1 / 20

Signing, Sealing, and Guarding Java TM Objects

Signing, Sealing, and Guarding Java TM Objects. Li Gong and Roland Schemers Javasoft, Sun Microsystems, Inc.

sabin
Télécharger la présentation

Signing, Sealing, and Guarding Java TM Objects

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Signing, Sealing, and Guarding JavaTM Objects Li Gong and Roland Schemers Javasoft, Sun Microsystems, Inc. “In This Paper, We Describe a Few New Constructs for Signing, Sealing, and Guarding Java Objects. These Constructs Enrich the Existing Java Security APIs So That a Wide Range of Security-aware Application Can Be Significantly Easier to Build.” Presented by Yongqiang Li

  2. A Tutorial of Three Java Security Classes: • java.security.SignedObject • java.security.GuardedObject • javax.crypto.SealedObject

  3. Outline • Introduction • Signing Java Objects • Sealing Java Objects • Guarding Java Objects • Conclusion • Questions

  4. Introduction • Java language is widely used to build applications • JDK: JVM, javac, APIs, simplicity • “…the base platform provides a consistent security model that supports…” • policy based • configurable • extensible • fine-grained access control • Protection provided by the underlying object orientation • Data encapsulation • Object name space partition • Type safety • Distributed Java application • “…protect the state of an object for integrity and confidentiality” • Runtime system • Transit • Stored externally

  5. Introduction 2 • java.security.SignedObject • java.security.GuardedObject • Javax.crypto.SealedObject } JDK1.2 - JCE1.2

  6. Signing Java Objects 1 • Protect object integrity • A serializable object - original object • SignedObject • Signed Object • Deep copy of original • In serialized form • Signature • Sign algorithm • DSA(Digital Signature Algorithm) (NIST FIPS 186) • SHA-1(RFC 1321) message digest algorithm • MD5(NIST FIPS 180-1) message digest algorithm • Immutable signature Original object SignedObject • What is the difference between object signing and code signing ?

  7. Signing Java Objects 2 • Potential applications of a SignObject • as an unforgeable authorization token in any Java runtime • “…transmitted across JVMs and authenticity an still be verified” • “… to sign and serialize an object for storage outside the java runtime” • “A series of nested SignedObject can be used to construct a logical sequence of signatures”

  8. API Design Class SignedObject public SignedObject(Serializable object, PrivateKey signingKey, Signature signingEngine) public final void sign(PrivateKey signingKey, Signature signingEngine); public final Object getContent(); public final byte[] getSignature(); public final String getAlgorithm(); public final boolean verify(PublicKey verificationKey, Signature verificationEngine); Signing Java Objects 3

  9. Examples Signing Signature signingEngine = Signature.getInstance(algorithm, provider); SignedObject so = new SignedObject(myobject, privatekey, signingEngine); Signing Java Objects 4 • Verifying • Signature verificationEngine = Signature.getInstance(algorithm, provider); • if(so.verify(publicKey, verificationEngine)) • try { • Object myobj = so.getContent(); • } catch (ClassNotFoundException e) {};

  10. Signing Java Objects 5 • Performance -JDK1.2beta , 166MHZ Sun Sparc Ultra-1 ,Solaris 2.5.1, 1000 rounds

  11. Sealing Java Objects 1 • Protect object confidentiality • A serializable object • A cryptographic algorithm • A bulk(symmetric key) encryption algorithm -DES, IDEA, RC4 • Encryption • Decryption • Deserialization Original object cipher text SealedObject

  12. Sealing Java Objects 2 • Using both SignedObject and SealedObject provides integrity and confidentiality • First create SignedObject • Then create SealedObject Original object Signature • Why is blindly signing encrypted data sometimes dangerous? cipher text SignedObject and SealedObject

  13. Sealing Java Objects 3 • API design • Class SealedObject • public SealedObject(Serializable object, Cipher c); • public final Object getContent(Cipher c); • Decryption Cipher.init(Cipher.DECRYPT_MODE), desKey); try {String s = (String)so.getContent(cipher); } catch (ClassNotFoundException e) {}; • Examples • Encryption • KenGenerator keyGen = KeyGenerator.getInstance(“DES”); • SecretKey desKey = keyGen.generateKey(); • Cipher cipher = Cipher.getInstance(“DES”); • Cipher.init(Cipher.ENCRYPT_MODE, desKey); • String s = newString(“Greeting”); • SealedObject so = new SealedObject(s, cipher);

  14. Guarding Java Objects 1 Provider Consumer return object Request object Check permission • Don’t know what information needed by provider • Don’t want a dialog for each request • Information too security sensitive • “… too much information to pass on” Provider Consumer return guardedObject Request object Check permission Return object

  15. Guarding Java Objects 2 • What is the GuardedObject • “A GuardedObject is an object that is used to protect access to another object” 1.Request access go.getObjedct() requester 2. Check guard g.checkGuard() 3. Return reference Guard object Protected object GuardedObject

  16. Guarding Java Objects 3 • Benefits of using GuardedObject • “… access to a protected object is guaranteed to occur in a context where the protection mechanism would allow it” • Simplify sever programs • Replace access control lists with object stores • “A guarded object class itself does not need to know its own protection semantics” • “…encapsulate protection mechanisms for an object, which can differ for its different method invocations, all inside a guard.”

  17. Guarding Java Objects 4 • API design • Interface Guard • public abstract void checkGuard(Object object); • Class GuardedObject • public GuardedObject(Object object, Guard guard); • public Object getObject();

  18. Guarding Java Objects 5 • Examples • Encapulate an objects protection semeantics inside a guard FileInputStream fis = newFileInputStream(“/a/b/c”); • Provider side • Public abstract Permission implements Guard{ • … Public void checkGuard{ AccessController.checkPermission(this); } } FileInputStream fis = new FileInputStream(“/a/b/c”); • FilePermission = newFilePermission(“/a/b/c”, “read”); • GuardedObject g = newGuardedObject(fis,p); • Consumer side FileInputStream fis = (FileInputStream)g.getObject();

  19. Conclusion • “The constructs enrich the existing Java security APIs so that security-aware application can be much easier to build.” • “The constructs are practical and usable in commercial products.”

  20. Question?

More Related