Warning:
JavaScript is turned OFF. None of the links on this page will work until it is reactivated.
If you need help turning JavaScript On, click here.
This Concept Map, created with IHMC CmapTools, has information related to: Java, Code Source Java Code is downloaded over a network, so the code's signature and author are critical to maintain a secure environment. The object java.security.CodeSource describes a piece of code. CodeSource encapsulates the code's origin, which is specified as an URL. Set of digital certificates containing public keys corresponding to the set of private keys are used to sign the code security Security Policy Files During testing standard files are not modified and hence policy file is required for each application. For this purpose place permissions into a separate file such as MyApp.policy and start the interpreter as java –Djava.security.policy=MyApp.policy MyApp For applets appletviewer –J-Djava.security.policy=MyApplet.policy MyApplet.html, Code Source Java Code is downloaded over a network, so the code's signature and author are critical to maintain a secure environment. The object java.security.CodeSource describes a piece of code. CodeSource encapsulates the code's origin, which is specified as an URL. Set of digital certificates containing public keys corresponding to the set of private keys are used to sign the code security Security Policy Files SecureClassLoader assigns permissions when loading classes, by asking policy object to look up the permissions for the code source of each class.Own Policy class can be installed to carry out mapping from code sources to permissions., Java Security features Java Technology uses three mechanisms to ensure safety. Language design features(bounds checking on arrays,legal type conversions etc). An access control mechanism that controls what the code can do(file access, network access etc). Code signing: code authors can use standard cryptographic algorithms to authenticate java programming language code. Users of the code can determine who created the code and whether the code is altered or not after it was signed. and Byte Code Verifier Checks a classfile for validity: Code should have only valid instructions and register use. Code does not overflow/underflow stack. Does not convert data types illegally. Accesses objects correct types. Method calls use correct number and types of parameters. References to other classes use legal names., Permissions Permission classes represent access to various system resources such as files, sockets and so on. Collection of permissions can be construed as a customizable security policy for an installation. Permission classes represent approvals, but not denials. Permissions granted to a ProtectionDomain also called "privileges" contains PropertyPermission Gives rights to properties. Similar to OS environment variables. Target. Specific property: os.name. Pattern: java.*. Actions (1+): read,write., Permissions Permission classes represent access to various system resources such as files, sockets and so on. Collection of permissions can be construed as a customizable security policy for an installation. Permission classes represent approvals, but not denials. Permissions granted to a ProtectionDomain also called "privileges" contains Permission Subclasses File permission class. Gives rights to local files/directories. Path name/pattern. Specific path:file,directory,directory/file. All files in directory: directory/*. All files recursively in directory: directory/-. For current directory, omit "directory/." For all files (dangerous), "<<All Files>>." Rights set (1+): read,write,execute,delete., Code Source Java Code is downloaded over a network, so the code's signature and author are critical to maintain a secure environment. The object java.security.CodeSource describes a piece of code. CodeSource encapsulates the code's origin, which is specified as an URL. Set of digital certificates containing public keys corresponding to the set of private keys are used to sign the code security Security Policy Files In the previous example MyApp.policy file is added to other policies in effect. If you add a second equal sign, such as java –Djava.security.policy==MyApp.policy MyApp then your application uses only the specified policy file and standard policy files are ignored., Code Source Java Code is downloaded over a network, so the code's signature and author are critical to maintain a secure environment. The object java.security.CodeSource describes a piece of code. CodeSource encapsulates the code's origin, which is specified as an URL. Set of digital certificates containing public keys corresponding to the set of private keys are used to sign the code security Security Policy Files Policy files can be installed in standard locations and the two default locations are The file java.policy in the java platform home directory. The file .java.policy in the user home directory. The locations of these files in the java.security configuration files can be changed, Class Loaders Customized ClassLoader or a subclass from java.security. SecureClassLoader provides security features beyond the standard Java2 security model. ClassLoader loads classes into VM and is responsible for the namespaces at runtime. Namespaces as identically named identifiers can reference different objects. Primordial class loader loads bootstrap classes in a platform-dependent manner. System classes, some classes in java.* package are essential to the JVM and the runtime system are loaded by System ClassLoader. and Class Loaders Is an important link in security chain and loads java byte codes into the JVM. It works in conjunction with the security manager and access controller to enforce security rules. It is involved in enforcing some security decisions earlier in an objects lifetime than the security manager. Information about the URL from which the code is originated and the code’s signers is initially available to the ClassLoader., Permissions Permission classes represent access to various system resources such as files, sockets and so on. Collection of permissions can be construed as a customizable security policy for an installation. Permission classes represent approvals, but not denials. Permissions granted to a ProtectionDomain also called "privileges" contains Other Permission SubClasses Runtime Permission: string with permission name - createClassLoader - getClassLoader - setSecurityManager - exitVM, Permissions Permission classes represent access to various system resources such as files, sockets and so on. Collection of permissions can be construed as a customizable security policy for an installation. Permission classes represent approvals, but not denials. Permissions granted to a ProtectionDomain also called "privileges" contains Socket Permission Host. Local Machine: "local host." Given machine: IP address or hostname. All hosts in a domain: *.domain. All hosts: *. Portrange. Single port: portnumber. Port range: port1-port2, port1-,-port2. Actions(1+): accept,connect,listen,resolve., Java Security features Java Technology uses three mechanisms to ensure safety. Language design features(bounds checking on arrays,legal type conversions etc). An access control mechanism that controls what the code can do(file access, network access etc). Code signing: code authors can use standard cryptographic algorithms to authenticate java programming language code. Users of the code can determine who created the code and whether the code is altered or not after it was signed. ???? Java Security Architechture