Presentation is loading. Please wait.

Presentation is loading. Please wait.

Java Security Session 19. Java Security / 2 of 23 Objectives Discuss Java cryptography Explain the Java Security Model Discuss each of the components.

Published byGeraldine Parks Modified over 8 years ago

Similar presentations

Presentation on theme: "Java Security Session 19. Java Security / 2 of 23 Objectives Discuss Java cryptography Explain the Java Security Model Discuss each of the components."— Presentation transcript:

1 Java Security Session 19

2 Java Security / 2 of 23 Objectives Discuss Java cryptography Explain the Java Security Model Discuss each of the components that comprise the JSM Describe the security tools available as part of the Java platform

3 Java Security / 3 of 23 Introduction Security on the Internet is a big issue today Corruption of data Denial of access to services Attacks that simply annoy users Security model in Java2 has been enhanced to enable digitally signed applets to be run on the web Security of precious goods is only as good as the defense mechanism employed to guard it

4 Java Security / 4 of 23 Java2 security model Byte code verifier Class Loader Security Manager

5 Java Security / 5 of 23 Byte Code Verifier This verifies: Byte code represent legal JVM operations Possibilities of stack overflow or underflow Byte code does not compromise the type safety of operands Class methods observe all access specifiers such as public, private, etc. Examines the byte codes of a class before executing it

6 Java Security / 6 of 23 Class Loader The functions of a Class Loader include: Preventing conflict between any running programs that may have identical class names Ensures that users do not load system classes Byte code in this stage is assumed to be valid Applet Security Manager Checks Applets

7 Java Security / 7 of 23 Java Security Manager (JSM) Applets have to be downloaded and hence can cause potential attacks Applets can only manipulate data within a specified area (sandbox) of the hard disk Security Manager provides a sandbox as well as allows one to create a sandbox JSM also controls access to important resources, operations and access to files Standalone applications are trusted by default

8 Java Security / 8 of 23 Java Security Model Applications (Trusted by default) Applets (Untrusted by default) System and Network Resources Access Denied Applications (Trusted by default) Unsigned Applets (Untrusted by default) System and Network Resources Access Denied Signed Applets (Trusted) JDK 1.0 JDK 1.1

9 Java Security / 9 of 23 java.policy file Security policy file is located at JAVA_HOME\lib\security\java.policy where JAVA_HOME indicates location of JDK It is possible to specify a security policy that determines the access type an application or an applet is allowed

10 Java Security / 10 of 23 Safe environment in JSM Java Code Java Compiler Class Files (byte code) Byte code verifier Class Loader Java Interpreter Security Manager (if present) Executed program Transmission over Network or local file system

11 Java Security / 11 of 23 JDK security tools Authentication is an important and vital issue A digital signature solves two vital security concerns Authentication Integrity Sun offers three tools to digitally sign applets -jar, jarsigner and keytool A system on the Internet should lookout for components that lay the system open to intruders

12 Java Security / 12 of 23 The keytool utility (1) In private cryptography, a process takes a piece of data and uses a special key such as password to produce an encrypted password Only with the help of the key, one can decrypt the original message Data Encryption Standard is a widely used cryptographic system Used to create and manage public keys, private keys and security certificates

13 Java Security / 13 of 23 The keytool utility (2) Two keys that are mathematically related are created One for encryption and the other for decryption Used for: Managing public/private key pairs Storing public keys of people and groups Authentication of ones identity Verifying the source and integrity of data Public key cryptography is based on mathematical algorithms

14 Java Security / 14 of 23 The keytool utility (3) One can check the existence of keystore by: keytool –list keytool –list –keystore C:\myfolder\mystore -genkey option of keytool creates a public/private key pair keytool –genkey –alias aliasname While adding a key to a new keystore, a password has to be given Information managed by keytool is stored in a database called keystore

15 Java Security / 15 of 23 Creating a key pair (1) Example: Alias: aptechkey Organizational unit: Software Dev Organization: Gates Corp. City: Palo Alto, CA. State: CA (for California) County code:CA Key password: aptECH2k01 keytool utility asks a number of questions when we create a new key pair

16 Java Security / 16 of 23 Creating a key pair (2) The command –keytool –list –v –alias aptechkey give the following output:

17 Java Security / 17 of 23 Working with certificates (1) Indicates that the public key of a person has important value Digital certificates associate an identity with a public key Identity is called subject Authority that signs is called signer Statement signed by an authority

18 Java Security / 18 of 23 Working with certificates (2) Certificates follow the X.509 standard When we create a new public/private keypair, a self-signed certificate signed by the same entity that created the key pair is obtained keytool –alias aptechkey –certreq –file aptechreq.txt keytool utility can display, import and export certificates in addition to key pairs

19 Java Security / 19 of 23 jar tool and jarsigner tool jarsigner then digitally signs a java archive jarsigner MyApplet.jar aptechkey The key must have gone through a verification process before use Before java program can be digitally signed, it must be packaged into an archive form consisting of all class files and other files with the help of jar tool

20 Java Security / 20 of 23 Java Cryptography It also provides passwords to secure access Java.security file should include the following line: policy.url.2=file:${user.home}/.java.policy Java Cryptography classes enable us to encrypt and decrypt programs

21 Java Security / 21 of 23 Example (1)

22 Java Security / 22 of 23 Example (2)

23 Java Security / 23 of 23 Output

Download ppt "Java Security Session 19. Java Security / 2 of 23 Objectives Discuss Java cryptography Explain the Java Security Model Discuss each of the components."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 16 Secure Coding in Java and.NET Part 1: Fundamentals.

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 16 Secure Coding in Java and.NET Part 1: Fundamentals.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Java Applet Security Diana Dong CS 265 Spring 2004.

Java Applet Security Diana Dong CS 265 Spring 2004.
Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.

Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.
Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & email) Java Security on the Browser Java Security in the Enterprise.

Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & ) Java Security on the Browser Java Security in the Enterprise.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication (Part B)

Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication (Part B)
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
1 Lecture 4 George Koutsogiannakis/Summer 2011 CS441 CURRENT TOPICS IN PROGRAMMING LANGUAGES.

1 Lecture 4 George Koutsogiannakis/Summer 2011 CS441 CURRENT TOPICS IN PROGRAMMING LANGUAGES.
Administrivia Final exam: Wed, May 12, 3:00-5:00, in this room Q&A on it today Playoffs: Fri, May 14, noon-2:00, FEC 141 Post-class survey (anonymous)

Administrivia Final exam: Wed, May 12, 3:00-5:00, in this room Q&A on it today Playoffs: Fri, May 14, noon-2:00, FEC 141 Post-class survey (anonymous)
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Similar presentations

Ads by Google