design of extensible security architecture for java of extensible security architecture design of...

Download Design of Extensible Security Architecture for Java of Extensible Security Architecture Design of Extensible…

Post on 11-Jun-2018




0 download

Embed Size (px)


  • Design of Extensible Security Architecture

    Design of Extensible Security Architecture for Java Applets

    Ehsan Masud1, Md. Mahbubur Rahman2, Md. Mehedi Masud2

    1Bpro Inc, SD, USA 2Computer Science and Engineering Discipline

    Khulna University, Khulna Bangladesh



    With the advent of technology,

    information sharing has become much more rapid and important. World Wide Web has been used to build increasingly complex applications even though the development was constrained by the static document model of Web. Development of variety of mobile code systems such as Java, JavaScript, ActiveX eliminates the constraints faced by the Web application developer due to prior static document technique. Increasing popularity and acceptance of such mobile code systems have shifted the gravity of Web into a platform for writing complex mission critical applications, from its origin of simple HTML documents. On the other hand, these mobile codse or remote codes, which run inside the environment supplied by the browser, raises serious security threats. To address these security threats traditionally mobile code technology such as Java, JavaScript, ActiveX generally maintain a restricted security policy. There is a trade off between the openness desired by the Web application

    writer and security level imposed by the browser. In this work Java has been chosen as mobile code technology, as there are more Java Applets on the web than any other mobile code applications. This paper presents software-based extensible security architecture for Java Applets and proposes new model for Java Applets to support negotiation between the user and Applet.

    Key Words: Applet, WWW, Browser, JVM

    1. Introduction Java is a portable, secure, object-

    oriented language that is suitable for software development projects of all size [1]. Sun Microsystems developed Java and released it, along with a World Wide Web browser named HotJava that was implemented entirely in Java, in the late spring 1995. Since then, the Java programming language has been the focus of an incredible amount of attention from developers, software companies, and from

    International Journal of The Computer, The Internet and Management, Vol. 11, No.2, 2003, pp. 15 - 23


  • Ehsan Masud, Md. Mahbubur Rahman, Md. Mehedi Masud

    the media [2]. Javas growth over the last couple of years has been nothing short of phenomenal. The only similar examples of such rapid growth are the Internet itself and the World Wide Web [3].

    The continuing growth and popularity of

    Internet has let to a flurry of development for the World Wide Web. Many content providers had expressed frustration with their inability to express their ideas in HTML. For example, before support for table, many pages simply used digitized picture of table. As quickly as new HTML tags are added, there will be demand for more [4]. Rather than creating new HTML extensions, Sun Microsystems popularized the notion of downloading a program (called Java Applet) which runs inside the browser. Such remote code raises serious security issues. The role of security is to protect the machine that runs a Java application from damage that can be done by the program intentionally or unintentionally. In the case of the later, it is desirable that a poorly written program not causes the machine to crash because of such things as mismanaged pointers or memory. In the worst case, a malicious program can attack the local file system or operate inside a network firewall.

    2. Statement of the problem Rogue Java applets are currently a major

    concern for big companies and private user alike. While the best protection against them is to turn off Java support of browser. This solution is unsatisfying since it deprives us of many advantages of Java platform [5].

    Traditional sandbox security in Java has

    focused on two separate fixed security policies. Local code, loaded from specific directory on the same machine as the JVM, is completely trusted. Remote code, loaded

    across a network from arbitrary source, is completely untrusted. The sandbox security model is easy to understand, but it prevents many kinds of useful programs from being written. All file system access is forbidden, and network access is only allowed to the host where the applet is originated. While untrusted applets are successfully prevented form stealing or destroying users files or snooping around their networks, it is also impossible to write a replacement for users local word processor or other common tools which rely on more general networking and file system access. It is clear at this point that all or nothing security model is inadequate. What is needed some intermediate point between anything goes and confined in the sandbox access. Java Applet security model can be extended to provide something in between of the above two extreme situation. Instead of putting an Applet into sandbox we could deny access to certain parts of the system resources according to some static predefined or dynamically decided policy by the user.

    3. System Architecture

    3.1 Overview of the Architecture Browser provides the runtime Java

    environment for Java Applets. Browser again an application, which runs in operating system, provided by the native machine. Since the Browser runs in the native machine as any other local application it has the power experienced by the user on the machine. The Browser has the full capability to access and modify the local system as any other local application. Java Applets are foreign application loaded by the Browser either from the network or from the local machine. These foreign applications cannot be fully trusted. Traditionally they are put in restricted environment, called sandbox, to


  • Design of Extensible Security Architecture

    isolate the local operating environment and that supplied by the browser to the Applets. Due to these restrictions useful Applets are not possible. So there is a trade off between the security level imposed on the foreign Applets and power of writing useful Applets endorsed by the Browser environment or by the local operating environment. The objective of this paper is to propose software based extensible security architecture for Java Applets. Extensible means the level imposed by the Browser environment could be changed or modified or increased or decreased after the initial system was shipped from the industry. We move the further of the word extensible, the security level can be settled even after the Applet is

    loaded into the browser environment. For settling the security level we used two mechanisms. One is fixed and other is dynamic. The fixed security level is set by the user or by the system administrator before hand the Applets are loaded into the browser environment or even before the browser environment is loaded into the local operating environment. The dynamic security level is settled by negotiating mechanism between the user and the Applet itself. To incorporate security negotiation mechanism we proposed a new model for the Applets, which is of course backward compatible with the existing model for the Applets.

    Browser Sysetm Code

    Browser Environment

    Applet Classes

    Message Transfer

    Security Negotiation

    Applet ClassLoader

    Applet SecurityManager

    Get Permissionsfor Classes

    Internet/IntranetStandard Java


    Security CheckMethad CallLoad Applet


    Policy ObjectConsults Security


    Serialized Binary Objectfor Disc File

    Serialized Binary Objectfor Policy Server Security Negotiation

    Load PolicyConfiguration

    Load PolicyConfiguration

    Load PolicyConfiguration

    Applet Classes

    International Journal

    Figure 1 : Browser Environment

    of The Computer, The Internet and Management, Vol. 11, No.2, 2003, pp. 15 - 23


  • Ehsan Masud, Md. Mahbubur Rahman, Md. Mehedi Masud

    3.2 Browser Environment Browser provides the runtime Java

    environment for the Applets. Browser environment composed of the following, as shown in figure 1.

    Browser System Code Graphical Component Container to

    hold Applets

    Browser system Code is the heart of the browser. Browser system code could be written in native language (such as Netscape or Internet Explorer) or could be written in Java (such as HotJava browser). If it is written by native language it loads standard Java runtime environment for the Applets. We followed the later technique. In our work we have chosen to develop the browser system code in Java. So it does not need to load separate Java runtime environment for the Applets. The Browser is loaded as a standard Java local application in the Java operating environment supplied by the native operating environment. In this case Browser system code and the Applets share the same Java runtime environment supplied by the native operating environment. All code that comes with the browser is browser system code. Browser system code is composed of the following components:

    Main Control Module (top level Graphical User Interface) Applet Security Manager Applet Class Loader Policy Object Security Negotiation Mechanism

    All of the above are designed to be

    included as Java runtime library extensions. Java virtual machine treats Java runtime library extensions as system classes and they are loaded by primordial class loader, which is actually the absence of any class loader.

    3.3 Applet Security Manager AppletSecurityManager is a subclass of

    SecurityManager which is in java.lang package of standard


View more >