Where can we find more information about the JDK stack-introspection-based security mechanism?
Some useful sites include:
How should we approach part 1?
You should place all server components in one directory, and all client components in a second directory.
This will allow you to create separate policy files for the client and server, so that they will not both
necessarily have the same access policies.
To satisfy the requirements, you should insert doPrivileged and checkPermission in the appropriate places in the server
source code. Grant the corresponding permissions in the appropriate policy file.
How should we approach part 2?
Note that for part 2 you do not need to rely on any features of Java itself (and in particular, you do not need to use any of the mechanisms explained in the links above). Instead, you will be implementing a form of access control yourself.
For the purposes of the implementation for this project, there is little practical difference between ACLs and capabilities (since in either case you are enforcing access control for a set of files in a single directory).
Also, for the context of this project, you can think of capabilities in terms of what we called in class "directories": namely, access rights indexed by subject rather than by object.
When you answer the question of which method would be more appropriate, you should be thinking in terms of a larger system where there might be multiple classes (with multiple TAs and projects) each trying to enforce this level of access control.
Note that there is still a small difference between ACLs and capabilities in terms of how the underlying access rights are represented, stored, and checked.
To implement either ACLs or capabilities, you may either use a static (text) file which contains an appropriate list of rights (that you define), or you may define a new class which handles the checking of access permissions. In either case, your solution
must be such that access permissions can be changed without modifying any client/server source code. (You will have to modify the source code initially to get it to work, but once you do that future changes of the permissions should not require any further changes to the source code.)
Explain your design in the document accompanying your submission.
Which TAs are supposed to grade which projects?
For simplicity, assume there are two TAs (TA1 and TA2) and four projects (proj1, proj2, proj3, proj4), and that TA1 grades all odd-numbered projects while TA2 grades all even-numbered projects.
What should be displayed for data which is not supposed to be shown?
You can leave it blank or put a "*".
Can we implement access control using if/else statements in the source code?
You will of course have to use if/else statements in your source code (the previous answer was to a specific student's question regarding their particular use of if/else statements). The point to keep in mind, however, is that your solution must be extensible (in particular, it should allow someone to easily add new TAs/projects with any desired name) without requiring you to re-compile or change the source code of either the client or server.
Do we need to assign passwords for this assignment?
For this assignment you do not need to worry about authentication.
You are only to worry about access control under the assumption that users are already authenticated upon login.
What is "gradesheet" in java.lang.RuntimePermission "gradesheet.server"?
"gradesheet.server" is just a name of the permission used by the server. It
can be "permission1" or anything else. Don't be confused into thinking that
there is a class "gradesheet".
My client applet is throwing lots of "awt" exceptions
You don't need to worry about client applet exceptions as long as the
program works.
How can I figure out which permissions I need to grant?
First, you can think of necessary permissions for the homework
situation. For example, in order for client and server to communicate using a
socket, you need to grant permissions for the socket to the client and the
server. Also, ServerStub needs permissions which are checked by the
Server.
Generally,
by looking at the error messages following execution of the code, you
will see which permissions are necessary and can then add those permission to your
policy file.
How granular can we make a codebase?
Codebases refer to
directories rather than individual files. It is easy to make a policy
file that provides too many privileges. Use an appropriate directory
structure and try your best to follow the "Principle of Least
Privilege" (as discussed in class). If you cannot exactly satisfy the
requirements of the first part of the homework, discuss why you cannot
(as well as any limitations of the Java security mechanism) in your
explanatory document file.
Can you give more hints about the structure of codebases/classpaths we should use?
Remember that codebases and classpaths refer to the parent directory of all
package directories. For example, when you compile a class of server
packages, you give a classpath of the directory where the server directory
and server.jar are located. Also, class files of the server package appear as
/server/A.class for a class A in the server package. Similarly,
when you have a class B in package C, its name is C.B and it appears as
the file C/B.class. Permissions for the class B should be in the codebase of
the parent directory of C.
Use an appropriate directory structure so that you do not give identical permissions to both
server and client.
What do principal names look like?
You can assume that the IDs entered into the Login dialog box are as
follows:
- professor to denote the principal that we call a
professor
- ta1, ta2, etc. to denote the teaching assistants.
- 6-digit ID numbers will be used to denote students.
Specify any other assumptions you make in your README file.
Where can we specify any assumptions we make?
Specify any and all assumptions you make (i.e., other than those in the homework description) in your README file.
How should we decide which access control mechanism to use?
Understand the differences between capabilities and ACLs, and the relative advantages and disadvantages of each. Also, think about which one would fit well within the system described in the homework
in terms of updating, efficiency, revocation and so on.