1 cs205: engineering software university of virginia fall 2006 Forgiveness and Permissions.

Slides:



Advertisements
Similar presentations
Operating Systems Components of OS
Advertisements

Java security (in a nutshell)
C Programming and Assembly Language Janakiraman V – NITK Surathkal 2 nd August 2014.
CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 20: Hair-Dryer Attacks and Introducing x86.
Lecture 6 Machine Code: How the CPU is programmed.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Java: History and Introduction (Lecture # 1). History… Java – Based on C and C++ – Developed in 1991 for intelligent consumer electronic devices – Green.
Chapter 1: An Overview of Computers and Programming Languages J ava P rogramming: From Problem Analysis to Program Design, From Problem Analysis to Program.
16/13/2015 3:30 AM6/13/2015 3:30 AM6/13/2015 3:30 AMIntroduction to Software Development What is a computer? A computer system contains: Central Processing.
©The McGraw-Hill Companies, Inc. Permission required for reproduction or display. slide 1 CS 125 Introduction to Computers and Object- Oriented Programming.
PC hardware and x86 3/3/08 Frans Kaashoek MIT
1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.
©TheMcGraw-Hill Companies, Inc. Permission required for reproduction or display. COMPSCI 125 Introduction to Computer Science I.
©TheMcGraw-Hill Companies, Inc. Permission required for reproduction or display. COMPSCI 125 Introduction to Computer Science I.
Chapter 2: Impact of Machine Architectures What is the Relationship Between Programs, Programming Languages, and Computers.
C++ Programming: From Problem Analysis to Program Design, Third Edition Chapter 1: An Overview of Computers and Programming Languages C++ Programming:
Topic 1: Introduction to Computers and Programming
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
Java Security Updated May Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.
Computer Programming-1 CSC 111 Chapter 1 : Introduction.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 18: 0xCAFEBABE (Java Byte Codes)
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
Chapter 1 An Overview of Computers and Programming Languages.
An Introduction Chapter Chapter 1 Introduction2 Computer Systems  Programmable machines  Hardware + Software (program) HardwareProgram.
6.828: PC hardware and x86 Frans Kaashoek
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 19: Security in Java Real or.
Java Introduction Lecture 1. Java Powerful, object-oriented language Free SDK and many resources at
CPU Computer Hardware Organization (How does the computer look from inside?) Register file ALU PC System bus Memory bus Main memory Bus interface I/O bridge.
Introduction to Computer Systems Topics: Theme Four great realities of computer systems Chap 1 in “Computer Systems” book “The Class That Gives.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Announcements Assignment 3 due. Invite friends, co-workers to your presentations. Course evaluations on Friday.
Java 2 security model Valentina Casola. Components of Java the development environment –development lifecycle –Java language features –class files and.
C++ Programming: From Problem Analysis to Program Design, Third Edition Chapter 1: An Overview of Computers and Programming Languages.
Computer Programming 2 Why do we study Java….. Java is Simple It has none of the following: operator overloading, header files, pre- processor, pointer.
Computer Architecture Memory, Math and Logic. Basic Building Blocks Seen: – Memory – Logic & Math.
1 ICS 51 Introductory Computer Organization Fall 2009.
Microprocessors The ia32 User Instruction Set Jan 31st, 2002.
Chapter 1 Computers, Compilers, & Unix. Overview u Computer hardware u Unix u Computer Languages u Compilers.
Concurrency Properties. Correctness In sequential programs, rerunning a program with the same input will always give the same result, so it makes sense.
A.Abhari CPS1251 Topic 1: Introduction to Computers Computer Hardware Computer components Connecting Computers Computer Software Operating System (OS)
Lecture on Central Process Unit (CPU)
University of Amsterdam Computer Systems – the instruction set architecture Arnoud Visser 1 Computer Systems The instruction set architecture.
8085 INTERNAL ARCHITECTURE.  Upon completing this topic, you should be able to: State all the register available in the 8085 microprocessor and explain.
Chapter 1 An Overview of Computers and Programming Languages.
Digital Computer Concept and Practice Copyright ©2012 by Jaejin Lee Control Unit.
Computer Operation. Binary Codes CPU operates in binary codes Representation of values in binary codes Instructions to CPU in binary codes Addresses in.
Hello world !!! ASCII representation of hello.c.
Operating Systems A Biswas, Dept. of Information Technology.
1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.
1 cs205: engineering software university of virginia fall 2006 Running Untrustworthy Code Project team requests: extended until 11pm tonight.
Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.
Introduction to Operating Systems Concepts
Introduction to Operating Systems
x86 Processor Architecture
Lecture 1: Introduction to JAVA
COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE
Introduction
Java security (in a nutshell)
Chapter 1: An Overview of Computers and Programming Languages
Topic: Java Security Models
C++ Programming: From Problem Analysis to Program Design
Computer Architecture
Computer Science I CSC 135.
Java Byte Codes (0xCAFEBABE) cs205: engineering software
Security in Java Real or Decaf? cs205: engineering software
Lecture 19: 0xCAFEBABE (Java Byte Codes) CS201j: Engineering Software
Introduction CSC 111.
Introduction to Computer Systems
Computer Programming-1 CSC 111
M S COLLEGE ART’S, COMM., SCI. & BMS
Presentation transcript:

1 cs205: engineering software university of virginia fall 2006 Forgiveness and Permissions

2 cs205: engineering software Program Execution Program Monitor Speakers SuperSoaker 2000 Disk Memory Network Reference Monitor

3 cs205: engineering software Policy and Mechanism AccessController provides a mechanisms for enforcing a security policy –Can insert checking code before certain operations are allowed A security policy determines what the checking code allows

4 cs205: engineering software Java Policy [jre directory]\lib\security\java.policy // Standard extensions get all permissions by default grant codeBase "file:${{java.ext.dirs}}/*" { permission java.security.AllPermission; }; // default permissions granted to all domains grant { // Allows any thread to stop itself using the java.lang.Thread.stop() // method that takes no argument. // Note that this permission is granted by default only to remain // backwards compatible. // It is strongly recommended that you either remove this permission // from this policy file or further restrict it to code sources // that you specify, because Thread.stop() is potentially unsafe. // See " for more information. permission java.lang.RuntimePermission "stopThread"; // allows anyone to listen on un-privileged ports permission java.net.SocketPermission "localhost:1024-", "listen"; //... (also allows some standard properties to be read) };

5 cs205: engineering software Permissions java.security.Permission AllPermission java.io.FilePermission SocketPermission

6 cs205: engineering software Better Solution? Impose a policy on the browser and everything running inside it Windows Vista will do this: –Browser runs at “low integrity” mode –Low integrity processes cannot: Modify higher integrity securable objects (e.g., files, network sockets, Interact with higher integrity

7 cs205: engineering software Hostile Applets See (about 1 new vulnerability/month) Easy to write “annoying” applets (policy is too imprecise; no way to constrain many resource operations) Don’t try these at home...

8 cs205: engineering software What can go wrong? Java API doesn’t call right SecurityManager checks (63 calls in java.*) –Font loading bug, synchronization ClassLoader is tricked into loading external class as internal Policy is too weak (allows damaging behavior) Enforcement relies on low-level code safety properties

9 cs205: engineering software Project Team Management “Democracy” –Works fine but doesn’t scale –If everyone is responsible, no one is responsible “Hierarchy” –Someone is in charge: delegates work, responsible for making sure it gets done –Requires leadership, subordination – difficult in peer groups

10 cs205: engineering software Bytecode Verifier malcode.class JVML Object Code Java Bytecode Verifier Alice User JavaVM “Okay” Invalid STOP Trusted Computing Base

11 cs205: engineering software Computer Architecture Processor does computation Memory stores bits Input Devices (mouse, keyboard, accelerometer) get input from user and environment Output Devices (display, speakers) present output to user

12 cs205: engineering software Central Processing Unit (CPU)

13 cs205: engineering software Intel 4004 First general purpose microprocessor, bit data 46 instructions –8-bit instructions!

14 cs205: engineering software PC Motherboard From Memory CPU

15 cs205: engineering software Inside the CPU Registers Loads and decodes instructions from memory ALU: Arithmetic Logic Unit –Does arithmetic –Can only operate on values in registers –Must load values from memory into registers before computing with them

16 cs205: engineering software Compiler Translates a program in a high-level language into machine instructions Calling convention –How are parameters passed to functions –How is the stack managed to return Register allocation –Figure out how to use registers efficiently

17 cs205: engineering software 6: int max (int a, int b) { push ebp mov ebp,esp sub esp,40h push ebx push esi push edi lea edi,[ebp-40h] C mov ecx,10h mov eax,0CCCCCCCCh rep stos dword ptr [edi] 7: if (a > b) { mov eax,dword ptr [ebp+8] B cmp eax,dword ptr [ebp+0Ch] E jle max+25h ( ) 8: return b; mov eax,dword ptr [ebp+0Ch] jmp max+28h ( ) 9: } else { 10: return a; mov eax,dword ptr [ebp+8] pop edi pop esi A pop ebx B mov esp,ebp D pop ebp E ret int max (int a, int b) { if (a > b) { return b; } else { return a; } push instruction is 1 byte mov instruction is 2 bytes Dealing with function call: updating stack, moving arguments Cleanup and return

18 cs205: engineering software Java Virtual Machine

19 cs205: engineering software Java Ring (1998)

20 cs205: engineering software Java Card

21 cs205: engineering software Java Virtual Machine Small and simple to implement All VMs will run all programs the same way Secure

22 cs205: engineering software Implementing the JavaVM load class into memory set the instruction pointer to point to the beginning of main do { fetch the next instruction execute that instruction } while (there is more to do); Some other issues we will talk about next week: Verification – need to check byte codes satisfy security policy Garbage collection – need to reclaim unused storage

23 cs205: engineering software Charge Next classes: understanding byte codes and the byte code verifier Project ideas due Wednesday

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.