Transcript Lab1x

Java Security Model
Lab#1
I. Omaima Al-Matrafi
Safety features built into the JVM
•
•
•
•
•
Type-safe reference casting
Structured memory access (no pointer arithmetic)
Automatic garbage collection
Array bounds checking
Checking references for null (Accessing or modifying
null obj.)
3
Java Sandbox
• It is the bounds of program play (run) area .
• Java software programs can run safely, without
potential risk to systems or users.
4
The Security Model (JDK 1.0)
• The Java Security Model is made up of three
primary pieces:
▫ The Bytecode Verifier
▫ The Class Loader
▫ The Security Manager
These components serve the following
purpose:
• The classes are in the correct format.
• Only the collect classes are loaded.
• Untrusted classes will not execute dangerous
instructions.
• Untrusted classes are not allowed to access
protected system resources.
Java security
• Java security technology includes a large set of
APIs, tools, and implementations of commonly
used security algorithms, mechanisms, and
protocols.
• The Java security APIs span a wide range of
areas, including cryptography, public key
infrastructure, secure communication,
authentication, and access control.
Java SE Security Features
• Platform Security
▫
▫
▫
▫
Strong data typing
Automatic memory management
Bytecode verification
Secure class loading
• Cryptography
▫ Comprehensive API with support for a wide range
of cryptographic services including:
 digital signatures, message digests, ciphers
(symmetric, asymmetric, stream & block), message
authentication codes, key generators.
▫ Support for a wide range of standard algorithms
including RSA, DSA, AES, Triple DES, SHA,
PKCS#5, RC2, and RC4.
• Authentication and Access Control
▫ Abstract authentication APIs that can incorporate
a wide range of login mechanisms
▫ A comprehensive policy and permissions API that
allows the developer to create and administer
applications
• Secure Communications
▫ APIs and implementations for the following
standards-based secure communications
protocols: Transport Layer Security (TLS), Secure
Sockets Layer (SSL),
▫ Full support for HTTPS over SSL/TLS is also
included.
▫ Authenticates peers over an untrusted network
and protects the integrity and privacy of data
transmitted between them.
• Public Key Infrastructure (PKI)
▫ Tools for managing keys and certificates.
12
New in 1.4
• Separate packages that are now included as part of JDK
▫ JCE - Java Cryptography classes
▫ JSSE - Java Secure Sockets Extension
▫ JAAS - Java Authentication and Authorization
Services
▫ More..
13
JCE – Java Cryptography Extensions
• JCE covers
▫ encryption and decryption
 symmetric bulk encryption, such as DES, RC2, and IDEA
 Asymmetric encryption, such as RSA
 Password-based encryption (PBE)
▫ key agreement
▫ Message Authentication Code (MAC)
Sample Program..
This program demonstrates how to encrypt/decrypt
input using the Blowfish Cipher with the Java
Cryptograhpy.
Lab work
• Read from the user (using Scanner) at least 10
words and write your name and ID then save it
in a txt file “lab1.txt”.
HomeWork1
• Write a program “wordOccurrence” that reads a word from
the user and search for it in a text file ”HW1.txt”. Then,
display the number of occurrence for that word.
Enter the word: and
The number of occurrence is: 5
• Write a text file “HW1.txt” with at least 30 words, and write
your name and ID at the end.
What to submit:
• wordOccurrence.java
• The text file “HW1.txt”
• printout of the output of this program