Platform module security
Hinkmond Wong
hinkmond.wong at oracle.com
Tue Dec 6 10:30:19 PST 2011
On 12/6/2011 8:01 AM, Sean Mullan wrote:
> How do we know if a module is part of the JRE platform and can be trusted
> exclusively?
>
> The current code in org.openjdk.jigsaw.Platform uses a fragile mechanism:
>
> public static boolean isPlatformModuleName(String mn) {
> return (mn.equals("jdk") || mn.startsWith("jdk.") ||
> mn.startsWith("sun."));
> }
>
> // ## We really must do something more secure and robust here!
> static boolean isPlatformContext(BaseContext cx) {
> for (ModuleId mid : cx.modules()) {
> if (!isPlatformModuleName(mid.name()))
> return false;
> }
> return true;
> }
>
> I can think of two potential solutions:
>
> 1) Nothing other than JRE platform modules can be installed/stored in the system
> library. How this is enforced is a separate question.
>
> 2) All platform modules are signed with a special certificate that we can identify.
If we do go with #2, it would be good to get a measurement of the core
platform module loading times before and after the change, especially on
a Java Embedded reference target device (such as Linux/ARM) instead of a
Java desktop system, to make sure the performance hit due to module code
signing is not unreasonable for typical use.
Thanks,
Hinkmond
>
> Any other thoughts?
>
> Thanks,
> Sean
--
Oracle <http://www.oracle.com>
Hinkmond Wong | Consulting Member of Technical Staff
Phone: +1 408.276.7618 <tel:+14082767618> | Fax: +1 408.276.7674
<fax:+14082767674>
Oracle Java Embedded
4210 Network Ci., M/S USCA22-rm2364 | Santa Clara, CA 95054
Green Oracle <http://www.oracle.com/commitment> Oracle is committed to
developing practices and products that help protect the environment
More information about the jigsaw-dev
mailing list