Download presentation
Presentation is loading. Please wait.
Published byLorena Floyd Modified over 9 years ago
1
1 cs205: engineering software university of virginia fall 2006 Forgiveness and Permissions
2
2 cs205: engineering software Program Execution Program Monitor Speakers SuperSoaker 2000 Disk Memory Network Reference Monitor
3
3 cs205: engineering software Policy and Mechanism AccessController provides a mechanisms for enforcing a security policy –Can insert checking code before certain operations are allowed A security policy determines what the checking code allows
4
4 cs205: engineering software Java Policy [jre directory]\lib\security\java.policy // Standard extensions get all permissions by default grant codeBase "file:${{java.ext.dirs}}/*" { permission java.security.AllPermission; }; // default permissions granted to all domains grant { // Allows any thread to stop itself using the java.lang.Thread.stop() // method that takes no argument. // Note that this permission is granted by default only to remain // backwards compatible. // It is strongly recommended that you either remove this permission // from this policy file or further restrict it to code sources // that you specify, because Thread.stop() is potentially unsafe. // See "http://java.sun.com/notes" for more information. permission java.lang.RuntimePermission "stopThread"; // allows anyone to listen on un-privileged ports permission java.net.SocketPermission "localhost:1024-", "listen"; //... (also allows some standard properties to be read) };
5
5 cs205: engineering software Permissions java.security.Permission AllPermission java.io.FilePermission SocketPermission
6
6 cs205: engineering software Better Solution? Impose a policy on the browser and everything running inside it Windows Vista will do this: –Browser runs at “low integrity” mode –Low integrity processes cannot: Modify higher integrity securable objects (e.g., files, network sockets, Interact with higher integrity
7
7 cs205: engineering software Hostile Applets See http://java.sun.com/sfaq/chronology.html (about 1 new vulnerability/month) Easy to write “annoying” applets (policy is too imprecise; no way to constrain many resource operations) Don’t try these at home... http://www.cigital.com/hostile-applets/index.html
8
8 cs205: engineering software What can go wrong? Java API doesn’t call right SecurityManager checks (63 calls in java.*) –Font loading bug, synchronization ClassLoader is tricked into loading external class as internal Policy is too weak (allows damaging behavior) Enforcement relies on low-level code safety properties
9
9 cs205: engineering software Project Team Management “Democracy” –Works fine but doesn’t scale –If everyone is responsible, no one is responsible “Hierarchy” –Someone is in charge: delegates work, responsible for making sure it gets done –Requires leadership, subordination – difficult in peer groups
10
10 cs205: engineering software Bytecode Verifier malcode.class JVML Object Code Java Bytecode Verifier Alice User JavaVM “Okay” Invalid STOP Trusted Computing Base
11
11 cs205: engineering software Computer Architecture Processor does computation Memory stores bits Input Devices (mouse, keyboard, accelerometer) get input from user and environment Output Devices (display, speakers) present output to user
12
12 cs205: engineering software Central Processing Unit (CPU)
13
13 cs205: engineering software Intel 4004 First general purpose microprocessor, 1971 4-bit data 46 instructions –8-bit instructions!
14
14 cs205: engineering software PC Motherboard From http://www.cyberiapc.com/hardwarebeg.htm Memory CPU
15
15 cs205: engineering software Inside the CPU Registers Loads and decodes instructions from memory ALU: Arithmetic Logic Unit –Does arithmetic –Can only operate on values in registers –Must load values from memory into registers before computing with them
16
16 cs205: engineering software Compiler Translates a program in a high-level language into machine instructions Calling convention –How are parameters passed to functions –How is the stack managed to return Register allocation –Figure out how to use registers efficiently
17
17 cs205: engineering software 6: int max (int a, int b) { 00401010 push ebp 00401011 mov ebp,esp 00401013 sub esp,40h 00401016 push ebx 00401017 push esi 00401018 push edi 00401019 lea edi,[ebp-40h] 0040101C mov ecx,10h 00401021 mov eax,0CCCCCCCCh 00401026 rep stos dword ptr [edi] 7: if (a > b) { 00401028 mov eax,dword ptr [ebp+8] 0040102B cmp eax,dword ptr [ebp+0Ch] 0040102E jle max+25h (00401035) 8: return b; 00401030 mov eax,dword ptr [ebp+0Ch] 00401033 jmp max+28h (00401038) 9: } else { 10: return a; 00401035 mov eax,dword ptr [ebp+8] 00401038 pop edi 00401039 pop esi 0040103A pop ebx 0040103B mov esp,ebp 0040103D pop ebp 0040103E ret int max (int a, int b) { if (a > b) { return b; } else { return a; } push instruction is 1 byte mov instruction is 2 bytes Dealing with function call: updating stack, moving arguments Cleanup and return
18
18 cs205: engineering software Java Virtual Machine
19
19 cs205: engineering software Java Ring (1998)
20
20 cs205: engineering software Java Card
21
21 cs205: engineering software Java Virtual Machine Small and simple to implement All VMs will run all programs the same way Secure
22
22 cs205: engineering software Implementing the JavaVM load class into memory set the instruction pointer to point to the beginning of main do { fetch the next instruction execute that instruction } while (there is more to do); Some other issues we will talk about next week: Verification – need to check byte codes satisfy security policy Garbage collection – need to reclaim unused storage
23
23 cs205: engineering software Charge Next classes: understanding byte codes and the byte code verifier Project ideas due Wednesday
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.