SecurityManager replacement

Jump to navigation Jump to search

SecurityManager replacement

As per JEP411, SecurityManager is deprecated for removal as of Java 17. However, robocode (before Tank Royale) is fully dependent on SecurityManager in order to ensure fairness. Unfortunately, there are no official alternative to SecurityManager, which left us only three options:

  1. Stick to Java <=17, which may be the last LTS version with SecurityManager support.
  2. Switch to Tank Royale, and develop some container based security (which is platform dependent, unfortunately).
  3. Find alternatives to SecurityManager, which can be used in both original robocode and robocode Tank Royale. SecurityManager alternatives can be used as pure Java sandbox solution for Tank Royale, which is cross-platform.
Xor (talk)11:19, 7 July 2022

Good news: Java 9 Modules have complete support for encapsulation, which can be used as a shallow sandbox mechanism. Direct and reflective access to public members of non-exported packages are forbidden by the language, making robocode engine potentially safe from attacks. Custom ClassLoaders can be used to forbid or replace certain risky java APIs. File & network access can be further restricted by creating dedicated user, and Linux systems can take advantage of chroot & cgroup for enhanced control over resources.

By taking advantage of multiple layers of security countermeasures, we can achieve even safer & fairer environments for robocode competitions.

Xor (talk)16:44, 7 July 2022
 

How comes that User:FlemmingLarsen kept the Tank Royale announcement outside of this Wiki? I think it seems to be the clear direction for a switch. It would be nice to have a bridge for legacy bots to run to avoid loss of historical stats. But the use of standard coordinate alone would justify the switch for me :) Also we would need a new rumble logic to be done.

I also get tired of java where a lot of high level math libraries need to be reinvented. I would love to see what is possible if we do not have to build our own implementation of machine learning tools.

We might get new flock of people if a python API is available.

Beaming (talk)03:54, 8 July 2022

You do not have permission to edit this page, for the following reasons:

  • The action you have requested is limited to users in the group: Users.
  • You must confirm your email address before editing pages. Please set and validate your email address through your user preferences.

You can view and copy the source of this page.

Return to Thread:User talk:Xor/SecurityManager replacement/reply (3).

 

Tank Royale definitely sounds exciting. I feel like we would get a lot of new people if people could use more than just Java. I haven't looked at the technical details of Tank Royale but WASM sounds like a secure environment and a variety of languages can be compiled to it.

Dsekercioglu (talk)09:54, 8 July 2022

WASM is a great idea, we could keep a list of supported languages, where Java can use existing JVM sandbox, and C++ & Javascript into WASM. Not sure how Python can be adequately supported in this mode though, popular frameworks such as Numpy, Tensorflow & Pytorch are all not fully Python.

Update: Pyodide is a full WASM CPython implementation with Numpy support, which can be a good starting point.

Xor (talk)12:22, 8 July 2022