Java Applet Security - PowerPoint PPT Presentation

About This Presentation
Title:

Java Applet Security

Description:

Java Applet Security Diana Dong CS 265 Spring 2004 The Problem Millions of users download Java applets everyday, sometimes without prior approval from the user How to ... – PowerPoint PPT presentation

Number of Views:67
Avg rating:3.0/5.0
Slides: 16
Provided by: Diana127
Learn more at: http://www.cs.sjsu.edu
Category:
Tags: applet | java | security

less

Transcript and Presenter's Notes

Title: Java Applet Security


1
Java Applet Security
  • Diana Dong
  • CS 265
  • Spring 2004

2
The Problem
  • Millions of users download Java applets everyday,
    sometimes without prior approval from the user
  • How to ensure malicious applets will not wreak
    havoc on the local machine?

3
Sandbox Idea
  • A place where Java applet code can be executed,
    but no areas outside of the sandbox can be
    accessed by the applet.
  • Removes the responsibility of checking applet
    source from the user
  • Ensures execution of malicious applet will not do
    damage to the local machine

4
Sandbox cont'd
  • Sandbox prohibits
  • File system access
  • Network access
  • Creation of process
  • Process acess

5
4 Major Components of the Sandbox
  • Java Virtual Machine (JVM) built-in features
  • Class loader
  • Class file verifier
  • Security manager

6
JVM Built-in Features
  • Type-safe reference casting
  • Structured memory access (no pointers)
  • Automatic garbage collection (can't explicitly
    free allocated memory)
  • Array bounds checking

7
Class Loader
  • Responsible for importing binary data that
    defines the running program's classes and
    interfaces
  • Two types of class loaders primordial class
    loader and class loader objects

8
Class Loader cont'd
  • Primordial class loader loads trusted classes,
    such as the Java API. Classes that are loaded
    this way becomes part of the JVM.
  • Class loader objects are untrusted objects loaded
    into the JVM and instantiated like any other
    object

9
Class Loader cont'd
10
Class Loader cont'd
  • How does it protect?
  • Prevents malicious code from interfering with
    benevolent code namespace. Classes are loaded
    into its own namespace. No access to other
    classes outside of its own namespace.
  • It guards the borders of the trusted class
    libraries. Customizable.

11
Class Verifier
  • Checks the integrity of the class file to ensure
    no illegal bytecodes have been added
  • Uses built-in theorem prover to check integrity

12
Class Verifier
  • 4 passes
  • Class file is read into interpreter and basic
    format of class file is checked
  • Additional verification of the class file without
    looking at the bytecodes
  • Bytecode verification of each method
  • Additional bytecode verification at runtime

13
Security Manager
  • Defines which requests are allowed or disallowed
    through methods which can be overridden
  • Works hand-in-hand with the class loader to
    define the boundaries of the sandbox, i.e. what
    is allowed or disallowed.

14
Other Methods
  • ActiveX uses code signing and digital signature.
    Verified signatures from trusted source imply
    reliable ActiveX control.
  • Java too offer digital signature in addition to
    the sandbox.

15
Questions?
Write a Comment
User Comments (0)
About PowerShow.com