Transcript Java Security Model For Mobile Code

Java Security Model For
Mobile Code
Abdo Achkar
Mobile Code
Definition:
Code that can be transmitted across a
network and executed on the other end.
A mobile object is a “self contained
piece” of executable code.
Mobile code is dynamically loaded
and executed by standalone
programs. Ex: Browsers
Advantages Of Mobile Code
In Distributed Systems
Eliminates installation problems of
desktop applications.
Favors portability to different
platforms.
Enhances scalability of client/server
applications.
Reduces software distribution costs.
Criteria For Mobile Code
Safe environment of execution
Platform independence
Life cycle control
Security
How Does Java Ensure These
Criteria?
Safety features built into the JVM
Type-safe reference casting
Structured memory access
Automatic garbage collection
Array bounds checking
Checking references for null
How Does Java Ensure These
Criteria? (Cont’)
The class loader architecture
Primordial class loader (trusted)
Class loader for other classes (non trusted)
Every namespace has its own loader
The class loader checks to make sure that
the class does not declare itself to be a
member of a trusted package
How Does Java Ensure These
Criteria? (Cont’)
The class-file verifier
Checks format and internal
consistency
Bytecode verifier
• Checks that no local variable is accessed
before instantiation
• Checks that class’ fields are assigned
values of proper type.
• Checks methods’ arguments number and
type
Class Verifier (cont’)
Phase two and dynamic linking
Finding the class being referenced
Replacing symbolic references with direct
references (and remembering them)
How Does Java Ensure These
Criteria? (Cont’)
The security manager
Defines the limits of the “sandbox”
Is consulted for permission for every
potentially dangerous action.
List of possible dangerous behaviors
supported by security managers:
Accepting/Opening sockets
Modifying/Creating threads
Creating new class loaders
Creating new process
Loading DLLs.
Deleting/reading/writing from and to a file
Advantages of using Java in mobile
code
 Unlike traditional software, java allows
working with software that come from
sources you do not fully trust.
 Java’s openness allows security holes to
be identified and patched.
 Java is platform independent
 Java is free
 Java code is robust (otherwise the
loader/verifier would throw exceptions)
Disadvantages of Java
Slow due to all checkings it does
Does not allow low level control of
hardware without having to call natives.
(can be a security advantage)
Every class extends the class Object. This
adds a lot of overhead to the program.
Questions
References
 http://www.javaworld.com/javaworld/jw-081997/jw-08-hood.html
 http://www.javaworld.com/javaworld/jw-091997/jw-09-hood.html
 http://www.javaworld.com/javaworld/jw-101997/jw-10-hood.html
 http://www.javaworld.com/javaworld/jw-111997/jw-11-hood.html
 http://www.cafeaulait.org/course/week13/26.html
 http://www.sims.berkeley.edu/academics/course
s/is206/f97/GroupC/java.html