Department of Computer Science
CS 551: Security and Privacy on the Internet
evans@virginia.edu
|
CS551: Security and Privacy on the Internet, Fall 2000 |
Manifest: Monday 6 November and Wednesday 8 November 2000
Assignments Due 10 November Project Progress Reports (see email for details) Wednesday: Guest Lecture - Chenxi Wang
Readings: No new readings: keep working on your projects.
Links
- Sun's Java Security Bugs list
- Collection of Increasingly Hostile Applets
- Java Security Hotlist
- Kimera Bytecode Verification Project
- Li Gong's Java Security Page
- AppletSecurity.java - the HotJava security policy, a subclass of SecurityManager
- java.lang.SecurityManager - the generic SecurityManager class
- java.io.File - a sample API class. See /usr/java/src/java for API classes.
Questions
- Are there skeletons in VeriSign's closet? (How hard is it to break SSL?)
- What is type safety? Why is it important?
- How does Java (the whole system) provide type safety?
- How is responsibility for security devided among the Java programming language, JVML, the bytecode verifier, the Security Manager and the JavaVM?
- What can go wrong in Java's security system?
- Who/what are you trusting when you vote?
- How vulnerable is our electoral system to a motivated attacker?
public void send(DatagramPacket p) throws IOException { // check the address is ok wiht the security manager on every send. SecurityManager security = System.getSecurityManager(); // The reason you want to synchronize on datagram packet // is because you dont want an applet to change the address // while you are trying to send the packet for example // after the security check but before the send. synchronized (p) { if (security != null) { if (p.getAddress().isMulticastAddress()) { security.checkMulticast(p.getAddress()); } else { security.checkConnect(p.getAddress().getHostAddress(), p.getPort()); } } // call the method to send impl.send(p); } }From java.net.DatagramSocket (JDK 1.1). Note the comment about synchronization. How many places do you think they got this wrong in the first implementation?From Sun's Applet Security FAQ:
Is there a summary of applet capabilities?The following table is not an exhaustive list of applet capabilities. It's meant to answer the questions we hear most often about what applets can and cannot do.
Key:
- NN: Netscape Navigator 4.x, loading unsigned applets over the Net
- NL: Netscape Navigator 4.x, loading unsigned applets from the Local file system
- AN: Appletviewer, JDK 1.x, loading applets over the Net
- AL: Appletviewer, JDK 1.x, loading applets from the Local file system
- JS: Java Standalone applications
Stricter ------------------------> Less strict NN NL AN AL JS read file in /home/me, no no no yes yes acl.read=null read file in /home/me, no no yes yes yes acl.read=/home/me write file in /tmp, no no no yes yes acl.write=null write file in /tmp, no no yes yes yes acl.write=/tmp get file info, no no no yes yes acl.read=null acl.write=null get file info, no no yes yes yes acl.read=/home/me acl.write=/tmp delete file, no no no no yes using File.delete() delete file, no no no yes yes using exec /usr/bin/rm read the user.name no yes no yes yes property connect to port no no no yes yes on client connect to port no no no yes yes on 3rd host load library no yes no yes yes exit(-1) no no no yes yes create a popup no yes no yes yes window without a warning
|
|
University of Virginia Department of Computer Science CS 551: Security and Privacy on the Internet |
David Evans evans@virginia.edu |