Professional Documents
Culture Documents
Chapter 6. Lập trình bảo mật (security) với Java
Chapter 6. Lập trình bảo mật (security) với Java
(Advanced Java)
● Components of Java
● Java security models
● Main components of the Java security
architecture
– class loaders
– bytecode verification
– the Security Manager
2
Components of Java
3
Development lifecycle
4
Java language features
● object-oriented
● multi-threaded
● strongly typed
● exception handling
● very similar to C/C++, but cleaner and simpler
– no more struct and union
– no more (stand alone) functions
– no more multiple inheritance
– no more operator overloading
– no more pointers
● garbage collection
– objects no longer in use are removed automatically
5
Class files
● contain
6
The Java Virtual Machine (JVM)
7
The Java Virtual Machine (JVM)
●
8
The Java Virtual Machine (JVM)
●
9
The Java Virtual Machine (JVM)
●
10
The Java Virtual Machine (JVM)
●
11
The Java Virtual Machine (JVM)
●
12
Java security models
13
The need for Java security
● code mobility can be useful (though not
indispensable)
– may reduce bandwidth requirements
– improve functionality of web services
● but downloaded executable content is dangerous
14
The sandbox
15
The concept of trusted code
16
Fine grained access control
17
The three pillars of Java security
● the Security Manager
● class loaders
● the bytecode verifier
18
The Security Manager
19
The Security Manager
20
Class loaders
21
Class loading process
22
Class loading task delegation
23
Byte code verifier
24
25
Merci!