Sicherheitsmerkmale von Java SE 8
Wolfgang Weigend
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Wolfgang WeigendSen. Leitender SystemberaterJava Technology and Architecture
Safe Harbor Statement
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
2
Larger Security Policy Areas
CommunicationsDeployment
Lifecycle
� Architecture Review
� Peer Review
� Security Testing
� Post Mortems
� SA / CPU RSS Feeds
� Security Blog
� eBlasts
� Java.com Security
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Remediation
Security
� Post Mortems� Java.com Security
� CPU
� Security Alerts
Java Critical Patch Updates
� Rules for Java CPU’s � JDK 8u60 - Security Baselines
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
� Rules for Java CPU’s− Main release for security vulnerabilities
− Covers all JDK families (8, 7, 6, 5.0)
− CPU release triggers Auto-update
− Dates published 12 months in advance
− Security Alerts are released as necessary
− Based off the previous (non-CPU) release
− Released simultaneously on java.com and OTN
� JDK 8u60 - Security Baselines
JRE Family VersionJRE Security Baseline
(Full Version String)
8 1.8.0_51
7 1.7.0_85
6 1.6.0_101
5.0 1.5.0_81
Java Critical Patch Updates and upcoming
� 30th of July 2015
� 20th of October 2015
� 19th of January 2015
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
� 19th of April 2016
� 19th of July 2016
� Scheduled CPU‘s
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Agenda
Overview of Java SE Security
New JDK 8 Security Features
Sneak peek at potential JDK 9 security features
1
2
3
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Sneak peek at potential JDK 9 security features
Conclusion
Java Security Resource Center and more information
3
4
5
6
Overview of Java SE Security
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Overview of Java SE Security
7
Java SE Security Conceptual Diagram
Tools keytool
JAAS
jarsigner policytool
GSSAPI/Kerberos XML Signature
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
APIs and Libraries
Java Language and Runtime Security
JSSE (SSL/TLS) SASL
JCE (crypto) PKI
Java Language and Runtime Security
8
Java Language and Runtime Security
• Language design and controls
– Type safety
– Automatic memory management
– Access modifiers: private, default (package-private), protected, public, final
• Bytecode Verifier
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
• Bytecode Verifier
– As classes are loaded, the verifier checks that bytecodes are well-formed and do not violate various rules
• Security Manager
– Governs access to security-sensitive operations
– Access rules are determined by the security policy
9
Security APIs and Libraries
• APIs spanning a wide range of areas
– Cryptography (JCE), PKI, SSL/TLS (JSSE), SASL, JAAS, GSSAPI/Kerberos, XML Signature
• APIs are abstract and allow for multiple implementations of algorithms
– Algorithms are implemented in service providers and plugged in via a standard Service Provider Interface (SPI)
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Service Provider Interface (SPI)
• JDK includes a default set of service providers covering a comprehensive set of algorithms
– http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html
10
Security Tools
• keytool
– Command-line tool for managing keystores
• jarsigner
– Command-line tool for signing JARs
• policytool
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
• policytool
– GUI tool for editing policy files
11
• Table
Option Description
-keystore url Specifies a keystore to be used if you don't want to use the .keystore default database.
-storepass password Allows you to enter the keystore's password on the command line rather than be prompted for it.
-keypass password Allows you to enter your alias's password on the command line rather than be prompted for it.
-sigfile fileSpecifies the base name for the .SF and .DSA files if you don't want the base name to be taken from your
Security Tools – Jarsigner Command Options
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
-sigfile fileSpecifies the base name for the .SF and .DSA files if you don't want the base name to be taken from your
alias. file must be composed only of upper case letters (A-Z), numerals (0-9), hyphen (-), and underscore (_).
-signedjar fileSpecifies the name of the signed JAR file to be generated if you don't want the original unsigned file to be
overwritten with the signed file.
-tsa url Generates a time stamp for the signature using the Time Stamping Authority (TSA) identified by the URL.
-tsacert alias Generates a time stamp for the signature using the TSA's public key certificate identified by alias.
-altsigner classIndicates that an alternative signing mechanism be used to time stamp the signature. The fully-qualified class
name identifies the class used.
-altsignerpath classpathlist Provides the path to the class identified by the altsigner option and any JAR files that the class depends on.
New JDK 8 Security Features
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
New JDK 8 Security Features
13
New JDK 8 Security FeaturesHighlights
• 13 new features
– New features span the entire security stack
• Significant crypto improvements
– Hardware-accelerated crypto performance improvements
– Support for new and stronger algorithms
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
– Support for new and stronger algorithms
• Significant JSSE (SSL/TLS) improvements
– More secure out of the box defaults
– Support for the SNI Extension
– New GCM cipher suites
14
New JDK 8 Security FeaturesHighlights (continued)
• And more …
– Better support for certificate revocation mechanisms (OCSP, CRLs)
– Improved Kerberos delegation support
– New APIs for limiting code’s privileges to only what is necessary to perform a security-sensitive operation
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
sensitive operation
– And many more smaller enhancements
15
http://openjdk.java.net/jeps
13 New Security Features
JEP Title
113 MS-SFU Kerberos 5 Extensions
114 TLS Server Name Indication (SNI) Extension
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. 16
115 AEAD CipherSuites
121 Stronger Algorithms for Password-Based Encryption
123 Configurable Secure Random-Number Generation
124 Enhance the Certificate Revocation-Checking API
129 NSA Suite B Cryptographic Algorithms
http://openjdk.java.net/jeps
13 New Security Features (continued)
JEP Title
130 SHA-224 Message Digests
131 PKCS#11 Crypto Provider for 64-bit Windows
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. 17
140 Limited doPrivileged
164 Leverage CPU Instructions for AES Cryptography
166 Overhaul JKS-JCEKS-PKCS12 Keystores
176 Mechanical Checking of Caller-Sensitive Methods
Java SE Security Conceptual DiagramWhere the features are
Tools keytool
JAAS
jarsigner policytool
GSSAPI/Kerberos XML Signature113
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
APIs and Libraries
Java Language and Runtime Security
JSSE (SSL/TLS) SASL
JCE (crypto) PKI
Java Language and Runtime Security
JEP
113
176
114
124
166
115
121
123
129
130131164
= JDK Enhancement-Proposal
140
18
New JDK 8 Security Features
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
New JDK 8 Security FeaturesCryptography
19
SHA-224 MessageDigests
• SHA-224 is a truncated version of SHA-256
– computed hash is 224 bits instead of 256
– provides 112 bits of security (same as two-key Triple DES)
• Sweet spot for use cases that benefit from smaller digest size
Added support for the SHA-224 message digest and related algorithms
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
• Added support for the SHA-224 message digest and related algorithms
– MessageDigest: SHA-224
– Signature: SHA224withRSA, SHA224withDSA, SHA224withECDSA
– Mac: HmacSHA224
• Completes support for the SHA-2 family (224, 256, 384, 512)
20
SecureRandom Improvements
• Strong random numbers are critical for many cryptographic functions
• New SecureRandom.getInstanceStrongmethod automatically picks the strongest random number generator
– Reduces chances of accidentally picking weak generator
• New NativePRNGBlocking and NativePRNGNonBlocking
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
• New NativePRNGBlocking and NativePRNGNonBlockingSecureRandom implementations on Unix platforms
21
// Create strong secure random number generatorSecureRandom sr = SecureRandom.getInstanceStrong();
// Initialize key pair generator with SecureRandomKeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");kpg.initialize(2048, sr);
Example: obtaining and using the strongest available SecureRandom
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. 22
Strengthened DSA and Diffie-Hellman SupportDigital Signature Algorithm
• Added support for generating 2048-bit DSA and Diffie-Hellman public-key pairs
– Can use API or keytool to generate the key pairs
– 1024-bit public-keys are no longer recommended
• Added support for the SHA224withDSA and SHA256withDSA signature
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
• Added support for the SHA224withDSA and SHA256withDSA signature algorithms
23
// Generate DSA public-key pairKeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");kpg.initialize(2048);// or use your own parameters (DSAParameterSpec):// kpg.initialize(2048, params);KeyPair kp = kpg.generateKeyPair();
// Sign some data with the SHA256withDSA algorithm
Example: generating a 2048-bit DSA keypair and signing some data with the SHA256withDSA algorithm
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
// Sign some data with the SHA256withDSA algorithmSignature signature = Signature.getInstance("SHA256withDSA");signature.initSign(kp.getPrivate());signature.update("Hello, world!".getBytes());byte[] result = signature.sign();
24
Hardware-accelerated AES crypto performanceAdvanced Encryption Standard
• Hotspot compiler generates intrinsics for AES instructions on 32-bit and 64-bit x86 systems (if they support such instructions)
• Provides significant performance improvement on x86 systems
• Intrinsics are triggered when a Cipher with the AES algorithm is created:
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
– Cipher.getInstance("AES");
– A more optimized intrinsic is used for CBC mode: Cipher.getInstance("AES/CBC");
– Implemented in SunJCE provider. On Solaris, may need to reorder providers or specify provider explicitly:Cipher.getInstance("AES", "SunJCE");
25
Hardware-accelerated AES crypto performanceBenchmark Results
150000
200000
250000
No Intrinsics
Op
s/se
c
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
0
50000
100000
Encryption Decryption
No Intrinsics
Intrinsics
26
Op
s/se
c
• Encryption and decryption with 128-bit key
• Message 10000 bytes
• Single thread
Authenticated AES GCM Cipher modeBlock chiffre for symetric encryption
• Galois/Counter Mode (GCM) is an efficient symmetric key block cipher mode that also supports AEAD (Authenticated Encryption and Associated Data)
– Provides data integrity and confidentiality
– Can perform better than other block cipher modes such as CBC
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
– Can perform better than other block cipher modes such as CBC
• In JDK 7, we enhanced the Cipher API to support AEAD but did not provide an implementation
• In JDK 8, we have implemented GCM mode for AES
27
Plaintext CiphertextAuthentication Tag
(Plaintext + Ciphertext)
// Create and initialize CipherCipher cipher = Cipher.getInstance("AES_128/GCM/NoPadding");cipher.init(Cipher.ENCRYPT_MODE, key);// or use your own parameters (GCMParameterSpec):// BUT always use a different IV value (nonce) for each complete GCM operation// cipher.init(Cipher.ENCRYPT_MODE, key, params);cipher.updateAAD("Duke".getBytes());
Example: Authenticated Encryption with AES/GCM mode
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
// Encrypt and authenticatebyte[] cipherText = cipher.doFinal("Meet me for coffee tomorrow at 1PM".getBytes());
// Decrypt and authenticatecipher.init(Cipher.DECRYPT_MODE, key, cipher.getParameters());cipher.updateAAD("Duke".getBytes());byte[] clearText = cipher.doFinal(cipherText);
28
Stronger Algorithms for Password-Based Encryption (PBE)
• PBE is based on PKCS #5 and includes:
– key derivation functions
– encryption schemes
– message authentication code (MAC) schemes
• Support for PBE as of JDK 7 was lacking (based on older PKCS #5 standard)
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
• Support for PBE as of JDK 7 was lacking (based on older PKCS #5 standard)
• JDK 8 adds more secure algorithms based on PKCS #5 v2.1
– SecretKeyFactory: PBKDF2WithHmacSHA{1,224,256,384,512}
– Cipher: PBEWithHmacSHA{1,224,256,384,512}AndAES_{128,256}
– Mac: PBEWithHmacSHA{1,224,256,384,512}
29
// Create PBE keychar[] password = System.console().readPassword("%s", "Password:");PBEKeySpec pks = new PBEKeySpec(password);SecretKeyFactory skf = SecretKeyFactory.getInstance("PBEWithHmacSHA256AndAES_128");// NOTE: key is not strongSecretKey pbeKey = skf.generateSecret(pks);
// Create PBE cipher
Example: deriving a strong key from a password and encrypting some data
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
// Create PBE cipherCipher c = Cipher.getInstance("PBEWithHmacSHA256AndAES_128");c.init(Cipher.ENCRYPT_MODE, pbeKey);
// Encryptbyte[] cipherText = c.doFinal("Top Secret Data".getBytes());
30
New JDK 8 Security Features
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
New JDK 8 Security FeaturesTLS/SSL
31
AEAD Cipher SuitesAuthenticated Encryption and Associated Data
• Added support for AEAD/GCM based TLS cipher suites (RFCs 5288, 5289, 5430)
– Best cipher suite to use, although not yet ubiquitous
– Leverages the Authenticated GCM Cipher mode discussed earlier
• New suites include:
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
• New suites include:
– TLS_RSA_WITH_AES_128_GCM_SHA256 (RFC 5288)
– TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289, 5430)
– TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (RFC 5289, 5430)
– For complete list, see the Cipher Suites table at http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider
32
TLS Server Name Indication (SNI) Extension
• The SNI extension is used to indicate the hostname of the server the client wants to establish a session with
• Useful when a server has multiple domains that share the same IP address
– Common in virtual hosting and cloud computing environments
– Each server domain may use a different certificate to authenticate to the client
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
– Each server domain may use a different certificate to authenticate to the client
• Several new JSSE APIs have been defined to support SNI
33
// Create SSL socketSSLSocket sslSocket = (SSLSocket)SSLSocketFactory.getDefault().createSocket(ipAddr, 443);
// Specify hostname and add to SSL parametersSNIServerName serverName = new SNIHostName("www.example.com"); SSLParameters params = sslSocket.getSSLParameters();params.setServerNames(Collections.singletonList(serverName));sslSocket.setSSLParameters(params);
Example: using SNI on the client side
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
sslSocket.setSSLParameters(params);
// start handshake …sslSocket.startHandshake();
34
// Create server socket ServerSocketFactory fac = SSLServerSocketFactory.getDefault();SSLServerSocket serverSocket = (SSLServerSocket)fac.createServerSocket(443);
// Specify host matching rules and add to SSL parametersSNIMatcher matcher = SNIHostName.createSNIMatcher("www\\.example\\.(com|org)");SSLParameters params = serverSocket.getSSLParameters(); params.setSNIMatchers(Collections.singletonList(matcher));
Example: using SNI on the server side
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
params.setSNIMatchers(Collections.singletonList(matcher));serverSocket.setSSLParameters(params);
// accept connection …SSLSocket sslSocket = (SSLSocket)serverSocket.accept();
35
Other notable TLS/SSL Enhancements
• TLS 1.1 and 1.2 enabled by default
– Now enabled by default on client without having to explicitly enable it
– Use the jdk.tls.client.protocols system property to change the default protocols
• Server Cipher Suite Preference
– Servers can now choose which cipher suite they want to use, rather than the client’s
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
– Servers can now choose which cipher suite they want to use, rather than the client’s most preferred one
– New SSLParameters.setUseCipherSuitesOrder() method
• Stronger Server Ephemeral Diffie-Hellman Parameters
– Default increased from 768 bits to 1024 bits
– Use the jdk.tls.ephemeralDHKeySize system property to increase the strength
36
New JDK 8 Security Features
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
New JDK 8 Security FeaturesPKI, Kerberos, Access Control
37
Major KeyStore Enhancements
• Enable the strong PBE algorithms previously discussed to be used to protect keystore entries
– KeyStore.PasswordProtection has a new constructor that allows you to specify the PBE algorithm
• New KeyStore.Entry.Attribute API for storing metadata with entries
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
• New KeyStore.Entry.Attribute API for storing metadata with entries
• New Domain ("DKS") keystore type
– Allows several keystores to be aggregated and viewed as a single keystore
• Enhancements to the PKCS#12 keystore implementation
– Support for storing trusted certificate and secret key entries
38
// dks.config file// This is a domain containing two keystores on a system running Ubuntu/Linux:// 1. oracle_cacerts is the cacerts file in Oracle's JDK// 2. ubuntu_cacerts is the cacerts file in Ubuntu’s JDK//domain ubuntu {
keystore oracle_cacertskeystoreType = "JKS"
Example: Domain KeyStore
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
keystoreType = "JKS" keystoreURI = "${java.home}/lib/security/cacerts";
keystore ubuntu_cacertskeystoreType = "JKS"keyStoreURL = "/etc/ssl/certs/java/cacerts";
};
39
// Create and load DKS keystoreKeyStore keystore = KeyStore.getInstance("DKS"); URI uri = new File("dks.config").toURI();keystore.load(new DomainLoadStoreParameter(uri, Collections.emptyMap());
// Validate certificate chain using all of the trust anchors in domain keystorePKIXParameters params = new PKIXParameters(keystore);CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
Example: Domain KeyStore
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
CertPathValidator cpv = CertPathValidator.getInstance("PKIX");CertPathValidatorResult cpvr = cpv.validate(chain, params);
40
New Revocation Checking API
• New PKIXRevocationChecker API which allows you to set various revocation checking parameters
• Options allow more control over how revocation checking is performed
– Perform check using OCSP or CRLs (or both). Default is both.
– Enable soft fail behavior: inability to determine revocation status (ex: due to a
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
– Enable soft fail behavior: inability to determine revocation status (ex: due to a network issue) is not treated as a hard failure. Default is off.
– Only check end-entity certificate. Default is to check full chain.
41
Enhanced Certificate Revocation Checking API• Previous java.security.cert API is all-or-nothing
– Failure to contact server is a fatal error
• New classes
– RevocationChecker
– RevocationParameters
• Online certificates checking during runtime with online certificate status protocol OCSP under the hood
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
under the hood
– Both is used, and both can be turned off or on. Turning OCSP on with a non-networked system may be slower because it could wait to connect. Similar story with CA’s who have slow OCSPs.
– We test and validate them before inclusion. CA’s whose OCSP is not turned on, do not get accepted
• What’s the best way to work offline with certificates and verify them, e.g. to maintain the certificate revocation list as CRL offline?
– For offline validation, the easiest best is to just periodically grab the CRL. The CA’s update those periodically, about once a week. You should be able to locate either the CRL and/or OCSP through the certificate’s Authority Info Access
• All this is controlled either in the control panel or java.security
// Create PKIX CertPathValidator and set soft-fail optionCertPathValidator cpv = CertPathValidator.getInstance("PKIX");PKIXRevocationChecker prc = (PKIXRevocationChecker)cpv.getRevocationChecker();prc.setOptions(EnumSet.of(PKIXRevocationChecker.Option.SOFT_FAIL));
// Validate certificate chainPKIXParameters params = new PKIXParameters(keystore);params.addCertPathChecker(prc);
Example: Setting SOFT_FAIL option
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
params.addCertPathChecker(prc);CertPathValidatorResult cpvr = cpv.validate(path, params);
// Did any revocation checks pass because of soft fail?List<CertPathValidatorException> exceptions = prc.getSoftFailExceptions();for (CertPathValidatorException e : exceptions) {
System.out.println(e);}
43
Support for MS-SFU Kerberos 5 Extensions
• These extensions allow a service to obtain a Kerberos service ticket on behalf of another client
– Service-for-User-to-Self (S4U2self) extension
– Service-for-User-to-Proxy (S4U2proxy) extension
• Useful in firewalled environments or clients without Kerberos support
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
• Useful in firewalled environments or clients without Kerberos support
• More information at http://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/jgss-features.html
44
Limited doPrivileged
• New AccessController.doPrivileged methods that take list of limiting Permissions
• New methods allow code to assert a subset of its granted permissions
– Allows code to better adhere to the Principle of Least Privilege
– Reduces risk of excessive permissions being available if there is a bug in that code
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
– Reduces risk of excessive permissions being available if there is a bug in that code
• Also useful when you need to assert some permissions while allowing others to continue the stack walk
45
// Simple example: read user.home system property and only assert single// permission to perform operationString homeDir = AccessController.doPrivileged(
(PrivilegedAction<String>) () -> System.getProperty("user.home"),null,new java.util.PropertyPermission("user.home", "read"));
Examples: Limited doPrivileged
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
// Advanced example: allow connections back to same origin, anything else the caller// needs explicit permissionpublic InputStream openStream(URL url) throws Exception {
return AccessController.doPrivileged((PrivilegedExceptionAction<InputStream>) () -> url.openStream(),null,new java.net.URLPermission(origin));
}
46
Other notable JDK 8 Enhancements
• New @CallerSensitive annotation for marking caller-sensitive methods
– See http://openjdk.java.net/jeps/176
• X.509 certificates with RSA keys less than 1024 bits disabled by default
• Kerberos 5 DES encryption types are disabled by default
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
• SASL and GSS-APIs have been enhanced to support unbounded servers
• For more information, see http://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html
47
Potential JDK 9 Security Features
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Potential JDK 9 Security Features
48
Potential JDK 9 Security Features
• Cryptography
– JVM Hardware Crypto Acceleration (http://openjdk.java.net/jeps/8046943)
– Transition the default keystore type from JKS to PKCS12
• TLS/SSL
– Datagram Transport Layer Security DTLS (http://openjdk.java.net/jeps/8043758)
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
– Datagram Transport Layer Security DTLS (http://openjdk.java.net/jeps/8043758)
– OCSP Stapling: appending a time stamped, signed response to the initial TLS handshake, no need for clients to contact CA
– Application-Layer Protocol Negotiation Extension
• Improve Security Manager Performance (http://openjdk.java.net/jeps/8043631)
49
Zusammenfassung
• Security continues to be a very important part of the JDK roadmap
• JDK 8 delivers many new important security features
– Improved performance
– Improved out-of-the-box security
– Support for new standards
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
– Support for new standards
• JDK 8 Updates provide improved performance and new features
• JDK 9 security features are being discussed and planned, please participate and please provide your feedback!
50
Java Security Resource Center and more information
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
and more information
51
Java Security Resource Center (1)What’s new
� New Secure Coding Guidelines
� Java 8 Security Enhancements
� JavaOne 2015 Java Security Track
� Manage multiple versions on client systems
� Exception Site List
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
� Exception Site List
� RIA Checklist
� OpenJDK Security Group Information
� Security for Developers�http://www.oracle.com/technetwork/java/javase/overview/security-2043272.html
Java Security Resource Center (2)Security for developers
� Secure Coding Guidelines – learn defensive coding strategies to properly mitigate weaknesses in software and prevent vulnerabilities
‒ Oracle Secure Coding Guidelines - Updated for Java 8
‒ The CERT Oracle Secure Coding Standard for Java
� Security enhancements in JDK 8 include many new cryptographic algorithms, improved randomization, and protocol updates
� For Applet & Web Start applications, view the RIA security checklist and understand the expanding role of code
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
� For Applet & Web Start applications, view the RIA security checklist and understand the expanding role of code signatures for authenticating your identity to end-users
‒ 7u51 provides an Exception Site List for already-shipped applications that cannot be updated per the RIA security checklist.
� Java SE Security Overview — lists APIs, specifications, and developer-related secure deployment information, such as code signing & timestamping
� Names of cryptographic algorithms available within the Java Cryptographic Architecture
� For a better understanding of Java security or to get involved in the community, look at the OpenJDK Security Group
� For other periodic information, please access the Oracle Java Product Management blog and subscribe via RSS readers
Java Security Resource Center (3)Security for System Administrators� Security enhancements in JDK 8 include many new cryptographic algorithms, improved randomization, and protocol
updates
� Stay up to date
‒ Receive email notification of Critical Patch Updates
‒ Critical Patch Update general information page
� If required, manage multiple Java versions on client systems through static installations and use Deployment Rule Sets for old-version compatibility
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
old-version compatibility
� Whitelist Applet & WebStart applications across managed computers through Deployment Rule Sets (full documentation)
� Consider using the Server JRE for server systems, such as application servers or other long-running back-end processes. The Server JRE is the same as the regular JRE except that the Server JRE does not contain the web-browser plugins
‒ Consider upgrading to Unlimited Strength Cryptography for sensitive information
� Use trusted timestamping when signing and verifying signed JAR files to prevent your artifacts from expiring early
� See properties that can be configured within Java installations
� Java SE Security Overview – lists APIs, specifications, and developer-related secure deployment information, such as code signing & timestamping
Java Security Resource Center (4)Security for End Users
� Always use the latest version of Java on your computer
‒ Java will periodically prompt you to update when it detects that there is a new version
‒ Remove old versions of Java from your computer
� Only download Java from the following websites
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
‒ Java.com (most users)
‒ Advanced users may download from the Oracle Technology Network
� If needed, disconnect Java from your web browser
� What other actions can I take to increase the security of Java?
Java Security Resource Center (5)Security for Security Professionals� Ensure that all systems are up to date with the latest security patches
� View recent security presentations
‒ “One Year of Java Security Enhancements in the JRE” at JavaOne 2013. Session information -- presentation material (pdf)
‒ “Using the new JDK8 Security Features” at JavaOne 2013. Session information -- presentation material (pdf)
� Java SE Security Overview – lists APIs, specifications, and developer-related secure deployment information, such as code signing & timestamping
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
� Secure Coding Guidelines – learn defensive coding strategies to properly mitigate weaknesses in software and prevent vulnerabilities
‒ Oracle Secure Coding Guidelines
‒ The CERT Oracle Secure Coding Standard for Java
� Security Specifications
‒ Names of cryptographic algorithms available within the Java Cryptographic Architecture
‒ Java Cryptographic Architecture specification
‒ Sandbox Specification
� Verify that all signed code is properly timestamped to prevent early expiration
Weitere Informationen
• Security Guides and Overview
– http://docs.oracle.com/javase/8/docs/technotes/guides/security/index.html
• OpenJDK Security Group: http://openjdk.java.net/groups/security/
– Mailing list: [email protected]
JEPs: http://openjdk.java.net/jeps
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
• JEPs: http://openjdk.java.net/jeps
• JDK 8 downloads: http://www.oracle.com/technetwork/java/javase/downloads/index.html
• JDK 8 docs: http://docs.oracle.com/javase/8/
57