applet security team web charles moen and xiaojun zhang csci 5931.01 web security march 26, 2003
TRANSCRIPT
2
Topics The Sandbox Stepping Outside the Sandbox
Applets & the Policy File RSA-Signed Applets
The Java Plug-in Signed Applets in Netscape Signed Applets in MS Internet
Explorer Secure JDBC Connection for Applets
3
Java 2 Security Model Policy-based
Security policy limits the resources a program can use
java.policy
Permissions Actions that are allowed
4
The Sandbox
Client
Operating System
Local Code
Java Virtual Machine
Sandbox
AppletApplet
Server
HTTP
Memory
5
Stepping Outside the Sandbox Many reasons for stepping outside
the sandbox Java 2 Security Model—two
methods The client can grant permissions by
editing the policy file, java.policy The developer can use an RSA-signed
applet that can be granted or denied permission by the client
6
Stepping Outside the Sandbox in Java 2—The Policy File
Client
Memory
Operating System
Local Code
Java Virtual Machine
Server
PolicyHTTP
Applet
FilePermissionSocketPermission
java.policy
grant …SocketPermission;
FilePermission;
Edit
7
Stepping Outside the Sandbox in Java 2—RSA-Signed Applets
Client
Memory
Operating System
Local Code
Java Virtual Machine
JAR
HTTPApplet
Server
Signs aJAR file with RSA
Certificate AuthorityVerifies the signer
8
The Java Plug-in Downloadable helper program that
works with a browser Consistent runtime environment for Java Supports all Java functions Can be called instead of the browser’s
VM
Introduced with Java 2 Part of JDK and JRE Downloaded the first time it is needed
by browser
9
The Java Plug-in Advantages
Consistency across browsers Java capabilities provided to old
browsers Same security model as Java 2
Major browsers had different security models
Differences require different development
Weakness Huge download—5 to 6 MB
10
Example 1: Applets & the Policy File Stepping out of the sandbox, method 1 Create an applet, Java Security, p. 205
public void init() {try {
mUsername = System.getProperty("user.name");} catch( SecurityException e ) {
mUsername = null;}
}
<APPLET CODE="UsernameApplet.class" WIDTH="300" HEIGHT="200"></APPLET>
12
Example 1: Applets & the Policy File Use a policy file: UsernameApplet.policy
appletviewer -J-Djava.security.policy=UsernameApplet.policy UsernameApplet.html
grant codeBase "file:${/}devJava${/}*" {permission java.util.PropertyPermission "user.name", "read";};
13
Running Example 1 in a Browser
1. Change APPLET to OBJECT APPLET is deprecated Specify codebase for downloading
plug-in Use HTMLConverter
2. Edit java.policy Grant permission, like in our
example
14
1. Change APPLET to OBJECT HTMLConverter
Bundled in J2SE SDK (error on p. 206) http://java.sun.com/j2se/1.4.1/docs/guide/
plugin/developer_guide/faq/developer.html Either command line or GUI
> java HTMLConverter <the html file>
Result on page 207 For IE, converts to OBJECT element For NS, converts to EMBED element
16
2. Edit java.policy Must be done by the user Location is problematic
C:\Program Files\Java\j2re1.4.0_01\lib\security
C:\j2sdk1.4.0_01\jre\lib\security UHCL PC Lab: unable to edit
Add the following to run our example:grant codeBase "file:${/}devJava${/}*" {permission java.util.PropertyPermission "user.name", "read";};
18
Example 2: RSA Signed Applets Stepping out of the sandbox, method
2 Real deployment requires a certificate
from Verisign or Thawte Jarsigner can sign applets If the Java plug-in finds an RSA-signed
digital certificate in a downloaded JAR Checks security policy for “usePolicy” Checks the signature’s CA Then asks user if it’s okay
19
Example 2: RSA Signed Applets
Step 1: Generate a key and certificate
Step 2: Install the certificate
Step 3: Create the JAR and sign it
Step 4: Deploy the JAR in the HTML
Step 5: Open the HTML in a browser
20
1. Generate a key & certificate Use the keytool to generate a key
C:\>keytool -genkey -alias appletsigningkey -keyalg RSA
C:\>keytool -export -alias appletsigningkey -file appletsigningkey.cer
Export the certificate
For real deployment Page 212 Create a csr file with “-certreq” Order a signed certificate from a CA
21
2. Install the certificateWindows
Double-click on the filename Click on the “Install Certificate” button Follow the steps in the Wizard, pp. 210–
211
22
3. Create the JAR and sign it Create a JAR containing our applet
classC:\> jar cvf UsernameApplet.jar UsernameApplet.class
C:\> jarsigner UsernameApplet.jar appletsigningkey
Sign the JAR with jarsigner
23
4. Deploy the JAR in HTML Add the “ARCHIVE” attribute
(Not mentioned in the book, p. 212)<APPLET CODE=“UsernameApplet.class” WIDTH=“300” HEIGHT=“200”
ARCHIVE=“UsernameApplet.jar”></APPLET>
Can then use HTMLConverter
25
Signed Applets in Netscape Netscape 6 and 7 use the Java
plug-in
Netscape 4 uses its own security model Applet asks for permission Called the Capabilities API Uses proprietary Netscape classes Incompatible with any other browser
26
Signed Applets in Netscape 4
Modifications that use the Capabilities API, page 215
public void init() { try { PrivilegeManager.enablePrivilege("UniversalPropertyRead"); mUsername = System.getProperty("user.name"); PrivilegeManager.revertPrivilege("UniversalPropertyRead"); } catch( SecurityException e ) { mUsername = null; }}
C:\> javac -classpath .;capsapi_classes.zipUsernameNetscapeApplet.java
27
Signed Applets in Netscape 4 Deploying the applet
Must be signed Use Netscape’s signtool
Initialize the certificate database Using Netscape, page 217
Click on the lock icon at the lower left Click on Certificate > Yours Click on “Import a Certificate” Set the password, then Cancel the import
28
Signed Applets in Netscape 4 Create a self-signed certificate and key
Create a directory and put in the class
C:\> signtool -G"testsigner" -d"C:\ProgramFiles\Netscape\Users\crmoen"
Add an ARCHIVE attribute to the HTML Open the HTML file in Netscape, p. 220
C:\> signtool -d"C:\Program Files\Netscape\Users\crmoen" -k"testsigner" -Z"netscapeApplet.jar" jar_directory
Create a signed JAR
29
Signed Applets in Microsoft IE Microsoft VM security model As of Jan. 21, 2003, by court order
Microsoft VM support discontinued Tools are no longer available Sun JRE is provided with IE
“…the U.S. District Court in Baltimore, Md. issued a preliminary injunction order requiring Microsoft to include the latest Java Runtime Environment (JRE) from Sun Microsystems in…versions of the Microsoft® Windows® XP operating system or Microsoft Internet Explorer…” [5]
MS recommends: convert applets to .NET
30
Signed Applets in Microsoft IE Security levels for applets
High—the sandbox Medium—some extras like disk scratch files
HOWTO: Using Scratch Space From Your Java Applet - http://support.microsoft.com/default.aspx?scid=kb;EN-US;172200
Low—same as AllPermission in Java 2 Custom—similar to policy file in Java 2
Cab files are used for signed applets Tools are in the Microsoft SDK for Java
(No longer available)
31
Secure JDBC Connectionfor Applets [6]
The problem Firewalls interfere with the connection
between a Java applet and an external db
The solution from IDS Software The applet uses an IDS JDBC driver to
connect to an IDS server using HTTPS
32
Secure JDBC Connectionfor Applets [6] The client is behind a firewall. The proxy server relays the client’s
HTTP and/or HTTPS requests. Proxy relays HTTP requests
To provide Internet access Parses the content Assumes the connection is non-persistent
and drops the connection Proxy also relays HTTPS requests
Assumes that it cannot parse content Cannot drop connection until client does
33
Secure JDBC Connectionfor Applets [6] Required conditions
Proxy allows outbound HTTPS connections
Applet must obtain the browser proxy server setting
Applet must be signed IDS server must use ports 443 or 563
ProxyProperties class from IDS Obtains the proxy settings Instance passed to the the IDS driver
when it creates a connection to the db
34
Secure JDBC Connectionfor Applets [6]Driver drv = new ids.sql.IDSDriver();
Properties info = new ProxyProperties();String host = info.getProperty("https.proxyHost");
if (host != null) { info.put("proxy_type", "4"); // SSL Tunneling info.put("proxy_host", host); info.put("proxy_port", info.getProperty("https.proxyPort")); try { //For Netscape
PrivilegeManager.enablePrivilege("UniversalConnect");} catch (Throwable e) { }
}
Connection conn = drv.connect(url, info);
35
Secure JDBC Connectionfor Applets [6]
IDSServer
IDSServer
DB
Port443HTTPS
Client
Applet IDSIDSdriverdriverJDBC
ProxyServer
client-side firewall
36
Bibliography[1] J. Garms and D. Somerfield. Professional Java Security.
Birmingham, UK: Wrox Press Ltd., 2001, pp. 202–228.
[2] M. Pistoia, et al. Java 2 Network Security, 2nd ed. New Jersey: Prentice Hall PTR, 1999.
[3] J. Conallen. Building Web Applications with UML. Addison-Wesley, 2000, pp. 70–72.
[4] Sun (n.d.). Developer Guide FAQs. [Online]. Available: http://java.sun.com/j2se/1.4.1/docs/guide/plugin/developer_guide/faq/developer.html
[5] Microsoft (2003, Jan.). Microsoft VM Developer FAQ. [Online]. Available: http://www.microsoft.com/java/developerFAQ.htm
[6] IDS Software (1999, Nov.). JDBC Connection via HTTPS Proxy. [Online]. Available: http://www.idssoftware.com/jdbchttps.html