MQP:Rule to Resource Mapping

From JimboWiki
Revision as of 20:32, 11 September 2008 by J (Talk | contribs) (New page: Category:MQP-Design {{MQP:Navbar}} When developers are building their software, they have a fairly complete knowledge about what protected resources their application will require for ...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


MQP Navigation
MQP
MQP-Design
MQP-Prototypes
MQP-Research
  Main
  Project Overview

When developers are building their software, they have a fairly complete knowledge about what protected resources their application will require for certain actions, but may not have a full understanding about how to create a security policy from this data. In order to simplify the creation of policy, the policy could be defined in the resource and action centric vocabulary that the developer is familiar with, rather than the permission centric vocabulary of Java policy. The resource requirements the developer specifies could then be mapped into actual permission requirements.

Resources

In Java, there are many resources that can be protected including:

  • The file-system
  • Socket connections
  • Java system properties
  • Graphics output
  • Class loaders
  • Java reflection system
  • Java security system

For each resource, there are actions associated. For instance:

  • The file-system
    • Read
    • Write
    • Create new
  • Socket connections
    • Listen
    • Accept connection
    • Create connection
  • Java system properties
    • Read specific properties
  • Graphics output
    • ?
  • Class loaders
    • Create new class loaders
    • Load classes
  • Java reflection system
    • Access private methods
    • Create reflected objects
  • Java security system
    • Access SecurityManager
    • Replace SecurityManager

Permissions

Permissions have a more low-level representation based on the classes they originate from, such as:

  • java.io.FilePermission
  • java.net.SocketPermission
  • java.util.PropertyPermission
  • java.lang.RuntimePermission
  • java.awt.AWTPermission
  • java.net.NetPermission
  • java.lang.ReflectPermission
  • and others

Some permission classes cover multiple resources and many actions. Certain combinations of permission grants can result in other permissions being implicitly granted based on logic in the permission check.

Mapping from Resources to Permissions and Back

Some sort of description of the relationship between a resource with its actions and a permission class would be developed. Important things to explain in this model include:

  • A description of the resource and all its actions
  • What permission class(es) relate to the resource's actions, and what parameters will cause these actions to be allowed or denied
  • What actions of this resource will be allowed implicitly as a result of other actions, which are not necessarily associated with this resource, to be allowed

Given a set of resource requirements, we should be able to generate a permission set. Given a permission set, we should be able to do reverse lookups to find the resource grant implications, including implicit resource access grants.

Resource to Permission Data Model

Working on this still...

Fitting Developer Specified Resources Together with Permission Requirement Analysis

This resource requirement model fits in nicely with the idea of "Management Level Policy Requirements", and can use the same classes for its representation. Using this representation also allows us to compare the permission set caused by developer suggested resources to our own analysis of permission requirements. We would be able to detect unused permissions and missing grants, as well as overly vague grants.

Retrieved from "http://jimbodude.net/w/index.php?title=MQP:Rule_to_Resource_Mapping&oldid=1949"