JAVA Fine-grained Access Control-1

• Essential mechanisms include the following:

• Identity:Every piece of code needs a specific identity for security decisions. Origin (URL) and signature, represented in the class java.security.CodeSource , define identity.

• Permissions: System requests to perform a particular operation on particular target are allowed based on permissions. A policy says which permissions are granted to which principals. Permissions include:

  • java.io.FilePermission for file system access, e.g.,  f = new filePermission ("/tmp/applets.db", "read");
  • java.net.SocketPermission for network access, e.g., sp= new SocketPermission(”npac.syr.edu:3768", "connect")
  • java.lang.PropertyPermission for Java properties
  • java.lang.RuntimePermission for access to runtime system resources
  • java.security.NetPermission for authentication
  • java.awt.AWTPermission for access to graphical resources such as windows

Previous slide

Next slide

Back to first slide

View graphic version