Pluggable Security Manager
Submitted by smartini on Tue, 06/08/2004 - 16:23.
Hi,
I've read the Java Security Documentation pages, but I haven't understand if it's possible in JNode to customize the default Security of the entire System.
I don't think all of this will be possible only with Security Polices ... but I could fail in this.
So, wouldn't it be good to have also the Security Manager like the others System Plug-Ins ? OK, this will be a critical plug-in, but very closer to the core part of JNode. But the idea is to have also other versions, more enhanced of the default Security behavior, and configurable with dedicated Polices.
In my high security Policy for ex. I see that any application is being installed automatically in a well-known dir of the system (but I hope that this will be the default for the JNode Installer), and the SecurityManager grants read (and write, here also or in a package dir under the variant part ?) only there (and in a temp a log area ... ). To have more, at Runtime (but in the Installation package we could have also a security policy containing the additional permission to ask to the user) the User will need to tell to the SecurityManager the Grants required.
Any time the User could return to the SecurityManager Console and expand or deny some of the SecurityPermissions Grant (for ex. because I've seen that the Applcation is a SpyWare, so I could revoke the Connect Grant).
Or if not as a plug-in, why not as a class to load and use as a SecurityManager ... but pay attention to not load hacked or malicious classes.
I'm thinking to this as the JNode version of the Linux GRSecurity packages, to provide enhanced security in the system (patching the kernel), but as an optional package that integrates with the rest of the core system.
For example, see http://www.gentoo.org/proj/en/hardened/grsecurity.xml
Comments or ideas ?
I hope to be clear.
Bye,
Sandro
- Login to post comments
Re: Pluggable Security Manager
Hi Sandro,
Maybe the better point for customization to implement dynamic permission grants is the java.security.Policy class. The last version of Jini has added support for dynamic permission grants and has introduced some kind of DynamicPolicy.
Thereby it might become unneccessary to create a custom SecurityManager (which would in contrast affect the whole system instead of only a single component).
Regards,
Sebastian
Policy implementation
Hi Sebastian,
i've seen on the jnode documentation that you've got some dynamic permission assignements with your plugin framework (principally based on CodeSource).
the jGuard project provides too a Policy implementation to deal with JAAS and j2ee.
=> jGuard permits dynamic permission assignement based on user actions and rights. (provides a getPermissions method with protectionDomain argument).
maybe we can exchange ideas about jaas and custom policy implementations and maybe more?
sincerly yours,
Charles GAY(jGuard team).
jGuard (http://jguard.sourceforge.net)enable easy JAAS integration.
Re: Policy implementation
Hi Charles,
sorry, but I'm not the author of the plugin framework. However, it's good to know people who know how to program with the Java security APIs. I still have to understand what your project is exactly doing, but I will send you an email within the next days.
Regards.
Sebastian
Minor Comment
Your idea appears to be a good one. I only have a minor comment to add; the plugin installation feature of my plugin manager does not install to a directory. It installs to my transparent persister which persists data to local directories by classname an a consecutive uid. When the data is retrieved from the storage its default directory ("."), will not be the persistence directory, it will be the directory that the vm started from (I have no idea what that means in Jnode).
Thanks,
Alex