JAVA 2 Network Security

Transcription

1 JAVA 2 Network Security M A R C O PISTOIA DUANE F. RELLER DEEPAK GUPTA MILIND NAGNUR ASHOK K. RAMANI PTR, UPPER PRENTICE HALL SADDLE RIVER, NEW JERSEY 07458

2 Contents Foreword Preface The Team That Wrote This Redbook Comments Welcome v xix xix xxi Part 1. Introduction to Java and Security 1 Chapter 1. An Overview of Java and Security Java Is Not Just a Language What Java Does Java Is Not an Island: Java as a Part of Security Safety and Security Java as an Aid to Security Java as a Threat to Security Writing Secure Java Staying One Jump Ahead The Vigilant Web Site Understanding Java 2 Security An Example of Applet Security in Java An Example of Application Security in Java Summary 33 Chapter 2. Attack and Defense Components of Java The Development Environment The Execution Environment Interfaces and Architectures Java 2 and Cryptography Cryptographic Tools in Brief Java Cryptography Architecture United States Export Rules for Encryption Signed Code The Other Side of the Coin - Access Control Attacking the World of Java Perils in the Life of Remote Code Vulnerabilities in Java Applications Summary 68 Chapter 3. The New Java Security Model The Need for Java Security 69 ix

3 3.2 Evolution of the Java Security Model The JDK 1.0 Sandbox Security Model The Concept of Trusted Code in JDK The Fine-Grained Access Control of Java A Comparison of the Three Java Security Models Java 2 Protection Domain and Permissions Model New Class Search Path Boot Class Path Extensions Framework Application Class Path Class Search Paths in Summary Java 2 Class Loading Mechanism Run-Time Access Controls The Policy File The Default System-Wide Policy File Security Manager vs Access Controller Security Management with Java Applying a Security Manager to Applets and Applications Applying a User-Defined Security Policy Java Security Debugging Summary 106 Part 2. Under the Hood 107 Chapter 4. The Java Virtual Machine The Java Virtual Machine, Close Up The Class Loader The Class File Verifier The Heap The Class Area The Native Method Loader The Security Manager The Execution Engine Just-in-Time Compilers Summary 115 Chapter 5. Class Files in Java The Traditional Development Life Cycle The Java Development Life Cycle The Java 2 Class File Format Decompilation Attacks The Constant Pool Beating the Decompilation Threat 134 X Java 2 Network Security

4 5.5 Java Bytecode A Bytecode Example 136 Chapter 6. The Class Loader and Class File Verifier Class Loaders Loading Classes from Trusted Sources Loading Classes from Untrusted Sources Beyond What the JVM Provides The Class Loading Process Should You Build Your Own Class Loader The Class File Verifier An Example of Class File Verification The Duties of the Class File Verifier The Four Passes of the Class File Verifier The Bytecode Verifier in Detail The Data Flow Analyzer An Incompleteness Theorem for Bytecode Verifiers Summary 184 Chapter 7. The Java 2 SecurityManager What SecurityManager Does Operation of the Security Manager Interdependence of the Three JVM Security Elements Attacking the Defenses of Java Types of Attack Malicious Applets Avoiding Security Hazards How to Test Examples of Security Manager Extensions First Example - Overriding checkwrite() Second Example - Overriding checkpermission() Third Example - Overriding checkread() and checkwrite() Summary 224 Chapter 8. Security Configuration Files in the Java 2 SDK A Note on Java.home and the JRE Installation Directory Keystores The Certificates KeyStore File cacerts The Security Properties File, Java.security Security Policy Files keystore Entry grant Entries An Example of Security Settings in the Java 2 Platform The Count Application Source Code 248 xi

5 8.5.2 A Sample Text File Compiling the Application Running the Application without a Security Manager Running the Application with the Default Security Manager Policy File Modification File Read Access to Files in the Code Base URL Directory Security Properties and Policy File Protection How to Implement a Policy Server 252 Chapter 9. Java 2 SDK Security Tools Key and Certificate Management Tool keytool Syntax Store and Private Key Password Commands and Options Associated with keytool An Example of keytool Usage Java Archive Tool Options of the jar Command Running a JAR File JAR Signing and Verification Tool jarsigner Scenario Observations on the jarsigner Verification Process Tampering with a Signed JAR File Policy File Creation and Management Tool Observations on the Use of the Policy Tool 295 Chapter 10. Security APIs in Java The Package Java.security Principals Guard Interface and GuardedObject Class Providers The Security Class Access Control APIs Key Management Message Digests and Digital Signatures Secure Random Number Generation The SignedObject Class Permission APIs Code Source Protection Domain Policy Secure Class Loader Algorithm Parameters The Package Java.security.spec 322 Java 2 Network Security

6 10.3 The Package Java.security.cert Package Java.security.interfaces The Package Java.security.acl Examples Using the Java 2 Security APIs Signature and Signature Verification Using Keystores The Permission Classes How to Create New Permissions Working with Signed Permissions How to Write Privileged Code First Case - No Return Value, No Exception Thrown Second Case - Return Value, No Exception Thrown Third Case - Return Value, Exception Thrown Accessing Local Variables An Example of Privileged Blocks Usage General Recommendations on Using the Privileged Blocks Chapter 11. The Java Plug-In Main Features of Java Plug-In What Does the Java Plug-In Do? Java Plug-In HTML Changes Changes Supported by Navigator Changes Supported by Internet Explorer Changes Supported by Both Navigator and Internet Explorer All the Web Browsers Java Plug-in Software HTML Converter Java Plug-In Control Panel The Basic Panel The Advanced Panel The Proxies Panel Java Plug-In Security Scenario First Step - Without Using the Java Plug-in Second Step - Using the Java Plug-in 377 Chapter 12. Java Gets Out of Its Box JAR Files and Applet Signing Manifest File Signature File Signature Block File Signed Code Scenario in JDK 1.1 and Sun HotJava Creating the CA Key Database Creating the Server Key Database Creating and Signing a JAR File 397

7 Running the Applet Creating the Client Key Database Signed Code Scenario in Java 2 SDK, Standard Edition, V Creating a Keystore for Certification Authorities Creating the Server Certificate Creating and Signing a JAR file Granting the Permissions and Running the Applet Signed Code Scenario in Netscape Communicator Using the netscape.security Package Installing Keys and Certificates in Netscape Communicator Signing JAR Files with Netscape Signing Tool Signed Code Scenario in Microsoft Internet Explorer First Example with Signed CAB Files A More Complex Signed CAB File Example The JAR Bug - Fixed In Java 2 SDK, Standard Edition, V The Solution in Java 2 SDK, Standard Edition, V Future Developments 470 Part 3. Beyond the Island of Java - Surfing into the Unknown 473 Chapter 13. Cryptography in Java Security Questions, Cryptographic Answers Public Key Certificates The Java Cryptography Architecture Framework JCE and United States Export Considerations Relationship between Java 2 SDK, JCA and JCE APIs JCA Terms and Definitions The Provider Concept in the JCA Engine Classes Algorithms Java Cryptography Extension JCE - Packages and Their Contents The Cipher Class The Cipher Stream Classes Secret Key Interfaces and Classes The KeyGenerator Class The Key Agreement Class The SealedObject Class Java Cryptography in Practice First Scenario Second Scenario Asymmetric Encryption with the Java 2 SDK and JCE Using Asymmetric Encryption 516 xiv Java 2 Network Security

8 13.7 How to Implement Your Own Provider Write the Service Implementation Code Give the Provider a Name Write a Master Class Compile the Code Install and Configure the Provider Test if the Provider Is Ready Algorithm Aliases Dependencies on Other Algorithms Default Initializations A Sample Master Class 526 Chapter 14. Enterprise Java Browser Add-On Applets Networked Architectures Applying the Java 2 Access Control Mechanisms Two-Tier Architecture Three-Tier Architecture Network Security Secure Clients and Network Computers Server-Side Java The Cost of Server-Side Java Servlets Advantages of Servlets Servlets and CGI-BINs Java Servlet APIs Servlet Life Cycle IBM WebSphere Application Server A Sample Servlet The Current Servlet Security Model Distributed Object Architectures - RMI Stubs and Skeletons RMI Registry A Sample RMI Program The Security of RMI Enterprise JavaBeans 580 Chapter 15. Java and Firewalls - In and Out of the Net What Is a Firewall? What Does a Firewall Do? Inside a TCP/IP Packet How Can Programs Communicate through a Firewall? Detailed Example of TCP/IP Protocol 588 xv

9 DNS Flow (UDP Example) HTTP Flow (TCP Example) Proxy Servers and SOCKS Gateways Proxy Servers What Is SOCKS? Using Proxy Servers or SOCKS Gateways The Effect of Firewalls on Java Downloading an Applet Using HTTP Stopping Java Downloads with a Firewall Java Network Connections through the Firewall Java and Firewall Scenarios URL Connection Socket Connection Conclusions Remote Method Invocation Summary 628 Chapter 16. Java and SSL What Is SSL? Using SSL from an Applet Using SSL URLs with Java Java and SSL with Sun Microsystems The javax.net Package The javax.net.ssl Package The javax.security.cert Package How to Use Java and SSL Skeleton Program without SSL Using SSL with the Sun Microsystems API Java and SSL with IBM SSLite Extensions to the SSL Protocol SSLite Key Ring Management Tools SSL Server Authentication with IBM SSLite for Java Conclusions Summary 668 Chapter 17. Epilogue Future Directions of Java Java 2 SDK-The Path Ahead Resource Consumption Management Java Authentication and Authorization Service Java RMI Security Extension Arbitrary Grouping of Permissions Object-Level Protection 671 XVI Java 2 Network Security

10 Subdividing Protection Domains Running Applets with Signed Content Java 2 Platform, Enterprise Edition Conclusion 673 Appendix A. Getting Internal System Properties 675 A.1 Program GetAIIProperties 675 A.2 Program GetProperty 678 Appendix B. Signature Formats 681 Appendix C. X.509 Certificates 683 C.1 X.509 Certificate Versions 684 Appendix D. Sources of Information about Java Security 685 D.1 Companies 685 D.1.1 JavaSoft 685 D.1.2 Sun 686 D.1.3 IBM 686 D.1.4 Microsoft 687 D.1.5 Reliable Software Technologies 688 D.1.6 JavaWorld 688 D.1.7 JCE Providers outside the United States 688 D.2 Universities 689 D.2.1 Princeton 689 D.2.2 Yale 689 D.2.3 Others 690 Appendix E. What's on the Diskette? 691 E.1 How to Access the Diskette 691 E.2 How to Get the Same Software Material from the Web 691 Appendix F. Special Notices 693 Appendix G. Related Publications 697 G.1 International Technical Support Organization Publications 697 G.2 Redbooks on CD-ROMs 697 G.3 Other Publications 697 How to Get ITSO Redbooks 699 IBM Redbook Fax Order Form 700 xvii

11 Glossary 701 Index 703 ITSO Redbook Evaluation 713 XVIII Java 2 Network Security