Presentation is loading. Please wait.

Presentation is loading. Please wait.

Java Security Model For Mobile Code Abdo Achkar. Mobile Code A mobile object is a “self contained piece” of executable code. Definition:  Code that can.

Published byCaren Haynes Modified over 9 years ago

Similar presentations

Presentation on theme: "Java Security Model For Mobile Code Abdo Achkar. Mobile Code A mobile object is a “self contained piece” of executable code. Definition:  Code that can."— Presentation transcript:

1 Java Security Model For Mobile Code Abdo Achkar

2 Mobile Code A mobile object is a “self contained piece” of executable code. Definition:  Code that can be transmitted across a network and executed on the other end. Mobile code is dynamically loaded and executed by standalone programs. Ex: Browsers

3 Advantages Of Mobile Code In Distributed Systems Eliminates installation problems of desktop applications. Favors portability to different platforms. Enhances scalability of client/server applications. Reduces software distribution costs.

4 Criteria For Mobile Code Safe environment of execution Platform independence Life cycle control Security

5 Safety features built into the JVM  Type-safe reference casting  Structured memory access  Automatic garbage collection  Array bounds checking Safety features built into the JVM  Type-safe reference casting  Structured memory access How Does Java Ensure These Criteria? Safety features built into the JVM  Type-safe reference casting  Structured memory access  Automatic garbage collection Safety features built into the JVM  Type-safe reference casting  Structured memory access  Automatic garbage collection  Array bounds checking  Checking references for null Safety features built into the JVM  Type-safe reference casting

6 How Does Java Ensure These Criteria? (Cont’) The class loader architecture  Primordial class loader (trusted) The class loader architecture  Primordial class loader (trusted)  Class loader for other classes (non trusted) Every namespace has its own loader The class loader checks to make sure that the class does not declare itself to be a member of a trusted package

7 How Does Java Ensure These Criteria? (Cont’)  The class-file verifier Checks format and internal consistency  The class-file verifier Checks format and internal consistency Bytecode verifier  The class-file verifier Checks format and internal consistency Bytecode verifier Checks that no local variable is accessed before instantiation  The class-file verifier Checks format and internal consistency Bytecode verifier Checks that no local variable is accessed before instantiation Checks that class’ fields are assigned values of proper type.  The class-file verifier Checks format and internal consistency Bytecode verifier Checks that no local variable is accessed before instantiation Checks that class’ fields are assigned values of proper type. Checks methods’ arguments number and type

8 Class Verifier (cont’) Phase two and dynamic linking  Finding the class being referenced Phase two and dynamic linking  Finding the class being referenced  Replacing symbolic references with direct references (and remembering them)

9 The security manager  Defines the limits of the “sandbox” How Does Java Ensure These Criteria? (Cont’) The security manager  Defines the limits of the “sandbox”  Is consulted for permission for every potentially dangerous action. The security manager  Defines the limits of the “sandbox”  Is consulted for permission for every potentially dangerous action.  List of possible dangerous behaviors supported by security managers: Accepting/Opening sockets Modifying/Creating threads Creating new class loaders Creating new process Loading DLLs. Deleting/reading/writing from and to a file

10 Advantages of using Java in mobile code Unlike traditional software, java allows working with software that come from sources you do not fully trust. Java’s openness allows security holes to be identified and patched. Unlike traditional software, java allows working with software that come from sources you do not fully trust. Java’s openness allows security holes to be identified and patched. Java is platform independent Unlike traditional software, java allows working with software that come from sources you do not fully trust. Java’s openness allows security holes to be identified and patched. Java is platform independent Java is free Unlike traditional software, java allows working with software that come from sources you do not fully trust. Java’s openness allows security holes to be identified and patched. Java is platform independent Java is free Java code is robust (otherwise the loader/verifier would throw exceptions)

11 Disadvantages of Java Slow due to all checkings it does Does not allow low level control of hardware without having to call natives. (can be a security advantage) Slow due to all checkings it does Does not allow low level control of hardware without having to call natives. (can be a security advantage) Every class extends the class Object. This adds a lot of overhead to the program.

12 Questions

13 References http://www.javaworld.com/javaworld/jw-08- 1997/jw-08-hood.html http://www.javaworld.com/javaworld/jw-08- 1997/jw-08-hood.html http://www.javaworld.com/javaworld/jw-09- 1997/jw-09-hood.html http://www.javaworld.com/javaworld/jw-09- 1997/jw-09-hood.html http://www.javaworld.com/javaworld/jw-10- 1997/jw-10-hood.html http://www.javaworld.com/javaworld/jw-10- 1997/jw-10-hood.html http://www.javaworld.com/javaworld/jw-11- 1997/jw-11-hood.html http://www.javaworld.com/javaworld/jw-11- 1997/jw-11-hood.html http://www.cafeaulait.org/course/week13/26.html http://www.sims.berkeley.edu/academics/course s/is206/f97/GroupC/java.html http://www.sims.berkeley.edu/academics/course s/is206/f97/GroupC/java.html

Download ppt "Java Security Model For Mobile Code Abdo Achkar. Mobile Code A mobile object is a “self contained piece” of executable code. Definition:  Code that can."

Similar presentations

Why Have The OSGi Specifications Been Based On Java Technology ? By Peter Kriens, CEO aQute OSGi Technology Officer www.aQute.se.

Why Have The OSGi Specifications Been Based On Java Technology ? By Peter Kriens, CEO aQute OSGi Technology Officer
CSci 1130 Intro to Computer Programming in Java

CSci 1130 Intro to Computer Programming in Java
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Portability and Safety Mahdi Milani Fard Dec, 2006 Java.

Portability and Safety Mahdi Milani Fard Dec, 2006 Java.
Introduction To Java Objectives For Today â Introduction To Java â The Java Platform & The (JVM) Java Virtual Machine â Core Java (API) Application Programming.

Introduction To Java Objectives For Today â Introduction To Java â The Java Platform & The (JVM) Java Virtual Machine â Core Java (API) Application Programming.
Java Applet Security Diana Dong CS 265 Spring 2004.

Java Applet Security Diana Dong CS 265 Spring 2004.
Java security (in a nutshell)

Java security (in a nutshell)
Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & email) Java Security on the Browser Java Security in the Enterprise.

Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & ) Java Security on the Browser Java Security in the Enterprise.
Introduction to JAVA Vijayan Sugumaran School of Business Administration Oakland University Rochester, MI 48309.

Introduction to JAVA Vijayan Sugumaran School of Business Administration Oakland University Rochester, MI
Lab Information Security Using Java (Review) Lab#0 Omaima Al-Matrafi.

Lab Information Security Using Java (Review) Lab#0 Omaima Al-Matrafi.
Lab#1 (14/3/1431h) Introduction To java programming cs425

Lab#1 (14/3/1431h) Introduction To java programming cs425
The Java Language. Topics of this Course  Introduction to Java  The Java Language  Object Oriented Programming in Java  Exceptions Handling  Threads.

The Java Language. Topics of this Course  Introduction to Java  The Java Language  Object Oriented Programming in Java  Exceptions Handling  Threads.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Object Orientated Programming

Object Orientated Programming
Java: History and Introduction (Lecture # 1). History… Java – Based on C and C++ – Developed in 1991 for intelligent consumer electronic devices – Green.

Java: History and Introduction (Lecture # 1). History… Java – Based on C and C++ – Developed in 1991 for intelligent consumer electronic devices – Green.
Introduction to By Mati Yanko. Primary Goals of Java Portable Secured Object Oriented.

Introduction to By Mati Yanko. Primary Goals of Java Portable Secured Object Oriented.
Introduction to Java Programming

Introduction to Java Programming
Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.

Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.
JETT 2003 Java.compareTo(C++). JAVA Java Platform consists of 4 parts: –Java Language –Java API –Java class format –Java Virtual Machine.

JETT 2003 Java.compareTo(C++). JAVA Java Platform consists of 4 parts: –Java Language –Java API –Java class format –Java Virtual Machine.
Programming Language Semantics Java Threads and Locks Informal Introduction The Java Specification Language Chapter 17.

Programming Language Semantics Java Threads and Locks Informal Introduction The Java Specification Language Chapter 17.

Similar presentations

Ads by Google