Ch22 Security Flashcards

1
Q

What are these Security Objectives:
* Denial of Service
* Confidential Information
* Injection and Inclusion

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are these Security Objectives:
* Accessibility and Extensibility
* Input Validation
* Mutability

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are these Security Objectives:
* Object Construction
* Serialization and Deserialzation
* Access Control

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How permissions are check in Java?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How to restrict privileges through invoking java.security.AccessController.doPrivileged()?

A

Access Permission Control Example

Permission perm = new java.io.FilePermission(f.getPath(), "read"); PermissionCollection perms = perm.newPermissionCollection(); perms.add(perm);

AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
l.add(fun.apply(f));
return null;
}},
new AccessControlContext(
new ProtectionDomain[] {
new ProtectionDomain(null, perms)
}
)
);
**By applying a new AccessControlContext with just the read permission, it ensures that even if the caller has full permissions, it is restricted to performing only the read operation.**</Void>

Permission perm = new java.io.FilePermission(f.getPath(), “read”);
AccessController.checkPermission(perm);
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
l.add(fun.apply(f));
return null;
}}
);
**This only checks whether the caller has read permission or not. It doesn't restrict the caller to doing only the read operation. If the caller already has write or delete permission, the caller will be able to overwrite and delete the files.**</Void>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the tow most important overloaded doPrivileged methods in java.security.AccessController?

A
  1. doPrivileged(PrivilegedAction<T> action) : In this method, an explicit AccessControlContext is not passed. So, the JVM checks for permissions associated with the method in which doPrivileged is being invoked. For example, the code for getProp() method of SecureClass1.java given in the problem statement uses this approach. Since the policy file contains read permission for a.jar, the code will be able to read java.home property irrespective of the permissions associated with the caller (i.e. SecureClass2's doWork) of this method.
    In other words, for the purposes of security checks, the call stack is effectively truncated below the caller of doPrivileged. The immediate caller is included in security checks.</T>
  2. doPrivileged(PrivilegedAction<T> action, AccessControlContext context) : In this method, an explicit AccessControlContext is passed. So, the JVM checks the permissions associated with the given context as well as the the permissions associated with the method in which doPrivileged is being invoked. An operation is allowed to proceed only if it is allowed for both. **In other words, the action is performed with the intersection of the permissions possessed by the caller's protection domain, and those possessed by the domains represented by the specified AccessControlContext.**</T>
How well did you know this?
1
Not at all
2
3
4
5
Perfectly