This document discusses enabling Java 2 runtime security with Eclipse plug-ins. It analyzes the security requirements for OSGi-enabled platforms. It provides an example of a client calling a library method that creates a socket and logs information to a file. It shows how to modify the library code to use privileges to grant the necessary permissions via doPrivileged. It outlines the steps taken to check permissions for the socket creation and file access. Finally, it describes the components of a static analysis engine for Eclipse and OSGi that can perform access rights analysis, privileged code placement analysis, tainted variable analysis, and other security checks.

2. Enabling Java 2
Runtime Security
with Eclipse Plug-ins
___
Analyzing Security Requirements
for OSGi-Enabled Platforms

6. J2SE Security
OSGi Security
Applications

8. Main.main()
Socket.<init>("www.ibm.com", 80)
sm.checkConnect("www.ibm.com", 80)
sm.checkPermission(p)
AccessController.checkPermission(p) p
p
p
p
p
?
?
?
?
?If all the code source was
granted Permission p…
SecurityException
Otherwise…
Problem:
What Permissions are required?
• Not too many permissions
• Not too few permissions

9. import java.io.*;
import java.net.*;
public class LibraryCode {
private static String logFileName = "audit.txt";
public static Socket createSocket(String host, int port)
throws UnknownHostException, IOException {
Socket socket = new Socket(host, port);
FileOutputStream fos = new FileOutputStream(logFileName);
BufferedOutputStream bos = new BufferedOutputStream(fos);
PrintStream ps = new PrintStream(bos, true);
ps.print("Socket " + host + ":" + port);
return socket;
}
}
Client
Library
createSocket
Socket
Permission
File
Permission

10. Client.main()
LibraryCode.createSocket()
q
q
p
p
Socket.<init>(host,port)
sm.checkConnect(host,port)
sm.checkPermission(q)
AccessController.checkPermission(q)
q
q
q
q
FileOutputStream.<init>(logFileName)
sm.checkWrite(logFileName)
sm.checkPermission(p)
AccessController.checkPermission(p)
p
p
p
p
p = new FilePermission("audit.txt","write");q = new SocketPermission("ibm.com","80");

11. import java.io.*;
import java.net.*;
import java.security.*;
public class LibraryCode2 {
private static final String logFileName = "audit.txt";
public static Socket createSocket(String host, int port)
throws UnknownHostException, IOException,
PrivilegedActionException {
Socket socket = new Socket(host, port);
File f = new File(logFileName);
PrivWriteOp op = new PrivWriteOp(host, port, f);
FileOutputStream fos =
(FileOutputStream) AccessController.doPrivileged(op);
BufferedOutputStream bos = new BufferedOutputStream(fos);
PrintStream ps = new PrintStream(bos, true);
ps.print("Socket " + host + ":" + port);
return socket;
}
}
class PrivWriteOp implements PrivilegedExceptionAction {
private File f;
PrivWriteOp (File f) {
this.f = f;
}
public Object run() throws IOException {
return new FileOutputStream(f);
}
}
Client
Library
createSocket
Socket
Permission
File
Permission

12. Client.main()
Library.createSocket()
q
q p
AccessController.doPrivileged(op)
op.run()
p
p
FileOutputStream.<init>(logFileName)
sm.checkWrite(logFileName)
sm.checkPermission(p)
AccessController.checkPermission(p)
p
p
p
p
p = new FilePermission("audit.txt","write");
Socket.<init>(host,port)
sm.checkConnect(host,port)
sm.checkPermission(q)
AccessController.checkPermission(q)
q
q
q
q
q = new SocketPermission("ibm.com","80");

15. Client
Library
Core
AllPermission
AllPermission
∅
SecurityException
p r
q
p
q
p
q
q q r r
{p}

16. SecurityManager.
checkPermission(p)
p
p
p
p
AccessController.
checkPermission(p)
FileOutputStream.
<init>()
pClient
Library p
Core
p AccessController.
doPrivileged(pa)
p PrivilegedAction.
run()

20. Static Analysis Engine (Eclipse and OSGi Aware)
JAR Inspection
Java Bytecode Analysis (JaBA)
Call Graph
Access-Rights
Analysis
Privileged-Code
Placement Analysis
Tainted-Variable
Analysis
Object CodeSecurity Policy
Code Architecture
Inspection
Certificate
Inspection
Permission
Inspection
KeyStore Editor JAR Signer
Call Path
Analysis