Java Security Manager

Overview

The goal of today is to get familiar with the features of the Java Security Manager, particularly setting fine-grained permissions on various operations and APIs

Setup

This activity is for 1-2 people.

1. Start up Eclipse (doesn't have to be the BackTrack version)
2. Import this project into the workspace using the instructions from the TDD activity.
3. Run all of the unit tests. They should green bar by default (although most of them are commented out)

Activity

1. Peruse the Java Security Manager Permissions page - this will be a helpful resource throughout the tutorial. Google is also your friend.
2. Take a look at the code. This a basic API where untrusted code will be run, so we need to lock down our security policy. Note the following:
   • src/api. This is a basic API for a bank. Not much to see here, and this code should not be modified for this exercise.
   • src/api/security/socialbank.policy. This is our Java Security Manager policy. By default, it just enables absolutely everything (ew!). Your first task will be to remove that top line, and see what fails.
   • tests/functional. These are a few functional unit tests. By default, they greenbar, but they will soon redbar once we start denying certain operations. These tests help us make sure that we can still do normal stuff and didn't over-restrict our security policy. These are done and don't need changing.
   • tests/pentest. These are some automated penetration tests. These are operations that should be blocked by our security manager. Most of these are commented out by deafult, and are mostly imcomplete. You will need to fill these in, and they will need to greenbar by the end of the exercise.
3. Progressively add new lines to the security manager policy, along with the corresponding penetration tests. Suggested order is as follows:
   1. Enable the ResetSecurityManager test. Get it to pass by removing the AllPermission line.
   2. Allow the current thread's stacktrace to be viewable (no pen test - all functional).
   3. Only allow the os.name property to be read (but not written). Pen test: SystemPropUntrusted
   4. Only allow code to resolve and connect to the google.com and localhost hosts, on any port. Pen test: EvilServerPlugin
   5. Allow opening of files, but only in the data directory of the project. Pen test: EvilFileMaker
   6. Only allow users to check that a banking account exists, but don't allow operations for reading or changing balances (this we will have to enable in a separate policy file for our trusted API jars - not in this exercise, but it is possible.). Pen test: EvilAccountPlugin
   7. When you're done with the policy and the tests, everything should green bar.

Submission & Grading

This activity is worth 10 points, and your grade is based on in-class participation. Nothing is due beyond class today, as long as you are participating and are reasonably close to completion. This material will be assessed on the exam.