Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / May 2006

Tip: Looking for answers? Try searching our database.

granting and reverting permissions at runtime

Thread view: 
Enable EMail AlertsStart New Thread
Maciej - 30 May 2006 10:08 GMT
Hello,

I'm newbie to java permissions. I see some analogy to permissions from
databases: I permit for certain actions over certain object for certain
users, which is done by policy given during execution. Database analogy
reminds me about Permissions for Granting Other Persmissions. Is there
something similar in Java? Is it possible the application change
permissions for some users/object code at runtime, e.g. in result of
lost of trust to this code ?

For better illustration: I let some other code migrate (software agent)
to my JVM and I granted permission for using sockets (for sending
messages). Then I decided to revert this permission due to some
malicious behaviour of that code.

How could I grant and revert such a permission ?

TIA,

Maciej
Reply to this Message
Thomas Weidenfeller - 30 May 2006 10:29 GMT
> For better illustration: I let some other code migrate (software agent)
> to my JVM and I granted permission for using sockets (for sending
> messages). Then I decided to revert this permission due to some
> malicious behaviour of that code.
>
> How could I grant and revert such a permission ?

Disclaimer: I never thought about all this in detail.

It should be possible in the sense that next time the malicious code
tries to do the same it doesn't get permission. I think it will be
difficult to withdraw a resource like a socket once the code got access
to it.

You might want to study

http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-specTOC.fm.html

for a start.

A key issue would be that the code which dynamically manages and changes
a permission needs to be protected and shielded from the potentially
malicious code. Otherwise that malicious code could by itself use that
management API and grant itself more permissions.

/Thomas
Signature

The comp.lang.java.gui FAQ:
ftp://ftp.cs.uu.nl/pub/NEWS.ANSWERS/computer-lang/java/gui/faq
http://www.uni-giessen.de/faq/archiv/computer-lang.java.gui.faq/

Reply to this Message
Thomas Hawtin - 30 May 2006 10:50 GMT
> A key issue would be that the code which dynamically manages and changes
> a permission needs to be protected and shielded from the potentially
> malicious code. Otherwise that malicious code could by itself use that
> management API and grant itself more permissions.

What's supposed to happen is that when the malicious code tries to abuse
the security code, the malicious code is on the stack so the security
checks fail. If there's any GUI interaction then the security code will
need its own EventQueue/AppContext, like Java WebStart.

Tom Hawtin
Signature

Unemployed English Java programmer
http://jroller.com/page/tackline/

Reply to this Message
Chris Uppal - 30 May 2006 11:11 GMT
> You might want to study

http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-specTOC.fm.html

> for a start.

Agreed: that's a good place to start for into on sophisticated use of the
security architecture.

I just wanted to add (for the OP) that one doesn't often hear about people
making much -- if any -- use of these APIs, so you may not be able to find much
in the way of examples or online help.

Also, as a person with a DB-ish background, you may be leaping to a DB-ish
solution prematurely.  There are not that many applications which need to
manage permissions internally, are you sure that yours is one of them ?   And
if it /is/, are you sure that managing them at the security-manager level is
appropriate ?

   -- chris
Reply to this Message
Maciej - 30 May 2006 17:36 GMT
I working with software agents (JADE platform), which can adapt their
behaviour. Therefore I need to change permission according to the trust
in them.

Thank you for your extensive responses. I will have to my deeper
search.

Maciej
Reply to this Message
Chris Uppal - 31 May 2006 10:11 GMT
> I working with software agents (JADE platform), which can adapt their
> behaviour. Therefore I need to change permission according to the trust
> in them.

Ah, then yes the security achitecture is the right level to approach this.
Apologies for doubing you ;-)

I took a look at the JADE website, and it's astonishing how little it has to
say about security -- there's a short PDF guide to a "security add-on" (a
concept which in itself leaves me gasping) and that's about it...

   -- chris
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.