifications –applies a built-in theorem prover against the code tries to ensure that applet does not –forge pointers –circumvent access restrictions –access objects through illegal casting

Page 10 Byte-code verifier + JVM Along with features built into the interpreter, ensure: –compiled code is formatted correctly –internal stacks will not overflow/underflow –no illegal data conversions will occur –byte-code instructions will have parameters of the right type –all class member accesses are legal

Page 11 Class loader second line of defense in the Java security model (after the byte code verifier) determines how and when applets can load classes major functions: –fetches applet’s code from remote system –creates and enforces a namespace per applet –prevents applets from invoking methods that are a part of the system’s class loader

Page 12 Separate namespaces Class loader creates a new namespace for each applet one namespace per applet –Applets can access only their own classes & standard Java library API –Cannot access any classes belonging to other applets ensure that applets do not replace system- level components within the run-time environment

Page 13 Security manager Performs run-time verification of “dangerous methods” –methods that request file I/O, network access or define a class loader Security Manager may exercise veto power over any request Responsibilities: –manage all socket operations –guard access to protected resources and files –control creation of / access to OS programs and processes –prevent installation of new class loaders –maintain thread integrity –control access to Java packages Security Manager is customizable

Page 14 Java sandbox summary local Java source code local Java source code Java compiler Java compiler trusted byte code trusted byte code verifier byte code verifier untrusted byte code untrusted byte code applet class loader applet class loader JDK byte code JDK byte code class loader class loader security manager JVM operating platform

Page 15 JavaSecurity API Part of JDK provides for –digital signatures –message digests –key management –access control lists

Page 16 Trusted source Get it from a trusted server –not good enough Man-in-middle attack –“middleman” forwards all data between you and a remote system –you authenticate the remote system –middleman modifies some of the data in transit server client server middlman client data modified data

Page 17 Digital signatures and JAR files Prevent man-in-middle attack with digital signatures bundle Java code and related files into a JAR sign applet with a digital signature client can verify authenticity of supplier by verifying the digital signature Java 1.1, 2 allows user to give a signed applet access to more resources

Page 18 Original Java sandbox restrictions Software cannot: –read/write files on client file system –delete files –rename files –create, delete, list directory –check if a file exists, stat a file –create network connection other than to originating host –listen to or accept connections –obtain username or home directory –define system properties –run any program via Runtime.exec() –make Java interpreter exit –load dynamic libraries –create or manipulate threads in another thread group –create class loader –….

Page 19 Enhancements JDK 1.0 –classes from net are untrusted: full sandbox Original model proved too restrictive JDK 1.1 –added JavaSecurity API –allows JVM to authenticate signed Java classes –classes loaded from network become trusted if digitally signed by a party whom the user trusts –code is either completely trusted or untrusted Java 2 –multi-tiered approach to security –includes ability to create and manage security policies –treat programs according to their trust level –digitally signed classes can be “partially trusted”

Page 20 The end.