1 / 9

Security Incubator - Current Status and Future Plan

Security Incubator - Current Status and Future Plan. Tom Watson – IBM Lotus. Long term mission . Provide a range of signature-based code authorization solutions Allow deployers to trade security/complexity vs. performance

oleg-burch
Download Presentation

Security Incubator - Current Status and Future Plan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Incubator - Current Status and Future Plan Tom Watson – IBM Lotus

  2. Long term mission • Provide a range of signature-based code authorization solutions • Allow deployers to trade security/complexity vs. performance • Decision points include install-time (current), bundle load-time, and code run-time (Java2 permissions)‏ • Provide an integrated user authentication framework • Platform login configuration and lifecycle • Provide mechanisms for user credential management • Manage trusted roots, private keys, passwords, etc • Enabled through Java security provider architecture wherever appropriate (KeyStore, CertStore, etc)‏ within a dynamic OSGi environment • http://www.eclipse.org/equinox/incubator/security/

  3. Quick Overview: Signed code • Java JarFiles can support signatures over their contents • Java's SecureClassloader validated signatures via the JarFile API • Equinox provides its own signature checking engine • Check signatures and verify content at install-time and optionally at load-time • Disable bundles which are not trusted • The Java SecurityManager can then use the signer information to enforce checkPermission() calls at run-time (ConditionalPermissionAdmin using BundleSignerCondition) • Additional complexity inserting doPrivileged() calls • Supports “Principle of least privilege” • Classic example: access to log api, log file access wrapped in a doPrivileged call so that all callers do not need permission to access the specific file (only the logger signer does) • Tooling is needed to help developers write “secure” code

  4. Quick Overview: JAAS • Java Authentication and Authorization Service • Generic and pluggable • I.e.: application code can be agnostic of authentication mechanism • Stackable login support • Enables single sign-on, password expiration, etc • Externalized configuration • Authentication mechanism not hard-wired into application • Enforces a clear separation between backend and user interface • 'LoginModule' classes implement authentication • I.e.: KeyStore, LDAP, Notes ID File • 'CallbackHandler' classes implement user interface • Use 'LoginContext' object to login • JAAS 'Subject' is result, contains user's names and credentials • Extends standard permission model to do user-based permissions

  5. Quick Overview: JCA • Java Cryptography Architecture • Allows pluggable implementations of cryptographic engines • Traditional: • MessageDigest (MD5,SHA-1,etc)‏ • Cipher (3DES, AES, etc)‏ • Other: • KeyStore (JKS,JCEKS,PKCS12)‏ • CertStore (LDAP,etc)‏ • Bootstrapped by 'java.security' file in JRE • Lists 'Providers' which contribute services • Accessed via the java.security.Security object • For example: • KeyStore.getInstance(“JKS”) asks Security object for a provider that implements the 'JKS' type of the 'KeyStore' algorithm

  6. Current 3.4 Plan • Support Provider Framework (199330)‏ • JCA implementations from bundles (153843)‏ • Viewing and editing security configuration (196359)‏ • Support User Authentication (153850)‏ • Support for Signature checking at bundle load-time (153847)‏ • Signature check, policy callout, alert UI • User Credential Management in support of load-time (153851)‏ • Trust model (cacerts/.keystore), Manage trust roots, etc

  7. Current 3.4 Status • Provider work relatively complete in HEAD • o.e.e.security.provider-feature • o.e.e.security.provider • o.e.e.security.boot.jre15x • o.e.e.security.boot.jre14x (needs more work:)‏ • Login framework and sample available • o.e.e.security.auth • o.e.e.security.sample • Junit tests available to exercise provider • o.e.e.security.junit • M1 demo available at Equinox site • http://www.eclipse.org/equinox/incubator/security/releases/3.4.0/update.php?target=M1 • M2 closes on Sept. 28th

  8. Areas to get involved • User Authentication • How to integrate into product lifecycle? • What to use for authorization? Bundles? Extensions? • How to integrate into core concepts? Bundles? Jobs? • Credential Management • Trust management for SSL connections? • Consistent look & feel security alert UI? • Trust for provisioning-based signature checking? • How is it managed (Trust model, UI, etc)? • How does it mesh with load-time (same trust model?)?

  9. Questions

More Related