Java History. Java History (cont'd)



Similar documents
2 Introduction to Java. Introduction to Programming 1 1

JAVA 2 Network Security

JAVA WEB START OVERVIEW

Java applets. SwIG Jing He

An Overview of Java. overview-1

CSC 551: Web Programming. Spring 2004

HOW TO CONFIGURE PASS-THRU PROXY FOR ORACLE APPLICATIONS

How To Use A Sas Server On A Java Computer Or A Java.Net Computer (Sas) On A Microsoft Microsoft Server (Sasa) On An Ipo (Sauge) Or A Microsas (Sask

The Java Series. Java Essentials I What is Java? Basic Language Constructs. Java Essentials I. What is Java?. Basic Language Constructs Slide 1

CSE 452: Programming Languages. Acknowledgements. Contents. Java and its Evolution

Risks with web programming technologies. Steve Branigan Lucent Technologies

Java and Java Virtual Machine security vulnerabilities and their exploitation techniques

1. Overview of the Java Language

Configuring the BBj Jetty Web Server (rev10.02) for OSAS

Table of Contents. Welcome Login Password Assistance Self Registration Secure Mail Compose Drafts...

Homeland Security Red Teaming

APPLETS AND NETWORK SECURITY: A MANAGEMENT OVERVIEW

Banner Frequently Asked Questions (FAQs)

Java and Java Virtual Machine Security

Installing Java. Table of contents

JavaSnoop: How to hack anything in Java

Web Pages. Static Web Pages SHTML

An Overview of Oracle Forms Server Architecture. An Oracle Technical White Paper April 2000

Contents. Java - An Introduction. Java Milestones. Java and its Evolution

5.0 Secure Meeting Error Messages

Entrust Managed Services PKI Administrator s Quick Start Guide

Applets, RMI, JDBC Exam Review

Here's the code for our first Applet which will display 'I love Java' as a message in a Web page

Practice Fusion API Client Installation Guide for Windows

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

White Paper. Java Security. What You Need to Know, and How to Protect Yourself

Enabling Java and ActiveX Settings of Internet Explorer:

Rebasoft Auditor Quick Start Guide

Zend Server 4.0 Beta 2 Release Announcement What s new in Zend Server 4.0 Beta 2 Updates and Improvements Resolved Issues Installation Issues

SE 450 Object-Oriented Software Development. Requirements. Topics. Textbooks. Prerequisite: CSC 416

Troubleshooting AVAYA Meeting Exchange

Sendspace Wizard Desktop Tool Step-By-Step Guide

24x7 Scheduler Multi-platform Edition 5.2

Habanero Extreme Scale Software Research Project

Oracle JInitiator PM-CP-004. Technical FAQ. April 1999

How To Write A Program For The Web In Java (Java)

Java vs. Java Script

Sample copy. Introduction To WebLogic Server Property of Web 10.3 Age Solutions Inc.

Sandy. The Malicious Exploit Analysis. Static Analysis and Dynamic exploit analysis. Garage4Hackers

DRIVE-BY DOWNLOAD WHAT IS DRIVE-BY DOWNLOAD? A Typical Attack Scenario

SEZ SEZ Online Manual- DSC Signing with Java Applet. V Version 1.0 ersion 1.0

Frequently Asked Questions e-form Filler. e-form Filler

Tutorial: Load Testing with CLIF

DeskNow. Ventia Pty. Ltd. Advanced setup. Version : 3.2 Date : 4 January 2007

Entrust Managed Services PKI Administrator Guide

Restraining Execution Environments

Tivoli Endpoint Manager for Remote Control Version 8 Release 2. User s Guide

Reading and Understanding Java s API Documentation

Topics. Introduction. Java History CS 146. Introduction to Programming and Algorithms Module 1. Module Objectives

Apache Directory Studio. User's Guide

Security Issues of the Sandbox inside Java Virtual Machine (JVM) Mohammad Shouaib Hashemi

In this chapter, we lay the foundation for all our further discussions. We start

Certify your Software Integrity with thawte Code Signing Certificates

If you see "Skip installation of the current version and test the currently installed version of Java" then select that hyperlink.

KAIST Cyber Security Research Center SAR(Security Analysis Report) Date. August 31, Modified

OCS Client Installation - Quick Start Guide. Web Conferencing & Secure Instant Messaging via Microsoft Office Communications Server 2007

Supplement I.C. Creating, Compiling and Running Java Programs from the Command Window

For Introduction to Java Programming, 5E By Y. Daniel Liang

How To Test Your Web Site On Wapt On A Pc Or Mac Or Mac (Or Mac) On A Mac Or Ipad Or Ipa (Or Ipa) On Pc Or Ipam (Or Pc Or Pc) On An Ip

Checking Browser Settings, and Basic System Requirements for QuestionPoint

RE-TRUST Design Alternatives on JVM

Error Code Quick Reference Guide Updated 01/28/2015

UBS KeyLink Quick reference WEB Installation Guide

Installing Oracle 12c Enterprise on Windows 7 64-Bit

Redpaper Axel Buecker Kenny Chow Jenny Wong

Citrix Access Gateway Enterprise Edition Citrix Access Gateway Plugin for Java User Guide. Citrix Access Gateway 8.1, Enterprise Edition

C# and Other Languages

Content. Development Tools 2(63)

Actualtests.C questions

Technical Guide for Remote access

Workflow Templates Library

Cache Configuration Reference

End User Guide The guide for /ftp account owner

Installing GroupWise Monitor

3. Installation and Configuration. 3.1 Java Development Kit (JDK)

Vodafone PC SMS (Software version 4.7.1) User Manual

Web Conferencing Version 8.3 Troubleshooting Guide

Working With Your FTP Site

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

ABS2020 Moving Airfreight Forward

ComTrader Technical Requirements

SuperOffice AS. CRM Online. Installing the Citrix Online Web plug-in

About Java Plug-ins. Installing or Uninstalling the Java Plug-in CHAPTER

Java Web Services SDK

Online Test Administrator Quick Reference Guide Updated 08/02/2012 v.2.0

FileMaker Server 7. Administrator s Guide. For Windows and Mac OS

Transcription:

Java History Created by James Gosling et. al. at Sun Microsystems in 1991 "The Green Team" Were to investigate "convergence" technologies Gosling created a processor-independent language for '*7', a 2-way wireless remote-control device Called the language 'Oak' 22 - Java CSC309 1 Java History (cont'd) Could not find a market for the technology. During a Sun offsite with Bill Joy in 1994: "why not use it on the Internet?" Started development of "WebRunner", later to be renamed "HotJava" browser a browser capable of downloading and running Java bytecode. Folks were impressed with interactive Web pages e.g., spinning molecules, sorting demos many downloads of HotJava a big success Marc Anrdreesen of Netscape agrees to support Java in Netscape browsers in 1995 22 - Java CSC309 2 1

How Java Applets Work Real-estate on a Web page is set-aside for use by a Java applet via an <embed>, <applet>, or <object> tag (e.g., 2 inches by 3) Java "jar" files downloaded to client machine contains class files other resources (images, sounds, property files, ) Class indicated in the tag (must derive from java.applet.applet) is invoked 22 - Java CSC309 3 Java Execution A JVM (Java Virtual Machine) running within the context of the client browser attempts to load the first class AtrustedJava ClassLoader does the work classloader defines a local name space that can be used to ensure that an untrusted applet cannot interfere with the running of other programs Static checks are made against the Java bytecode to ensure it attempts to do nothing improper like treat an integer as a memory address 22 - Java CSC309 4 2

Java Execution cont'd As the applet runs, whenever it needs access to a system resource it asks a trusted SecurityManager for permission. uses user-granted permissions associated with signed certificates to grant enhanced access to system resources (e.g., file deletion capabilities) without a signed certificate associated with the permission required by an applet, the applet will raise a security exception 22 - Java CSC309 5 On22March1996 Java Security Drew Dean and Ed Felton of the Princeton Dept of Computer Science successfully exploited a bug in Java to create a applet that deletes a file on the user's local disk. In this bug, a binary library file is first downloaded to the user's local disk using the Netscape caching mechanism. The Java interpreter is then tricked into loading the file into memory and executing it 22 - Java CSC309 6 3

Java Security cont'd Applets are supposed to be able to talk only to the server that they originated from. However in early March 1996, Steve Gibbons and Drew Dean independently discovered holes in the implementation that allows applets to make connections to any host on the Internet On March 5, 1997, an internal security audit at JavaSoft revealed a bug in the Java bytecode verifier. In theory, this bug could be exploited to bypass the Java Security Manager and execute forbidden operations 22 - Java CSC309 7 Java Security cont'd Byte Code Verifier Class Loader Security Manager Layer 1 Layer 2 Layer 3 22 - Java CSC309 8 4

Java Security The original security model provided by the Java platform is known as the sandbox model,which existed in order to provide a very restricted environment in which to run untrusted code obtained from the Internet Local code is trusted to have full access to vital system resources (such as the file system) Downloaded remote code (an applet) is not trusted and can access only the limited resources provided inside the sandbox 22 - Java CSC309 9 JDK 1.0 Security Model local code remote code sandbox JVM System Resources (e.g. files, passwords etc) 22 - Java CSC309 10 5

Java Security JDK 1.1 introduced the concept of a signed applet a correctly digitally signed applet is treated as if it is trusted local code if the signature key is recognized as trusted by the system that receives the applet signed applets, together with their signatures, are deliveredinthejar(javaarchive)format in JDK 1.1, unsigned applets still run in the sandbox 22 - Java CSC309 11 JDK 1.1 Security Model local code remote code signed sandbox JVM System Resources (e.g. files, passwords etc) 22 - Java CSC309 12 6

Java Security Signed applets contain a signature, which is a sequence of characters embedded in the applet's code, placed there by the originator of the applet, and which can't be altered or duplicated The signature tells who the applet comes from, and that the applet has not been tampered with. A signature doesn't tell you anything about the content or quality of the applet, just that it comes from the source it's signed by If an applet is signed with a name you recognize and trust, you can probably have confidence in it 22 - Java CSC309 13 Java Security The applet should generate a Java Security dialog, indicating that a java applet from the sender s signature id" is requesting additional privileges, e.g. reading, modification, or deletion of any of your files. Granting the privilege is noted as high risk The Java Security dialog should indicate "Identity verified by original issuer of certificate" and display a button for you to examine the certificate 22 - Java CSC309 14 7

JDK 1.2 Secuiry JDK 1.2 designed to support easily configurable security policy In JDK 1.2, no longer a built-in concept that all local code is trusted local code (e.g., non-system code, application packages installed on the local file system) is subject to the same security control as applets the same principles apply to signed applets and any Java application. 22 - Java CSC309 15 JDK 1.2 Security Model all code classloader security manager JVM sandbox System Resources (e.g. files, passwords etc) No built-in notion of trusted code, each applet runs with separate permissions 22 - Java CSC309 16 8

A Trivial Applet Official (new way) of invoking applets (invokes SUN's jre1.3 plug-in) TrivialObject.html Old (and convenient way) of invoking applets (invokes built-in jre) TrivialApplet.html Trivial.java 22 - Java CSC309 17 java.applet.applet lifecycle methods void init() invoked when applet is initially loaded voidstart() invoked when started or restarted as a result of user flipping Web pages void stop() invoked when user switches away from web page voiddestroy() invoked (usually) on browser termination 22 - Java CSC309 18 9

Applet contextual methods String getparameter(string) AudioClip getaudioclip(url) Image getimage(url) URL getcodebase() URL getdocumentbase() Locale getlocale() void showstatus(string) 22 - Java CSC309 19 Applet GUI Inherit from Applet and use the AWT GUI library Inherit from JApplet and use the JFC/Swing GUI GUI.html GUI.java 22 - Java CSC309 20 10

Java/JavaScript Communications JavaScript can call methods defined in Java Applets JS.html JS.java 22 - Java CSC309 21 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information