enabling dynamic security policy in the java security
play

Enabling dynamic security policy in the Java security manager - PowerPoint PPT Presentation

Dec 12, 2022 •105 likes •321 views

Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion Enabling dynamic security policy in the Java security manager Fabien Autrel, Fr ed eric Cuppens, Nora Cuppens FPS2012 symposium October 26 th 2012

  1. Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion Enabling dynamic security policy in the Java security manager Fabien Autrel, Fr´ ed´ eric Cuppens, Nora Cuppens FPS’2012 symposium October 26 th 2012 1

  2. Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion Introduction 1 JVM sandbox 2 Modelisation 3 Example and implementation 4 Conclusion 5 2

  3. Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion Introduction Context Security in large computer infrastructures Several different execution environments Several different security components Global security configuration Several ad-hoc configuration languages Manual configuration No global view Security requirements Policy enforcement 3

  4. Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion Introduction (cont) Need for a common security policy model Expression of a global security policy Organization Based Access Control (OrBAC) Dynamic policy Implementation-independent Automatic policy deployment Policy translation to ad-hoc configuration languages No need to manually modify the configurations 4

  5. Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion Case study: Java Virtual Machine (JVM) sandbox JVM sandbox Isolates a Java program from the host Boundary defined by an ad-hoc policy language Enforced by the security manager // Standard extensions get all permissions by default grant codeBase "file:${{java.ext.dirs}}/*" { permission java.security.AllPermission; }; ... // default permissions granted to all domains grant { // allows anyone to listen on un-privileged ports permission java.net.SocketPermission "localhost:1024-", "listen"; // "standard" properies that can be read by anyone permission java.util.PropertyPermission "java.version", "read"; permission java.util.PropertyPermission "java.vendor", "read"; }; 5

  6. Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion Security policy language Policy: keystore + grants Keystore: private key database Grant: set of permissions grant signedBy "signer_names", codeBase "URL" { permission permission_class_name "target_name", "action", signedBy "signer_names"; permission permission_class_name "target_name", "action", signedBy "signer_names"; ... }; 6

  7. Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion Sandbox boundaries Sandbox boundaries defined by permission types Implies all permissions: AllPermission Other permissions: SecurityPermission, AWTPermission, FilePermission, SerializablePermission, ReflectPermission, RuntimePermission, NetPermission, SocketPermission, SQLPermission, PropertyPermission, LoggingPermission, SSLPermission, AuthPermission, PrivateCredentialPermission, DelegationPermission, ServicePermission, AudioPermission, UnresolvedPermission Our work covers FilePermission and NetPermission types 7

  8. Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion The OrBAC model Models a security policy centered on the organization which defines it or manages it Specification done at the abstract level Roles, activities and views abstract respectively subjects, actions and objects Abstract rules: permissions, prohibitions and obligations Contexts: dynamic rules, can be combined The concrete policy is inferred from the abstract policy and the assignment of concrete entities to abstract entities: is permitted ( Subject , Action , Object ) : − permission ( Org , Role , Activity , View , Context ) , empower ( Org , Subject , Role ) , consider ( Org , Action , Activity ) , use ( Org , Object , View ) , hold ( Org , Subject , Action , Object , Context ) . 8

  9. Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion Expressing JVM policies in OrBAC Use case Java client application accessing a database Modelisation limited to FilePermission and SocketPermission Reuse organizational entities Existing roles, activities and views Organizational structure JVM hosts modelisation An organization models a set of machines running the same applications Represented as an array of host names/ip Absolute keystore URL Use of an organization hierarchy A default JVM organization as the hierarchy root 9

  10. Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion Expressing JVM policies in OrBAC FilePermission modelisation Path name Set of actions ( read , write , execute and delete ) Example permission Java.io.FilePermission "${user.home}${/}foo", "read,write"; Activities: read , write , execute , delete and handle handle as a super-activity of read , write and delete Views: depends on the target application In our use case: directory structure Objects have a targetPath attribute 10

  11. Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion Expressing JVM policies in OrBAC SocketPermission modelisation Host specification host = (host name | IPaddress)[:portrange] portrange = portnumber | -portnumber | portnumber-[portnumber] Set of operations which specifies how connections can be established with the host ( accept , connect , listen and resolve ) Example grant signedBy "Bob" { permission java.net.SocketPermission "some.server.com:8080", "connect, accept"; }; 11

  12. Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion Expressing JVM policies in OrBAC SocketPermission modelisation Activities: abstraction of network services all protocols , tcp , udp and icmp bidirectionnal , send and receive defined in JVM organization Actions have a port attribute Views: sets of hosts Example: toDatabase represents hosts with a database Objects have an address attribute View definitions can be used use ( hospital , H , toDatabase ) :- networkAddress ( H , A ), subNet ( A , 10 . 0 . 0 . 0 , 24), ¬ use ( hospital , H , toBackup ) . 12

  13. Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion Expressing JVM policies in OrBAC Contexts: modelisation of code source and signed code codeBase context hold ( JVM , S , , , codeBaseFoo ) :- byteCode ( S , B ), codeBase ( B , database . intranet . mycompany . com ) . signedCode context hold ( JVM , S , , , signedCodeFoo ) :- byteCode ( S , B ), signedBy ( B , someDevelopper ) . 13

  14. Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion Example Physicians in a hospital using a mobile device. A java applet is used to access the patients data in a database The java applet must be signed by the main developer bob The applet can connect to the database but not the opposite The applet uses four directories appletDir Three sub directories: resource (read only), log (write only) and temp (read and write) Applet started by visiting http : // applet . intranet . hospital . com Mysql 5 database hosted on database . intranet . hospital . com 14

  15. Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion Example OrBAC abstract security policy Policy defined in the appletOrg organization, sub-organization of JVM Three contexts: hold ( appletOrg , S , , , cbCtx ) :- byteCode ( S , B ), codeBase ( B , applet . intranet . hospital . com ) . hold ( appletOrg , S , , , scCtx ) :- byteCode ( S , B ), signedBy ( B , bob ) . visitTime temporal context 15

  16. Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion Example OrBAC abstract security policy Abstract rules: permission ( appletOrg , doctor , send , database , scCtx & cbCtx & visitTime ) permission ( appletOrg , doctor , read , resource , scCtx & cbCtx ) permission ( appletOrg , doctor , write , log , scCtx & cbCtx ) permission ( appletOrg , doctor , handle , temp , scCtx & cbCtx ) 16

  17. Outline Introduction JVM sandbox Modelisation Example and implementation Conclusion Example OrBAC concrete security policy Inferred concrete rules: permission ( daniel , mysql , db 1) permission ( daniel , readFilesystem , resource applet 1) permission ( daniel , writeFilesystem , log applet 1) permission ( daniel , readFilesystem , temp applet 1) permission ( daniel , writeFilesystem , temp applet 1) Generated JVM policy: grant signedBy "bob", codeBase "http://applet.intranet.hospital.com" { permission Java.io.FilePermission "\${user.home}\${/}appletDir\${/}resource", "read"; permission Java.io.FilePermission "\${user.home}\${/}appletDir\${/}log", "write"; permission Java.io.FilePermission "\${user.home}\${/}appletDir\${/}temp", "read,write"; permission Java.net.SocketPermission "database.intranet.hospital.com:3306", "connect"; }; 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Document Hierarchy of Information Security Corporate Security Policy Policy General commitment

Document Hierarchy of Information Security Corporate Security Policy Policy General commitment

Document Hierarchy of Information Security Corporate Security Policy Policy General commitment to Information Security General commitment to Information Security Installation of CorpSec Enabling CSO Installing Information Security Standard

355 views • 8 slides
Java Technologies Java EE Security Securing Applications Software Security - Protecting

Java Technologies Java EE Security Securing Applications Software Security - Protecting

Java Technologies Java EE Security Securing Applications Software Security - Protecting applications against malicious / unauthorized actions Desktop What kind of code is executed by the application, on the client machine? Where

702 views • 33 slides
Computer Security environment, without compromising functionality or security? Three parts

Computer Security environment, without compromising functionality or security? Three parts

9/7/2013 Some topics Im working on Computing on encrypted data Information flow: Dynamic IFC in Haskell, web Sandboxing Untrusted JavaScript Third party web tracking and other web security stories Practical web security

572 views • 21 slides
Security Everywhere Extended Jatinder Shetra Consulting Security Engineer Dynamic Threat

Security Everywhere Extended Jatinder Shetra Consulting Security Engineer Dynamic Threat

Security Everywhere Extended Jatinder Shetra Consulting Security Engineer Dynamic Threat Landscape Customers Biggest Security Challenges Changing Dynamic Complexity Business Models Threat Landscape and Fragmentation A

550 views • 13 slides
Dynamic Policy Enforcement Dynamic Policy Enforcement in a Networked Environment in a Networked

Dynamic Policy Enforcement Dynamic Policy Enforcement in a Networked Environment in a Networked

Dynamic Policy Enforcement Dynamic Policy Enforcement in a Networked Environment in a Networked Environment Brandon Pollet Brandon Pollet Enterprise Security Group Enterprise Security Group Center for Information Security Center for

671 views • 28 slides
JavaScript security: a retrospective The fmoor is Lava Java. Script. Frontcon 2018, Riga (C)

JavaScript security: a retrospective The fmoor is Lava Java. Script. Frontcon 2018, Riga (C)

JavaScript security: a retrospective The fmoor is Lava Java. Script. Frontcon 2018, Riga (C) Possible Security, 2018 2 About me IT security expert, > 10 years Mg.sc.comp, CEH, CySA+ Owner and Lead Researcher at Possible Security

601 views • 24 slides
CMPSC 497: Java Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

CMPSC 497: Java Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

CMPSC 497: Java Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security Laboratory (SIIS) Page 1

562 views • 42 slides
Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security Group The Cyber Security lecture series 1 Agenda for today Part I Latest security news Security vulnerabilities in Java

2.02k views • 185 slides
Update on Security Policy David Kelsey (RAL) 7 Mar 2010 Security Workshop @ ISGC 2010,

Update on Security Policy David Kelsey (RAL) 7 Mar 2010 Security Workshop @ ISGC 2010,

Update on Security Policy David Kelsey (RAL) 7 Mar 2010 Security Workshop @ ISGC 2010, Taipei david.kelsey at stfc.ac.uk Overview Why do we need security policies? Joint Security Policy Group (JSPG) Some history

408 views • 28 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
IoT SECURITY Enabling Trust and Digital Future LIM SOON CHIA DIR(TECHNOLOGY) CYBER SECURITY

IoT SECURITY Enabling Trust and Digital Future LIM SOON CHIA DIR(TECHNOLOGY) CYBER SECURITY

IoT SECURITY Enabling Trust and Digital Future LIM SOON CHIA DIR(TECHNOLOGY) CYBER SECURITY AGENCY 1 of 14 The Great Digital Convergence Smart Mobility Smart Payment Smart Health 3 of 17 Office Smart Mobility MRT Station Bus Stop

577 views • 14 slides
Enabling Security Smarter Harnessing the Power of DevOps - Herding Cats for Beginners Cloud

Enabling Security Smarter Harnessing the Power of DevOps - Herding Cats for Beginners Cloud

Enabling Security Smarter Harnessing the Power of DevOps - Herding Cats for Beginners Cloud Security Alliance Congress - Madrid 2016 Richard Morrell, Principal Security Strategist - Fall 2016 Who Am I ? Richard Morrell Security Strategist /

392 views • 25 slides
SAR-SSI 2012 1 Introduction Java Card security model Off-card security model Java class Byte

SAR-SSI 2012 1 Introduction Java Card security model Off-card security model Java class Byte

Samiya Hamadouche, Guillaume Bouffard , Jean-Louis Lanet, Bruno Dorsemaine , Bastien Nouhant, Alexandre Magloire, Arnaud Reygnaud guillaume.bouffard@xlim.fr bruno.dorsemaine@etu.unilim.fr SAR-SSI 2012 1 Introduction Java Card security model

227 views • 19 slides
Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian Roth , Timothy Barron, Stefano Calzavara, Nick Nikiforakis & Ben Stock Network and Distributed System Security Symposium (NDSS '20) Cross-Site

878 views • 31 slides
The need for a formal model of Java Safety guarantees of Java definedness type safety

The need for a formal model of Java Safety guarantees of Java definedness type safety

Making the Java Memory Model Safe Andreas Lochbihler Institute for Information Security ETH Zurich supported by DFG Sn11/10-1,2 The need for a formal model of Java Safety guarantees of Java definedness type safety security

595 views • 44 slides
Heap Cloning: Enabling Dynamic Symbolic Execution of Java Programs Saswat Anand Mary Jean

Heap Cloning: Enabling Dynamic Symbolic Execution of Java Programs Saswat Anand Mary Jean

11/27/2011 Heap Cloning: Enabling Dynamic Symbolic Execution of Java Programs Saswat Anand Mary Jean Harrold Supported by NSF (CCF-0725202, CCF-0541048) and IBM (Software Quality Innovation Award) Symbolic Execution 35 Databases 30

558 views • 22 slides
T EX Live Managers rare gems User mode and multi-repository support Norbert Preining JAIST,

T EX Live Managers rare gems User mode and multi-repository support Norbert Preining JAIST,

T EX Live Managers rare gems User mode and multi-repository support Norbert Preining JAIST, Japan, and T EX Live Team October 2013 Tug 2013, Tokyo, Japan 1 Overview User mode Multi repository background operation mode setup, run

359 views • 32 slides
Position Management Training October 2014 Presented by: Budget & Planning Todays

Position Management Training October 2014 Presented by: Budget & Planning Todays

Position Management Training October 2014 Presented by: Budget & Planning Todays Objectives Understand Position Management Review the Position Management Action Form Topic Map CONCEPTS What is Position The Position

640 views • 27 slides
Ansible & CloudStack Cloud Era Configuration Management Paul Angus Cloud Architect

Ansible & CloudStack Cloud Era Configuration Management Paul Angus Cloud Architect

Ansible & CloudStack Cloud Era Configuration Management Paul Angus Cloud Architect paul.angus@shapeblue.com @CloudyAngus @ShapeBlue Ansible & CloudStack Configuration Management Ansible Using Ansible with CloudStack @ShapeBlue

1.39k views • 44 slides
Unsuccessful Teams by Rene B. Adams and Min S. Kim Discussion by Fabrizio Ferri Columbia

Unsuccessful Teams by Rene B. Adams and Min S. Kim Discussion by Fabrizio Ferri Columbia

Unsuccessful Teams by Rene B. Adams and Min S. Kim Discussion by Fabrizio Ferri Columbia Business School ECGI Conference 2018 Summary Following fund closures, female team managers are more likely to exit the fund family and the

343 views • 20 slides
Reference management using Zotero System 1: Printout System 1: Status update System 2: PDFs in

Reference management using Zotero System 1: Printout System 1: Status update System 2: PDFs in

Reference management using Zotero System 1: Printout System 1: Status update System 2: PDFs in folders System 3: EndNote System 4: JabRef My requirements Free of cost Cross-platform Tagging w/ topics Opensource Taking

389 views • 10 slides
CS227 CS227 - Silvia Silvia Zuffi Zuffi - - Sunil Mallya - Sunil Mallya Slides credits:

CS227 CS227 - Silvia Silvia Zuffi Zuffi - - Sunil Mallya - Sunil Mallya Slides credits:

CS227 CS227 - Silvia Silvia Zuffi Zuffi - - Sunil Mallya - Sunil Mallya Slides credits: official Slides credits: official membase meetings membase meetings Schedule Overview silvia History silvia Data Model silvia

858 views • 37 slides
Related Services Management Report (RSMR) Overview of the New RSMR in Qlik Sense September 2016

Related Services Management Report (RSMR) Overview of the New RSMR in Qlik Sense September 2016

Related Services Management Report (RSMR) Overview of the New RSMR in Qlik Sense September 2016 OSSE Division of Data, Assessment, and Research OSSE Division of Elementary, Secondary, and Specialized Education 1 Training Agenda I.

469 views • 44 slides
L e c t u r e 0 6 : S o f t w a r e m a n a g e m e n t o r H o

L e c t u r e 0 6 : S o f t w a r e m a n a g e m e n t o r H o

L e c t u r e 0 6 : S o f t w a r e m a n a g e m e n t o r H o w I L e a r n e d t o S t o p W o r r y i n g a n d L o v e A P T P a r t 2 H a n d s - o n U n

393 views • 3 slides

More recommend