granting and reverting permissions at runtime

[Maciej]

Hello,

I'm newbie to java permissions. I see some analogy to permissions from
databases: I permit for certain actions over certain object for certain
users, which is done by policy given during execution. Database analogy
reminds me about Permissions for Granting Other Persmissions. Is there
something similar in Java? Is it possible the application change
permissions for some users/object code at runtime, e.g. in result of
lost of trust to this code ?

For better illustration: I let some other code migrate (software agent)
to my JVM and I granted permission for using sockets (for sending
messages). Then I decided to revert this permission due to some
malicious behaviour of that code.

How could I grant and revert such a permission ?

TIA,

Maciej

 

[Thomas Weidenfeller]

For better illustration: I let some other code migrate (software agent)
to my JVM and I granted permission for using sockets (for sending
messages). Then I decided to revert this permission due to some
malicious behaviour of that code.

How could I grant and revert such a permission ?

Disclaimer: I never thought about all this in detail.

It should be possible in the sense that next time the malicious code
tries to do the same it doesn't get permission. I think it will be
difficult to withdraw a resource like a socket once the code got access
to it.

You might want to study

http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-specTOC.fm.html

for a start.

A key issue would be that the code which dynamically manages and changes
a permission needs to be protected and shielded from the potentially
malicious code. Otherwise that malicious code could by itself use that
management API and grant itself more permissions.

/Thomas

 

[Thomas Hawtin]

A key issue would be that the code which dynamically manages and changes
a permission needs to be protected and shielded from the potentially
malicious code. Otherwise that malicious code could by itself use that
management API and grant itself more permissions.

What's supposed to happen is that when the malicious code tries to abuse
the security code, the malicious code is on the stack so the security
checks fail. If there's any GUI interaction then the security code will
need its own EventQueue/AppContext, like Java WebStart.

Tom Hawtin

 

[Chris Uppal]

You might want to study

http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-specTOC.fm.html

for a start.

Agreed: that's a good place to start for into on sophisticated use of the
security architecture.

I just wanted to add (for the OP) that one doesn't often hear about people
making much -- if any -- use of these APIs, so you may not be able to find much
in the way of examples or online help.

Also, as a person with a DB-ish background, you may be leaping to a DB-ish
solution prematurely. There are not that many applications which need to
manage permissions internally, are you sure that yours is one of them ? And
if it /is/, are you sure that managing them at the security-manager level is
appropriate ?

-- chris

 

[Maciej]

I working with software agents (JADE platform), which can adapt their
behaviour. Therefore I need to change permission according to the trust
in them.

Thank you for your extensive responses. I will have to my deeper
search.

Maciej

 

[Chris Uppal]

I working with software agents (JADE platform), which can adapt their
behaviour. Therefore I need to change permission according to the trust
in them.

Ah, then yes the security achitecture is the right level to approach this.
Apologies for doubing you ;-)

I took a look at the JADE website, and it's astonishing how little it has to
say about security -- there's a short PDF guide to a "security add-on" (a
concept which in itself leaves me gasping) and that's about it...

-- chris