O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Enabling Java 2
Runtime Security
with Eclipse Plug-ins
___
Analyzing Security Requirements
for OSGi-Enabled Platforms
J2SE Security
OSGi Security
Applications
Main.main()
Socket.<init>("www.ibm.com", 80)
sm.checkConnect("www.ibm.com", 80)
sm.checkPermission(p)
AccessController.che...
import java.io.*;
import java.net.*;
public class LibraryCode {
private static String logFileName = "audit.txt";
public st...
Client.main()
LibraryCode.createSocket()
q
q
p
p
Socket.<init>(host,port)
sm.checkConnect(host,port)
sm.checkPermission(q)...
import java.io.*;
import java.net.*;
import java.security.*;
public class LibraryCode2 {
private static final String logFi...
Client.main()
Library.createSocket()
q
q p
AccessController.doPrivileged(op)
op.run()
p
p
FileOutputStream.<init>(logFileN...
Client
Library
Core
AllPermission
AllPermission
∅
SecurityException
p r
q
p
q
p
q
q q r r
{p}
SecurityManager.
checkPermission(p)
p
p
p
p
AccessController.
checkPermission(p)
FileOutputStream.
<init>()
pClient
Librar...
Static Analysis Engine (Eclipse and OSGi Aware)
JAR Inspection
Java Bytecode Analysis (JaBA)
Call Graph
Access-Rights
Anal...
Enabling Java 2 Runtime Security with Eclipse Plug-ins - Ted Habeck, Advisory Software Engineer, IBM & Marco Pistoia, Ph.D...
Enabling Java 2 Runtime Security with Eclipse Plug-ins - Ted Habeck, Advisory Software Engineer, IBM & Marco Pistoia, Ph.D...
Enabling Java 2 Runtime Security with Eclipse Plug-ins - Ted Habeck, Advisory Software Engineer, IBM & Marco Pistoia, Ph.D...
Enabling Java 2 Runtime Security with Eclipse Plug-ins - Ted Habeck, Advisory Software Engineer, IBM & Marco Pistoia, Ph.D...
Enabling Java 2 Runtime Security with Eclipse Plug-ins - Ted Habeck, Advisory Software Engineer, IBM & Marco Pistoia, Ph.D...
Enabling Java 2 Runtime Security with Eclipse Plug-ins - Ted Habeck, Advisory Software Engineer, IBM & Marco Pistoia, Ph.D...
Enabling Java 2 Runtime Security with Eclipse Plug-ins - Ted Habeck, Advisory Software Engineer, IBM & Marco Pistoia, Ph.D...
Enabling Java 2 Runtime Security with Eclipse Plug-ins - Ted Habeck, Advisory Software Engineer, IBM & Marco Pistoia, Ph.D...
Enabling Java 2 Runtime Security with Eclipse Plug-ins - Ted Habeck, Advisory Software Engineer, IBM & Marco Pistoia, Ph.D...
Enabling Java 2 Runtime Security with Eclipse Plug-ins - Ted Habeck, Advisory Software Engineer, IBM & Marco Pistoia, Ph.D...
Enabling Java 2 Runtime Security with Eclipse Plug-ins - Ted Habeck, Advisory Software Engineer, IBM & Marco Pistoia, Ph.D...
Enabling Java 2 Runtime Security with Eclipse Plug-ins - Ted Habeck, Advisory Software Engineer, IBM & Marco Pistoia, Ph.D...
Enabling Java 2 Runtime Security with Eclipse Plug-ins - Ted Habeck, Advisory Software Engineer, IBM & Marco Pistoia, Ph.D...
Próximos SlideShares
Carregando em…5
×

Enabling Java 2 Runtime Security with Eclipse Plug-ins - Ted Habeck, Advisory Software Engineer, IBM & Marco Pistoia, Ph.D., Research Staff Member, IBM

271 visualizações

Publicada em

OSGi World Congress 2005 - Developer Forum Day 2

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Enabling Java 2 Runtime Security with Eclipse Plug-ins - Ted Habeck, Advisory Software Engineer, IBM & Marco Pistoia, Ph.D., Research Staff Member, IBM

  1. 1. Enabling Java 2 Runtime Security with Eclipse Plug-ins ___ Analyzing Security Requirements for OSGi-Enabled Platforms
  2. 2. J2SE Security OSGi Security Applications
  3. 3. Main.main() Socket.<init>("www.ibm.com", 80) sm.checkConnect("www.ibm.com", 80) sm.checkPermission(p) AccessController.checkPermission(p) p p p p p ? ? ? ? ?If all the code source was granted Permission p… SecurityException Otherwise… Problem: What Permissions are required? • Not too many permissions • Not too few permissions
  4. 4. import java.io.*; import java.net.*; public class LibraryCode { private static String logFileName = "audit.txt"; public static Socket createSocket(String host, int port) throws UnknownHostException, IOException { Socket socket = new Socket(host, port); FileOutputStream fos = new FileOutputStream(logFileName); BufferedOutputStream bos = new BufferedOutputStream(fos); PrintStream ps = new PrintStream(bos, true); ps.print("Socket " + host + ":" + port); return socket; } } Client Library createSocket Socket Permission File Permission
  5. 5. Client.main() LibraryCode.createSocket() q q p p Socket.<init>(host,port) sm.checkConnect(host,port) sm.checkPermission(q) AccessController.checkPermission(q) q q q q FileOutputStream.<init>(logFileName) sm.checkWrite(logFileName) sm.checkPermission(p) AccessController.checkPermission(p) p p p p p = new FilePermission("audit.txt","write");q = new SocketPermission("ibm.com","80");
  6. 6. import java.io.*; import java.net.*; import java.security.*; public class LibraryCode2 { private static final String logFileName = "audit.txt"; public static Socket createSocket(String host, int port) throws UnknownHostException, IOException, PrivilegedActionException { Socket socket = new Socket(host, port); File f = new File(logFileName); PrivWriteOp op = new PrivWriteOp(host, port, f); FileOutputStream fos = (FileOutputStream) AccessController.doPrivileged(op); BufferedOutputStream bos = new BufferedOutputStream(fos); PrintStream ps = new PrintStream(bos, true); ps.print("Socket " + host + ":" + port); return socket; } } class PrivWriteOp implements PrivilegedExceptionAction { private File f; PrivWriteOp (File f) { this.f = f; } public Object run() throws IOException { return new FileOutputStream(f); } } Client Library createSocket Socket Permission File Permission
  7. 7. Client.main() Library.createSocket() q q p AccessController.doPrivileged(op) op.run() p p FileOutputStream.<init>(logFileName) sm.checkWrite(logFileName) sm.checkPermission(p) AccessController.checkPermission(p) p p p p p = new FilePermission("audit.txt","write"); Socket.<init>(host,port) sm.checkConnect(host,port) sm.checkPermission(q) AccessController.checkPermission(q) q q q q q = new SocketPermission("ibm.com","80");
  8. 8. Client Library Core AllPermission AllPermission ∅ SecurityException p r q p q p q q q r r {p}
  9. 9. SecurityManager. checkPermission(p) p p p p AccessController. checkPermission(p) FileOutputStream. <init>() pClient Library p Core p AccessController. doPrivileged(pa) p PrivilegedAction. run()
  10. 10. Static Analysis Engine (Eclipse and OSGi Aware) JAR Inspection Java Bytecode Analysis (JaBA) Call Graph Access-Rights Analysis Privileged-Code Placement Analysis Tainted-Variable Analysis Object CodeSecurity Policy Code Architecture Inspection Certificate Inspection Permission Inspection KeyStore Editor JAR Signer Call Path Analysis

×