Presentation is loading. Please wait.

Presentation is loading. Please wait.

Java Security Shmuel Babad CEO MidLink Computing LTD

Published byShannon Ryan Modified over 9 years ago

Similar presentations

Presentation on theme: "Java Security Shmuel Babad CEO MidLink Computing LTD"— Presentation transcript:

1 Java Security Shmuel Babad CEO MidLink Computing LTD
Session #, Speaker Name Java Security Shmuel Babad CEO MidLink Computing LTD Middleware Lecturer at John Bryce Training A MidLink presentation 4/22/2017

2 Goals Java security components and architecture
JAAS within Java Security Concepts and components of JAAS Look beyond JAAS A short demo of JAAS A MidLink presentation Beginning

3 Objectives Overview of major Security issues
Describe the Java Security architecture and major Concepts Introduce JAAS JAAS Development PAM Beyond JAAS – Instance based security Overview of JACC A MidLink presentation Beginning

4 Speaker’s Qualifications
Middleware expert Over 7 years of experience in designing developing and administration of middleware tools and Over 4 years of using J2EE implementation Currently working for John Bryce Pelephone Amdocs Orange CEO of MidLink – a middleware services company Lectures on advanced J2EE topics at John Bryce training A MidLink presentation Beginning

5 What is our biggest security problem?
Security issues What is our biggest security problem? The one we don’t know about yet! A MidLink presentation Beginning

6 Evolving security needs
Driven by Integration Internal Applications (EAI) External systems More transaction are performed over communications A bigger threat More valuable information Sophisticated hacking Available large scale hacking Terror oriented attacks A MidLink presentation Beginning

7 Presentation Outline Security basics Java security basic concepts
Cryptography in Java JAAS Beyond JAAS JAAS Demo A MidLink presentation Beginning

8 Security involves Authentication Authorization Encoding / Encryption
Session #, Speaker Name Security involves Authentication Verifying the users’ identity via Certificate User/Password or other credentials Authorization Verifying whether a user has access to protected resources Encoding / Encryption Monitoring / Logging A MidLink presentation Middle 4/22/2017

9 Session #, Speaker Name Java Security Java provides an evolving and expending model currently (1.4) based on: Native java.security package JAAS Java Authentication and Authorization Service JCE Java Cryptography Extension JSSE Java Secure Socket Extension JAVA GSS-API Use Kerberos V5 mechanism Java Certification Path API Build and validate certification paths ("certificate chains") A MidLink presentation Middle 4/22/2017

10 Java Security Architecture
Session #, Speaker Name Java Security Architecture Fine-grained access control Configurable security policy Extensible access control structure Checks to all Java programs, including applications (also good for server side) 1.0 – Remote code not trusted with any Valuable resources using three protector mechanisms: The bytecode verifier ensures only legitimate Java bytecodes are executed The JVM SecurityManager The classloader uses a local name space to ensure untrusted applets cannot interfere with the running of other programs 1.1 Signed applets were introduced. They were run as localcode. Unsigned applets still run in the sandbox. 2 Complex security model including Fine-grained access control – w out having to subclass internal code like the class loader Easily configurable security policy – again w out coding Easily extensible access control structure – including yet-to-be-defined permissions Extension of security checks to all Java programs, including applications as well as applets – although old model can still be used All without writing code A MidLink presentation 4/22/2017

11 Java Security Concepts
Session #, Speaker Name Java Security Concepts Protection Domain Application domain System domain Principal (identity) Permission (class) Policy SecurityManager and AccessController A domain can be scoped by the set of objects that are currently directly accessible by a principal Protection domains are determined by the policy currently in effect The Java application environment maintains a mapping from code (classes and instances) to their protection domains and then to their permissions The permission classes represent access to system resources The system security policy for a Java application environment, specifying which permissions are available for code from various sources, is represented by a Policy object SecurityManager versus AccessController – central point of control versus an algorithm based approach Tools keytool stores the keys and certificates in a so-called keystore - chains of X.509 certificates provided by Certification Authorities The PolicyTool is a GUI generating, editing, exporting, or importing a security policy The jarsigner tool can be used to digitally sign Java archives A MidLink presentation 4/22/2017

12 JCA Java Cryptography Architecture
Session #, Speaker Name JCA Java Cryptography Architecture Design principles Implementation independence and interoperability Algorithm independence and extensibility Provided algorithms include: Digital Signature Algorithm (DSA) including: Public and private keys generator Parameter generator & parameter manager Key factory providing bi-directional conversions MD5 and SHA-1 message digest algorithms A "SHA1PRNG" pseudo-random number generation algorithm In JDK 1.1, the JCA included APIs for digital signatures and message digests Java 2 SDK support X.509 v3 certificates Includes a "provider" architecture that allows for multiple and interoperable cryptography implementations The Java Cryptography Extension (JCE) extends the JCA API to include APIs for encryption, key exchange, and Message Authentication Code (MAC) Algorithm independence is achieved by defining types of cryptographic "engines" (services). The provider provides An implementation of the Digital Signature Algorithm (DSA), described in NIST FIPS 186. An implementation of the MD5 (RFC 1321) and SHA-1 (NIST FIPS 180-1) message digest algorithms. A DSA key pair generator for generating a pair of public and private keys suitable for the DSA algorithm. A DSA algorithm parameter generator. A DSA algorithm parameter manager. A DSA key factory providing bi-directional conversions between (opaque) DSA private and public key objects and their underlying key material. An implementation of the proprietary "SHA1PRNG" pseudo-random number generation algorithm, following the recommendations in the IEEE P1363 standard (Appendix G.7). A certificate path builder and validator for PKIX, as defined in the Internet X.509 Public Key Infrastructure Certificate and CRL Profile (available as a draft from Internet Engineering Task Force at the time of this writing.). A certificate store implementation for retrieving certificates and CRLs from Collection and LDAP directories, using the PKIX LDAP V2 Schema (RFC 2587). A certificate factory for X.509 certificates and Certificate Revocation Lists (CRLs). A keystore implementation for the proprietary keystore type named JKS. A MidLink presentation 4/22/2017

13 JCA Provided algorithms (cont)
Session #, Speaker Name JCA Provided algorithms (cont) A certificate path builder & validator for PKIX (X.509) A certificate factory for X.509 certificates and Certificate Revocation Lists (CRLs) A certificate store for retrieving certificates and CRLs from Collection and LDAP directories (PKIX LDAP V2 Schema) A proprietary keystore called JKS In JDK 1.1, the JCA included APIs for digital signatures and message digests Java 2 SDK support X.509 v3 certificates Includes a "provider" architecture that allows for multiple and interoperable cryptography implementations The Java Cryptography Extension (JCE) extends the JCA API to include APIs for encryption, key exchange, and Message Authentication Code (MAC) Algorithm independence is achieved by defining types of cryptographic "engines" (services). The provider provides An implementation of the Digital Signature Algorithm (DSA), described in NIST FIPS 186. An implementation of the MD5 (RFC 1321) and SHA-1 (NIST FIPS 180-1) message digest algorithms. A DSA key pair generator for generating a pair of public and private keys suitable for the DSA algorithm. A DSA algorithm parameter generator. A DSA algorithm parameter manager. A DSA key factory providing bi-directional conversions between (opaque) DSA private and public key objects and their underlying key material. An implementation of the proprietary "SHA1PRNG" pseudo-random number generation algorithm, following the recommendations in the IEEE P1363 standard (Appendix G.7). A certificate path builder and validator for PKIX, as defined in the Internet X.509 Public Key Infrastructure Certificate and CRL Profile (available as a draft from Internet Engineering Task Force at the time of this writing.). A certificate store implementation for retrieving certificates and CRLs from Collection and LDAP directories, using the PKIX LDAP V2 Schema (RFC 2587). A certificate factory for X.509 certificates and Certificate Revocation Lists (CRLs). A keystore implementation for the proprietary keystore type named JKS. A MidLink presentation 4/22/2017

14 What is JAAS Java Authentication and Authorization Service
Introduced as an optional package in J2SE 1.3 Integrated into J2SE 1.4 Implements a Java Pluggable Authentication Module (PAM) framework Access decisions are based on CodeSource and the User running the code A MidLink presentation

15 Before JAAS Security and Authorization decisions were based on
Code origin Who signed it A Trusted Library may be given access to sensitive resources while an Applet or another Library may have that access restricted A MidLink presentation

16 After introducing JAAS
With the integration of JAAS and J2SE Security model, authorization decisions can be made based on: Code origin Who signed it Who is running the code A Library may not have access privileges to resources when running without a User context or when being executed by User Bart, but when User Andy executes the Library those permissions may be granted A MidLink presentation

17 JAAS Features Pure Java implementation
Session #, Speaker Name JAAS Features Pure Java implementation Flexible access control policy for user-based, group-based, and role-based authorization Single sign-on support Pluggable Authentication Module (PAM) framework implementation for authenticating users Before JASS You could check it is actually the Applet you downloaded to the client that is running After JAAS You can ask “who is running the applet?” A MidLink presentation 4/22/2017

18 JAAS – Core classes Common Classes Authentication Classes
Session #, Speaker Name JAAS – Core classes Common Classes Subject Principals Credentials Authentication Classes LoginContext LoginModule CallbackHandler Callback Authorization Classes Policy AuthPermission PrivateCredentialPermission A MidLink presentation Middle 4/22/2017

19 JAAS – Subject Subject represent the source of a request
Session #, Speaker Name JAAS – Subject Subject represent the source of a request The Subject is a container for associated Principals Public Credentials (public keys) Private Credentials (passwords, private keys) doAs methods can be called to perform as a particular subject (delegation) For example, a person may have a name Principal ("John Doe") and a SSN Principal (" "), which distinguish it from other Subjects A MidLink presentation 4/22/2017

20 JAAS – Principal A Principal identifies a Subject. The Subject can be
Session #, Speaker Name JAAS – Principal A Principal identifies a Subject. The Subject can be A person A corporation An application A single Subject may have many Principals that serve to identify the entity A user can have Principals like User name Employee id Social security number For example, a person may have a name Principal ("John Doe") and a SSN Principal (" "), which distinguish it from other Subjects A MidLink presentation 4/22/2017

21 PAM Pluggable Authentication Modules
Session #, Speaker Name PAM Pluggable Authentication Modules The PAM framework enables multiple authentication technologies to be added without changing any of the login services The application calls the PAM API The request is forwarded to the appropriate authentication model – one or more (stack) Configuration is done via a pam.conf file Started in Solaris PAM can be used to integrate login services with different authentication technologies, such as RSA, DCE, Kerberos, S/Key, and smart card based authentication systems When an application calls the PAM API, it loads the appropriate authentication module, as determined by the configuration file, pam.conf . The request is forwarded to the underlying authentication module, for example, UNIX password, Kerberos, S/Key, to perform the specified operation. The PAM layer then returns the response from the authentication module to the application. PAM also includes account management, session management, and password management Sample PAM Configuration File (pam.conf) # # SERVICE MODULE TYPE CONTROL FLAG MODULE PATH OPTIONS login auth required pam_unix_auth.so nowarn login session required pam_unix_session.so login account required pam_unix_account.so login password required pam_unix_password.so ftp auth required pam_skey_auth.so debug ftp session required pam_unix_session.so telnet session required pam_unix_session.so passwd password required pam_unix_passwd.so OTHER auth required pam_unix_auth.so OTHER session required pam_unix_session.so OTHER account required pam_unix_account.so A MidLink presentation 4/22/2017

22 Pluggable Authentication Modules
An application using JAAS for authentication can remain independent of the underlying authentication technology A MidLink presentation

23 LoginModules in J2SE 1.4 JndiLoginModule – Authenticates against an LDAP tree Krb5LoginModule – Authenticates against a Kerberos domain UnixLoginModule – Authenticates against Unix security A MidLink presentation

24 JAAS – Authentication The application creates a LoginContext and calls login() The LoginContext refers to the LoginConfiguration to set up the appropriate LoginModules The LoginContext delegates the authentication to the LoginModules The LoginModules use the CallbackHandler to communicate with the application Once the login succeeds you can get the Subject from the LoginContext and get the authenticated Principals from the Subject A MidLink presentation

25 Java Security Packages
Session #, Speaker Name Java Security Packages java.security javax.resource.spi.security – contains APIs for the security management contract javax.security.auth – provides a framework for authentication and authorization javax.security.auth.callback – provides the classes necessary for services to interact with applications in order to retrieve information (authentication data including usernames or passwords, for example) or to display information (error and warning messages, for example) javax.security.auth.login – provides a pluggable authentication framework javax.security.auth.spi – provides the interface to be used for implementing pluggable authentication modules. A MidLink presentation Middle 4/22/2017

26 JAAS Authorization - Outline
CodeSource Protection Domains Access control Permissions Policy Privileged Actions by Subjects A MidLink presentation

27 CodeSource & ProtectionDomain
The CodeSource of a piece of Java code is the URL location that the code was loaded from and the Certificates that we used to sign the code The ProtectionDomain is a holder for the CodeSource and a Principal Each class is assigned a ProtectionDomain upon being loaded. The Principal is null when the class is first loaded. A MidLink presentation

28 AccessControlContext – a Context for Authorization Decisions
When making access decisions, the security system looks at every ProtectionDomain involved in the call. Access is granted only if every ProtectionDomain in the Context can have access. A less privileged PD can not gain privilege by calling a more privileged PD. And a more privileged PD must lose privilege when calling a less privileged PD. This is the principle of least privilege. A MidLink presentation

29 Permissions Permissions represent access to resources
All Permission objects have a name The meaning of the name parameter varies between implementations Typically the name identifies the resource to be accessed An “action” parameter can be used to define the type of access to the resource allowed A special permission exists to indicate unrestricted access to all resource: java.security.AllPermission A MidLink presentation

30 Policy The mapping between PDs and associated Permissions is stored by the Policy Policy is a Singleton A MidLink presentation

31 Policy The default implementation of Policy accepts text based configuration in the above format Each grant entry is composed of an optional CodeSource, Signers, Principals, and a list of Permissions Default security policy is <JRE_HOME>/lib/security/java.policy Can provide supplemental policy file location via -Djava.security.policy=<file> JVM parameter Can override the default policy file with: -Djava.security.policy==<file> JVM parameter A MidLink presentation

32 AccessController The AccessController embodies the access control algorithm It obtains the current AccessControlContext, which has an array of PDs and then for each PD checks whether the PD has the requested permission Verify that the current context has a permission: A MidLink presentation

33 PrivilegedAction Invoking a privileged action is done via a static method on the AccessController When a trusted library invokes a PrivilegedAction, the permissions of PDs in the call stack prior to the PrivilegedAction do not get checked A MidLink presentation

34 Associating a Subject with an Access Control Context
To associate a Subject with the current execution context, one of the Subject.doAs(…) methods must be used A MidLink presentation

35 Beyond JAAS – Instance-Based Security
Instance-based security is an authorization mechanism for protecting access to resources based on the identity of the resource This is a step forward from class-based security that protects access to resources based on the class of the resource A MidLink presentation

36 Beyond JAAS – JACC The Java Authorization Contract for Containers defines New java.security.Permission classes to satisfy the J2EE authorization model The binding of container access decisions to operations on instances of the new permission classes The installation and configuration of authorization providers for use by containers The interfaces that a provider must make available to allow container deployment tools to create and manage permission collections corresponding to roles The spec is in it’s final draft stages A MidLink presentation

37

38 Session #, Speaker Name Summary Java security is ever evolving, as are security problems, Thus we must implement new technologies and methodologies JAAS is the latest package added to improve Authentication Authorization and most of all control over applications JAAS allows you to manipulate resource access of code according to Who signed it Where it came from who’s running it! A MidLink presentation End 4/22/2017

39 If You Only Remember One Thing…
Session #, Speaker Name If You Only Remember One Thing… Security is like blood pressure At first you do not feel any pain And when you do - it Is too late.... A MidLink presentation End 4/22/2017

40 MidLink Middleware Infrastructure & Administration
Session #, Speaker Name Thank You! Shmuel Babad MidLink Middleware Infrastructure & Administration A MidLink presentation End 4/22/2017

Download ppt "Java Security Shmuel Babad CEO MidLink Computing LTD"

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Operating System Security

Operating System Security
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & email) Java Security on the Browser Java Security in the Enterprise.

Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & ) Java Security on the Browser Java Security in the Enterprise.
Understanding WebLogic Security

Understanding WebLogic Security
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.

Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory

Understanding Active Directory
Cheng-Chia Chen September 1999

Cheng-Chia Chen September 1999
JSSE API University of Palestine Eng. Wisam Zaqoot April 2010.

JSSE API University of Palestine Eng. Wisam Zaqoot April 2010.

Similar presentations

Ads by Google