Martin Toshev, profile picture
Uploaded byMartin Toshev
PPTX, PDF285 views

Practical security In a modular world

This document discusses security aspects of Java modules and compares them to OSGi bundles. It explains that the Java module system brings improved security while fitting into the existing security architecture. Modules introduce another layer of access control and stronger encapsulation for application code. Both modules and bundles define protection domains and can be signed, but modules lack OSGi's notion of local bundle permissions. The new module system enhances security while modularizing the Java platform.

Embed presentation

Download to read offline
@martin_fmi Practical security in a modular world Martin Toshev
@martin_fmi Who am I Software consultant (CoffeeCupConsulting) BG JUG board member (http://jug.bg) OpenJDK and Oracle RDBMS enthusiast 2
@martin_fmi Agenda • Security sandbox model at a glance • Security aspects of Jigsaw • Jigsaw vs OSGi from a security perspective 3
@martin_fmi Security sandbox model at a glance 4
@martin_fmi The big picture 5 applet/war/bundle System code JVM Browser/Java EE server/OSGI server grant codeBase http://javaday.ua/demoapplet { permission java.io.FilePermisions “C:Windows” “delete” } java.policy SecurityManager.checkPermission(…) AccessController.checkPermission(…)
@martin_fmi Permission checking • Typical flow for permission checking: 1) upon system startup a security policy is set and a security manager is installed: 6 Policy.setPolicy(…) System.setSecurityManager(…)
@martin_fmi Permission checking • Typical flow for permission checking: 2) during classloading (e.g. of a remote applet) bytecode verification is done and the protection domain is set for the current classloader (along with the code source, the set of permissions and the set of JAAS principals) 7
@martin_fmi Protection Domain • The protection domain is set during classloading and contains the code source, the list of principals and the list of permissions for the class • Two types of protection domain: system and application 8 object.getClass().getProtectionDomain();
@martin_fmi Permission checking • Typical flow for permission checking: 3) when system code is invoked from the remote code the SecurityManager is used to check against the intersection of protection domains based on the chain of threads and their call stacks 9
@martin_fmi Permission checking • Typical flow for permission checking: 10 SocketPermission permission = new SocketPermission(“javaday.ua:8000-9000","connect,accept"); SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(permission); }
@martin_fmi Permission checking • Typical flow for permission checking: 4) application code can also do permission checking against remote code using a SecurityManager or an AccessController 11
@martin_fmi Permission checking • Typical flow for permission checking: 12 SocketPermission permission = new SocketPermission(“javaday.ua:8000-9000", "connect,accept"); AccessController.checkPermission(permission)
@martin_fmi Permission checking • Typical flow for permission checking: 5) application code can also do permission checking with all permissions of the calling domain or a particular JAAS subject 13 AccessController.doPrivileged(…) Subject.doAs(…) Subject.doAsPrivileged(…)
@martin_fmi Example: banking app server 14 FIX protocol integration Banking server (plain Java) Alpha protocol integration Demo application …
@martin_fmi Security sandbox model at a glance (demo) 15
@martin_fmi Security aspects of Jigsaw 16
@martin_fmi The big picture 17 JVM Application grant codeBase http://javaday.ua/demoapplet { permission java.io.FilePermisions “C:Windows” “delete” } java.policy SecurityManager.checkPermission(…) AccessController.checkPermission(…) java.base java.logging other module
@martin_fmi Security implications • The security model remains the same with Java modules • System code is split into modules and applications can use a stripped down VM => improved security • Application code can be split into modules with stronger encapsulation at runtime => improved security 18
@martin_fmi Access control • Access control is governed not by the class loader(s) of the module’s classes but by the module itself • Access modifiers are fulfilled by another layer of encapsulation: exported/opened packages 19
@martin_fmi Runtime modules • Modules can also be defined at runtime with multiple classloaders and grouped into module layers for that purpose: 20 obj.getClass().getModule().getLayer().defineModulesXXX(…)
@martin_fmi Security aspects of Jigsaw (demo) 21
@martin_fmi OSGi vs Jigsaw from a security perspective 22
@martin_fmi OSGi security model • An extension of the Java security model • The OSGi spec provides a set of custom permissions such as PackagePermission (in order to specify whether a bundle exports/imports a package) or ServicePermission (to get or register an OSGI service) 23
@martin_fmi OSGi security model • The PermissionAdmin and ConditionalPermissionAdmin classes provide additional permission management on top of SecurityManager • Local permissions can be specified for each bundle in OSGI-INF/permissions.perm and are useful for bundle security auditing 24
@martin_fmi OSGi vs Jigsaw • Both a Jigsaw module and an OSGi bundle have a distinct protection domain that defines the set of permissions for the Jigsaw module/OSGi bundle • Both a Jigsaw module and an OSGi bundle can be signed and the set of permissions can be defined on the signer of the Jigsaw module/OSGi bundle 25
@martin_fmi OSGi vs Jigsaw • A Jigsaw module doesn’t have the notion of “local permissions” as an OSGi bundle • A runtime Jigsaw module can have classes from multiple classloaders that have different protection domains 26
@martin_fmi Summary • The new module system in Java brings better security while still fitting in platform’s security architecture • The new module systems introduces yet another layer of access control for applications 27
@martin_fmi Thank you ! Q&A 28 demos: https://github.com/martinfmi/practical_security_in_a_modular_world
@martin_fmi References 29 Java platform security architecture http://docs.oracle.com/javase/7/docs/technotes/guides/security/spec/securi ty-spec.doc.html Java Platform Module System (JSR 376) http://openjdk.java.net/projects/jigsaw/spec/

More Related Content

PDF
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
byBlueHat Security Conference
 
PPTX
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
byBlueHat Security Conference
 
PDF
Understanding Windows Access Token Manipulation
byJustin Bui
 
PDF
Hack any website
bysunil kumar
 
PDF
Hacking intranet websites
byshehab najjar
 
PDF
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
bynyccamp
 
PDF
ubantu mod security
byKunal gupta
 
PDF
Secure Coding - Web Application Security Vulnerabilities and Best Practices
byWebsecurify
 
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
byBlueHat Security Conference
 
BlueHat v17 || Betraying the BIOS: Where the Guardians of the BIOS are Failing
byBlueHat Security Conference
 
Understanding Windows Access Token Manipulation
byJustin Bui
 
Hack any website
bysunil kumar
 
Hacking intranet websites
byshehab najjar
 
Hack Into Drupal Sites (or, How to Secure Your Drupal Site)
bynyccamp
 
ubantu mod security
byKunal gupta
 
Secure Coding - Web Application Security Vulnerabilities and Best Practices
byWebsecurify
 

Similar to Practical security In a modular world

PPTX
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
byMartin Toshev
 
PPTX
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
byMartin Toshev
 
PPT
Chapter three Java_security.ppt
byHaymanotTadese
 
PPTX
Security Architecture of the Java platform
byMartin Toshev
 
PPT
Java Security
byelliando dias
 
PPTX
Deep dive into Java security architecture
byPrabath Siriwardena
 
PPTX
Securing Underprotected APIs - Deja vu Security
byDeja vu Security
 
PPTX
Martin Toshev - Java Security Architecture - Codemotion Rome 2019
byCodemotion
 
PPTX
Security Аrchitecture of Тhe Java Platform
byMartin Toshev
 
PDF
Javantura v4 - Security architecture of the Java platform - Martin Toshev
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
PDF
Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...
bymfrancis
 
PDF
Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...
bymfrancis
 
PDF
Enabling Java 2 Runtime Security with Eclipse Plug-ins - Ted Habeck, Advisory...
bymfrancis
 
PPTX
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
byNicolas Fränkel
 
PPTX
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
byNicolas Fränkel
 
PDF
Deployment Download and Policy Workstream Update - Gábor Pécsy, Nokia
bymfrancis
 
ODP
Tollas Ferenc - Java security
byveszpremimeetup
 
PPTX
Java & The Android Stack: A Security Analysis
byPragati Rai
 
PDF
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
byAlex Senkevitch
 
PPT
java-card20232024999999999999999999999999999999999999999999999999999999999999...
byouahibakellou
 
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
byMartin Toshev
 
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
byMartin Toshev
 
Chapter three Java_security.ppt
byHaymanotTadese
 
Security Architecture of the Java platform
byMartin Toshev
 
Java Security
byelliando dias
 
Deep dive into Java security architecture
byPrabath Siriwardena
 
Securing Underprotected APIs - Deja vu Security
byDeja vu Security
 
Martin Toshev - Java Security Architecture - Codemotion Rome 2019
byCodemotion
 
Security Аrchitecture of Тhe Java Platform
byMartin Toshev
 
Javantura v4 - Security architecture of the Java platform - Martin Toshev
byHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Do not disturb my circles! Secure Application Isolation with OSGi - Mirko Jah...
bymfrancis
 
Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...
bymfrancis
 
Enabling Java 2 Runtime Security with Eclipse Plug-ins - Ted Habeck, Advisory...
bymfrancis
 
Code Europe PL - Securing the JVM: Neither for fun nor for profit, but do you...
byNicolas Fränkel
 
Voxxed Days Athens - Securing the JVM - Neither for fun nor for profit, but d...
byNicolas Fränkel
 
Deployment Download and Policy Workstream Update - Gábor Pécsy, Nokia
bymfrancis
 
Tollas Ferenc - Java security
byveszpremimeetup
 
Java & The Android Stack: A Security Analysis
byPragati Rai
 
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
byAlex Senkevitch
 
java-card20232024999999999999999999999999999999999999999999999999999999999999...
byouahibakellou
 

More from Martin Toshev

PPTX
Oracle Database 12c Attack Vectors
byMartin Toshev
 
PPTX
Modular Java
byMartin Toshev
 
PPTX
Spring RabbitMQ
byMartin Toshev
 
PPT
Java 9 Security Enhancements in Practice
byMartin Toshev
 
PDF
Eclipse plug in development
byMartin Toshev
 
PPTX
Spring RabbitMQ
byMartin Toshev
 
PPTX
JVM++: The Graal VM
byMartin Toshev
 
PPTX
Big data processing with Apache Spark and Oracle Database
byMartin Toshev
 
PPTX
Writing Stored Procedures with Oracle Database 12c
byMartin Toshev
 
PPTX
The RabbitMQ Message Broker
byMartin Toshev
 
PPT
Semantic Technology In Oracle Database 12c
byMartin Toshev
 
PDF
KDB database (EPAM tech talks, Sofia, April, 2015)
byMartin Toshev
 
PPTX
RxJS vs RxJava: Intro
byMartin Toshev
 
PPTX
Modularity of The Java Platform Javaday (http://javaday.org.ua/)
byMartin Toshev
 
PPTX
Java 9 sneak peek
byMartin Toshev
 
PDF
Concurrency Utilities in Java 8
byMartin Toshev
 
PPTX
Building highly scalable data pipelines with Apache Spark
byMartin Toshev
 
PPTX
Writing Java Stored Procedures in Oracle 12c
byMartin Toshev
 
PPTX
Writing Stored Procedures in Oracle RDBMS
byMartin Toshev
 
PPT
Jdk 10 sneak peek
byMartin Toshev
 
Oracle Database 12c Attack Vectors
byMartin Toshev
 
Modular Java
byMartin Toshev
 
Spring RabbitMQ
byMartin Toshev
 
Java 9 Security Enhancements in Practice
byMartin Toshev
 
Eclipse plug in development
byMartin Toshev
 
Spring RabbitMQ
byMartin Toshev
 
JVM++: The Graal VM
byMartin Toshev
 
Big data processing with Apache Spark and Oracle Database
byMartin Toshev
 
Writing Stored Procedures with Oracle Database 12c
byMartin Toshev
 
The RabbitMQ Message Broker
byMartin Toshev
 
Semantic Technology In Oracle Database 12c
byMartin Toshev
 
KDB database (EPAM tech talks, Sofia, April, 2015)
byMartin Toshev
 
RxJS vs RxJava: Intro
byMartin Toshev
 
Modularity of The Java Platform Javaday (http://javaday.org.ua/)
byMartin Toshev
 
Java 9 sneak peek
byMartin Toshev
 
Concurrency Utilities in Java 8
byMartin Toshev
 
Building highly scalable data pipelines with Apache Spark
byMartin Toshev
 
Writing Java Stored Procedures in Oracle 12c
byMartin Toshev
 
Writing Stored Procedures in Oracle RDBMS
byMartin Toshev
 
Jdk 10 sneak peek
byMartin Toshev
 

Recently uploaded

PDF
Introduction to Cloud Computing-Cloud Security by Dr. K. Adisesha
byAdiseshaK
 
PPTX
Unlock Hidden Capacity: How TPM Supercharges Your OEE | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
PDF
Unit 1: Introduction Cloud Computing-PPT by Dr. K.Adisesha
byAdiseshaK
 
PPTX
Trade Secret.pptx (Trade Secret.pptx.pptx)
byganeshchalla7
 
PDF
Operating System Concepts-Memory Management by Dr. K. Adisesha
byAdiseshaK
 
PDF
2025 MediaEval Medico Organizer Presentation
bySushant Gautam
 
PDF
DevSecOps - November + MCP Workshop @ Google
byLuiz Carneiro
 
PPTX
19ECX25-CAD for VLSI Circuits Unit-1.pptx
bytamil arasan
 
PPTX
METAFABRIC – Cooling Textiles with Radiative Properties
bytamilarasi192002
 
PDF
Meraki Cloud Management and Monitoring for Catalyst - Cisco Certificate
byVICTOR MAESTRE RAMIREZ
 
PDF
A Guide to Boiler Operation and Maintenance
byMahmoud Moghtaderi
 
PDF
A Guide to Boiler Construction and Design
byMahmoud Moghtaderi
 
DOCX
23AE205-IMAGE AND VLSI SIGNAL PROCESSING LAB.docx
bytamil arasan
 
PPTX
Brick- its Types , uses , advantages and limitations .pptx
bydhanashree78
 
PDF
UK P&I Club Good Practice Posters Series
byMahmoud Moghtaderi
 
DOCX
19EC704 Optical and Microwave Lab Manual.docx
bytamil arasan
 
PDF
Impact of Different Curing Techniques in Evaluating the Strength of the Rolle...
byAbdullah Al-Ani
 
PDF
Resonating 25 years of service- 1988 exam batch.pdf
byRajesh Prasad
 
PDF
JLEE Electrical Engineering Question Paper Assam
bykandramariana6
 
PDF
EFFECT OF ULTRAVIOLET RADIATION ON STRUCTURAL PROPERTIES OF NANOWIRES
byijoejnl
 
Introduction to Cloud Computing-Cloud Security by Dr. K. Adisesha
byAdiseshaK
 
Unlock Hidden Capacity: How TPM Supercharges Your OEE | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
Unit 1: Introduction Cloud Computing-PPT by Dr. K.Adisesha
byAdiseshaK
 
Trade Secret.pptx (Trade Secret.pptx.pptx)
byganeshchalla7
 
Operating System Concepts-Memory Management by Dr. K. Adisesha
byAdiseshaK
 
2025 MediaEval Medico Organizer Presentation
bySushant Gautam
 
DevSecOps - November + MCP Workshop @ Google
byLuiz Carneiro
 
19ECX25-CAD for VLSI Circuits Unit-1.pptx
bytamil arasan
 
METAFABRIC – Cooling Textiles with Radiative Properties
bytamilarasi192002
 
Meraki Cloud Management and Monitoring for Catalyst - Cisco Certificate
byVICTOR MAESTRE RAMIREZ
 
A Guide to Boiler Operation and Maintenance
byMahmoud Moghtaderi
 
A Guide to Boiler Construction and Design
byMahmoud Moghtaderi
 
23AE205-IMAGE AND VLSI SIGNAL PROCESSING LAB.docx
bytamil arasan
 
Brick- its Types , uses , advantages and limitations .pptx
bydhanashree78
 
UK P&I Club Good Practice Posters Series
byMahmoud Moghtaderi
 
19EC704 Optical and Microwave Lab Manual.docx
bytamil arasan
 
Impact of Different Curing Techniques in Evaluating the Strength of the Rolle...
byAbdullah Al-Ani
 
Resonating 25 years of service- 1988 exam batch.pdf
byRajesh Prasad
 
JLEE Electrical Engineering Question Paper Assam
bykandramariana6
 
EFFECT OF ULTRAVIOLET RADIATION ON STRUCTURAL PROPERTIES OF NANOWIRES
byijoejnl
 

Practical security In a modular world

  • 1.
    @martin_fmi Practical security in amodular world Martin Toshev
  • 2.
    @martin_fmi Who am I Softwareconsultant (CoffeeCupConsulting) BG JUG board member (http://jug.bg) OpenJDK and Oracle RDBMS enthusiast 2
  • 3.
    @martin_fmi Agenda • Security sandboxmodel at a glance • Security aspects of Jigsaw • Jigsaw vs OSGi from a security perspective 3
  • 4.
  • 5.
    @martin_fmi The big picture 5 applet/war/bundle Systemcode JVM Browser/Java EE server/OSGI server grant codeBase http://javaday.ua/demoapplet { permission java.io.FilePermisions “C:Windows” “delete” } java.policy SecurityManager.checkPermission(…) AccessController.checkPermission(…)
  • 6.
    @martin_fmi Permission checking • Typicalflow for permission checking: 1) upon system startup a security policy is set and a security manager is installed: 6 Policy.setPolicy(…) System.setSecurityManager(…)
  • 7.
    @martin_fmi Permission checking • Typicalflow for permission checking: 2) during classloading (e.g. of a remote applet) bytecode verification is done and the protection domain is set for the current classloader (along with the code source, the set of permissions and the set of JAAS principals) 7
  • 8.
    @martin_fmi Protection Domain • Theprotection domain is set during classloading and contains the code source, the list of principals and the list of permissions for the class • Two types of protection domain: system and application 8 object.getClass().getProtectionDomain();
  • 9.
    @martin_fmi Permission checking • Typicalflow for permission checking: 3) when system code is invoked from the remote code the SecurityManager is used to check against the intersection of protection domains based on the chain of threads and their call stacks 9
  • 10.
    @martin_fmi Permission checking • Typicalflow for permission checking: 10 SocketPermission permission = new SocketPermission(“javaday.ua:8000-9000","connect,accept"); SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(permission); }
  • 11.
    @martin_fmi Permission checking • Typicalflow for permission checking: 4) application code can also do permission checking against remote code using a SecurityManager or an AccessController 11
  • 12.
    @martin_fmi Permission checking • Typicalflow for permission checking: 12 SocketPermission permission = new SocketPermission(“javaday.ua:8000-9000", "connect,accept"); AccessController.checkPermission(permission)
  • 13.
    @martin_fmi Permission checking • Typicalflow for permission checking: 5) application code can also do permission checking with all permissions of the calling domain or a particular JAAS subject 13 AccessController.doPrivileged(…) Subject.doAs(…) Subject.doAsPrivileged(…)
  • 14.
    @martin_fmi Example: banking appserver 14 FIX protocol integration Banking server (plain Java) Alpha protocol integration Demo application …
  • 15.
  • 16.
  • 17.
    @martin_fmi The big picture 17 JVM Application grantcodeBase http://javaday.ua/demoapplet { permission java.io.FilePermisions “C:Windows” “delete” } java.policy SecurityManager.checkPermission(…) AccessController.checkPermission(…) java.base java.logging other module
  • 18.
    @martin_fmi Security implications • Thesecurity model remains the same with Java modules • System code is split into modules and applications can use a stripped down VM => improved security • Application code can be split into modules with stronger encapsulation at runtime => improved security 18
  • 19.
    @martin_fmi Access control • Accesscontrol is governed not by the class loader(s) of the module’s classes but by the module itself • Access modifiers are fulfilled by another layer of encapsulation: exported/opened packages 19
  • 20.
    @martin_fmi Runtime modules • Modulescan also be defined at runtime with multiple classloaders and grouped into module layers for that purpose: 20 obj.getClass().getModule().getLayer().defineModulesXXX(…)
  • 21.
  • 22.
    @martin_fmi OSGi vs Jigsaw froma security perspective 22
  • 23.
    @martin_fmi OSGi security model •An extension of the Java security model • The OSGi spec provides a set of custom permissions such as PackagePermission (in order to specify whether a bundle exports/imports a package) or ServicePermission (to get or register an OSGI service) 23
  • 24.
    @martin_fmi OSGi security model •The PermissionAdmin and ConditionalPermissionAdmin classes provide additional permission management on top of SecurityManager • Local permissions can be specified for each bundle in OSGI-INF/permissions.perm and are useful for bundle security auditing 24
  • 25.
    @martin_fmi OSGi vs Jigsaw •Both a Jigsaw module and an OSGi bundle have a distinct protection domain that defines the set of permissions for the Jigsaw module/OSGi bundle • Both a Jigsaw module and an OSGi bundle can be signed and the set of permissions can be defined on the signer of the Jigsaw module/OSGi bundle 25
  • 26.
    @martin_fmi OSGi vs Jigsaw •A Jigsaw module doesn’t have the notion of “local permissions” as an OSGi bundle • A runtime Jigsaw module can have classes from multiple classloaders that have different protection domains 26
  • 27.
    @martin_fmi Summary • The newmodule system in Java brings better security while still fitting in platform’s security architecture • The new module systems introduces yet another layer of access control for applications 27
  • 28.
    @martin_fmi Thank you ! Q&A 28 demos:https://github.com/martinfmi/practical_security_in_a_modular_world
  • 29.
    @martin_fmi References 29 Java platform securityarchitecture http://docs.oracle.com/javase/7/docs/technotes/guides/security/spec/securi ty-spec.doc.html Java Platform Module System (JSR 376) http://openjdk.java.net/projects/jigsaw/spec/