> First, sorry for the delay, I was very busy these last days.
>
Thanks a lot, Arnaud, for your frankly answer.
> About the StartSecureNode script and associated classes:
> they were used for tests during pre-release, they should have been
> removed in the release but the script was not removed ...
>
Have had hoped this would not be true ..
> The actual, full fledged, way to use security features is
> through deployment
> descriptor (in XML):
> A secure node can only be created whitin java code, but not
> with a script
> in the current realease.
>
Ok. Usual way.
> Remainders of the main ProActive concepts for deployment:
> - a JVM with a ProActive runtime is called: a ProActive
> RunTime (PaRT)
> - a PaRT can have its own security policy
> - a PaRT can host several Nodes at execution
> - each Node can also have its own security policy (of
> course hierarchically
> linked to its PaRT).
>
> We are not exactly sure about what you need. We believe there
> are 2 cases:
>
> 1. You want to launch a secured JVM with a given application
> or container
> in it:
> just write a Java class that uses a ProActive XML descriptor to
> specify the security policy you want. Then start your own code.
>
Not at the very moment.
> 2. You want to launch an empty secured JVM, for latter on
> starting dynamically
> and securely applications in it:
> This cannot be done directly in the current release, we
> are working on
> it.
Yes. Not neccessarily empty, but if we could run Geronimo - it will be
sufficient ;-)
> (Currently, it can be achieved but with a small ProActive program
> in the supposed to be empty PaRT.)
>
This seems to contradictonary to me. I do not understand this. Are there
examples elsewhere? You could start a JVM which is then secured (back in
time) by a loaded class? The snake biting its tail.
What I mean is: how could we handle:
java -Djava.security.manager -jar server.jar
with all consequences, you know ?
> Let us know some details about your plans and expectations, so we can
> provide effective support.
>
Because of the default (boring) java.policy and the accompanying:
grant {
permission java.security.AllPermission;
};
in many, many *.policy files (have fun with your 'grep' :) implementations.
There is at least the who-not-be-named I know of.
I am looking for an diametrical implementation.
A) The above means: "All is allowed, what not explicitely verboten is."
(Microsoft approach in the good old days of networking, the democratic way
;-)
B) Java's default is (and crippelt by the above statement in *.policy): "All
is verboten , what not explicitly allowed is." (Novell approach wrt the
above, the secure way)
I know it is necessary to have a concept and management in place to handle
B), but A) is even harder to secure, because everything may happen and one
may do not even know about. IMHO: it is more work _in_the_long_run_ to
prevent 1000 single things and their dependencies, then to make them
impossible once and track the trials and allow them.
So I am on the way to find a implementation of the bunches of millions of
papers about the java.security.manager usage and the arising (dynamic ?)
java.security permissions.
hopeless
bax
> Regards
> Arnaud
>
> hbaxmann wrote:
>
> >> Ok, let's do it the TOFU way ;-)
> >>
> >> Sorry for beeing so stupid not answering all ...
> >>
> >> The security reminds me on the good old e-speak days and the PSE
> >> (PersonalSecureEnvironment) of HP. This stuff is kind of
> alive still
> >> on the web at http://bazaar.sis.pitt.edu/. Could be an alternative
> >> for the subject, if everything else fails ...
> >>
> >> thanks a lot
> >>
> >> bax
> >>
> >>
> >
> >>>>Got it :-)
> >>>>
> >>>>The class referenced by the StartSecureNode script is
> >>>>missing.
> >>>>
> >>>>I CC the proactive list to make sure they see your
> >>>>post.
> >>>>
> >>>>thanks,
> >>>>Christophe
> >>>>
> >>>>
> >>
> >>>>>>-----Original Message-----
> >>>>>>From: hbaxmann [mailto:[EMAIL PROTECTED]
> >>>>>>Sent: mardi 1 juin 2004 21:27
> >>>>>>To: [EMAIL PROTECTED]
> >>>>>>Subject: AW: secure pot for geronimo JVM
> >>>>>>
> >>>>>>
> >>>>>>Hi Christophe,
> >>>>>>
> >>>>>>
> >>>
> >>>>>>>>Holger,
> >>>>>>>>
> >>>>>>>>ProActive is an open source project from the
> INRIA/OASIS lab,
> >>>>>>>>the source is available in the download. It is very high tech
> >>>>>>>>project that resulted research work conducted by the OASIS
> >>>>>>>>group, but the code base has been broadly deployed, and the
> >>>>>>>>software is now quite mature (see project docs)
> >>>>>>>>
> >>>
> >>>>>>
> >>>>>>It is ... as far as I could see ... beautifull :)
> >>>>>>
> >>>>>>
> >>>
> >>>>>>>>As you can imagine, this kind of project is really driven by a
> >>>>>>>>single team and CVS was not very attrative to them
> as they were
> >>>>>>>>refactoring quite a lot. SVN is what they need, so we are
> >>
> >>>>
> >>>>setting it
> >>>>
> >>
> >>>>>>>>up (does this ring any bell? :-) )
> >>>>>>>>
> >>>
> >>>>>>
> >>>>>>All of them.
> >>>>>>What is the URL?
> >>>>>>
> >>>>>>
> >>>
> >>>>>>>>Looking at security, ObjectWeb would be very happy to set-up
> >>>>>>>>collaboration on Security with Apache, and we should
> be able to
> >>>>>>>>accomodate licensing for the parts that are of common
> interest
> >>>>>>>>(change to BSD is what we have already been able to
> achieve for
> >>>>>>>>ASM and JOTM).
> >>>>>>>>
> >>>
> >>>>>>
> >>>>>>This does not solve my
> >>>>>>can-not-found-StartSecureNode-in-source-download
> >>>>>>problem, or does I not got it.
> >>>>>>
> >>>>>>I am one of these germans, you know.
> >>>>>>
> >>>>>>bax
> >>>>>>
> >>>>>>
> >>>
> >>>>>>>>Thanks,
> >>>>>>>>Christophe
> >>>>>>>>
> >>>>>>>>Christophe Ney
> >>>>>>>>Executive Director
> >>>>>>>>ObjectWeb Consortium
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>
> >>>>>>>>>>-----Original Message-----
> >>>>>>>>>>From: Holger Baxmann [mailto:[EMAIL PROTECTED]
> >>>>>>>>>>Sent: lundi 31 mai 2004 23:31
> >>>>>>>>>>To: [EMAIL PROTECTED]
> >>>>>>>>>>Subject: secure pot for geronimo JVM
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>Is anybody aware of the ProActive project?
> >>>>>>>>>>
> >>>>>>>>>>http://www-sop.inria.fr/oasis/ProActive/
> >>>>>>>>>>
> >>>>>>>>>>
> >>
> >>>>
> >>>>http://www-sop.inria.fr/oasis/ProActive/doc/api/org/objectweb/proa
> >>>>
> >>
> >>>>>>>>ctive/doc-
> >>>>>>>>files/Security.html
> >>>>>>>>
> >>>>>>>>I am on the way to evaluate it for having a secure, signed,
> >>>>>>>>non-vandalising wrapper to have a either paranoid
> >>>>>>>>SecurityManager environment or the default open-door startup
> >>>>>>>>environment for gero.
> >>>>>>>>
> >>>>>>>>Especially StartSecureNode could not be find by me in the
> >>>>>>>>(LGPLed) source downloads. AFAIK anonymous cvs is not
> available.
> >>>>>>>>
> >>>>>>>>Package names start with org.objectweb - so i was thinking ...
> >>>>>>>>
> >>>>>>>>thanks alot
> >>>>>>>>
> >>>>>>>>bax
> >>>>>>>>
> >>>>>>>>
> >>>
> >>>>>>
> >>>>>>
> >
> >>
> >>
> >>
> >>
> ---------------------------------------------------------------------
> >> ---
> >>
> >>
>
>
>
> --
>
> --------------------------------------------------------------------
> Arnaud CONTES - Projet OASIS: joint project CNRS-UNSA-INRIA
> PhD Student
> [EMAIL PROTECTED] | INRIA Sophia-Antipolis
> Tel +33 4 92 38 71 62 | 2004, Route des Lucioles
> Fax +33 4 92 38 76 44 | BP 93
> | FR-06902 Sophia-Antipolis Cedex
> --------------------------------------------------------------------
>
