Platform module security

Hinkmond Wong hinkmond.wong at oracle.com
Tue Dec 6 10:30:19 PST 2011



On 12/6/2011 8:01 AM, Sean Mullan wrote:
> How do we know if a module is part of the JRE platform and can be trusted
> exclusively?
>
> The current code in org.openjdk.jigsaw.Platform uses a fragile mechanism:
>
>      public static boolean isPlatformModuleName(String mn) {
>          return (mn.equals("jdk") || mn.startsWith("jdk.") ||
>              mn.startsWith("sun."));
>      }
>
>      // ## We really must do something more secure and robust here!
>      static boolean isPlatformContext(BaseContext cx) {
>          for (ModuleId mid : cx.modules()) {
>              if (!isPlatformModuleName(mid.name()))
>                  return false;
>          }
>          return true;
>      }
>
> I can think of two potential solutions:
>
> 1) Nothing other than JRE platform modules can be installed/stored in the system
> library. How this is enforced is a separate question.
>
> 2) All platform modules are signed with a special certificate that we can identify.

If we do go with #2, it would be good to get a measurement of the core 
platform module loading times before and after the change, especially on 
a Java Embedded reference target device (such as Linux/ARM) instead of a 
Java desktop system, to make sure the performance hit due to module code 
signing is not unreasonable for typical use.


Thanks,
Hinkmond

>
> Any other thoughts?
>
> Thanks,
> Sean

-- 
Oracle <http://www.oracle.com>
Hinkmond Wong | Consulting Member of Technical Staff
Phone: +1 408.276.7618 <tel:+14082767618> | Fax: +1 408.276.7674 
<fax:+14082767674>
Oracle Java Embedded
4210 Network Ci., M/S USCA22-rm2364 | Santa Clara, CA 95054
Green Oracle <http://www.oracle.com/commitment> Oracle is committed to 
developing practices and products that help protect the environment



More information about the jigsaw-dev mailing list