1 / 23

cs205: engineering software university of virginia fall 2006

cs205: engineering software university of virginia fall 2006. Forgiveness and Permissions. Monitor. Speakers. Network. Disk. Memory. SuperSoaker 2000. Program Execution. Reference Monitor. Program. Policy and Mechanism.

lacey
Télécharger la présentation

cs205: engineering software university of virginia fall 2006

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. cs205: engineering software university of virginia fall 2006 Forgiveness and Permissions

  2. Monitor Speakers Network Disk Memory SuperSoaker 2000 Program Execution Reference Monitor Program

  3. Policy and Mechanism • AccessController provides a mechanisms for enforcing a security policy • Can insert checking code before certain operations are allowed • A security policy determines what the checking code allows

  4. Java Policy [jre directory]\lib\security\java.policy // Standard extensions get all permissions by default grant codeBase "file:${{java.ext.dirs}}/*" { permission java.security.AllPermission; }; // default permissions granted to all domains grant { // Allows any thread to stop itself using the java.lang.Thread.stop() // method that takes no argument. // Note that this permission is granted by default only to remain // backwards compatible. // It is strongly recommended that you either remove this permission // from this policy file or further restrict it to code sources // that you specify, because Thread.stop() is potentially unsafe. // See "http://java.sun.com/notes" for more information. permission java.lang.RuntimePermission "stopThread"; // allows anyone to listen on un-privileged ports permission java.net.SocketPermission "localhost:1024-", "listen"; // ... (also allows some standard properties to be read) };

  5. Permissions java.security.Permission AllPermission SocketPermission java.io.FilePermission

  6. Better Solution? • Impose a policy on the browser and everything running inside it • Windows Vista will do this: • Browser runs at “low integrity” mode • Low integrity processes cannot: • Modify higher integrity securable objects (e.g., files, network sockets, • Interact with higher integrity

  7. Hostile Applets • See http://java.sun.com/sfaq/chronology.html (about 1 new vulnerability/month) • Easy to write “annoying” applets (policy is too imprecise; no way to constrain many resource operations) • Don’t try these at home... http://www.cigital.com/hostile-applets/index.html

  8. What can go wrong? • Java API doesn’t call right SecurityManager checks (63 calls in java.*) • Font loading bug, synchronization • ClassLoader is tricked into loading external class as internal • Policy is too weak (allows damaging behavior) • Enforcement relies on low-level code safety properties

  9. Project Team Management • “Democracy” • Works fine but doesn’t scale • If everyone is responsible, no one is responsible • “Hierarchy” • Someone is in charge: delegates work, responsible for making sure it gets done • Requires leadership, subordination – difficult in peer groups

  10. Trusted Computing Base Alice User Bytecode Verifier malcode.class JVML Object Code Java Bytecode Verifier Invalid “Okay” STOP JavaVM

  11. Computer Architecture Processor does computation Memory stores bits Input Devices (mouse, keyboard, accelerometer) get input from user and environment Output Devices (display, speakers) present output to user

  12. Central Processing Unit (CPU)

  13. Intel 4004 • First general purpose microprocessor, 1971 • 4-bit data • 46 instructions • 8-bit instructions!

  14. PC Motherboard Memory CPU From http://www.cyberiapc.com/hardwarebeg.htm

  15. Inside the CPU • Registers • Loads and decodes instructions from memory • ALU: Arithmetic Logic Unit • Does arithmetic • Can only operate on values in registers • Must load values from memory into registers before computing with them

  16. Compiler • Translates a program in a high-level language into machine instructions • Calling convention • How are parameters passed to functions • How is the stack managed to return • Register allocation • Figure out how to use registers efficiently

  17. 6: int max (int a, int b) { 00401010 push ebp 00401011 mov ebp,esp 00401013 sub esp,40h 00401016 push ebx 00401017 push esi 00401018 push edi 00401019 lea edi,[ebp-40h] 0040101C mov ecx,10h 00401021 mov eax,0CCCCCCCCh 00401026 rep stos dword ptr [edi] 7: if (a > b) { 00401028 mov eax,dword ptr [ebp+8] 0040102B cmp eax,dword ptr [ebp+0Ch] 0040102E jle max+25h (00401035) 8: return b; 00401030 mov eax,dword ptr [ebp+0Ch] 00401033 jmp max+28h (00401038) 9: } else { 10: return a; 00401035 mov eax,dword ptr [ebp+8] 00401038 pop edi 00401039 pop esi 0040103A pop ebx 0040103B mov esp,ebp 0040103D pop ebp 0040103E ret push instruction is 1 byte mov instruction is 2 bytes Dealing with function call: updating stack, moving arguments int max (int a, int b) { if (a > b) { return b; } else { return a; } } Cleanup and return

  18. Java Virtual Machine

  19. Java Ring (1998)

  20. Java Card

  21. Java Virtual Machine • Small and simple to implement • All VMs will run all programs the same way • Secure

  22. Implementing the JavaVM load class into memory set the instruction pointer to point to the beginning of main do { fetch the next instruction execute that instruction } while (there is more to do); Some other issues we will talk about next week: Verification – need to check byte codes satisfy security policy Garbage collection – need to reclaim unused storage

  23. Charge • Next classes: understanding byte codes and the byte code verifier • Project ideas due Wednesday

More Related