Java-2-Platform-Micro-Edition

整理文档很辛苦,赏杯茶钱您下走!

免费阅读已结束,点击下载阅读编辑剩下 ...

阅读已结束,您可以下载文档离线阅读编辑

资源描述

Java2PlatformMicroEditionPeeterPaalHelsinkiUniversityofTechnologyTelecommunicationsSoftwareandMultimediaLaboratoryopaal@cc.hut.fiAbstractThethirdgenerationmobiledeviceswillprovidemoreandmorefeaturesandaswell,moreandmoresecurityconsiderations.SunMicrosystemshasannouncedtheirplatformforsuchdevices:Java2MicroEdition.J2MEprovidesportableapplicationenvironmentforthecustomerandembeddedsystems,includingmobiledevices.AuserhavingaJ2MEmobiledevicecandownloadapplicationsfromopennetworkandrunthemonhis/hermobiledevice.Aopennetworkisalsountrustednetwork.Whathappensifauserdownloadsamaliciousapplicationthatreadsalltheuser’spersonaldataandsendsittoaspecifiednetworkserver.IsthispossibleintheJ2MEenvironments?Thispaperrepresentsthenewenvironmentsanddiscussessecurityrisksrelatedtothem.Keywords:Java2MicroEdition(J2ME),Java2Security,Configuration,Profile,SecurityManager,Sandbox,CLD,CLDC,MIDP1IntroductionDuetothelargeofrangedevices,SunhassplittheJava2Platforminthree.Java2MicroEdition(J2ME)isthenewesteditionintheJava2family.J2MEistargetedatconsumerandembeddedsystems.ThemobiledevicemanufacturersarethefirstadvantageoftheJ2MEfirst.ThispaperanalysestheJ2MEsecurityfeaturesandsuitabilityforthemobiledevices.1.1StructureofthispaperThispaperconsistsoffourparts.Inthefirst,whichconsistsofchapter2,thebasicsecurityconceptsofJava2StandardEditionplatformarediscussed.Thesecondpartischapter3,wheretheJ2MEanditsmainfeaturesareintroduced.ThethirdpartrepresentstheJ2MEsecurityfeaturechangescomparedtotheJ2SE.InthefourthpartofthepapertheJ2MEsecurityanditssuitabilityformobiledevicesareanalysed.Thefourthpartconsistsofchapters5-7.Intheendthereisaconclusionchapter,wheretheresultsofthispaperaresummarized.1HUTTML2000Tik-110.501SeminaronNetworkSecurityTable1:ThegeneralelementsofJava2PlatformSecurityModel.ElementDescriptionRealcomputersystemresourcesProtectedcomputersystemresource,e.g.filesystemandnetworking.PermissionobjectsThePermissionobjectsrepresentaccessrightstothecomputersystemresources.Eachprotectedcomputersystemresourcehasacor-respondingPermissionclass.E.g.fileper-missionsarerepresentedwiththeFilePermis-sionclass.ThedefaultPermissionclassesarespecifiedinthe[1].ProtectionDomainsForeachsetofclasses,whoseinstancesaregrantedthesamesetofpermissions,theirownProtectionDomainiscreated.SecurityManagerSecurityManagerclasscanbeusedforback-wardcompatibility.AccessControllerAccessControllerenforcesspecifiedsecuritypolicy.SecuritypolicyRepresentsasystemsecuritypolicy.SecuritymanagementtoolsJDKconsistsoftoolswhichcanbeusedtomanagekeysandcertificates,tocreatesecu-ritypoliciesandtodigitallysignJavaarchivesandverifysuchsignatures.2JDK1.2SecurityArchitectureTheJDK1.2securityarchitectureprovidesapplicationverificationandlocationbasedac-cesscontrolmanagement.InthepreviousversionofJDK(JDK1.1),theapplicationswereclassifiedastrustedornottrusted.TheJDK1.2securityarchitectureprovidesmoreso-phisticatedmethodstomanagesecurity.InJDK1.2eachJavaclasshasasetofaccessrightstocomputersystemresourcesbasedonthesigneroftheJavaclassandthelocationtheJavaclassisfetchedfrom.Theaccessrightsarespecifiedbythesecuritypolicy.Thesecuritypolicycanspecifyitsownsetofaccessrightstoeachsignerandlocationcombi-nation.Thesecuritypolicyitselfcanbespecifiedforexampleinafile,databaseorotherinformationresource.ThegeneralelementsofJDK1.2securityarchitecturearepresentedin(Table1).2.1ManagingSecurityattheUserLevelTheJ2SEsecuritymodelincludestheconceptofsecuritypolicy.Thesecuritypolicyisdefinedbyauser.Bydefault,inJ2SEthesecuritypolicyisdefinedinaspecificASCIIfile.Thepolicyfileformatandlocationarespecifiedin[1]andabriefexampleisgiveninthissection.Thepolicyfileconsistsofthepoliciesasanaccesscontrollist.Theaccesscontrollistcon-2HUTTML2000Tik-110.501SeminaronNetworkSecuritysistsofcombinationsofCodeSourceclassesandPermissionsubclasses.ACodeSourceclassconsistsofinformationabouttheURLwhereitsclasswasloadedfrom,andasetofcryptographiccertificatesthatindicatethesignaturesthattheclasshas.EachapplicationclasshasacorrespondingCodeSourceclass.Eachentryinthepolicyfileisspecifiedinthefollowingformat:grant[SignedBy“signer_names”][,CodeBase“URL”]{permissionpermission_class_name[“target_name”][,“action”][,SignedBy“signer_names”];permission...};ForexampleifwegrantthecodethatissignedbyDukeandloadedfromfilepermissiontothefileswhichareunderthetemp-directory,wespecifytheentrythefollowingway:grantcodeBase“*”signedBy“Duke”{permissionjava.io.FilePermission“/temp/*”,“read,write”;};ThepermissionclassesarealwaysrepresentedwithfullJavaclassnamenotation.Forbackwardcompatibility,theSecurityManagerclasscanbeused.TheSecurityManagerthatshouldbeusedbytheJavaVirtualMachine(JVM)isspecifiedonthecommand-lineargumentthefollowingway:java-Djava.security.manager=com.company.security.SecurityManagerJavaApplicationInordertousethedefaultSecurityManager,thecommand-lineargumentsaregiventhefollowingway:java-Djava.security.managerJavaApplication2.2ManagingSecurityattheApplicationLevelAtruntime,whenanapplicationtri

1 / 13
下载文档,编辑使用

©2015-2020 m.777doc.com 三七文档.

备案号:鲁ICP备2024069028号-1 客服联系 QQ:2149211541

×
保存成功