Java Specification Request 321 - Java Community Process

1y ago
44 Views
3 Downloads
895.83 KB
23 Pages
Last View : 2d ago
Last Download : 2m ago
Upload by : Genevieve Webb
Transcription

SCoS Graz University of Technology - Institute for Applied Information Processing and CommunicationsJava Specification Request 321:Trusted Computing API for Java Tutorial on the Early Draft ReviewRonald Toegl, Werner KeilExpert GroupJSR-321Ronald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial1

SCoS Graz University of Technology - Institute for Applied Information Processing and CommunicationsAgendaThis is an overview of the upcoming Trusted ComputingAPI for Java. It has recently finishedearly draft review!To be released under an open source license. Java & TCLessons learned from TSSAPI DesignShort ExamplePossibilities to influence the specificationRonald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial2

SCoS Graz University of Technology - Institute for Applied Information Processing and CommunicationsGoal: Trusted Java ApplicationsJava is a natural choice for security critical software– type-safe– bounds-checking– access control checks– automated memory management– rich network and cryptographic librariesA number of use cases for Trusted Computing in Java– Grid-Computing: policy enforcement, IP protection, dataprotection– Web-Services– DRM etc.– Remote Attestation Service– PrivacyCA– TPM Management ToolsRonald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial3

SCoS Graz University of Technology - Institute for Applied Information Processing and CommunicationsNeeded: Java Standard So far there has been no standard integration of TrustedComputing in Java. JSR321 is a Java Specification Request in the JavaCommunity Process for a Trusted Computing API for theJava SE platform.It is aimed to develop a Trusted Computing API for Javaproviding selected functionality the TCG Software Stackoffers to the C world, while following the conventions ofmodern Java APIs.Ronald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial4

SCoS Graz University of Technology - Institute for Applied Information Processing and CommunicationsThe Expert Group Specification Lead: Ronald ToeglThe members of the JSR 321 Expert Group are Ronald Toegl and Peter Lipp, Institute for Applied Information Processing andCommunications (IAIK), Graz University Of Technology Nauman, Mohammad, Institute of Management Sciences, Pakistan Kenneth M. Graf, Intel Corp. Jeff Nisewanger, Sun Microsystems, Inc. Deepak Dasaratha Rao, Samsung Electronics Corporation Winkler, Thomas, University of Klagenfurt, Austria Werner Keil, Creative Arts & Technologies (Individual), Austria Gungoren, Bora, Portakal Teknoloji, TurkeyInformal members of the Expert Group are Hong, Theodore, University of CambridgeRonald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial5

SCoS Graz University of Technology - Institute for Applied Information Processing and CommunicationsA look back at the TSSRonald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial6

SCoS Graz University of Technology - Institute for Applied Information Processing and CommunicationsA look back at the TSSTCG Software Stack (TSS) is the core software component specifiedby the TCG for interaction with the TPMTSS design is provided and standardized by the TCGTSS is specified (amongst others) to––––––––supply one single (exclusive) entry point to the TPM functionalitysynchronize TPM accessTPM resource management (key slots, authorization sessions, )building of TPM commands messages according to TPM specificationmanage user secretsperform authentication protocolshandle event logProvide APIs for application programmersIt covers all operation scenarios: OS, system administration,middleware and applications.Ronald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial7

SCoS Graz University of Technology - Institute for Applied Information Processing and CommunicationsLessons Learned for Java API Design Existing TSS-based infrastructure can be used tosupport a high-level library Usability needs to be improved to lower initial thresholdfor developers Scope needs to be limited to what (Java application)developers need Reference Implementations are more than just helpful –especially as Open SourceIndeed: required in the JCP! JSR 321 is a high-level TC API for JavaRonald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial11

SCoS Graz University of Technology - Institute for Applied Information Processing and CommunicationsFiltering Functionality TPM 1.2 only Remove features needed only by the BIOS, OS, systemservice,. Many TSS functions are simply not needed in Java : Management of memory and other resources can and should be hiddenfrom application developers. Object initialization and destruction are natural features of objectoriented languages. Cryptographic primitives like hash functions are already well-supportedin the Java Cryptography Extension (JCE). Tested TSS implementations of functionality must beavailableRonald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial12

SCoS Graz University of Technology - Institute for Applied Information Processing and CommunicationsFiltering Functionality As heard JSR-104 with IAEK Graz an EG member hasjust been withdrawn. No Spec Lead The JSRs shared a few common ideas Motorola cutting back JCP involvement may haveinfluenced, too Allows IAEK to focus more on active 321! While no immediate plans exist to integrate ideas from104, people with interest there are welcome to JSR-321.Ronald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial13

SCoS Graz University of Technology - Institute for Applied Information Processing and CommunicationsMapping TSS TSP API to Java ClassesRonald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial14

SCoS Graz University of Technology - Institute for Applied Information Processing and CommunicationsPackage LayoutThe namespace assigned to JSR 321Package SummaryThis package and its sub packages providefor integration of Trusted Computing in tpmjavax.trustedcomputing.tpm.keysThis package allows to connect to a TrustedPlatform Module (TPM).This package allows the creation, storage,loading and unloading of hierarchies of TPMkeys.javax.trustedcomputing.tpm.structuresThis package contains helper classes forinteraction with various other classes fromthe javax.trustedcomputing.tpm package.javax.trustedcomputing.tpm.toolsThis package allows using various coreconcepts of Trusted Computing.Ronald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial15

SCoS Graz University of Technology - Institute for Applied Information Processing and Communicationsjavax.trustedcomputingException SummaryTrustedComputingExceptionThe default Exception used in thejavax.trustedcomputing package. The default Exception used in the javax.trustedcomputing package. It covers all unexpected behaviors on all levels of the trusted platform. This includes also the errors raised in lower layers of the TCG architecturesuch as error codes returned from the TPM, and the TSS and its sub-layers. Returns human-readable error messages and TCG compatible error codesRonald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial16

SCoS Graz University of Technology - Institute for Applied Information Processing and Communicationsjavax.trustedcomputing.tpmClass SummaryThe Context class is the centerpiece of the API. This package allows to connect toa Trusted Platform Module (TPM).TPMContextThe Context class is the centerpiece of the API. It serves as central objectfactory. All TPM-depending objects are created here.While there may exist several TPMContexts at the same time, all derivedObjects (such as keys) are only valid within one Context session instance.Interface SummaryTPMThis represents the hardware TPM and the basic functionalities it offers. It allows to querythe status and capabilities of the hardware TPM and provides access to the randomnumber generator. It also provides access to the Platform Configuration Registers (PCRs).Ronald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial17

SCoS Graz University of Technology - Institute for Applied Information Processing and Communicationsjavax.trustedcomputing.tpm.keysClass SummaryKeyManagerProvides management functionality for TPM-based cryptographic keys.Interface SummaryBindingKeyBinding keys protect data which is bound to a specific platform.IdentityKeyIdentityKeys perform signatures on data that originates within the TPM.LegacyKeyLegacyKeys are the only TPM-based keys that are allowed to perform bothsigning and encryption operations.SigningKeySigning keys sign arbitrary data.StorageKeyStorage keys wrap other keys or sealed data.StorageRootKeyThe Storage Root Key (SRK) is the highest key in the TPM key hierarchy.TPMKeyProvides common functionality for all types of TPM -based keys, as created bythe KeyManager.TPMRSAKeyProvides access to the public parts of the RSA keys used by version 1.2 TPMs.Ronald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial18

SCoS Graz University of Technology - Institute for Applied Information Processing and sClass ovides a container for SHA-1 hash values.Holds the data to be extended into PCRs, together with event information thatwill be stored in the systems Stored Measurement Log (SML).The contents of the Platform Configuration Registers (PCR) of a TPM can beused to report the configuration of a system.Provides conversion of password strings into the hashed binary formatexpected by the TPM.Holds all information necessary to validate that an operation that returns it wasproperly performed by an authentic TPM.This package contains helper classes for interaction with various other classes from thejavax.trustedcomputing.tpm package. The classes in this package are passive, i.e. do notcommunicate with the hardware TPM directly.Ronald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial19

SCoS Graz University of Technology - Institute for Applied Information Processing and s SummaryBinderProvides all services for performing the TPM-bind operation onuser data.SealerProvides all services for performing TPM SEAL on user data.SignerThis class allows to sign user data or files using a SigningKey ora LegacyKey.TickStamperAllows to read the current tick counter of the TPM and toperform time stamping operations based on it.This package allows using various core concepts of Trusted Computing. Small set of required tools. Designed to be extendible with additional features.Ronald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial20

SCoS Graz University of Technology - Institute for Applied Information Processing and CommunicationsExample:How to seal a secretImports the API declarationsThe implementation of the API isselected by specifying a specificimplementation of TPMContext.We open a connection to the TPMservices of the local platform.KeyManager and all key derivedfrom it are bound to a TPMContextRonald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial21

SCoS Graz University of Technology - Institute for Applied Information Processing and Communications.example continued.TPM Authentication secrets areeasily constructed with defaultencoding.Now we can instruct the TPM tocreate a cryptographic key with aspecific policy.We define a platform configurationas a set of PCR values.Get a Sealer tool instance.Use it to seal our little secret to thisplatform-bound key andconfiguration.Finally, close the context.Ronald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial22

SCoS Graz University of Technology - Institute for Applied Information Processing and CommunicationsJava Community Process The JCP is an process established todevelop and publish Java industrystandards. It requires a formal sequence of phases We are here2010 ? An Expert Group collaboratesin defining the standard. Written Spec Updated Written Spec Reference Implementation (RI) Technology Compatibility Kit (TCK)Ronald Toegl, Werner KeilPrinceton, September 10th, 2009RI and TCK MUST covercomplete API specification!JSR 321 Tutorial24

SCoS Graz University of Technology - Institute for Applied Information Processing and CommunicationsHow to participateGet the Draft. http://jsr321.dev.java.netRead the specifications and comment on it! jsr-321-comments@jcp.orgThe Expert Group will then discuss your contributions.Of course, you are also (more than) welcome to join as anExpert or, to provide implementations!Ronald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial25

SCoS Graz University of Technology - Institute for Applied Information Processing and CommunicationsHow to contact the Expert GroupSpec Lead:Ronald ToeglInstitute for Applied Information Processing and Communications (IAIK)Graz University of Technology, Austriaronald.toegl@iaik.tugraz.atRonald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial26

SCoS Graz University of Technology - Institute for Applied Information Processing and CommunicationsRonald Toegl, Werner KeilPrinceton, September 10th, 2009JSR 321 Tutorial27

Needed: Java Standard So far there has been no standard integration of Trusted Computing in Java. JSR321 is a Java Specification Request in the Java Community Process for a Trusted Computing API for the Java SE platform. It is aimed to develop a Trusted Computing API for Java providing selected functionality the TCG Software Stack

Related Documents:

java.io Input and output java.lang Language support java.math Arbitrary-precision numbers java.net Networking java.nio "New" (memory-mapped) I/O java.rmi Remote method invocations java.security Security support java.sql Database support java.text Internationalized formatting of text and numbers java.time Dates, time, duration, time zones, etc.

Java Version Java FAQs 2. Java Version 2.1 Used Java Version This is how you find your Java version: Start the Control Panel Java General About. 2.2 Checking Java Version Check Java version on https://www.java.com/de/download/installed.jsp. 2.3 Switching on Java Console Start Control Panel Java Advanced. The following window appears:

Class 1 - B8, B8M All Diameters 75 30 30 50 96 HRBc 223 HBC Class 2 - B8 ¾ and under 125 100 12 35 35 HRC 321 HB over ¾ to 1, incl 115 80 15 30 35 HRC 321 HB over 1 to 1¼, incl 105 65 20 35 35 HRC 321 HB over 1¼ to 1½, incla 100 50 28 45 35 HRC 321 HB Class 2 - B8M ¾ and under 110 95 15 45 35 HRC 321 HB over ¾ to 1, incl 100 80 20 45 35 .

3. _ is a software that interprets Java bytecode. a. Java virtual machine b. Java compiler c. Java debugger d. Java API 4. Which of the following is true? a. Java uses only interpreter b. Java uses only compiler. c. Java uses both interpreter and compiler. d. None of the above. 5. A Java file with

besteht aus der Java-API (Java Application Programming Interface) und der Java-VM (Java Virtual Machine). Abbildung 1: Java-Plattform Die Java-API ist eine große Sammlung von Java-Programmen, die in sog. Pakete (packages) aufgeteilt sind. Pakete sind vergleichbar mit Bibliotheken in anderen Programmiersprachen und umfassen u.a.

JAR Javadoc Java Language jar Security Others Toolkits: FX Java 2D Sound . Java Programming -Week 1. 6/25. Outline Java is. Let’s get started! The JDK The Java Sandbox . into your namespace. java.lang contains the most basic classes in the Java language. It is imported automatically, so

2 Java Applications on Oracle Database 2.1 Database Sessions Imposed on Java Applications 2-1 2.2 Execution Control of Java Applications 2-3 2.3 Java Code, Binaries, and Resources Storage 2-3 2.4 About Java Classes Loaded in the Database 2-4 2.5 Preparing Java Class Methods for Execution 2-5 2.5.1 Compiling Java Classes 2-6

Senior Jazz Combo Wild and unpredictable band of senior musicians in years 10 to 13 for whom anything goes! (Grade 5 with a focus on improvisation). Senior Vocal Group Run by 6th form students for 6th form students, this is an acappella group of mixed voices with high standards of singing. St Bartholomew’s School Orchestra (SBSO) All instrumentalists are expected to perform in the school .