Table of Contents
Java Security Architecture:�Risks and Realities
This talk made possible by...
Outline
Security and Mobile Code
Mobile code is smart
Mobile code is dumb
A brief history
Real mobile code security problems
The big question
Design for Security
Software assurance �in the real world
Create security guidelines
Sound Software Engineering
Design extension can be bad
Detailed specification
External security analysis
Risk-based testing
Security analysis
A real example
Errors in the real world
Errors in the real world (2)
Penetrate and patch is bad
Security is not cryptography
Java Architecture
A Classic Tradeoff
Java’s Answer
A Question of Trust
Securing Java
The Base Java Security Architecture (JDK 1.0.2)
Important features of� the Java language
Type safety
Type confusion
Untrusted code is restricted�(Web-based applets)
JVM runs untrusted code
The JDK 1.0.2 �three-prong defense
The Byte Code Verifier
The Applet Class Loader
The Security Manager
Four attack classes
Hostile applets
A chronology of �attack applets
A type confusion attack
ClassLoader type confusion
The VM flaw
The 1999 Verifier Hole
Are all of these problems�just implementation errors?
Who cares about security?
Sandboxes and Signatures
ActiveX insecurity
ActiveX exploits
Java versus ActiveX
The future of mobile code security (or perhaps the present)
Digital signatures
Signed applets
JDK 1.1
Fine-grained access control
Java 2
JavaSoft’s access control
An example policy
Categorizing mobile code
The Achilles’ heel
Beyond Java 2
Abstraction as architecture
Stack inspection
Simple stack inspection
A simple example
Simple stack inspection in practice
Current systems
Generalized checkPrivilege
Princeton’s ABPL model
So what?
Commercial security�technologies for mobile code
Technologies
Mobile code security vendors
Where to trap mobile code
Mobile code isolation
Black listing
Killing errant code
Policy management
Challenges facing mobile code
Lessons from the trenches
Challenges facing secure �mobile code
12 rules for writing safer Java�Chapter 7 of Securing Java
What rigorous software �assurance offers
Software assurance for Java
Where to Learn More
The Java Security Web Site
Java Security:�Hostile Applets, Holes, & Antidotes
References
Questions
|