Java Security Manager

Overview

The goal of today is to get familiar with the features of the Java Security Manager, particularly setting fine-grained permissions on various operations and APIs

Setup

This activity is for 1-2 people.

  1. Start up Eclipse
  2. Import this project into the workspace.
    1. Go to File > Import... , then choose Existing Project Into Workspace. (Do not choose "Archive file" here.)
    2. Choose Select Archive File and select the downloaded zip file to import. The name of the project you're importing is "SocialBanking". The screen should look like this:
  3. Run all of the unit tests. Right-click on the project and to go to Run as > JUnit test They should all green bar by default (although most of them are commented out)

Activity

  1. For reference, these documents will be helpful
  2. Take a look at the code. This a basic API where untrusted code will be run, so we need to lock down our security policy. Note the following:
  3. Progressively add new lines to the security manager policy, along with the corresponding penetration tests. You may need to update the tests as well with the proper error messages. Go in this order:
    1. Enable the ResetSecurityManager test. Get it to pass by removing the AllPermission line. Update the test with the appropriate error message, too (i.e. "something" is just a filler).
    2. At this point, several functional tests will now fail because the security manager is now locking down certain operations. We'll need to selectively allow policies that both allow our functionality but not be too open. Write these policies, editing only the policy file to get these tests passing again.
    3. Only allow the os.name property to be read (but not written). Pen test: SystemPropUntrusted
    4. Only allow code to resolve and connect to the google.com and localhost hosts, on any port. Pen test: EvilServerPlugin
    5. Allow opening of files, but only in the data directory of the project. Pen test: EvilFileMaker
    6. Only allow users to check that a banking account exists, but don't allow operations for reading or changing balances (this we will have to enable in a separate policy file for our trusted API jars - not in this exercise, but it is possible.). Pen test: EvilAccountPlugin
    7. When you're done with the policy and the tests, everything should green bar and all tests are un-commented.

Submission & Grading

Nothing is due beyond this activity today. Your knowledge of this will be assessed on the exam.