JAVA

1
JAVA

• SECURITY
• BASIC NETWORKING
• MULTITHREATING
• Deniz HASTORUN
• Baris Ibrahim SÖNMEZER

2
Security Architecture (JDK1.0)
The original security model provided by the Java
platform, known as the "sandbox" model
3
Security Architecture (JDK1.1)
JDK 1.1 introduced the concept of "signed
applet"
4
Security Architecture (JDK1.2)
All code, regardless of whether it is local or
remote, can now be subject to a security policy.
The security policy defines the set of
permissions.
5
Controlling Applets

• Observe Applet Restrictions
• Set Up a Policy File to Grant the
  RequiredPermission
• See the Policy File Effects

6
Observe Applet Restrictions

• Currently JDK system code invokes security
  manager methods to perform resource access
  control checks.
• Applets are not allowed to access resources
  unless it is explicitly granted permission to do
  so by the security policy in effect.
• In Java platforms that are compatible with JDK
  1.2, the permission must be granted by an entry
  in a policy file.

7

• import java.awt.
• import java.io.
• import java.lang.
• import java.applet.
• public class WriteFile extends Applet
• String myFile "writetest"
• File f new File(myFile)
• DataOutputStream dos
• public void init()
• String osname System.getProperty("os.nam
  e")
• public void paint(Graphics g)
• try
• dos new DataOutputStream(new
  BufferedOutputStream(new FileOutputStream(myFile),
  128))
• dos.writeChars("Try to write to a file\n")
• dos.flush()
• g.drawString("Successfully wrote to the file
  named " myFile " look at it!", 10, 10)
• catch (SecurityException e)

the source code for an applet named WriteFile
that tries to create and to write to a file named
writetest in the current directory
8

• Compile javac WriteFile.java -gt Result
  WriteFile.class
• WriteFile.html
• lthtmlgtltpgtltapplet codeWriteFile.class width750
  height150gtlt/appletgt
• ltpgtlt/htmlgt
• The system caught the applet trying to access a
  resource it doesn't have permission to access.

9
Set up a Policy File to Grant the Required
Permission

• A policy file is an ASCII text file and can be
  composed via a text editor or the graphical
  Policy Tool utility.
• The Policy Tool saves you typing and eliminates
  the need for you to know the required syntax of
  policy files, thus reducing errors.
• You will use the Policy Tool to create a policy
  file, in which you will add a policy entry that
  grants code from the directory where
  WriteFile.class is stored permission to write the
  writetest file.
• Steps
• Start Policy Tool
• Grant Required Permissions
• Save the Policy File

10
Start Policy Tool

• To start Policy Tool, simply type the following
  at the command line policytool
• Whenever Policy Tool is started, it tries to
  fill in this window with policy information from
  what is sometimes referred to as the "user policy
  file".
• Default policy file user.home/.java.policy
  
• If Policy Tool cannot find the user policy file,
  it reports the situation and displays a blank
  Policy Tool window (that is, a window with
  headings and buttons but no data in it)

11
Grant the Required Permission

• Choose the Add Policy Entry button in the main
  Policy Tool window
• The CodeBase and the SignedBy text boxes are used
  to specify which code you want to grant the
  permission(s) you will be adding.
• A CodeBase value indicates the code source
  location.
• A SignedBy value indicates the alias for a
  certificate stored in a keystore.
• Choose the Add Permission button to bring up the
  Permissions dialog box.

12
Security Properties File

• Whenever you run an applet, or an application
  with a security manager, the policy files that
  are loaded and used by default are the ones
  specified in the "security properties file",
  which is located at one of the following
• Windows java.home\lib\security\java.security
• UNIX java.home/lib/security/java.security

13
Security Properties File

• The default policy files, sometimes referred to
  as the system and user policy files,
  respectively, are defined in the security
  properties file as
• policy.url.1 filejava.home/lib/security/java.
  policy
• policy.url.2
• fileuser.home/.java.policy
• You can edit this file if you want to add
  another policy file.

14
How to Restrict Applications

• A security manager is not automatically installed
  when an application is running.
• To apply the same security policy to an
  application found on the local file system as to
  downloaded applets, you can invoke the
  interpreter with the new -Djava.security.manager
  command line argument.
• Usage
• java -Djava.security.manager ltProg_namegt

15
Summary of Security Tools

• Policytool
• Keytool
• Jar
• Jarsigner
• are available to facilitate various
  security-related operations

16
Keystore

• a protected database that holds keys and
  certificates for an enterprise
• Access to a keystore is guarded by a password
  (defined at the time the keystore is created, by
  the person who creates the keystore, and
  changeable only when providing the current
  password).
• Default keystore user.home/.keystore

17
Keytool

• Use keytool to manage your keystore, for example
  to
• create public/private key pairs
• issue certificate requests (which you send to the
  appropriate Certification Authority)
• import certificate replies (obtained from the
  Certification Authority you contacted)
• designate public keys belonging to other parties
  as trusted

18
Jar

• Use the jar tool to create JAR files
• The Java ARchive (JAR) file format enables you to
  bundle multiple files into a single archive file
• When you want to "digitally sign" code, you use
  the jar tool to place it in a JAR file and the
  jarsigner tool to sign the JAR file

19
Jarsigner

• Use the jarsigner tool to sign JAR files, or to
  verify signatures on signed JAR files.
• The jarsigner tool accesses a keystore that is
  created and managed by keytool, when it needs to
  find the private key and its associated
  certificate chain to use when signing a JAR file.