Java 2 Security. Dean Wette Senior Software Engineer Object Computing, Inc.
|
|
- Gwenda Curtis
- 6 years ago
- Views:
Transcription
1 Java 2 Security Dean Wette Senior Software Engineer Object Computing, Inc. St. Louis Java Users Group, 11 Oct University of MO-Rolla, Computer Science Colloquium, 1 Nov. 2001
2 Overview Java Platform designed with security a chief concern some other mainstream environments implement security as an afterthought and we know how well that works! Security in the Java Environment language and core APIs compiler class file verifier class paths & class loaders Java Virtual Machine (JVM)
3 Types of Java Security Control Code-centric security (J2SE) constrain code from accessing sensitive or privileged system resources security constraints applied to classes User-centric security (JAAS) authentication verifies identity authorize execution of code by authenticated principals Cryptography (JCA/JCE/JSSE) enforce integrity and secrecy of data
4 Brief History Java 1.0.x Applets run in Sandbox local code fully trusted Java 1.1.x remote code trusted if digitally signed allows privileged Applets Java 2 all-or-nothing binary trust Permissions -based trust fine-grained policy-based access control trust can be fine-tuned for all programs
5 Java 2 Security Model A much improved and more flexible security model for Java programs easily configurable security policy extensible access control structure separation of enforcement mechanism from policy statement customization much easier no need to subclass SecurityManager involves creating new Permission classes and using them in a policy statement
6 Java Program Execution Certain types of Java programs run with a security manager Applets browsers enforce this Java Plug-in RMI RMILoader won t load remote classes without a security manager Java Web Start J2EE Containers still evolving Java applications run without a security manager by default
7 Installing a Security Manager With the java command: java Djava.security.manager MyApplication Programmatically: public class MyApplication { public static void main(string[] args) { SecurityManager sm = new SecurityManager(); System.setSecurityManager(sm); // SecurityManager in effect from here on... but not both!
8 The Security Policy Represents persistent statements of permission, granted to code source, for access to specified privileged resources file-based by default defines a keystore of digital certificates defines grant statements applied to code (classes) according to: where the code originated (its source) whether or not it is digitally signed, and by whom grant statements specify one or more permissions given to designated code
9 Policy Files Java 2 includes a default system policy file located in ${java.home}/lib/security/java.policy grants full trust to optional packages grants read access to certain Java properties and defines a user policy file located (but not created by default) in ${user.home}/.java.policy policytool, a GUI policy configuration tool helps prevent syntax errors that negate a policy
10 Program Policy Files Additional policy files can also be defined, either permanently or temporarily with an entry in the security properties file ${java.home}/lib/security/java.security using the java command java Djava.security.policy=<url> java Djava.security.policy==<url> append to default policies override default policies
11 A Sample Policy File keystore ${user.home}/.keystore, JKS ; java property expansion grant codebase file:/${user.home}/trusted/* { permission java.security.allpermission; }; grant signedby dwette, codebase { permission java.util.propertypermission user.home, read ; permission java.io.filepermission ${user.home}${/}prefs.xml, read,write ; permission java.net.socketpermission *.wettenet.net:5050, connect,resolve ; };
12 Security es in a Nutshell java.security.codesource encapsulates code location & signers java.security.protectiondomain maps a set of classes to granted permissions java.security.policy the runtime representation of the policy statement not involved with making access control decisions java.lang.securityexception java.security.accesscontrolexception
13 Security es (cont d) java.lang.securitymanager represents the focal point of access control called by operations when decision is needed to grant code access to protected resources defines the interface for checking permissions java.security.accesscontroller provides the actual access control algorithms called by the SecurityManager but may also be called directly for access control
14 Permissions Represent privileged access to resources, granted to running code. permissions are access approvals, not denials Three general properties: 1. type: identifies what the permission pertains to 2. name: identifies the target for an instance of a specific permission type 3. actions: varies, and is dependant on semantics of permission type name and actions support wildcard matching
15 Permission es java.security.permission abstract ancestor of all permission classes specifies essential functionality java.security.basicpermission fully implemented abstract subclass of Permission used as a base class for many other permissions java.security.allpermission represents permission to perform any operation effectively, a grant of every possible permission
16 Permission Collections java.security.permissioncollection represents a homogeneous collection of Permission objects (i.e. of same class type) java.security.permissions represents a heterogeneous collection of Permission objects is both a subtype and composition of PermissionCollection Note: ProtectionDomain objects map a CodeSource to a PermissionCollection (actually a Permissions) object.
17 Standard Permission es
18 Optional Package Permissions
19 Lifecycle of a Permission Check What happens when code requests access to protected resources?... FileWriter fw = new FileWriter(userHome + File.separator + prefs.xml );... public class FileWriter { either returns silently, or... throws a SecurityException public FileWriter(String filename) { SecurityManager sm = System.getSecurityManager(); if (sm!= null) { sm.checkpermission(new FilePermission(fileName, read )); } // permission granted, continue...
20 Lifecycle (cont d) // java.io.filewriter class... public FileWriter(String filename) { SecurityManager sm = System.getSecurityManager(); if (sm!= null) { sm.checkpermission(new FilePermission(fileName, read )); }... } // java.lang.securitymanager class SecurityManager delegates to AccessController to perform public class SecurityManager { the actual permission check... public checkpermission(permission perm) { AccessController.checkPermission(perm); } }
21 Lifecycle (cont d) By the time all this occurs: 1. The persistent policy has been bootstrapped into a single Policy instance 2. loaders have associated loaded classes with ProtectionDomain objects (CodeSource objects mapped to PermissionCollection objects) What happens in the method AccessController.checkPermission the access controller consults the policy in effect to determine if the permission being checked is implied by the policy (and can be granted) and this leads to two important concepts...
22 Principal of Least Privilege A request for access is granted if, and only if, every protection domain in the current execution context is granted the said permission. 1 if a caller calls code with more privileges, the caller doesn t gain any privileges as a result, and calling less privileged code results in loss of privilege This leads to the access control algorithm...
23 Access Control Algorithm The access controller looks at the protection domain of every class involved in the current sequence of method calls. So given an execution stack of n callers: for (i = n; i > 0; --i) { access control context if (caller i s protection domain does not have permission) throw a security exception } return normally
24 Viewed Another Way... new FileWriter(... protection domain protection domain protection domain protection domain protection domain protection domain protection domain protection domain access controller program entrypoint
25 Permission Implication How does the access controller test a finegrained permission request against a more loosely-grained policy? For example: have this permission grant { permission java.io.filepermission( ${user.home}/*, read, write ; }; need this permission vs. Permission fp = new FilePermission(userHome + / + xmlpreffile, read ); AccessController.checkPermission(fp);
26 Permission Implication (cont d) All Permission classes, and the permission collection classes, define the method: boolean implies(permission p) not an equality test, but more of a subset test used by the access controller to determine if one permission, or a collection of permissions, (i.e. in the policy) implies another one (i.e. the one being checked) two Permission objects are equal if, and only if, they imply each other
27 Privileged Blocks Consider again the access control algorithm... Suppose: you want trusted code to perform privileged operations on behalf of less trusted code, but... the access control algorithm is contrary to this Solution: mark a trusted block of code privileged such that: it takes responsibilty for permissions it has, and it tells the access controller to ignore its callers
28 trusted code untrusted code new FileWriter(... access controller program entrypoint
29 Access Control Algorithm (Rev.) The access control algorithm revisited... for (i = n; i > 0; --i) { if (caller i s protection domain does not have permission) throw a security exception if (caller i s protection domain is marked privileged) return normally } return normally
30 program entrypoint trusted code untrusted code new FileWriter(... access controller calls method with priviliged block
31 Privileged Blocks (cont d) The implementation: static methods in AccessController Object doprivileged(privilegedaction action); Object doprivileged(privilegedexceptionaction action) throws PriviledgedActionException; public interface PrivilegedAction { public Object run(); } public interface PrivilegedExceptionAction { public Object run() throws Exception; }
32 Example Privileged Block untrusted code calls this public void savepreference(final String key, final String val) throws IOException { be wary of try { tainted variables AccessController.doPrivileged(new PrivilegedExceptionAction() { public Object run() throws IOException { dosavepreference(key, val); delegate sensitive return null; operation to class } private method }); } catch (PrivilegedActionException pae) { throw (IOException)pae.getException(); } IOException thrown } by run() is wrapped
33 Summary Java 2 provides a policy-based, fine-grained access control security model. Permissions are assigned to code, based on where it came from, and whether and by whom it was digitally signed. The semantics of permissions are represented by the Permission class and its subtypes. Permissions are associated with protection domains assigned to classes by class loaders.
34 Summary (cont d) The access control algorithm is based on the Principal of Least Privilege. The access controller tests permission implication rather than equality. Privileged blocks provide the mechanism for trusted code to perform sensitive operations on behalf of less trusted code.
35 References architect of the Java 2 security model 1. Gong, Li. Inside Java 2 Platform Security: Architecture, API Design, and Implementation. Addison-Wesley Oaks, Scott. Java Security, 2 nd ed. O Reilly Pistoia, Marco, et al. Java 2 Network Security, 2 nd ed. Prentice-Hall Sun Microsystems. Java 2 Standard Edition Documentation Version Wette, Dean. Java 2 Platform Security. Object Computing, Inc
Java Security. A Brief Introduction. Fred Long. The University of Wales, Aberystwyth UK. U.W. Aberystwyth CS25610/CHM5610. Java Security p.
Java Security A Brief Introduction Fred Long The University of Wales, Aberystwyth UK Java Security p.1/24 Some Books Java Security, by Scott Oaks, O Reilly, 2nd edition, 2001. Inside Java 2 Platform Security,
More informationSecurity SYSTEM SOFTWARE 1
Security SYSTEM SOFTWARE 1 Security Introduction Class Loader Security Manager and Permissions Summary SYSTEM SOFTWARE 2 Security Mechanisms in Java Virtual machine erroneous array accesses forbidden casts
More informationCSE331: Introduction to Networks and Security. Lecture 26 Fall 2004
CSE331: Introduction to Networks and Security Lecture 26 Fall 2004 Announcements Midterm 2 will be Monday, Nov. 15 th. Covers material since midterm 1 Today: Java/C# access control model CSE331 Fall 2004
More informationSecurity Policy File Best Practices For Your Java/JDBC Modules
Security Policy File Best Practices For Your Java/JDBC Modules Ilesh Garish, PMTS, Oracle Douglas Surber, CMTS, Oracle Kuassi Mensah, Director, PM, Oracle Oct 02, 2017 2 Safe Harbor Statement The following
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 4
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 4 Access Control Last time: Unix/Windows access control at the OS level. Access control matrix Reference monitor Today: Stack Inspection
More informationAddressing Security In The Eclipse Core Runtime (RCP)
Addressing Security In The Eclipse Core Runtime (RCP) What is needed & how do we get there? Larry Koved, Marco Pistoia, Ted Habeck IBM T. J. Watson Research Center Hawthorne, New York Eclipse RCP is intended
More informationJava Security. Lecture 10 March 5, 2013
Java Security Lecture 10 March 5, 2013 1 Java Technology Has been established as important for enterprise applications To ease platform independent application development Java Servlets, JavaServer Pages
More informationSecurity for the Java. Going Beyond Standard. Otto Moerbeek. Chief Architect, Tryllian
Going Beyond Standard Security for the Java Platform Otto Moerbeek Chief Architect, Tryllian otto@tryllian.com 2 Outline Tryllian s platform Standard Java security model Tryllian s requirements Tryllian
More informationApril 3 April 3. Has been established as important for enterprise applications
Java Security April 3 April 3 Java Technology Has been established as important for enterprise applications To ease platform independent application development Java Servlets, JavaServer Pages (JSP), Enterprise
More informationIdentity-based Access Control
Identity-based Access Control The kind of access control familiar from operating systems like Unix or Windows based on user identities This model originated in closed organisations ( enterprises ) like
More informationThe security mechanisms of Java
The security mechanisms of Java Carlo U. Nicola, SGI FHNW With extracts from publications of : Sun developers' center documentation; David A. Wheeler, UC Berkeley; Klaus Ostermann, TH-Darmstadt. Topics
More informationSoftware Security. Case Study: Java 2 Security. Copyright of HeathWallace 2008
Software Security Case Study: Java 2 Security 1 Agenda About Us Objectives Introduction Foundations of Java 2 Security Tools and APIs Conclusion 2 About Us 3 About HeathWallace Dominant supplier of online
More informationAlexander V. Konstantinou. Java Security. Columbia University. Fall 2002
Java Security Alexander V. Konstantinou Columbia University akonstan@cs.columbia.edu Fall 2002 1 The Java Platform (Review) Java Programming Language Java Libraries Java Virtual Machine (JVM) Java Source
More informationWhen Java technology burst onto the Internet scene in 1995,
MOBILE CODE SECURITY SECURE JAVA CLASS LOADING The class loading mechanism, LI GONG Sun Microsystems central to Java, plays a key role in JDK 1.2 by enabling When Java technology burst onto the Internet
More informationIntroduction to Java Security
Bern University of Applied Sciences School of Engineering and Information Technology Fall 2013 Introduction Introduction Part I Introduction What is security Introduction Introduction Java Security Packages
More informationJava RMI. Algorithmen und Programmierung V Netzprogrammierung. Volker Roth. Wintersemester 2009/2010. Institut für Informatik Freie Universität Berlin
Java RMI Algorithmen und Programmierung V Netzprogrammierung Volker Roth Institut für Informatik Freie Universität Berlin Wintersemester 2009/2010 Overview 1. Factory design pattern 2. Codebases 3. Remote
More informationCMPSC 497: Java Security
CMPSC 497: Java Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University 1 Enforcement Mechanisms Static mechanisms
More informationWebSphere. Redpaper. Front cover. ibm.com/redbooks. IT security fundamentals. Supporting security components for WebSphere
Front cover WebSphere Security Fundamentals IT security fundamentals Supporting security components for WebSphere Security basics for J2SE, J2EE, and WebSphere ibm.com/redbooks Peter Kovari Redpaper International
More informationBuilding Secure OSGi Applications. Karl Pauls Marcel Offermans. luminis
Building Secure OSGi Applications Karl Pauls Marcel Offermans luminis Who are we? image 2008 Google Earth luminis Who are we? Karl Pauls Marcel Offermans image 2008 Google Earth luminis Who are we? Arnhem
More informationKAIST Graduate School of Information Security SAR(Security Analysis Report)
Document # CSRC-12-03-011 Title Java Applet Vulnerability Analysis (CVE-2012-5076) Type Attack Trend Technical Analysis Specialty Analysis Data November 15, 2012 Modified November 19, 2012 Author KAIST
More informationExceptions. Examples of code which shows the syntax and all that
Exceptions Examples of code which shows the syntax and all that When a method might cause a checked exception So the main difference between checked and unchecked exceptions was that the compiler forces
More informationModeling and Analyzing Security Requirements for Java
Modeling and Analyzing Security Requirements for Java A Major Qualifying Project Submitted to the Faculty of Worcester Polytechnic Institute In partial fulfilment of the requirements for the Degree of
More information56 WEB DB PRESS Vol.4
3 8 56 WEB DB PRESS Vol.4 q w import java.io.*; public class Test extends java.applet.applet { public void start() { System.out.println( System.getProperty("user.home") + ":"); String[] files = new File(
More informationPractical Dynamic Modules (OSGi) Security
Practical Dynamic Modules (OSGi) Security Protecting More Than Just Data David Smith James Gould VeriSign 201 AGENDA > Background on OSGi > Security per OSGI spec > Security beyond OSGI spec Background
More informationJava Security Architecture(JDK1.2)
Java Security Architecture(JDK1.2) Author: Li Gong (li.gong@sun.com) Date: October 2, 1998 Version 1.0 This document gives an overview of the motivation of the major security features that are being implemented
More informationDistributed Systems Security: Java, CORBA, and COM+ April L. Moreno September 14, Abstract
Distributed Systems Security: Java, CORBA, and COM+ April L. Moreno September 14, 2002 Abstract Security can have varying levels of difficulty for implementation. One factor in determining the difficulty
More informationOutline. (Old) Java Security. What is Java? Java Modes of Use. Java Virtual Machine (VM) and Class File Format. Java Language
Outline (Old) Java Security Adapted from presentation by David A. Wheeler Java Basics What is Java, Modes of Use, major components, implications, implementations, politics Security-related capabilities
More informationExceptions & Miscellaneous Lecture 17
Exceptions & Miscellaneous Lecture 17 Waterford Institute of Technology April 6, 2016 John Fitzgerald Waterford Institute of Technology, Exceptions & Miscellaneous Lecture 17 1/23 Presentation outline
More informationGeneric architecture
Java-RMI Lab Outline Let first builds a simple home-made framework This is useful to understand the main issues We see later how java-rmi works and how it solves the same issues Generic architecture object
More informationJava An example of a secured architecture
Software security& secure programming Java An example of a secured architecture Master M2 CyberSecurity & Master MoSiG Academic Year 2016-2017 Applets : remote/mobile code execution Native application
More informationJAVA RMI Java, summer semester
JAVA RMI Overview Remote Method Invocation usage of remote object objects in a different VM (on the same computer or over the network) as there would be local objects (almost) calls just take longer time
More informationSUMMARY INTRODUCTION REMOTE METHOD INVOCATION
SUMMARY REMOTE METHOD INVOCATION PROGRAMMAZIONE CONCORRENTE E DISTR. Università degli Studi di Padova Dipartimento di Matematica Corso di Laurea in Informatica, A.A. 2015 2016 rcardin@math.unipd.it Introduction
More informationIBD Intergiciels et Bases de Données
IBD Intergiciels et Bases de Données RMI-based distributed systems Fabien Gaud, Fabien.Gaud@inrialpes.fr Overview of lectures and practical work Lectures Introduction to distributed systems and middleware
More informationReport Documentation Page
ABSTRACT SHAH, ARPAN PRAMOD. Scalable authorization in role-based access control using negative permissions and remote authorization (Under the direction of Dr. Gregory T. Byrd). Administration of access
More informationCS Internet programming Unit- I Part - A 1 Define Java. 2. What is a Class? 3. What is an Object? 4. What is an Instance?
CS6501 - Internet programming Unit- I Part - A 1 Define Java. Java is a programming language expressly designed for use in the distributed environment of the Internet. It was designed to have the "look
More informationJava Security HotJava to Netscape and Beyond
Java Security HotJava to Netscape and Beyond Drew Dean Ed Felten Dan Wallach Department of Computer Science Princeton University 4/5/96 Introduction Q Remote Code is Everywhere Q Java - A new language
More information16-Dec-10. Consider the following method:
Boaz Kantor Introduction to Computer Science IDC Herzliya Exception is a class. Java comes with many, we can write our own. The Exception objects, along with some Java-specific structures, allow us to
More informationCMSC 202. Exceptions
CMSC 202 Exceptions Error Handling In the ideal world, all errors would occur when your code is compiled. That won t happen. Errors which occur when your code is running must be handled by some mechanism
More informationSystem resources. Security Manager.
Security Manager. Accessing system resources Sometimes, a program requires access to system resources such as system properties, standard input and output, or the current time. Your program could make
More informationJava WebStart, Applets & RMI
Java WebStart, Applets & RMI 11-13-2013 Java WebStart & Applets RMI Read: Java Web Start Tutorial Doing More with Rich Internet Applications Java Web Start guide Exam#2 is scheduled for Tues., Nov. 19,
More information2. JAVA TECHNOLOGY AND LITERATURE SURVEY
2. JAVA TECHNOLOGY AND LITERATURE SURVEY 2.1 Java Technology This complete section of the thesis gives the whole details about the Java language security which is a highly great software development technology.
More informationJava Intro 3. Java Intro 3. Class Libraries and the Java API. Outline
Java Intro 3 9/7/2007 1 Java Intro 3 Outline Java API Packages Access Rules, Class Visibility Strings as Objects Wrapper classes Static Attributes & Methods Hello World details 9/7/2007 2 Class Libraries
More informationSecurity Administrator guide
JADE TUTORIAL Security Administrator guide USAGE RESTRICTED ACCORDING TO LICENSE AGREEMENT. last update: 19-September-2002. JADE 2.61 Author: Giosuè Vitaglione (TILAB, formerly CSELT) Copyright (C) 2002
More informationSchool of Informatics, University of Edinburgh
CS1Bh Solution Sheet 4 Software Engineering in Java This is a solution set for CS1Bh Question Sheet 4. You should only consult these solutions after attempting the exercises. Notice that the solutions
More informationEnabling dynamic security policy in the Java security manager
1 Enabling dynamic security policy in the Java security manager Fabien Autrel, Frédéric Cuppens, Nora Cuppens FPS 2012 symposium October 26 th 2012 2 1 Introduction 2 JVM sandbox 3 Modelisation 4 Example
More informationLearning objectives. The Java Environment. Java timeline (cont d) Java timeline. Understand the basic features of Java
Learning objectives The Java Environment Understand the basic features of Java What are portability and robustness? Understand the concepts of bytecode and interpreter What is the JVM? Learn few coding
More informationArchitectures for secure portable executable content
Architectures for secure portable executable content Stefanos Gritzalis George Aggelis and Diomidis Spinellis The authors Stefanos Gritzalis is Assistant Professor in the Department of Informatics at the
More informationJava Training For Six Weeks
Java Training For Six Weeks Java is a set of several computer software and specifications developed by Sun Microsystems, later acquired by Oracle Corporation that provides a system for developing application
More informationRMI. (Remote Method Invocation)
RMI (Remote Method Invocation) Topics What is RMI? Why RMI? Architectural components Serialization & Marshaled Objects Dynamic class loading Code movement Codebase ClassLoader delegation RMI Security Writing
More informationCHAPTER 1 CODE SECURITY
CHAPTER 1 CODE SECURITY OBJECTIVES After completing Code Security, you will be able to: Explain the security features built into the Java architecture, from JVM bytecode management to the Core API s security
More informationJava Security. Compiler. Compiler. Hardware. Interpreter. The virtual machine principle: Abstract Machine Code. Source Code
Java Security The virtual machine principle: Source Code Compiler Abstract Machine Code Abstract Machine Code Compiler Concrete Machine Code Input Hardware Input Interpreter Output 236 Java programs: definitions
More informationOracle Coherence. Security Guide Release E
Oracle Coherence Security Guide Release 3.7.1 E22841-01 September 2011 Explains key security concepts and provides instructions for implementing various levels of security for both Coherence clusters and
More informationCHAPTER 1 J2SE SECURITY
CHAPTER 1 J2SE SECURITY OBJECTIVES After completing J2SE Security, you will be able to: Explain the security features built into the Java architecture, from JVM bytecode management to the Core API s security
More informationRMI Example RMI. CmpE 473 Internet Programming RMI
CmpE 473 Internet Programming Pınar Yolum pinar.yolum@boun.edu.tr Department of Computer Engineering Boğaziçi University RMI Examples from Advanced Java: Internet Applications, Art Gittleman Remote Method
More informationJAVA MOCK TEST JAVA MOCK TEST III
http://www.tutorialspoint.com JAVA MOCK TEST Copyright tutorialspoint.com This section presents you various set of Mock Tests related to Java Framework. You can download these sample mock tests at your
More informationJini Technology Overview
Jini Technology Overview Bob Scheifler Senior Staff Engineer Sun Microsystems, Inc Talk outline very brief Jini overview Jini lookup service in some depth service types and type matching attributes and
More informationSecurity Vulnerability Notice
Security Vulnerability Notice SE-2013-01-ORACLE-2 [Security vulnerabilities in Oracle Java Cloud Service, Issues 29-30] DISCLAIMER INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY
More informationProgramming Securely II
Programming Securely II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 6th March 2014 Outline Web security issues Java Security: Coding and Models Trusting code
More informationStatic Check Analysis for Java Stack Inspection
Static Check Analysis for Java Stack Inspection Byeong-Mo Chang Department of Computer Science, Sookmyung Women s University Yongsan-ku, Seoul 140-742, Korea chang@sookmyung.ac.kr Abstract. Most static
More informationHistory Introduction to Java Characteristics of Java Data types
Course Name: Advanced Java Lecture 1 Topics to be covered History Introduction to Java Characteristics of Java Data types What is Java? An Object-Oriented Programming Language developed at Sun Microsystems
More informationChapter 14. Exception Handling and Event Handling ISBN
Chapter 14 Exception Handling and Event Handling ISBN 0-321-49362-1 Chapter 14 Topics Introduction to Exception Handling Exception Handling in Ada Exception Handling in C++ Exception Handling in Java Introduction
More informationTesting Exceptions with Enforcer
Testing Exceptions with Enforcer Cyrille Artho February 23, 2010 National Institute of Advanced Industrial Science and Technology (AIST), Research Center for Information Security (RCIS) Abstract Java library
More informationJDOSecure: A Security Architecture for the Java Data Objects-Specification
JDOSecure: A Security Architecture for the Java Data Objects-Specification Matthias Merz Department of Information Systems III University of Mannheim L 5,5, D-683 Mannheim, Germany Abstract Java Data Objects
More informationProviding Fine-Grained Access Control for Java Programs
Providing Fine-Grained Access Control for Java Programs Raju Pandey and Brant Hashii Parallel and Distributed Computing Laboratory Computer Science Department University of California, Davis, CA 95616
More informationJava Vulnerability Analysis with JAPCT: Java. Access Permission Checking Tree
Contemporary Engineering Sciences, Vol. 7, 2014, no. 24, 1383-1388 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ces.2014.49170 Java Vulnerability Analysis with JAPCT: Java Access Permission
More informationJava. Massimo Dong. November 27, Massimo Dong Java November 27, / 26
Java Massimo Dong November 27, 2017 Massimo Dong Java November 27, 2017 1 / 26 Outline 1 The Java Language Java Virtual Machine(JVM) 2 Java Memory Management References & Garbage Collection Array Check
More informationThree Big Mechanisms
Java Security By Matt Payne, CISSP Derived from Wheeler s GPLed slides tinyurl.com/eyrjl CertConf.org Wednesday, August 10th, 10:30 AM Level: Beginner Slides are at MattPayne.org/talks Three Big Mechanisms
More informationAre Sockets a Good Programming Paradigm? EDA095 Remote Method Invocation. The Remote Procedure Call Model. The Remote Procedure Call Architecture
Are Sockets a Good Programming Paradigm? EDA095 Remote Method Invocation Pierre Nugues Lund University http://www.cs.lth.se/home/pierre_nugues/ April 21, 2010 To request a service from a server, sockets
More information3A01:.Net Framework Security
3A01:.Net Framework Security Wolfgang Werner HP Decus Bonn 2003 2003 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Agenda Introduction to
More informationVisualization of Permission Checks in Java using Static Analysis
Visualization of Permission Checks in Java using Static Analysis Yoonkyung Kim and Byeong-Mo Chang Department of Computer Science, Sookmyung Women s University Yongsan-ku, Seoul 140-742, Korea {ykkim79,chang}@sookmyung.ac.kr
More informationTHE RMI PROXY USER GUIDE
THE RMI PROXY USER GUIDE Copyright Telekinesis Pty Ltd, 2000, 2002. All rights reserved. 1 Introduction Java RMI allows Java programs executing within different Java Virtual Machines to communicate using
More informationCOT 3530: Data Structures. Giri Narasimhan. ECS 389; Phone: x3748
COT 3530: Data Structures Giri Narasimhan ECS 389; Phone: x3748 giri@cs.fiu.edu www.cs.fiu.edu/~giri/teach/3530spring04.html Evaluation Midterm & Final Exams Programming Assignments Class Participation
More informationOutline. V Computer Systems Organization II (Honors) (Introductory Operating Systems) Language-based Protection: Solution
Outline V22.0202-001 Computer Systems Organization II (Honors) (Introductory Operating Systems) Lecture 21 Language-Based Protection Security April 29, 2002 Announcements Lab 6 due back on May 6th Final
More informationJava Security: a Ten-Year Retrospective. Li Gong Mozilla Online Ltd. December 10, 2009
Java Security: a Ten-Year Retrospective Li Gong Mozilla Online Ltd. lgong@mozilla.com www.mozillaonline.com December 10, 2009 300~ Pages of Meeting Notes 1000~ Meetings in 30 months Why Security Technologies
More informationEnforcing Resource-Aware Policies Using Run-time Monitoring
Enforcing Resource-Aware Policies Using Run-time Monitoring by Natalie Alexandra Bowles A thesis submitted to the School of Computing in conformity with the requirements for the degree of Master of Science
More informationInside Java 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition) By Li Gong, Gary Ellison READ ONLINE
Inside Java 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition) By Li Gong, Gary Ellison READ ONLINE Inside Java(TM) 2 Platform Security, the definitive and comprehensive guide
More informationBrief Summary of Java
Brief Summary of Java Java programs are compiled into an intermediate format, known as bytecode, and then run through an interpreter that executes in a Java Virtual Machine (JVM). The basic syntax of Java
More informationIntroduction to Java. Lecture 1 COP 3252 Summer May 16, 2017
Introduction to Java Lecture 1 COP 3252 Summer 2017 May 16, 2017 The Java Language Java is a programming language that evolved from C++ Both are object-oriented They both have much of the same syntax Began
More informationIntroduction to Visual Basic and Visual C++ Introduction to Java. JDK Editions. Overview. Lesson 13. Overview
Introduction to Visual Basic and Visual C++ Introduction to Java Lesson 13 Overview I154-1-A A @ Peter Lo 2010 1 I154-1-A A @ Peter Lo 2010 2 Overview JDK Editions Before you can write and run the simple
More informationRunning Mistyped Code. Lecture 19: Java Security. Running Mistyped Code. Java Security Architecture. JavaVM. Reference Monitors
CS16: Program and Data Representation University of Virginia Computer Science Spring 006 David Evans Lecture 19: Java Security PS6 Submission: Only to be eligible for the Byte Code Wizard awards. If the
More informationToday. Instance Method Dispatch. Instance Method Dispatch. Instance Method Dispatch 11/29/11. today. last time
CS2110 Fall 2011 Lecture 25 Java program last time Java compiler Java bytecode (.class files) Compile for platform with JIT Interpret with JVM Under the Hood: The Java Virtual Machine, Part II 1 run native
More informationChecked and Unchecked Exceptions in Java
Checked and Unchecked Exceptions in Java Introduction In this article from my free Java 8 course, I will introduce you to Checked and Unchecked Exceptions in Java. Handling exceptions is the process by
More informationAre Sockets a Good Programming Paradigm? EDA095 Remote Method Invocation. The Remote Procedure Call Model. The Remote Procedure Call Architecture
Are Sockets a Good Programming Paradigm? EDA095 Remote Method Invocation Pierre Nugues Lund University http://www.cs.lth.se/pierre_nugues/ May 2, 2013 To request a service from a server, sockets use explicit
More informationEDA095 Remote Method Invocation
EDA095 Remote Method Invocation Pierre Nugues Lund University http://www.cs.lth.se/pierre_nugues/ April 25, 2012 Covers: Elliotte Rusty Harold, Java Network Programming, 3 rd ed., Chapter 18, pages 610
More informationException Handling. General idea Checked vs. unchecked exceptions Semantics of... Example from text: DataAnalyzer.
Exception Handling General idea Checked vs. unchecked exceptions Semantics of throws try-catch Example from text: DataAnalyzer Exceptions [Bono] 1 Announcements Lab this week is based on the textbook example
More informationOutline. Introduction to Java. What Is Java? History. Java 2 Platform. Java 2 Platform Standard Edition. Introduction Java 2 Platform
Outline Introduction to Java Introduction Java 2 Platform CS 3300 Object-Oriented Concepts Introduction to Java 2 What Is Java? History Characteristics of Java History James Gosling at Sun Microsystems
More informationSecurity Vulnerability Notice
Security Vulnerability Notice SE-2012-01-ORACLE-11 [Security vulnerabilities in Java SE, Issues 56-60] DISCLAIMER INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
More informationEDA095 Remote Method Invocation
EDA095 Remote Method Invocation Pierre Nugues Lund University http://www.cs.lth.se/pierre_nugues/ March 31, 2011 Covers: Elliotte Rusty Harold, Java Network Programming, 3 rd ed., Chapter 18, pages 610
More informationPLATFORM TECHNOLOGY UNIT-5
1. Write in brief about the J2EE enterprise edition? Java is one of the most commonly used and mature programming languages for building enterprise applications. Java development has evolved from small
More informationAtelier Java - J1. Marwan Burelle. EPITA Première Année Cycle Ingénieur.
marwan.burelle@lse.epita.fr http://wiki-prog.kh405.net Plan 1 2 Plan 3 4 Plan 1 2 3 4 A Bit of History JAVA was created in 1991 by James Gosling of SUN. The first public implementation (v1.0) in 1995.
More informationHOWTO and Express Tutorial for Privileged DFC Build 6
HOWTO and Express Tutorial for Privileged DFC Build 6 Overview End-users with special requirements at times need limited scope permission/privilege (P 2 ) escalation. P 2 escalation means momentarily overriding
More informationIQTIDAR ALI Lecturer IBMS Agriculture University Peshawar
IQTIDAR ALI Lecturer IBMS Agriculture University Peshawar Upon completing the course, you will understand Create, compile, and run Java programs Primitive data types Java control flow Operator Methods
More informationRecent Java Exploitation Techniques HackPra
HackPra 19-06-2013 Matthias Kaiser (matthias.m.kaiser@daimler.com) HackPra - Recent Java Exploitation Techniques 1 about me Matthias Kaiser @matthias_kaiser working as Lead Expert Offensive Security at
More informationSandboxing untrusted code: policies and mechanisms
Sandboxing untrusted code: policies and mechanisms Frank Piessens (Frank.Piessens@cs.kuleuven.be) Secappdev 2011 1 Overview Introduction Java and.net Sandboxing Runtime monitoring Information Flow Control
More informationThe Java Language Implementation
CS 242 2012 The Java Language Implementation Reading Chapter 13, sections 13.4 and 13.5 Optimizing Dynamically-Typed Object-Oriented Languages With Polymorphic Inline Caches, pages 1 5. Outline Java virtual
More informationpresentation DAD Distributed Applications Development Cristian Toma
Lecture 8 S4 - Core Distributed Middleware Programming in JEE presentation DAD Distributed Applications Development Cristian Toma D.I.C.E/D.E.I.C Department of Economic Informatics & Cybernetics www.dice.ase.ro
More informationSecurity and the.net Framework
Security and the.net Framework Code Access Security Enforces security policy on code Regardless of user running the code Regardless of whether the code is in the same application with other code Other
More informationSecurity and the.net Framework
Security and the.net Framework Code Access Security Enforces security policy on code Regardless of user running the code Regardless of whether the code is in the same application with other code Other
More informationCS11 Java. Fall Lecture 4
CS11 Java Fall 2014-2015 Lecture 4 Java File Objects! Java represents files with java.io.file class " Can represent either absolute or relative paths! Absolute paths start at the root directory of the
More informationAn Operational Semantics of Java 2 Access Control
An Operational Semantics of Java 2 Access Control Günter Karjoth IBM Research Zurich Research Laboratory gka@zurich.ibm.com Abstract Java 2 Security enhanced with the Java Authentication and Authorization
More information