irm enforcement of java stack inspection pslab yunkyung kim
TRANSCRIPT
![Page 1: IRM Enforcement of Java stack Inspection Pslab YunKyung Kim](https://reader030.vdocuments.mx/reader030/viewer/2022020117/5697c01e1a28abf838cd0f72/html5/thumbnails/1.jpg)
IRM Enforcement of IRM Enforcement of Java stack InspectionJava stack Inspection
Pslab YunKyung KimPslab YunKyung Kim
![Page 2: IRM Enforcement of Java stack Inspection Pslab YunKyung Kim](https://reader030.vdocuments.mx/reader030/viewer/2022020117/5697c01e1a28abf838cd0f72/html5/thumbnails/2.jpg)
Content.Content.
IntroductionIntroduction Inlined Reference Monitors(IRM)Inlined Reference Monitors(IRM) Review of Java 2’s Stack Inspection PolicyReview of Java 2’s Stack Inspection Policy A Security-Passing Style IRM : IRMA Security-Passing Style IRM : IRMspssps
A New IRM Stack Inspection ImplementatioA New IRM Stack Inspection Implementation : IRMn : IRMLazyLazy
Concluding RemarksConcluding Remarks
![Page 3: IRM Enforcement of Java stack Inspection Pslab YunKyung Kim](https://reader030.vdocuments.mx/reader030/viewer/2022020117/5697c01e1a28abf838cd0f72/html5/thumbnails/3.jpg)
1. Introduction1. Introduction JavaJava 는 는 untrusted code down untrusted code down 받아 실행하는 응용받아 실행하는 응용 aa
pplicationpplication 개발하기 위한 개발하기 위한 languagelanguage 로서 로서 security polsecurity policyicy 가 필요가 필요
Sand box policy(Java2Sand box policy(Java2 이전이전 ) : locally code) : locally code 와 와 netwonetworkrk 을 통해 얻어진 을 통해 얻어진 codecode 구별구별
Stack inspection policy(Java2Stack inspection policy(Java2 이후이후 )) : : 현재 수행중인 현재 수행중인 methodmethod 에 따라 에 따라 accessaccess 가 허용되어진 것인지 검사가 허용되어진 것인지 검사(JVM run time call stack(JVM run time call stack 의 의 informationinformation 에 의존에 의존 ))
이 논문에서는 이 논문에서는 applicationapplication 이 수행되어지는 동안에 이 수행되어지는 동안에 특정한 특정한 securitysecurity 를 위반하고 있는지를 를 위반하고 있는지를 MonitorMonitor하기위해 하기위해 IRMIRM 을 을 applicationapplication 에 통합시키는 두 가지 에 통합시키는 두 가지 방법에 대해 소개방법에 대해 소개 ..
![Page 4: IRM Enforcement of Java stack Inspection Pslab YunKyung Kim](https://reader030.vdocuments.mx/reader030/viewer/2022020117/5697c01e1a28abf838cd0f72/html5/thumbnails/4.jpg)
2. Inlined Reference Monitors2. Inlined Reference Monitors IRM RewriterIRM Rewriterchecking code merge into original checking code merge into original
application at load timeapplication at load timeProgram analysisProgram analysisApplication transformedApplication transformed
![Page 5: IRM Enforcement of Java stack Inspection Pslab YunKyung Kim](https://reader030.vdocuments.mx/reader030/viewer/2022020117/5697c01e1a28abf838cd0f72/html5/thumbnails/5.jpg)
PoET(Policy Enforcement Toolkit) rewriter : PoET(Policy Enforcement Toolkit) rewriter : JVML applicationsJVML applications 를 위해 를 위해 IRMIRM 을 을 구현하기 위한 도구구현하기 위한 도구
PSLang(Policy Specification Language) : PPSLang(Policy Specification Language) : PoEToET 에서 에서 security policysecurity policy 를 작성하기 위한 를 작성하기 위한 언어언어
![Page 6: IRM Enforcement of Java stack Inspection Pslab YunKyung Kim](https://reader030.vdocuments.mx/reader030/viewer/2022020117/5697c01e1a28abf838cd0f72/html5/thumbnails/6.jpg)
security events : the policy-relevant operations that must be mediated by the reference monitor
security state : information stored about earlier security events that is used to determine which security events can be allowed to proceed
security updates : program fragments that are executed in response to security events and that update the security state, signal security
violations, and/or take other remedial action (e.g. block execution)
![Page 7: IRM Enforcement of Java stack Inspection Pslab YunKyung Kim](https://reader030.vdocuments.mx/reader030/viewer/2022020117/5697c01e1a28abf838cd0f72/html5/thumbnails/7.jpg)
![Page 8: IRM Enforcement of Java stack Inspection Pslab YunKyung Kim](https://reader030.vdocuments.mx/reader030/viewer/2022020117/5697c01e1a28abf838cd0f72/html5/thumbnails/8.jpg)
3. Review of Java 2’s Stack 3. Review of Java 2’s Stack Inspection PolicyInspection Policy
Java 2’s stack inspection access control policyJava 2’s stack inspection access control policy 는 는 permissionpermission 과 과 protection domainprotection domain 을 연관시킨 을 연관시킨 ppolicy fileolicy file 에 근거하여 동작 에 근거하여 동작
Protection domain : application sourceProtection domain : application source 에 따른 에 따른 ppermission setermission set 을 포함을 포함 ..
Checkpermission(p) Call: JVM call stackCheckpermission(p) Call: JVM call stack 을 을 top~top~bottombottom 또는 또는 doPrivilege() doPrivilege() 블록 내에 있는 블록 내에 있는 methomethod framed frame 을 만날 때까지 을 만날 때까지 traversetraverse 함함 => => 그 그 methmethodod 의 의 protection domainprotection domain 이 이 PP 를 를 implyimply 하고 있지 하고 있지 않으면 않으면 security exceptionsecurity exception 이 발생이 발생
![Page 9: IRM Enforcement of Java stack Inspection Pslab YunKyung Kim](https://reader030.vdocuments.mx/reader030/viewer/2022020117/5697c01e1a28abf838cd0f72/html5/thumbnails/9.jpg)
![Page 10: IRM Enforcement of Java stack Inspection Pslab YunKyung Kim](https://reader030.vdocuments.mx/reader030/viewer/2022020117/5697c01e1a28abf838cd0f72/html5/thumbnails/10.jpg)
Display
Load(this.txt)
Checkpermission()
Untrusted Applet(/home/ue/*)
File system(<<All files>>)
Display
Use paint font
Load(‘Courier’)
Untrusted Applet(/home/ue/*)
GUI library(/fonts/*) : doPrivilege() 블록 내에 있음 .
File System(<<All files>>)
Checkpermisssion()
![Page 11: IRM Enforcement of Java stack Inspection Pslab YunKyung Kim](https://reader030.vdocuments.mx/reader030/viewer/2022020117/5697c01e1a28abf838cd0f72/html5/thumbnails/11.jpg)
4. A Security-Passing Style IRM4. A Security-Passing Style IRM
Domain stack(new variable)Domain stack(new variable)JVM run time call stackJVM run time call stack 으로 부터 으로 부터 policypolicy 와 와
관련된 정보를 관련된 정보를 replicate.replicate.Each threadEach thread 에 에 local.local.checkPermission callcheckPermission call 일때 일때 sacannedsacanned..
SPS(security passing style)SPS(security passing style) : IRM : IRM 을 구현한 을 구현한 exampleexample 로서 로서 methodmethod 가 가 invocationinvocation 될 때 될 때 domain stackdomain stack 을 을 argumentargument 로 로 passing passing
![Page 12: IRM Enforcement of Java stack Inspection Pslab YunKyung Kim](https://reader030.vdocuments.mx/reader030/viewer/2022020117/5697c01e1a28abf838cd0f72/html5/thumbnails/12.jpg)
![Page 13: IRM Enforcement of Java stack Inspection Pslab YunKyung Kim](https://reader030.vdocuments.mx/reader030/viewer/2022020117/5697c01e1a28abf838cd0f72/html5/thumbnails/13.jpg)
Performance OverheadPerformance Overhead
![Page 14: IRM Enforcement of Java stack Inspection Pslab YunKyung Kim](https://reader030.vdocuments.mx/reader030/viewer/2022020117/5697c01e1a28abf838cd0f72/html5/thumbnails/14.jpg)
5. A New IRM Stack Inspection 5. A New IRM Stack Inspection ImplementationImplementation
IRMIRMLazy Lazy :: JVM call stackJVM call stack 에 직접 에 직접 accessaccess 하기 하기 위해 위해 Security ManagerSecurity Manager 의 의 getclassContext()getclassContext()를 이용를 이용
![Page 15: IRM Enforcement of Java stack Inspection Pslab YunKyung Kim](https://reader030.vdocuments.mx/reader030/viewer/2022020117/5697c01e1a28abf838cd0f72/html5/thumbnails/15.jpg)
![Page 16: IRM Enforcement of Java stack Inspection Pslab YunKyung Kim](https://reader030.vdocuments.mx/reader030/viewer/2022020117/5697c01e1a28abf838cd0f72/html5/thumbnails/16.jpg)
Overhead PerformanceOverhead Performance
![Page 17: IRM Enforcement of Java stack Inspection Pslab YunKyung Kim](https://reader030.vdocuments.mx/reader030/viewer/2022020117/5697c01e1a28abf838cd0f72/html5/thumbnails/17.jpg)
6. Concluding Remarks6. Concluding Remarks
IRMIRM 의 장점의 장점 Stack inspection policyStack inspection policy 를 적용하고자하는 를 적용하고자하는 applicationapplication
들은 이전 버전의 들은 이전 버전의 JVMJVM 에서 수행이 불가능에서 수행이 불가능 ..
FlexibilityFlexibility mechanismmechanism 과 과 policy file, protection domain, permission policy file, protection domain, permission
classesclasses 들을 분리 함으로써들을 분리 함으로써 , unused enforcement mecha, unused enforcement mechanismsnisms 이 생략가능 이 생략가능
application eventapplication event 와 관련된 와 관련된 security policysecurity policy 를 를 security evsecurity events,security updates ents,security updates 형태로 삽입함으로써 형태로 삽입함으로써 applicationapplication마다 다른 마다 다른 security policy security policy 적용이 가능 적용이 가능