1

Lecture 4

George Koutsogiannakis/Summer 2011

CS441

CURRENT TOPICS IN PROGRAMMING LANGUAGES

Examples of Programs

• Source code is available on the course’s web site under examples:– Mortgage Calculator- Border Layout– Mortgage Calculator – GridBagLayout– JTable – Editable Table– JTable – Selecting Rows/Columns – Mortgage Calculator Applet version – Using

Appletviewer with Policy File.

2

Applets

• Java programs that are intended to be stored on the web server side but executed on the client side by a browser.

• Applets do not need a main method.

• Applet is actually a top graphical container.

• To create an Applet class we inherit the library class JApplet.

3

Applets

4

Web Server1)Html file that calls the applet

2)Applet bytecodes file

• Browser with access to JRE

1) Asks for html file and

interprets it.

2) Asks for applet .class file

3) Calls JRE to interpret it

Applets

• Example of creating an Applet class

import java.swing.JApplet;

class MyApplet extends JApplet

{

}

5

Applets

• Inside our class we can override one or more of the methods in the JApplet class that define an Applet’s lifecycle:– public MyApplet()

• Default constructor called by the Browser after the applet is loaded.

– public void init()• Used for initialization code i.e assigning initial values to

variables. It is called by the Browser every time the page is visited including the first time it is loaded.

6

Applets

– public void start()• Called by the Browser right after int() or every time the web page is

visited

– public void stop()• Called by the Browser when the page becomes inactive.

– public void Destroy()• Called by the Browser to exit the applet.

– public void paint(Graphics g)• Called by the Browser the first time that the Applet is drawn.

• Called by the Applet every time repaint is called.

• Called by the Applet if there is some action o n the screen like the clicking of mouse.

7

Calling an Applet from html

• To call an Applet program use an html file with the html tag:– <applet code=“MyApplet.class” width=350

height=200>

</applet>

8

Applet Security

• Browser acts as a sandbox for an applet:– It does not allow an applet to make system calls.

• As a result it can’t for example:

Open a File for reading or writing.

Call exit to exit the applet program.

Any other system call.

• The above restrictions can be removed if the applet is declared to be “trusted code”.– We will learn how to do that by using policy files and certificates.

9

Applets and Policy Files

• Appletviewer allows non-production testing of an applet. Behaves like a Browser.– We can provide security overrides via a policy

file.– Policy file scan be created using the Policy

Tool that comes with the jdk.– C:>policytoolThe above simple command activates the policy file tool

10

Java Security-Policy File

Simple policy file to be used with appletviewer:

grant {

permission java.security.AllPermission;

};

The policy file is saved as: policy_file_name.policy

In the same directory as the applet class file.

11

Java Security- Policy File

• The policy file can be also written manually scripting using a text editor, no compilation is needed.

• Here is another example of a more elaborate policy file:

grant signedBy “George” , codebase “file:C:\\myjavaprograms\cs441\.*” {

permission java.security.SecurityPermission “Security.insertProvider.*”;

permission java.security.SecurityPermission “Security.removeProvider.*”;

Permission java.security.SecurityPermission “Security.setProperty.*”;

}This policy file:

• indicates that code was packaged in a signed JAR file and placed in the directory (folder) cs441. The term signs implies that the JAR file was signed with a digital signature (will be explained later in more detail).

• The signature can be verified by using the “public key” (term to be explained later) referenced by the alias “George”

12

Java Security- Policy File

• The code can then access the security system of Java and change provider.

– Provider= The class that implements security

• The code is allowed to change security properties.

13

Java Security Architecture

• Java security provided by the JVM and the language:– Applies to application programs.– Applets that are transferred over the web.– Network security.– Server side security.

14

Java Security Architecture

• Java Security Model characteristics:– Enforced via policy files. JVM resources can be controlled via the

policy file.

– It is a domain based security model.

– Allows cryptographic digital signatures to be generated and attached to a JAR file.

– Resources downloaded over the web (applets) have restricted access to local resources (sandbox).

• Those are un trusted resources.

– i.e applets are not allowed system calls on local system

– i.e applets are not allowed to connect back to the server they came from.

15

Java Security Architecture

– Resources downloaded over the web can become trusted resources.

• Via digital signatures.

• Via certificates.

• Via policy files.

• Trusted resources override the sandbox restrictions.

– All applications have full control of local system resources unless they are restricted access via a ProtectionDomain.

• ProtectionDomain are either ‘System Domains” or “Application Domains”

• They group classes into a group and associate them with permissions on specific resources.

• A Java application program can have both system and application specific domains (i.e. allow certain system calls but only on specific resources for this application).

16

Java Security Architecture

– SecurityManager class (java.lang.Security) enforces the security policy of an application.

• An application ‘s security manager can be activated to use a specific policy file for an application by using the command:

C:> java –Djava.security.manager –Djava.security.policy=mypolicy.policy MyJavaApplication

– Every application gets a default security manager object.

– You can create your own SecurityManager class and be a provider of security.

– Java Web Start Security allows java applications to be deployed, launched, and updated from a web server.

17

Java Security Tools

• Tools are part of the jdk and facilitate the enforcement of security.– policytool: generates policy files.

– keystore: a database where keys (encrypted passwords) can be stored along with certificates.

– keytool: allows users to administer their own public/private keys and certificates.

– jarsigner: digitally signs Java Archive Files (JAR files).

18

JAVA SECURITYARCHITECTURE

19

System Resources

Security Manager

Public Domain Sandbox

Keystore

Policy File

User Classes

Bytecodes Verifier

Class Loader

Trusted Code Non Trusted Code

Java System Security Master Files

• JSE SecurityFiles are located at:

– /Program Files/Java/jdk1.6.0_11/jre/lib/security/

• Files are:– cacerts: The default keystore that comes with the java system. Used to

store keys and certificates.

– java.policy: The default master policy file for the SecurityManager

– java.security: The master property file that contains security related properties. File is read every time a program is executed. It identifies providers of security

– javaaws.policy: The master policy file for Web Services.

– local-policy.jar and Usexport-policy.jar: Used when an application needs to be used in another country. Some countries have restrictions on cryptography.

20

Java System Security- Security Properties File

• Properties file security.properties sets the properties to be used by the java.security library classes.

• The term “provider” refers to the user’ s cryptographic packages to be used by the java.security library classes.

• Example of properties:– #List of providers is given by property lines:

security.provider.1=sun.security.provider.Sun

Security.provider.2=com.sun.rsajca.Provider

# where Sun and Provider are library classes that control the security and the cryptographic algorithms used.

# Sun class identifies the signature algorithms available (i.e. DSA, DSS, SHA/DSA, MD5 etc.).

21

Java System Security- Security Properties File

– # Provider class represents the provider of security in terms of implementing the cryptographic algorithms and the key generation.

– # Provider class can be used by new security providers to register themselves in the properties file.

– # A new Provider can implement new security services and add them to the security mechanism of Java.

– # The specification “Java Cryptography Architecture API Specification and Reference” describes how a new provider with new services are added to the security mechanism.

22

Java System Security- Security Properties File

– #Identification of the library class that will be used to instantiate the system policy Object:

policy.provider.=sun.security.provider.PolicyFile

– #The system policy file is identified by:

policy.url.1=file:$(java.home)/lib/security/java.policy

policy.url.2=file:$(user.home)/.java.policy

– # We can add our own security policy file right underneath the previous policy files

policy.url.3=file:/C:/MyJavaPrograms/cs441/mypolicy.policy

Warning: Any changes to the properties file will apply to any java program executed on the local system.

23

Java System Security- Master Policy File

• Lists default permissions:permission java.util.PropertyPermission "java.version", "read";

permission java.util.PropertyPermission "java.vendor", "read";

permission java.util.PropertyPermission "java.vendor.url", "read";

permission java.util.PropertyPermission "java.class.version", "read";

permission java.util.PropertyPermission "os.name", "read";

permission java.util.PropertyPermission "os.version", "read";

• The master policy file can be amended (not recommended!!).

• The master policy file applies to all java programs executed by the local system.

24

Java System Security- Master Policy File

• The Java Runtime System creates a global Policy Object which is used to encapsulate the permissions granted in the master policy file.

• We can set a different master policy file or add additional policy permissions to the default permissions for a one time execution when we start the interpreter with the command:

>java –Djava.security.policy=“mypolicy.policy” MyJavaProgram

Or

>java –Djava.security.policy==“mypolicy.policy” MyJavaProgram

Where single “=“ means add to existing permissions in master file and

Double “ ==“ means use instead of master file permissions.This command adds the policy file that is in the current directory otherwise the

url path to the file needs to be entered before the name of the policy file. 25

Policy File Syntax

• Besides permissions a Java Policy File can have some other entries:– Keystore entry: Identifies the keystore (database) where keys (passwords) and

certificates are stored. It is used if the signer entry shows an alias name. The public key of the signer will be looked up in the keystore.

i.e. keystore url with_respect_to_policy_file

– After grant we can specify the signer :

i.e. grand signedBy “signer_name” , codebase “URL”

Where “signer_name” is the alias that was used when the certificate for the keystore was created and the “URL”is the path to where the code is located. No codebase URL entry means that permissions are granted to any code anywhere as opposed to the code stored at URL.

26

Importance of Security

• Questions that need to be answered:– Which applications are we protecting?

– Who are we protecting the applications from?

– Where should we protect these applications/?

– Why are we protecting these applications?

– Compliance with Federal and State laws

• Sarbanes_Oxley Act of 2002- companies must secure data

• Gramm-Leach-Bliley act of 1999- financial institutions must adapt strict privacy measures relating to customer data.

27

Requirements of Network Security

– Privacy: did a third unauthorized party captured information transmitted between two parties?

– Integrity: has the information transmitted from party A to party B altered on the way?

– Authentication: how do the sender and the receiver of information prove their identity to each other?

– Authorization: allow the user to access the information while preventing others from accessing.

– Non-repudiation: how do we legally prove that a message was sent and received (i.e. a contract) ?

– Prevent Breach of Availability: unauthorized distribution of data– Prevent Unauthorized usage of system resources.– Prevent Denial of Service: prevention of legitimate usage of message

transferring

28

Java Implementation of Security Goals

• Security Tools:– Tools that create keystores, policy files, digital signatures (encrypted passwords),

issuance of certificates.

• Special APIs (library classes) that extend the Security Architecture of Java:– JCE: Java Cryptography Extension provides java applications that allow:

• Secret key encryption ( using 3DES algorithm).

• Public key algorithms (Diffie-Hellman or RSA).

• Adding new algorithms.

– JAAS: Java Authentication and Authorization Service addresses problems associated with authentication and controlling access to the information via the Pluggable Authentication Module (PAM). PAM supports kerberos, smart cards and other.

29

Java Implementation of Security Goals

• Security Manager API allows the generation of user defined permissions via a user defined SecurityManager class.

• SSL: Secure Socket Layer implements a public key using RSA algorithm and digital certificates to authenticate the server in a transaction and to protect private information.

• It also encrypts the TCP/IP packets sent over the network.

• It is part of java.net.ssl library package.

30

Study Guide

• Read the online Java Tutorial on Security

http://java.sun.com/docs/books/tutorial/security/index.html

• “Web Based Application Development” text– Chapter 3

– Chapter 10

• As an example look at the Applet version of the Mortgage Calculator example. Download it from the course’s web site.

31

Appendix on JAR

• Allows compression of files.

• Allows execution of a java program in the jar file by clicking on the jar icon.

• Allows signing of the jar file for secured transmission.

32

Appendix -JAR

• Command to create a jar file:

C:\current_directory>jar cf name_of_jar.jar .*classCompresses all files with extension .class in the current

directory.

• Decompressing jar files:

C:\current_directory>jar xvf name_of_jar.jar

• Viewing the files in a jar file:

C:\current_directory>jar tvf name_of_jar.jar

33

Appendix -JAR

• To create a jar executable file (where the java program in the jar file is executed by clicking on the jar file icon):– Create a manifest file using Notepad

i.e. Manifest-Version 2.0

Main-Class: MyProgram

– Use commandC:\current_directory> jar cfmv MyManifestFile.mf NameofJar.jar .*class

34