SecurityManager replacement

Jump to navigation Jump to search

SecurityManager replacement

As per JEP411, SecurityManager is deprecated for removal as of Java 17. However, robocode (before Tank Royale) is fully dependent on SecurityManager in order to ensure fairness. Unfortunately, there are no official alternative to SecurityManager, which left us only three options:

  1. Stick to Java <=17, which may be the last LTS version with SecurityManager support.
  2. Switch to Tank Royale, and develop some container based security (which is platform dependent, unfortunately).
  3. Find alternatives to SecurityManager, which can be used in both original robocode and robocode Tank Royale. SecurityManager alternatives can be used as pure Java sandbox solution for Tank Royale, which is cross-platform.
Xor (talk)11:19, 7 July 2022

Good news: Java 9 Modules have complete support for encapsulation, which can be used as a shallow sandbox mechanism. Direct and reflective access to public members of non-exported packages are forbidden by the language, making robocode engine potentially safe from attacks. Custom ClassLoaders can be used to forbid or replace certain risky java APIs. File & network access can be further restricted by creating dedicated user, and Linux systems can take advantage of chroot & cgroup for enhanced control over resources.

By taking advantage of multiple layers of security countermeasures, we can achieve even safer & fairer environments for robocode competitions.

Xor (talk)16:44, 7 July 2022
 

You do not have permission to edit this page, for the following reasons:

  • The action you have requested is limited to users in the group: Users.
  • You must confirm your email address before editing pages. Please set and validate your email address through your user preferences.

You can view and copy the source of this page.

Return to Thread:User talk:Xor/SecurityManager replacement/reply (2).

Tank Royale is very exciting in allowing Python & C++, since a lot of us are tired optimizing Java code to make it more C.

However, Python & C++ are not as platform independent as Java, so in order to build a rumble ranking that everyone can run on their own, we must find some solutions. This could be the long term choice anyway.

In the short term, Security Manager is still there, and sticking to Java <=17 isn’t very bad as a lot of companies are still using Java 8. We have plenty of time to develop our own sandbox solutions, which is still useful for Tank Royale.

Xor (talk)08:11, 8 July 2022
 

Tank Royale definitely sounds exciting. I feel like we would get a lot of new people if people could use more than just Java. I haven't looked at the technical details of Tank Royale but WASM sounds like a secure environment and a variety of languages can be compiled to it.

Dsekercioglu (talk)09:54, 8 July 2022

WASM is a great idea, we could keep a list of supported languages, where Java can use existing JVM sandbox, and C++ & Javascript into WASM. Not sure how Python can be adequately supported in this mode though, popular frameworks such as Numpy, Tensorflow & Pytorch are all not fully Python.

Update: Pyodide is a full WASM CPython implementation with Numpy support, which can be a good starting point.

Xor (talk)12:22, 8 July 2022