Java 安全架构


注:此文章主要是sun网站Java安全白皮书上的一些摘要


Java Language Security and Bytecode Verification

(Java语言安全和字节码验证)


首先字节码验证器检查代码是否满足Java语言规范。这个任务包含两步:(1)字节码验证器分析字节码的顺序;(2)字节码验证器检查对其它类的引 用。例如,如果一个类要访问另一个类的方法,字节码验证器就要检查该方法是否为public。字节码验证器的典型操作包括:检查字节码的顺序是否以 0XCAFEBABE开始,是否丢失字节,最后的类是否包含子类(它们不应该包括),方法的参数类型是什么等。如果一切正常,接下来类加载器将字节码翻译成java类,然后由java虚拟机(JVM)执行


Basic Security Architecture(基本安全架构)

The Java platform defines a set of APIs spanning major security areas, including cryptography, public key infrastructure, authentication, secure communication, and access control. These APIs allow developers to easily integrate security into their application code. They were designed around the following principles:

 

1.       Implementation independence(无依赖原则)

2.       Implementation interoperability(相互协作原则)

3.       Algorithm extensibility(算法可扩展原则)

 

Security Providers

The java.security.Provider class encapsulates the notion of a security provider in the Java platform. It specifies the provider’s name and lists the security services it implements. Multiple providers may be configured at the same time, and are listed in order of preference. When a security service is requested, the highest priority provider that implements that service is selected.

(如果制定provider则根据制定provider来创建,否则默认按照优先级别来进行查找)


Cryptography(密码术)

The Java cryptography architecture is a framework for accessing and developing ,

The cryptographic interfaces are provider-based, allowing for multiple and interoperable cryptography implementations. Some providers may perform cryptographic operations in software; others may perform the operations on a hardware token (for example, on a smartcard device or on a hardware cryptographic accelerator).

(允许多个实现一起协作,这些providers有些可对对软件操作,有些可对硬件操作)

cryptographic functionality for the Java platform. It includes APIs for a large variety of cryptographic services, including:

• Message digest algorithms

• Digital signature algorithms

• Symmetric bulk encryption

• Symmetric stream encryption

• Asymmetric encryption

• Password-based encryption (PBE)

• Elliptic Curve Cryptography (ECC)

• Key agreement algorithms

• Key generators

• Message Authentication Codes (MACs)

• (Pseudo-)random number generators



Public Key Infrastructure(公钥基础设施)

Public Key Infrastructure (PKI) is a term used for a framework that enables secure exchange of information based on public key cryptography. It allows identities (of people, organizations, etc.) to be bound to digital certificates and provides a means of verifying the authenticity of certificates. PKI encompasses keys, certificates, public key encryption, and trusted Certification Authorities (CAs) who generate and digitally sign certificates.

 
PKI Tools

There are two built-in tools for working with keys, certificates, and key stores:

keytool is used to create and manage key stores. It can
• Create public/private key pairs
• Display, import, and export X.509 v1, v2, and v3 certificates stored as files
• Create self-signed certificates
• Issue certificate (PKCS#10) requests to be sent to CAs
• Import certificate replies (obtained from the CAs sent certificate requests)
• Designate public key certificates as trusted

 

 

Authentication(认证)

Authentication is the process of determining the identity of a user. In the context of the Java™ runtime environment, it is the process of identifying the user of an executing Java program. In certain cases, this process may rely on the services described in the “Cryptography”

 


Secure Communication(安全通讯)

The data that travels across a network can be accessed by someone who is not the intended recipient. When the data includes private information, such as passwords and credit card numbers, steps must be taken to make the data unintelligible to unauthorized parties. It is also important to ensure that you are sending the data to the appropriate party, and that the data has not been modified, either intentionally or unintentionally, during transport.

 

Cryptography forms the basis required for secure communication

The Java platform also provides API support and provider implementations for a number of standard secure communication protocols.

SSL/TLS

SASL(Simple Authentication and Security Layer)

GSS-API and Kerberos

 

Access Control(访问控制)

The access control architecture in the Java platform protects access to sensitive resources (for example, local files) or sensitive application code (for example, methods in a class).

(访问控制主要是保护一些敏感资源或者代码,比如本地文件或者类中的一个方法)

Permissions
Policy
Access Control Enforcement

附录:

High-level Features

Low-level Features

Benefits

References

Platform Security

Built-in language security features enforced by the Java compiler and virtual machine:

  • Strong data typing

  • Automatic memory management

  • Bytecode verification

  • Secure class loading

Provides a safe and secure platform for developing and running applications. Compile-time data type checking and automatic memory management leads to more robust code and reduces memory corruption and vulnerabilities. Bytecode verification ensures code conforms to the JVM specification and prevents hostile code from corrupting the runtime environment. Class loaders ensure that untrusted code cannot interfere with the running of other Java programs.

Cryptography

  • Comprehensive API with support for a wide range of cryptographic services including digital signatures, message digests, ciphers (symmetric, asymmetric, stream & block), message authentication codes, key generators and key factories

  • Support for a wide range of standard algorithms including RSA, DSA, AES, Triple DES, SHA, PKCS#5, RC2, and RC4.

  • PKCS#11 cryptographic token support

Provides an extensible, full featured API for building secure applications:

  • Algorithm and implementation independent

  • Provider-based (pluggable) architecture

Authentication and Access Control

  • Abstract authentication APIs that can incorporate a wide range of login mechanisms through a pluggable architecture.

  • A comprehensive policy and permissions API that allows the developer to create and administer applications requiring fine-grained access to security-sensitive resources.

Enables single sign-on of multiple authentication mechanisms and fine-grained access to resources based on the identity of the user or code signer.  Recent support (in JDK 5) for timestamped signatures makes it easier to deploy signed code by avoiding the need to re-sign code when the signer's certificate expires. 


Secure Communications

APIs and implementations for the following standards-based secure communications protocols: Transport Layer Security (TLS), Secure Sockets Layer (SSL), Kerberos (accessible through GSS-API), and the Simple Authentication and Security Layer (SASL). Full support for HTTPS over SSL/TLS is also included.

Authenticates peers over an untrusted network and protects the integrity and privacy of data transmitted between them.

Public Key Infrastructure (PKI)

Tools for managing keys and certificates and comprehensive, abstract APIs with support for the following features and algorithms:

  • Certificates and Certificate Revocation Lists (CRLs): X.509

  • Certification Path Validators and Builders: PKIX (RFC 3280), On-line Certificate Status Protocol (OCSP)

  • KeyStores: PKCS#11, PKCS#12

  • Certificate Stores (Repositories): LDAP, java.util.Collection

Eases the development and deployment of complex PKI applications. Recent support (in JDK 5) for OCSP provides a more scalable and timely method for applications to check certificate revocation status.


参考资源:http://java.sun.com/developer/technicalArticles/Security/whitepaper/JS_White_Paper.pdf

            http://java.sun.com/j2se/1.5.0/docs/guide/security/index.html

            http://java.sun.com/javase/technologies/security/index.jsp#overview

            http://www.builder.com.cn/2007/0420/388102.shtml