Unformatted text preview:

Java Applet SecurityThe ProblemSandbox IdeaSandbox cont'd4 Major Components of the SandboxJVM Built-in FeaturesClass LoaderClass Loader cont'dSlide 9Slide 10Class VerifierSlide 12Security ManagerOther MethodsQuestions?Java Applet SecurityDiana DongCS 265Spring 2004The ProblemMillions of users download Java applets everyday, sometimes without prior approval from the userHow to ensure malicious applets will not wreak havoc on the local machine?Sandbox IdeaA place where Java applet code can be executed, but no areas outside of the sandbox can be accessed by the applet.Removes the responsibility of checking applet source from the userEnsures execution of malicious applet will not do damage to the local machineSandbox cont'dSandbox prohibits:File system accessNetwork accessCreation of processProcess acess4 Major Components of the SandboxJava Virtual Machine (JVM) built-in featuresClass loaderClass file verifierSecurity managerJVM Built-in FeaturesType-safe reference castingStructured memory access (no pointers)Automatic garbage collection (can't explicitly free allocated memory)Array bounds checkingClass LoaderResponsible for importing binary data that defines the running program's classes and interfaces Two types of class loaders: primordial class loader and class loader objectsClass Loader cont'dPrimordial class loader loads trusted classes, such as the Java API. Classes that are loaded this way becomes part of the JVM.Class loader objects are untrusted objects loaded into the JVM and instantiated like any other objectClass Loader cont'dClass Loader cont'dHow does it protect?Prevents malicious code from interfering with benevolent code – namespace. Classes are loaded into its own namespace. No access to other classes outside of its own namespace. It guards the borders of the trusted class libraries. Customizable.Class VerifierChecks the integrity of the class file to ensure no illegal bytecodes have been addedUses built-in theorem prover to check integrityClass Verifier4 passes1. Class file is read into interpreter and basic format of class file is checked2. Additional verification of the class file without looking at the bytecodes3. Bytecode verification of each method4. Additional bytecode verification at runtimeSecurity ManagerDefines which requests are allowed or disallowed through methods which can be overriddenWorks hand-in-hand with the class loader to define the boundaries of the sandbox, i.e. what is allowed or disallowed.Other MethodsActiveX uses code signing and digital signature. Verified signatures from trusted source imply reliable ActiveX control.Java too offer digital signature in addition to the


View Full Document

SJSU CS 265 - Java Applet Security

Documents in this Course
Stem

Stem

9 pages

WinZip

WinZip

6 pages

Rsync

Rsync

7 pages

Hunter

Hunter

11 pages

SSH

SSH

16 pages

RSA

RSA

7 pages

Akenti

Akenti

17 pages

Blunders

Blunders

51 pages

Captcha

Captcha

6 pages

Radius

Radius

8 pages

Firewall

Firewall

10 pages

SAP

SAP

6 pages

SECURITY

SECURITY

19 pages

Rsync

Rsync

18 pages

MDSD

MDSD

9 pages

honeypots

honeypots

15 pages

VPN

VPN

6 pages

Wang

Wang

18 pages

TKIP

TKIP

6 pages

ESP

ESP

6 pages

Dai

Dai

5 pages

Load more
Download Java Applet Security
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Java Applet Security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Java Applet Security 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?