|
The Java Security Landscape
Understand the myriad of security domains to create secure applications.
by Tarak Modi
November 1, 2004
"One in three firms suffer hacking attempts," reported vnunet.com on March 23, 2004, based on a survey conducted by PricewaterhouseCoopers. Unfortunately, this story is not unique and not really news. We are all aware of the numerous hackers just waiting to get into your system. For some hackers, it's merely the thrill of breaking in. Others have more malicious intent.
Regardless of the hackers' intentions, as software professionals—whether it be as architects, developers, or managers—it is our collective responsibility to create secure, hack-proof (or hacker unfriendly) solutions. This article explores application security issues and offers a high-level discussion about how and where Java fits into the mix so you can capitalize on its security features to build a secure architecture.
Exploring System Security
System security is a complex topic and involves many interrelated domains. For example, consider a computer that sits in a public area for public access. No matter how many bells and whistles you put on it, it's in danger of being hacked. In other words, this is not the computer you want to do your annual taxes on. On the other hand, consider a computer in a bank vault with no disk drives (floppy, CD, or DVD) or network connections (not even a network adapter card). Hacking this computer would be an incredible feat. Physical security is just one domain of computer security.
Another domain is procedural/operational, which covers how the security-related information is maintained. For example, even the most creative password is vulnerable if it is written down on a piece of paper and taped under your keyboard. Finally, even the government has an important role in securing your system by enacting, implementing, and enforcing the proper legistations related to punishing hackers.
When most people think about system security, they think of components such as firewalls and proxy servers, or protocols such as Secure Sockets Layer (SSL). While these are important to security, they do not always guarantee system security. The primary function of these is to keep outsiders where they belong—outside. Statistics have shown again and again that most hacking attempts occur from the inside. To protect against these types of attacks, applications must be architected with security in mind.
Security in the Java Platform
The Java platform is a popular choice for creating enterprise applications. One of the key reasons behind its mass popularity is that Java was created with security in mind and marketed as a "secure" language. While security flaws have been found in the Java implementations from various vendors (such as Microsoft), the architectural pieces within Java for providing security have survived the test of time. The Java platform provides security at two levels: the language level and the enterprise level.
Language Security Features
As mentioned above, Java was created with security in mind and has matured over the years. The following components form Java's language-level security:
The Java Classloader
Java programs are written as a collection of source code files, each with one or more class definitions. These are then compiled into bytecode (.class) files and might be packaged into a Java Archive (JAR) file. Java code is executed in a Java Virtual Machine (JVM), which is typically written in a language such as C for a specific platform such as Windows or Solaris. The JVM loads the bytecode during run time using a series/chain of classloaders. To ensure that the bytecode has not been tampered with between the time it was initially created (during compilation) and to the time it was later loaded for execution, the classloader checks the loaded bytecode to ensure that:
- The loaded bytecode doesn't forge pointers.
- The loaded bytecode doesn't violate access restrictions.
- The loaded bytecode accesses objects as what they are (for example, InputStream objects are always used as InputStreams and never as anything else).
This process is known as "bytecode verification," and it critical in ensuring the safety of executing code. The classloader is the gatekeeper of Java security, so Java takes precautions to ensure that the classloader mechanism is not compromised. These include the following two safeguards:
- Java applications need special permissions to create and install new classloaders (beyond what the JVM provides) within the JVM.
- All classloaders must delegate to their parent to ensure that previously loaded classes, such as core Java API classes, are not replaced by malicious code.
Back to top
|