©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Security and Authentication Security and Authentication Thursday, December 17, 2015.

Slides:



Advertisements
Similar presentations
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Advertisements

Senior Solutions Architect, MongoDB James Kerr Security Features Preview Field Level Access Control.
Java Network Programming Vishnuvardhan.M. Dept. of Computer Science - SSBN Java Overview Object-oriented Developed with the network in mind Built-in exception.
B2: Storage and Compatibility John Knight Blackboard, Inc.
Java™ How to Program, 9/e Presented by: Dr. José M. Reyes Álamo © Copyright by Pearson Education, Inc. All Rights Reserved.
Java security (in a nutshell)
Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.
COEN 351: E-Commerce Security
Java Security CS-328. JDK 1.0 Security Model Sandbox Java Virtual Machine Local Code Remote Code Local Host System Resources (File System, Sockets, Printers…)
Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & ) Java Security on the Browser Java Security in the Enterprise.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
1 Lecture 4 George Koutsogiannakis/Summer 2011 CS441 CURRENT TOPICS IN PROGRAMMING LANGUAGES.
Administrivia Final exam: Wed, May 12, 3:00-5:00, in this room Q&A on it today Playoffs: Fri, May 14, noon-2:00, FEC 141 Post-class survey (anonymous)
Introduction To Windows NT ® Server And Internet Information Server.
Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Java Security Updated May Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.
Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
© Blackboard, Inc. All rights reserved. Developing Blackboard Building Blocks: Getting Started John Knight Senior Engineer Blackboard Inc. July 18 th.
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
.NET: Blackboard Collaborations with Microsoft Presented By Jan Poston Day Director, Standards and Interoperability Ramsey Chambers Manager, Business Development.
Blackboard Building Blocks Framework and Security Monday, September 14, 2015 Tracy Engwirda, Senior Consultant – Asia Pacific.
© Blackboard, Inc. All rights reserved. Security and Authentication Security and Authentication Tracy Engwirda Principal Consultant Blackboard Inc. July.
JavaScript, Fourth Edition
Java Security Shmuel Babad CEO MidLink Computing LTD
Jean T. Anderson Apache Derby Security Jean T. Anderson
JAAS Qingyang Liu and Lingbo Wang CSCI Web Security April 2, 2003.
© Blackboard, Inc. All rights reserved. Security and Authentication with Blackboard Building Blocks™ David Ashman Senior Software Architect, Product Development.
1 22 August 2001 The Security Architecture of the M&M Mobile Agent Framework P. Marques, N. Santos, L. Silva, J. Silva CISUC, University of Coimbra, Portugal.
Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)
Announcements Assignment 3 due. Invite friends, co-workers to your presentations. Course evaluations on Friday.
© Blackboard, Inc. All rights reserved. Deploying a complex building block Andre Koehorst Learning Lab Universiteit Maastricht, the Netherlands July 18.
Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.
Java 2 security model Valentina Casola. Components of Java the development environment –development lifecycle –Java language features –class files and.
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.
JAVA SECURITY BASIC NETWORKING MULTITHREATING Deniz HASTORUN
CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.
Introduction to Exception Handling and Defensive Programming.
SECURITY ISSUES. Introduction The.NET Framework includes a comprehensive set of security tools –Low-level classes and an overall framework –Managing code.
Secure Active Network Prototypes Sandra Murphy TIS Labs at Network Associates March 16,1999.
© 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Security & Identity : From present to future Matt Flaherty, IBM Mary Ruddy, Meristic.
A Secure JBoss Platform Nicola Mezzetti Acknowledgments: F. Panzieri.
System.Security.Policy namespace Chinmay Lokesh.NET Security CS 795 Summer 2010.
Windows Role-Based Access Control Longhorn Update
Copyright  2002 Urbancode Software Development, Inc. All Rights Reserved. Developing with JAAS Presented by Maciej Zawadzki
Presented by Jessica Finnefrock, Product Director, Blackboard Academic Suite™ April 12, 2005.
Blackboard Building Blocks APIs, Framework and Security Sunday, November 22, 2015 Bob Alcorn, Director, Platform Architecture.
Blackboard and Content Types John Knight Blackboard Inc.
Csci5931 Web Security1 Java Security Model (GS: Ch. 7)
Jaas Introduction. Outline l General overview of Java security Java 2 security model How is security maintained by Java and JVM? How can a programmer.
Java Security Session 19. Java Security / 2 of 23 Objectives Discuss Java cryptography Explain the Java Security Model Discuss each of the components.
Troubleshooting Basics for the Blackboard Transaction System™ -Windows Edition Presented By Allan Sonkin Scott Ogden April 14, 2005.
Blackboard Building Blocks™: Data Integration and Administration Raymond Peterson, Blackboard, Inc.
Java Network Programming Network Programming Spring 2000 Jeffrey E. Care
15 Copyright © 2004, Oracle. All rights reserved. Adding JAAS Security to the Client.
8 Copyright © 2004, Oracle. All rights reserved. Making the Model Secure.
TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
Customizing.NET Security Permissions Nageswari Vallabhaneni.
Vmware 2V0-621D Vmware Exam Questions & Answers VMware Certified Professional 6 Presents
19 Copyright © 2008, Oracle. All rights reserved. Security.
Java security (in a nutshell)
Topic: Java Security Models
IBM Certified WAS 8.5 Administrator
Plug-In Architecture Pattern
Presentation transcript:

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Security and Authentication Security and Authentication Thursday, December 17, 2015

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Legal Information… Any statements in this presentation about future expectations, plans and prospects for the Company, including statements about the Company, the Building Blocks Program and other statements containing the words “believes,” “anticipates,” “plans,” “expects,” “will,” and similar expressions, constitute forward-looking statements within the meaning of The Private Securities Litigation Reform Act of Actual results may differ materially from those indicated by such forward-looking statements as a result of various important factors, including: product development, and other factors discussed in our Registration Statement filed on Form S-1 with the SEC. In addition, the forward- looking statements included in this press release represent the Company’s views as of July 26, The Company anticipates that subsequent events and developments will cause the Company’s views to change. However, while the Company may elect to update these forward-looking statements at some point in the future, the Company specifically disclaims any obligation to do so. These forward- looking statements should not be relied upon as representing the Company’s views as of any date subsequent to July 26, 2004.

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Security – High Level View Authentication Who is using the system? Authorization Can that user do what they’re trying to do? Privacy Is the users’ data kept private? Integrity Has the data been tampered with? Authentication Who is using the system? Authorization Can that user do what they’re trying to do? Privacy Is the users’ data kept private? Integrity Has the data been tampered with? Can the code do what it is trying to do?

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Topics for Extension Developers Common Security Tasks Authentication, Authorization Declaring Permissions Often trial and error iteration… add a permission, get stopped by another one Common Security Tasks Authentication, Authorization Declaring Permissions Often trial and error iteration… add a permission, get stopped by another one

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Overview – Java Security All Part of JDK 1.4 JSSE – Java Secure Sockets Extension SSL support, etc. TLS, RFC-2246 JCE – Java Cryptography Extensions Pluggable crypto provider framework Java GSS-API Java bindings for Generic Security Services API (RFC-2853) CertPath API API for examining certificate chains All Part of JDK 1.4 JSSE – Java Secure Sockets Extension SSL support, etc. TLS, RFC-2246 JCE – Java Cryptography Extensions Pluggable crypto provider framework Java GSS-API Java bindings for Generic Security Services API (RFC-2853) CertPath API API for examining certificate chains

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Overview – Java Security JAAS – Java Authentication and Authorization Service Pluggable Authentication Authorization for code and principals Code Security Model Who can do what What code can do what JAAS – Java Authentication and Authorization Service Pluggable Authentication Authorization for code and principals Code Security Model Who can do what What code can do what

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Language Features Type safety Compile-time Run-time Byte code verification Well formed class files No illegal sequences – e.g., check for stack underflow, etc. Type safety Compile-time Run-time Byte code verification Well formed class files No illegal sequences – e.g., check for stack underflow, etc.

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Authentication for Extensions Simple, let the platform worry about it… BbSessionManagerService sessionService = BbServiceManager.getSessionManagerService(); BbSession bbSession = sessionService.getSession( request ); AccessManagerService accessManager = (AccessManagerService)BbServiceManager.lookupService( AccessManagerService.class ); if (! bbSession.isAuthenticated() ) { accessManager.sendLoginRedirect(request,response); return; }

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Authentication for Extensions Access Manager coordinates with authentication providers to do the right thing Default providers RDBMS LDAP Web Server Custom providers Access Manager coordinates with authentication providers to do the right thing Default providers RDBMS LDAP Web Server Custom providers

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Authorization in Blackboard Role-based assignment System role attached to user object Course role attached to enrollment record Privileges attached to Roles Editable Check relies on the union of all relevant entitlements Role-based assignment System role attached to user object Course role attached to enrollment record Privileges attached to Roles Editable Check relies on the union of all relevant entitlements

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Customizing Privileges

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. It All Comes Back To… Context! You have the user, and thus the system role… You have the course, and thus the course role... Access control works against the full entitlements mask Context! You have the user, and thus the system role… You have the course, and thus the course role... Access control works against the full entitlements mask

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Authorization for Extensions Authorization Role-based checks – Deprecated... Entitlement-based checks – Not finalized… PlugInUtil.authorizeForXXX() authorizeForCourseControlPanel() authorizeForSystemAdminPanel() authorizeForCourse() authorizeForContent() Authorization Role-based checks – Deprecated... Entitlement-based checks – Not finalized… PlugInUtil.authorizeForXXX() authorizeForCourseControlPanel() authorizeForSystemAdminPanel() authorizeForCourse() authorizeForContent()

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Code Security Framework Leverage security inherent in the Java 2 Standard Edition framework Enforce certain API restrictions Enforce API usage disclosure Manifest must declare required permissions Leverage security inherent in the Java 2 Standard Edition framework Enforce certain API restrictions Enforce API usage disclosure Manifest must declare required permissions

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Code Security – Historical “Sandbox” model – JDK 1.0 Applets just couldn’t do certain things Hard to manage/understand “Trusted” model – JDK 1.1 Permissions assignable to trusted code Code (applets) could be signed “Domain” model – JDK 1.2 Policy Domains “Sandbox” model – JDK 1.0 Applets just couldn’t do certain things Hard to manage/understand “Trusted” model – JDK 1.1 Permissions assignable to trusted code Code (applets) could be signed “Domain” model – JDK 1.2 Policy Domains

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Basic Class Hierarchy

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Permission Class Permission Abstract base class for all permissions All Permission objects define a name and actions Relationships can be created via implies( Permission ) BasicPermission Concrete base class for most permissions Permission Abstract base class for all permissions All Permission objects define a name and actions Relationships can be created via implies( Permission ) BasicPermission Concrete base class for most permissions

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Classes Security information available through Class object Object.getClass() ProtectionDomain Encapsulates information about the classes physical source and associated permissions Class.getProtectionDomain() Security information available through Class object Object.getClass() ProtectionDomain Encapsulates information about the classes physical source and associated permissions Class.getProtectionDomain()

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Classes PermissionCollection ProtectionDomain.getPermissions() List of permissions –PermissionCollection.implies( Permission ) CodeSource ProtectionDomain.getCodeSource() Physical location of class (URL) –Hierarchical: CodeSource.implies( CodeSource ) Certificates PermissionCollection ProtectionDomain.getPermissions() List of permissions –PermissionCollection.implies( Permission ) CodeSource ProtectionDomain.getCodeSource() Physical location of class (URL) –Hierarchical: CodeSource.implies( CodeSource ) Certificates

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Security Checks SecurityManager.checkPermission( Permission ) Other checkXXX() methods ultimately delegate to this method This method, in fact, delegates to AccessControlManager For each frame in call stack Get code source Get permissions for code source Requested permission implied by permissions collection? SecurityException thrown if check fails SecurityManager.checkPermission( Permission ) Other checkXXX() methods ultimately delegate to this method This method, in fact, delegates to AccessControlManager For each frame in call stack Get code source Get permissions for code source Requested permission implied by permissions collection? SecurityException thrown if check fails

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Checking Permissions if( _modifyPermission != null ) { System.getSecurityManager().checkPermission( _modifyPermission ); }

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Privileged Blocks Short-circuit stack walk If the current frame has permission, allow access Allows trusted code to perform actions that may not be granted to the caller E.g., un-trusted code may not have network permission, but the database driver does Short-circuit stack walk If the current frame has permission, allow access Allows trusted code to perform actions that may not be granted to the caller E.g., un-trusted code may not have network permission, but the database driver does

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Examples We do not allow System Extensions to get raw database connections Our own code, which may be called by a System Extension, needs to get a database connection Solution: Privileged block Code executing with more privileges can accomplish what it needs to We do not allow System Extensions to get raw database connections Our own code, which may be called by a System Extension, needs to get a database connection Solution: Privileged block Code executing with more privileges can accomplish what it needs to

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Example private class DbConnectivityPrivilege implements PrivilegedExceptionAction { private Query _query; private Connection _con; private DbConnectivityPrivilege(Query query, Connection con) { _query = query; _con = con; } public Object run() throws Exception { _query.executeQuery( _con ); return null; }

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Example try { AccessController.doPrivileged( new DbConnectivityPrivilege(query, con)); } catch(PrivilegedActionException pae) { castException( pae ); }

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Example Initiates Stack Walk Terminates Stack Walk

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Policies Policies define the Permissions associated with code bases Default implementation uses a policy file Grant/deny permissions to code bases Grant/deny permissions to Subjects Person or Service New in JDK 1.4 with addition of JAAS Policies define the Permissions associated with code bases Default implementation uses a policy file Grant/deny permissions to code bases Grant/deny permissions to Subjects Person or Service New in JDK 1.4 with addition of JAAS

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Example Policy File Entries // Tomcat gets all permissions grant codeBase "file:${tomcat.home}${/}lib${/}-" { permission java.security.AllPermission; }; grant { permission java.util.PropertyPermission "java.version", "read"; permission java.util.PropertyPermission "java.vendor", "read"; } Tomcat.policy

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Activating Security Run-time properties on the command line -Djava.security.manager -Djava.security.policy java.security – Configuration file for setting security providers policy.provider – Class that is responsible for implementing the policy –Default is sun.security.provider.PolicyFile Run-time properties on the command line -Djava.security.manager -Djava.security.policy java.security – Configuration file for setting security providers policy.provider – Class that is responsible for implementing the policy –Default is sun.security.provider.PolicyFile

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Blackboard Implementation wrapper.properties/tomcat.sh Points to tomcat.policy service-config.properties code-level-access-control=true Can disable SecurityManager regardless of command line options Custom Policy implementation wrapper.properties/tomcat.sh Points to tomcat.policy service-config.properties code-level-access-control=true Can disable SecurityManager regardless of command line options Custom Policy implementation

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Blackboard Implementation SecurityUtil.checkPermission() Hides check for SecurityManager Propagates Security Exceptions BbPolicy Wraps code sources for System Extensions Attempts to prevent “over-riding” –You can’t just put permissions in the policy file SecurityUtil.checkPermission() Hides check for SecurityManager Propagates Security Exceptions BbPolicy Wraps code sources for System Extensions Attempts to prevent “over-riding” –You can’t just put permissions in the policy file

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Blackboard Permissions blackboard.persist.PersistPermission Name is the data object, actions are “read,create,modify,delete” Base persister and loader classes check for permission blackboard.persist.PersistPermission Name is the data object, actions are “read,create,modify,delete” Base persister and loader classes check for permission

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Blackboard Permissions blackboard.data.AttributePermission Controls access to attributes on a data object Naming convention allows single attributes or groups to be protected E.g., untrusted code can load a user, but can’t get the (hashed) password blackboard.data.AttributePermission Controls access to attributes on a data object Naming convention allows single attributes or groups to be protected E.g., untrusted code can load a user, but can’t get the (hashed) password

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Blackboard Permissions

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. System Extensions Deployed as a web application with a unique code source Code source is attached to /plugin directory, so it encompasses the /webapp and /config directories Manifest includes a permissions block Some filtering to restrict certain permissions Manifest is equivalent of policy file Deployed as a web application with a unique code source Code source is attached to /plugin directory, so it encompasses the /webapp and /config directories Manifest includes a permissions block Some filtering to restrict certain permissions Manifest is equivalent of policy file

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. System Extensions Enabling an extension at startup Read permissions from database Associate with web app code source Register servlet context with Tomcat –Registration of servlet context only occurs if extension is “Available” or “Unavailable”. Otherwise, no code may be executed Enabling an extension at startup Read permissions from database Associate with web app code source Register servlet context with Tomcat –Registration of servlet context only occurs if extension is “Available” or “Unavailable”. Otherwise, no code may be executed

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. System Extensions Permissions block contains 0 or more permission elements Same semantics as “grant” entries in the standard Java policy file No explicit deny Simple mnemonics for common types Runtime, Socket, Persist, Attribute Type attribute can be any fully qualified Java classname Must be a Permission sub-class, with two argument constructor (String, String) Permissions block contains 0 or more permission elements Same semantics as “grant” entries in the standard Java policy file No explicit deny Simple mnemonics for common types Runtime, Socket, Persist, Attribute Type attribute can be any fully qualified Java classname Must be a Permission sub-class, with two argument constructor (String, String)

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Default Permissions Read/write access to extension’s home directory Read access to Blackboard root Read access to data (via APIs) Read access to system properties Everything else must be explicitly declared… Read/write access to extension’s home directory Read access to Blackboard root Read access to data (via APIs) Read access to system properties Everything else must be explicitly declared…

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Example Permissions

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Manifest Limitations No escape syntax Properties that require user input, or information from local system, cannot be encoded in permission block No escape syntax Properties that require user input, or information from local system, cannot be encoded in permission block

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Tips Read the Javadoc for any third party libraries you are using Many developers don’t test their code with a security manager, so they don’t know what they’re touching –E.g., Axis configuration routines will throw SecurityException if run with a SecurityManager Think security… What would you as an administrator want to see disclosed? Read the Javadoc for any third party libraries you are using Many developers don’t test their code with a security manager, so they don’t know what they’re touching –E.g., Axis configuration routines will throw SecurityException if run with a SecurityManager Think security… What would you as an administrator want to see disclosed?

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Tips – Common Restrictions System.getProperties() returns a mutable copy of the system permission; thus you need Reflection requires runtime permission Spawning a process requires a runtime permission System.getProperties() returns a mutable copy of the system permission; thus you need Reflection requires runtime permission Spawning a process requires a runtime permission

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Conclusion System Extensions have access to verify both authentication and authorization Administrators have an additional level of disclosure about what extensions will access System Extensions have access to verify both authentication and authorization Administrators have an additional level of disclosure about what extensions will access

©2004 BLACKBOARD, INC. ALL RIGHTS RESERVED. Thank You! Tom Joyce, Blackboard Product Development Concluding Presentation is at 2PM: Building Blocks and Blackboard—A Look Ahead Salon H (Where the keynote was held) Tom Joyce, Blackboard Product Development Concluding Presentation is at 2PM: Building Blocks and Blackboard—A Look Ahead Salon H (Where the keynote was held)