The security mechanisms of Java
|
|
- Wilfred Hoover
- 6 years ago
- Views:
Transcription
1 The security mechanisms of Java Carlo U. Nicola, SGI FHNW With extracts from publications of : Sun developers' center documentation; David A. Wheeler, UC Berkeley; Klaus Ostermann, TH-Darmstadt.
2 Topics 1. The Java 2 security model 2. The wrapper Java 3. The real boss: 4. Java class 5. Java policy files 6. Protection domains in Java 7. Smallest security s units in Java AS HS12 2
3 Security Model: OpenXML and Java Java PEP: Java PAP! File: Java PIP! File: Java PDP: AS HS12 3
4 Java security in a nutshell Bytecode + Class loader security up with : set Java Core local libraries class-files are not Bytecode verified Activated by: or programmatically AS HS12 4
5 The Java security check algorithm Repeat Check if current method has the requested permission If not, throw n. Check if current method has amplified privileges. If so, grant permission. Consider calling method (move up call stack) Until call stack is empty From: Check if thread inherited the requested permission. If not, throw. If yes, grant permission. From: Protection domain Protection Domain: Stores in a per thread variable the intersection (Å) of the static permissions of all methods invoked since its start, and grant permission on the result of that intersection operation. AS HS12 5
6 The It is an historical flotsam: actually it is a wrapper who calls the AS HS12 6
7 What can the do? In the class there are:! methods that control access to files;! methods that control access to network resources;! methods that protect the JVM;! methods that protect system resources;! methods that protect security; For example in the System class, there are two methods to set up and use a custom made security manager: But setting a new security manager needs, besides a new System Manager, a permission in the file too. AS HS12 7
8 The method Since Java2 the ( ) class defines a new method ) that is called explicitly or implicitly as soon as the SM is activated:! Throws exception if does not hold, else returns;! All previous check methods are rewritten in terms of ;! Permits creation of new without changing the (as it was not the case with JDK1/0-1.1). By default now, it uses the class for its functionality. AS HS12 8
9 Example: A simple file write check (1) Start application with options: Calls implicitly AS HS12 9
10 Example: A simple file write check (2) Policy file: AS HS12 10
11 Security policy files in Java AS HS12 11
12 The Java security policy The fine-grained configurable policies for both Java Applet and Java applications are based upon the following techniques: A text file contains the custom security policy for an application: default file and file in At run time one or more of the following checks are made in dependence of the above policy : 1. Ã Ã Policy 2. Java 2 Runtime Security Check Algorithm (see slide 5) 3. class and its sub classes 4. and AS HS12 12
13 The structure of a file The security policy is an ASCII file (usually defined in ). It determines which system resources can be accessed and how they can be accessed. It becomes a Java object. The building blocks of a security policy are: 1. Origin and eventually authentication of a piece of code. Tag: :! An origin (URL) e.g.! A set of digital signatures: any number of files in a JAR can be signed. 2. An entry in the policy file is specified by : 3. Wildcards are allowed. AS HS12 13
14 Example The security manager operates according to the policy (defined in ) which consists of a set of rules, e.g. the default is: Or a more fine grained one: AS HS12 14
15 Creating a new policy file You may use to create or edit an existing policy file (but you can of course use any editor of your choice). The example policy file below grants two permissions: firstly, to the code signed by Duke the permission to read files located in the user's home directory, and secondly to the code from the location (regardless of who signed it) to read the system property. AS HS12 15
16 Managing policy files 1. By default, the JDK uses the policy files located in: 2. These policy files are specified in the default security file: 3. The final policy is the union of all granted permissions in all policy files. To specify an additional policy file, you can set the system property at the command line: or: 4. To ignore the policies in the file, and only use the specified policy, use ` ' instead of ` ': 5. Additional policy files can also be added to the file. For more information on policy files, see: AS HS12 16
17 The default java.policy file AS HS12 17
18 Example: an extension to AS HS12 18
19 Permissions in Java AS HS12 19
20 Permissions tree The permissions are positive, they grant access rather than deny access. By default, nothing extra is allowed. Two classes rule them: and AS HS12 20
21 : general template Permissions have often two arguments:! A target and! a set of actions e.g.: Applications are free to introduce new categories of permission AS HS12 21
22 : files Files: The targets: (recursively), The actions (one or more a.k.a 1+): Example: There is now read and write access to the file. The targets can be given in a platform-dependent format e.g. in Windows: AS HS12 22
23 : socket and properties Socket: Permissions to access a network via sockets:! The target host is specified with or along with a (or range ); (all hosts); (all hosts in domain)! The actions (1+):! Resolve is implied by any of the other actions. The action " " refers to host/ip name service lookups. Properties: Represents the permission to access various Java properties:! Target examples:! Actions (1+): AS HS12 23
24 : general layout and run time Basic permissions : Base class for named permissions: i.e. a permission that contains a name instead of a pair (target, action-set). Examples: (halting of the JVM! DoS), (initiation of a print job request) Run time permissions (named permission) :! Examples:! Another example: that gives permission to dynamic link in native libraries that are not under JVM s supervision. AS HS12 24
25 AWT permissions are named permissions: Examples: : AWT, net and security Net permissions are named permissions: Examples: (the ability to specify a stream handler when constructing a URL) Security permissions are named permissions. They control access to security related objects. Examples: AS HS12 25
26 Caveat emptor! a) Granting access to the entire file system is effectively the same as granting. b) Granting permission also effectively grants everything, because nobody knows exactly in which way the library depends upon the system's resources. AS HS12 26
27 Note on class class:! Encapsulates a permission granted or requested! Can be set read only (from then on immutable)! Can be grouped using classes and Jargon used in this context:! Permissions granted to a are also called privileges! But no separate Privilege class do exist. AS HS12 27
28 Creating new permissions 1. You can not change the built-in permission types; 2. You can make a class that extends one of the existing permission classes (see example below); 3. The new permissions must be referred to in the policy file. AS HS12 28
29 Using new permissions AS HS12 29
30 Policy file for new permission The file is defined as follows: AS HS12 30
31 Summary permissions 1. The permissions of a class are calculated at load time from the policy object. 2. But it can be delayed until the first security check. 3. Permissions are granted to classes, not to objects. 4. Permissions are additive. For example: code signed by A gets permission X and code signed by B gets permission Y code signed by A and B gets permission X and Y 5. Only positive permissions do exist: i.e. they always grant access and never deny access! AS HS12 31
32 Protections' domains AS HS12 32
33 class class Created from a and a Defines the set of permissions granted to classes; changes the to change permissions; Each class belongs to ONE instance, set at the class creation time (and never changed again); Access to these objects is restricted; getting its reference requires a. One can have more than one protection domain. AS HS12 33
34 Granularity: each class has a asks AS HS12 34
35 class This class extends the concept of a to encapsulate not only the location (URL) but also the certificate(s) that were used to verify the signed code originating from that location. Created from: A source (base) URL and An array of certificates This class is immutable. With the abstract method of the class one can implements URL partial matches: Permits policies to use URL patterns means that if one is granted permission a then one gets b too. AS HS12 35
36 class It provides an interface to the user policy i.e.: Given a, it returns a ; It is called during the setup stage of to set the class permissions. AS HS12 36
37 How a class and are loaded 1. A loaded class requests an unloaded class ; s is called, loads s class file, and calls the java byte code verifier; s is determined via java or user's security policy; 4. The policy object, given that, returns the class ; 5. If an existing has the same and, then it is reused, if this is not the case then a new is created and is assigned to it. AS HS12 37
38 Java 2 runtime security check algorithm If method requires the permission :! s implementation calls the current s method! By default this calls the class, which does the work and for each call stack entry, it unwinds from the caller: a) if the caller s lacks, an exception is thrown (fails); b) if the caller called the method without context, it executes and returns (dangerous); c) if the caller called the method doprivileged with context, it checks it and returns if context permits otherwise an exception is thrown (fails). AS HS12 38
39 Example 1. Multiple : of calls of that calls ; (in System s ) asks for a permission check; Permissions are checked against the s for, then for and finally for. Only if the intersection of all 3 sets contains the desired permission, is granted. call (without context): Same as above, but first calls When the permission check is requested, only the for is checked all others are not checked. AS HS12 39
40 Class Its method takes a snapshot of the current execution context ( stack trace ): The snapshot includes all ancestor threads; These contexts are stored in type ; The class itself has a method that makes access decisions based on the context it encapsulates. The results can be stored and used later to limit the privileges (instead of enabling all privileges). Its purpose: support actions on behalf of another one thread posts an event to another one delayed actions ( cron job) AS HS12 40
41 Algorithm implications Default privileges are the intersection (minimum) of all class permissions in the stack's call tree: Without, permissions that decrease the privilege are permitted (Principle of Least Privilege). enables all class privileges: Like Unix setuid ; it enables trusted classes to use their full set of privileges but only when requested; Without context it enables all privileges (dangerous!); With context it enables only those privileges that are also in the given context. This is a safe action because the resulting privileges are always less than those without context. AS HS12 41
42 Example : no context no return value Interface with only one method AS HS12 42
43 Example : no context but return value AS HS12 43
44 Example : with context AS HS12 44
45 Security hole 1. Fact: If a method is not overridden, the of its defining super class is used. 2. The consequence of this fact is obvious: Methods running (even indirectly) with privileges should not depend on protected variables! Why? Because a cracker could: a) create a sub class with a new method in which: b) method modifies a protected variable used by c) and so it causes to be invoked:! is influenced by! 3. Identified by David A. Wheeler Oct 1999 AS HS12 45
46 Java security at the method level AS HS12 46
47 (1) 1) To protect one method in all instances, use the + directly as we have shown so far. 2) To protect a reference to an individual instance, consider using the class : requesting class 1 3 reply with object-toguard 2 object-to-guard AS HS12 47
48 (2) The class encapsulates object-to-guard: asks interface to determine if the access is ok; Class implements by calling: doesn t implement it. A provider of object-to-guard does the following: Instantiates new (e.g., a ) Instantiates, using object-to-guard and the guard Gives s reference to requestors. Clients who wish to use object-to-guard call s : instance calls its s if ok, object-to-guard s reference is returned; if not ok, security exception is thrown. AS HS12 48
49 Use of This example demonstrates how to protect access to an object using a permission: AS HS12 49
50 Bibliography Li Gong, Inside Java 2 Platform Security (2 nd Edition), 2003, Palo Alto, CA: Addison-Wesley. G. McGraw & E. Felten, Java Security: Hostile Applets, Holes, and Antidotes, 1997, NY: John Wiley & Sons. G. McGraw & E. Felten, Securing Java: Getting Down to Business with Mobile Code, 1999, NY: John Wiley & Sons, Permissions in Java 7: AS HS12 50
Java Security. A Brief Introduction. Fred Long. The University of Wales, Aberystwyth UK. U.W. Aberystwyth CS25610/CHM5610. Java Security p.
Java Security A Brief Introduction Fred Long The University of Wales, Aberystwyth UK Java Security p.1/24 Some Books Java Security, by Scott Oaks, O Reilly, 2nd edition, 2001. Inside Java 2 Platform Security,
More informationOutline. (Old) Java Security. What is Java? Java Modes of Use. Java Virtual Machine (VM) and Class File Format. Java Language
Outline (Old) Java Security Adapted from presentation by David A. Wheeler Java Basics What is Java, Modes of Use, major components, implications, implementations, politics Security-related capabilities
More informationWhen Java technology burst onto the Internet scene in 1995,
MOBILE CODE SECURITY SECURE JAVA CLASS LOADING The class loading mechanism, LI GONG Sun Microsystems central to Java, plays a key role in JDK 1.2 by enabling When Java technology burst onto the Internet
More informationIdentity-based Access Control
Identity-based Access Control The kind of access control familiar from operating systems like Unix or Windows based on user identities This model originated in closed organisations ( enterprises ) like
More informationJava 2 Security. Dean Wette Senior Software Engineer Object Computing, Inc.
Java 2 Security Dean Wette Senior Software Engineer Object Computing, Inc. St. Louis Java Users Group, 11 Oct. 2001 University of MO-Rolla, Computer Science Colloquium, 1 Nov. 2001 Overview Java Platform
More informationToday. Instance Method Dispatch. Instance Method Dispatch. Instance Method Dispatch 11/29/11. today. last time
CS2110 Fall 2011 Lecture 25 Java program last time Java compiler Java bytecode (.class files) Compile for platform with JIT Interpret with JVM Under the Hood: The Java Virtual Machine, Part II 1 run native
More informationOutline. V Computer Systems Organization II (Honors) (Introductory Operating Systems) Language-based Protection: Solution
Outline V22.0202-001 Computer Systems Organization II (Honors) (Introductory Operating Systems) Lecture 21 Language-Based Protection Security April 29, 2002 Announcements Lab 6 due back on May 6th Final
More informationDOWNLOAD PDF CORE JAVA APTITUDE QUESTIONS AND ANSWERS
Chapter 1 : Chapter-wise Java Multiple Choice Questions and Answers Interview MCQs Java Programming questions and answers with explanation for interview, competitive examination and entrance test. Fully
More informationSoftware Security. Case Study: Java 2 Security. Copyright of HeathWallace 2008
Software Security Case Study: Java 2 Security 1 Agenda About Us Objectives Introduction Foundations of Java 2 Security Tools and APIs Conclusion 2 About Us 3 About HeathWallace Dominant supplier of online
More informationGrid4All Security User's Manual, Release 0.6
Grid4All Security User's Manual, Release 0.6 by Leif Lindbäck and Vladimir Vlassov Royal Institute of Technology (KTH), Stockholm, Sweden Email {leifl, vladv}@kth.se FP6 Project Grid4All (IST-2006-034567)
More informationCMPSC 497: Java Security
CMPSC 497: Java Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University 1 Enforcement Mechanisms Static mechanisms
More informationAddressing Security In The Eclipse Core Runtime (RCP)
Addressing Security In The Eclipse Core Runtime (RCP) What is needed & how do we get there? Larry Koved, Marco Pistoia, Ted Habeck IBM T. J. Watson Research Center Hawthorne, New York Eclipse RCP is intended
More informationLecture 20. Java Exceptional Event Handling. Dr. Martin O Connor CA166
Lecture 20 Java Exceptional Event Handling Dr. Martin O Connor CA166 www.computing.dcu.ie/~moconnor Topics What is an Exception? Exception Handler Catch or Specify Requirement Three Kinds of Exceptions
More informationCore JAVA Training Syllabus FEE: RS. 8000/-
About JAVA Java is a high-level programming language, developed by James Gosling at Sun Microsystems as a core component of the Java platform. Java follows the "write once, run anywhere" concept, as it
More informationSecurity Policy File Best Practices For Your Java/JDBC Modules
Security Policy File Best Practices For Your Java/JDBC Modules Ilesh Garish, PMTS, Oracle Douglas Surber, CMTS, Oracle Kuassi Mensah, Director, PM, Oracle Oct 02, 2017 2 Safe Harbor Statement The following
More informationJava for Programmers Course (equivalent to SL 275) 36 Contact Hours
Java for Programmers Course (equivalent to SL 275) 36 Contact Hours Course Overview This course teaches programmers the skills necessary to create Java programming system applications and satisfies the
More informationCS2110 Fall 2011 Lecture 25. Under the Hood: The Java Virtual Machine, Part II
CS2110 Fall 2011 Lecture 25 Under the Hood: The Java Virtual Machine, Part II 1 Java program last time Java compiler Java bytecode (.class files) Compile for platform with JIT Interpret with JVM run native
More informationConfiguration Provider: A Pattern for Configuring Threaded Applications
Configuration Provider: A Pattern for Configuring Threaded Applications Klaus Meffert 1 and Ilka Philippow 2 Technical University Ilmenau plop@klaus-meffert.de 1, ilka.philippow@tu-ilmena.de 2 Abstract
More informationArchitectures for secure portable executable content
Architectures for secure portable executable content Stefanos Gritzalis George Aggelis and Diomidis Spinellis The authors Stefanos Gritzalis is Assistant Professor in the Department of Informatics at the
More informationAP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS
AP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS PAUL L. BAILEY Abstract. This documents amalgamates various descriptions found on the internet, mostly from Oracle or Wikipedia. Very little of this
More informationJava Overview An introduction to the Java Programming Language
Java Overview An introduction to the Java Programming Language Produced by: Eamonn de Leastar (edeleastar@wit.ie) Dr. Siobhan Drohan (sdrohan@wit.ie) Department of Computing and Mathematics http://www.wit.ie/
More informationProtection Goals of Protection Principles of Protection principle of least privilege Domain Structure need to know principle
Protection Discuss the goals and principles of protection in a modern computer system Explain how protection domains combined with an access matrix are used to specify the resources a process may access
More informationJava Internals. Frank Yellin Tim Lindholm JavaSoft
Java Internals Frank Yellin Tim Lindholm JavaSoft About This Talk The JavaSoft implementation of the Java Virtual Machine (JDK 1.0.2) Some companies have tweaked our implementation Alternative implementations
More informationVII. Corente Services SSL Client
VII. Corente Services SSL Client Corente Release 9.1 Manual 9.1.1 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Table of Contents Preface... 5 I. Introduction... 6 Chapter 1. Requirements...
More informationDESIGN PATTERN - INTERVIEW QUESTIONS
DESIGN PATTERN - INTERVIEW QUESTIONS http://www.tutorialspoint.com/design_pattern/design_pattern_interview_questions.htm Copyright tutorialspoint.com Dear readers, these Design Pattern Interview Questions
More informationProject 1: Remote Method Invocation CSE 291 Spring 2016
Project 1: Remote Method Invocation CSE 291 Spring 2016 Assigned: Tuesday, 5 April Due: Thursday, 28 April Overview In this project, you will implement a remote method invocation (RMI) library. RMI forwards
More informationPage 1
Java 1. Core java a. Core Java Programming Introduction of Java Introduction to Java; features of Java Comparison with C and C++ Download and install JDK/JRE (Environment variables set up) The JDK Directory
More informationGeneos Gateway Authentication Technical Reference. Functional Area: Geneos Gateway Authentication. Geneos Release: v4.9. Document Version: v1.0.
Geneos Gateway Authentication Technical Reference Functional Area: Geneos Gateway Authentication Geneos Release: v4.9 Document Version: v1.0.0 Date Published: 25 October 2018 Copyright 2018. ITRS Group
More informationSELF-STUDY. Glossary
SELF-STUDY 231 Glossary HTML (Hyper Text Markup Language - the language used to code web pages) tags used to embed an applet. abstract A class or method that is incompletely defined,
More informationDistributed Systems Security: Java, CORBA, and COM+ April L. Moreno September 14, Abstract
Distributed Systems Security: Java, CORBA, and COM+ April L. Moreno September 14, 2002 Abstract Security can have varying levels of difficulty for implementation. One factor in determining the difficulty
More informationTopics. Java arrays. Definition. Data Structures and Information Systems Part 1: Data Structures. Lecture 3: Arrays (1)
Topics Data Structures and Information Systems Part 1: Data Structures Michele Zito Lecture 3: Arrays (1) Data structure definition: arrays. Java arrays creation access Primitive types and reference types
More informationCS 3 Introduction to Software Engineering. 3: Exceptions
CS 3 Introduction to Software Engineering 3: Exceptions Questions? 2 Objectives Last Time: Procedural Abstraction This Time: Procedural Abstraction II Focus on Exceptions. Starting Next Time: Data Abstraction
More informationData Structures (list, dictionary, tuples, sets, strings)
Data Structures (list, dictionary, tuples, sets, strings) Lists are enclosed in brackets: l = [1, 2, "a"] (access by index, is mutable sequence) Tuples are enclosed in parentheses: t = (1, 2, "a") (access
More informationAPI Knowledge Coding Guide Version 7.2
API Knowledge Coding Guide Version 7.2 You will be presented with documentation blocks extracted from API reference documentation (Javadocs and the like). For each block, you will be also presented with
More informationmetaxa and the Future of Reflection
metaxa and the Future of Reflection Michael Golm, Jürgen Kleinöder University of Erlangen-Nürnberg Dept. of Computer Science 4 (Operating Systems) Martensstr. 1, D-91058 Erlangen, Germany {golm, kleinoeder}@informatik.uni-erlangen.de
More informationException Handling Introduction. Error-Prevention Tip 13.1 OBJECTIVES
1 2 13 Exception Handling It is common sense to take a method and try it. If it fails, admit it frankly and try another. But above all, try something. Franklin Delano Roosevelt O throw away the worser
More informationModeling and Analyzing Security Requirements for Java
Modeling and Analyzing Security Requirements for Java A Major Qualifying Project Submitted to the Faculty of Worcester Polytechnic Institute In partial fulfilment of the requirements for the Degree of
More informationEnterpriseTrack Reporting Data Model Configuration Guide Version 17
EnterpriseTrack EnterpriseTrack Reporting Data Model Configuration Guide Version 17 October 2018 Contents About This Guide... 5 Configuring EnterpriseTrack for Reporting... 7 Enabling the Reporting Data
More information3A01:.Net Framework Security
3A01:.Net Framework Security Wolfgang Werner HP Decus Bonn 2003 2003 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Agenda Introduction to
More informationExceptions and Continuations. Lecture #19: More Special Effects Exceptions and OOP. Approach II: Non-Standard Return. Approach I: Do Nothing
Lecture #19: More Special Effects Exceptions and OOP Test #2 in two weeks (14 April), in class. Autograder runs Sunday night sometime. Exceptions and Continuations Exception-handling in programming languages
More informationOutline. Operating System Security CS 239 Computer Security February 23, Introduction. Server Machines Vs. General Purpose Machines
Outline Operating System Security CS 239 Computer Security February 23, 2004 Introduction Memory protection Interprocess communications protection File protection Page 1 Page 2 Introduction Why Is OS Security
More informationJava Security HotJava to Netscape and Beyond
Java Security HotJava to Netscape and Beyond Drew Dean Ed Felten Dan Wallach Department of Computer Science Princeton University 4/5/96 Introduction Q Remote Code is Everywhere Q Java - A new language
More information15CS45 : OBJECT ORIENTED CONCEPTS
15CS45 : OBJECT ORIENTED CONCEPTS QUESTION BANK: What do you know about Java? What are the supported platforms by Java Programming Language? List any five features of Java? Why is Java Architectural Neutral?
More informationJPAAM - pluggable authentication and authorization framework
JPAAM - pluggable authentication and authorization framework Marcel Haerry University of Berne Software Composition Group October 2, 2006 Abstract Many (web) applications share content between several
More informationJava RMI Middleware Project
Java RMI Middleware Project Nathan Balon CIS 578 Advanced Operating Systems December 7, 2004 Introduction The semester project was to implement a middleware similar to Java RMI or CORBA. The purpose of
More informationCSE P 501 Compilers. Java Implementation JVMs, JITs &c Hal Perkins Winter /11/ Hal Perkins & UW CSE V-1
CSE P 501 Compilers Java Implementation JVMs, JITs &c Hal Perkins Winter 2008 3/11/2008 2002-08 Hal Perkins & UW CSE V-1 Agenda Java virtual machine architecture.class files Class loading Execution engines
More informationThe Authenticator Pattern
The Authenticator Pattern F. Lee Brown, Jr. James DiVietri Graziella Diaz de Villegas CyberGuard Corp. Fort Lauderdale, FL 33309 Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic
More informationA process. the stack
A process Processes Johan Montelius What is a process?... a computation KTH 2017 a program i.e. a sequence of operations a set of data structures a set of registers means to interact with other processes
More informationSecurity and the.net Framework
Security and the.net Framework Code Access Security Enforces security policy on code Regardless of user running the code Regardless of whether the code is in the same application with other code Other
More informationSecurity and the.net Framework
Security and the.net Framework Code Access Security Enforces security policy on code Regardless of user running the code Regardless of whether the code is in the same application with other code Other
More informationJava Fundamentals p. 1 The Origins of Java p. 2 How Java Relates to C and C++ p. 3 How Java Relates to C# p. 4 Java's Contribution to the Internet p.
Preface p. xix Java Fundamentals p. 1 The Origins of Java p. 2 How Java Relates to C and C++ p. 3 How Java Relates to C# p. 4 Java's Contribution to the Internet p. 5 Java Applets and Applications p. 5
More informationMultiple Choice Questions. Chapter 5
Multiple Choice Questions Chapter 5 Each question has four choices. Choose most appropriate choice of the answer. 1. Developing program in high level language (i) facilitates portability of nonprocessor
More informationReal Application Security Administration
Oracle Database Real Application Security Administration Console (RASADM) User s Guide 12c Release 2 (12.2) E85615-01 June 2017 Real Application Security Administration Oracle Database Real Application
More informationThree Big Mechanisms
Java Security By Matt Payne, CISSP Derived from Wheeler s GPLed slides tinyurl.com/eyrjl CertConf.org Wednesday, August 10th, 10:30 AM Level: Beginner Slides are at MattPayne.org/talks Three Big Mechanisms
More informationObjective Questions. BCA Part III Paper XIX (Java Programming) page 1 of 5
Objective Questions BCA Part III page 1 of 5 1. Java is purely object oriented and provides - a. Abstraction, inheritance b. Encapsulation, polymorphism c. Abstraction, polymorphism d. All of the above
More informationTowards Introducing Code Mobility on J2ME. Laurentiu Lucian Petrea and Dan Grigoras Computer Science Department UCC Cork, Ireland
Towards Introducing Code Mobility on J2ME Laurentiu Lucian Petrea and Dan Grigoras Computer Science Department UCC Cork, Ireland www.mccg.ucc.ie Mobile Ad Hoc Networks Heterogeneous mobile devices No fixed
More informationSecure Object Sharing in Java Card
Secure Object Sharing in Java Card Michael Montgomery Austin Product Center Schlumberger Austin, TX 78726 mmontgomery@slb.com Ksheerabdhi Krishna Austin Product Center Schlumberger Austin, TX 78726 kkrishna@slb.com
More informationCompaq Interview Questions And Answers
Part A: Q1. What are the difference between java and C++? Java adopts byte code whereas C++ does not C++ supports destructor whereas java does not support. Multiple inheritance possible in C++ but not
More informationOverview of OOP. Dr. Zhang COSC 1436 Summer, /18/2017
Overview of OOP Dr. Zhang COSC 1436 Summer, 2017 7/18/2017 Review Data Structures (list, dictionary, tuples, sets, strings) Lists are enclosed in square brackets: l = [1, 2, "a"] (access by index, is mutable
More informationJava: introduction to object-oriented features
Chair of Software Engineering Carlo A. Furia, Marco Piccioni, Bertrand Meyer Java: introduction to object-oriented features Chair of Software Engineering Carlo A. Furia, Marco Piccioni, Bertrand Meyer
More informationCPS221 Lecture: Operating System Protection
Objectives CPS221 Lecture: Operating System Protection last revised 9/5/12 1. To explain the use of two CPU modes as the basis for protecting privileged instructions and memory 2. To introduce basic protection
More informationModule 4: Access Control
Module 4: Access Control Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University, Jackson, MS 39232 E-mail: natarajan.meghanathan@jsums.edu Access Control In general,
More informationMidterm Exam CPS 210: Operating Systems Spring 2013
Your name: Sign for your honor: Midterm Exam CPS 210: Operating Systems Spring 2013 The last page of this exam is a list of terms used in this class, and whose meanings you should know. You may detach
More informationSchool of Informatics, University of Edinburgh
CS1Bh Solution Sheet 4 Software Engineering in Java This is a solution set for CS1Bh Question Sheet 4. You should only consult these solutions after attempting the exercises. Notice that the solutions
More informationConfiguration of Windows 2000 operational consoles and accounts for the CERN accelerator control rooms
EUROPEAN ORGANIZATION FOR NUCLEAR RESEARCH CERN AB DIVISION CERN-AB-2003-105 (CO) Configuration of Windows 2000 operational consoles and accounts for the CERN accelerator control rooms M. Albert, G. Crockford,
More information[Course Overview] After completing this module you are ready to: Develop Desktop applications, Networking & Multi-threaded programs in java.
[Course Overview] The Core Java technologies and application programming interfaces (APIs) are the foundation of the Java Platform, Standard Edition (Java SE). They are used in all classes of Java programming,
More informationOS security mechanisms:
OS security mechanisms: Memory Protection: One of the important aspects of Operating system security is Memory Protection. Memory provides powerful indirect way for an attacker to circumvent security mechanism,
More informationProcesses. Johan Montelius KTH
Processes Johan Montelius KTH 2017 1 / 47 A process What is a process?... a computation a program i.e. a sequence of operations a set of data structures a set of registers means to interact with other
More informationOracle Database. Installation and Configuration of Real Application Security Administration (RASADM) Prerequisites
Oracle Database Real Application Security Administration 12c Release 1 (12.1) E61899-04 May 2015 Oracle Database Real Application Security Administration (RASADM) lets you create Real Application Security
More informationJava Primer 1: Types, Classes and Operators
Java Primer 1 3/18/14 Presentation for use with the textbook Data Structures and Algorithms in Java, 6th edition, by M. T. Goodrich, R. Tamassia, and M. H. Goldwasser, Wiley, 2014 Java Primer 1: Types,
More informationProgramming Project # 2. cs155 Due 5/5/05, 11:59 pm Elizabeth Stinson (Some material from Priyank Patel)
Programming Project # 2 cs155 Due 5/5/05, 11:59 pm Elizabeth Stinson (Some material from Priyank Patel) Background context Unix permissions model Prof Mitchell will cover during OS security (next week
More informationProcess Time. Steven M. Bellovin January 25,
Multiprogramming Computers don t really run multiple programs simultaneously; it just appears that way Each process runs to completion, but intermixed with other processes Process 1 6 ticks Process 2 Process
More informationIntroduction to Java. Lecture 1 COP 3252 Summer May 16, 2017
Introduction to Java Lecture 1 COP 3252 Summer 2017 May 16, 2017 The Java Language Java is a programming language that evolved from C++ Both are object-oriented They both have much of the same syntax Began
More informationWeb Servers and Security
Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market (Apache has 70%; IIS has 20%) Both major servers have lots
More informationCasting -Allows a narrowing assignment by asking the Java compiler to "trust us"
Primitives Integral types: int, short, long, char, byte Floating point types: double, float Boolean types: boolean -passed by value (copied when returned or passed as actual parameters) Arithmetic Operators:
More informationParametric Polymorphism for Java: A Reflective Approach
Parametric Polymorphism for Java: A Reflective Approach By Jose H. Solorzano and Suad Alagic Presented by Matt Miller February 20, 2003 Outline Motivation Key Contributions Background Parametric Polymorphism
More informationMerge Sort Quicksort 9 Abstract Windowing Toolkit & Swing Abstract Windowing Toolkit (AWT) vs. Swing AWT GUI Components Layout Managers Swing GUI
COURSE TITLE :Introduction to Programming 2 COURSE PREREQUISITE :Introduction to Programming 1 COURSE DURATION :16 weeks (3 hours/week) COURSE METHODOLOGY:Combination of lecture and laboratory exercises
More informationInterpreting Languages for the Java Platform
Interpreting Languages for the Java Platform http://www2.hursley.ibm.com/netrexx/ Mike Cowlishaw IBM Fellow mfc@uk.ibm.com netrexxi Overview A (very) brief introduction to NetRexx Demonstration -- compiling
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationKakadu and Java. David Taubman, UNSW June 3, 2003
Kakadu and Java David Taubman, UNSW June 3, 2003 1 Brief Summary The Kakadu software framework is implemented in C++ using a fairly rigorous object oriented design strategy. All classes which are intended
More informationJava Inheritance. Written by John Bell for CS 342, Spring Based on chapter 6 of Learning Java by Niemeyer & Leuck, and other sources.
Java Inheritance Written by John Bell for CS 342, Spring 2018 Based on chapter 6 of Learning Java by Niemeyer & Leuck, and other sources. Review Which of the following is true? A. Java classes may either
More informationWeiss Chapter 1 terminology (parenthesized numbers are page numbers)
Weiss Chapter 1 terminology (parenthesized numbers are page numbers) assignment operators In Java, used to alter the value of a variable. These operators include =, +=, -=, *=, and /=. (9) autoincrement
More informationContents. iii Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services August 1998, Revision B
Contents About the Course...xv Course Overview... xvi Course Map... xvii Module-by-Module Overview... xviii Course Objectives... xxii Skills Gained by Module... xxiii Guidelines for Module Pacing... xxiv
More informationChapter 4. Protection in General-Purpose Operating Systems. ch. 4 1
Chapter 4 Protection in General-Purpose Operating Systems ch. 4 1 Chapter Outline 4.1 Protected Objects and Methods of Protection 4.2 Memory and Address Protection 4.3 Control of Access to General Objects
More informationObject Oriented Programming with Java. Unit-1
CEB430 Object Oriented Programming with Java Unit-1 PART A 1. Define Object Oriented Programming. 2. Define Objects. 3. What are the features of Object oriented programming. 4. Define Encapsulation and
More informationThe Java Language Implementation
CS 242 2012 The Java Language Implementation Reading Chapter 13, sections 13.4 and 13.5 Optimizing Dynamically-Typed Object-Oriented Languages With Polymorphic Inline Caches, pages 1 5. Outline Java virtual
More informationA Report on RMI and RPC Submitted by Sudharshan Reddy B
A Report on RMI and RPC Submitted by Sudharshan Reddy B Abstract: This report mainly explains the RMI and RPC technologies. In the first part of the paper the RMI technology is briefly explained and in
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 4
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 4 Access Control Last time: Unix/Windows access control at the OS level. Access control matrix Reference monitor Today: Stack Inspection
More informationAgenda. CSE P 501 Compilers. Java Implementation Overview. JVM Architecture. JVM Runtime Data Areas (1) JVM Data Types. CSE P 501 Su04 T-1
Agenda CSE P 501 Compilers Java Implementation JVMs, JITs &c Hal Perkins Summer 2004 Java virtual machine architecture.class files Class loading Execution engines Interpreters & JITs various strategies
More informationWeb Servers and Security
Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache has 49%; IIS has 36% (source: http://news.netcraft.com/archives/2008/09/30/
More information20 Most Important Java Programming Interview Questions. Powered by
20 Most Important Java Programming Interview Questions Powered by 1. What's the difference between an interface and an abstract class? An abstract class is a class that is only partially implemented by
More informationCSE 401/M501 Compilers
CSE 401/M501 Compilers Code Shape II Objects & Classes Hal Perkins Autumn 2018 UW CSE 401/M501 Autumn 2018 L-1 Administrivia Semantics/type check due next Thur. 11/15 How s it going? Reminder: if you want
More informationJavaOS. David Burhans 2/3/2003 CS384 Dr. Taylor
JavaOS David Burhans 2/3/2003 CS384 Dr. Taylor Table of Contents JavaOS... 1 Table of Contents...i Table of Figures...ii Background... 1 Java... 1 Bytecode... 2 JavaOS... 2 Supported Computing Models...
More informationAccess Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.
Access Control CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Access Control Describe the permissions available to computing processes
More informationTOP Server Version 6 Security Settings
TOP Server 1 (10) TOP Server Version 6 TOP Server 2 (10) Contents Security Built In... 3 User Manager Configuration... 3 New User Accounts... 5 New User Group and Properties... 5 Configuration Security...
More informationIntroduction to Programming Using Java (98-388)
Introduction to Programming Using Java (98-388) Understand Java fundamentals Describe the use of main in a Java application Signature of main, why it is static; how to consume an instance of your own class;
More informationUNIT TESTING OF C++ TEMPLATE METAPROGRAMS
STUDIA UNIV. BABEŞ BOLYAI, INFORMATICA, Volume LV, Number 1, 2010 UNIT TESTING OF C++ TEMPLATE METAPROGRAMS ÁBEL SINKOVICS Abstract. Unit testing, a method for verifying a piece of software, is a widely
More informationDesign of a Simple, Distributed Network Access Control System
1 Design of a Simple, Distributed Network Access Control System By David Boen, Daniel Dent, Victor Chan, Andrew Tjia Abstract Network access control describes the measures used to control network nodes
More informationWedge: Splitting Applications into Reduced-Privilege Compartments
Wedge: Splitting Applications into Reduced-Privilege Compartments Andrea Bittau Petr Marchenko Mark Handley Brad Karp University College London April 17, 2008 Vulnerabilities threaten sensitive data Exploits
More informationProcess Scheduling with Job Scheduler
Process Scheduling with Job Scheduler On occasion it may be required to start an IBPM process at configurable times of the day or week. To automate this task, a scheduler must be employed. Scheduling is
More information