Security Policies heading-link-icon

Corda security policies are based on Conditional Permissions of the OSGi security model. The following predefined security profiles are available:

  • high_security.policy — a high-security policy that prevents the most critical security risks and additionally prevents access to files, the network, and reflection. This is the default policy.
  • basic_security.policy — a basic security policy that prevents only the most critical security risks.
  • medium_security.policy — a medium security policy that prevents the most critical security risks and additionally prevents access to files and the network.

Corda applies the strictest policy, high_security.policy, by default. You can override this by specifying a policy in the corda.security section using dynamic configuration. You can copy one of the predefined policies or customize one for your organization’s specific needs.

Policies can have ALLOW and DENY access blocks that represent a string encoded ConditionalPermissionInfo. A block at a higher position has a higher priority. Each block starts with conditions that must be satisfied in order to apply that block. Next, the block lists a set of permissions that are either allowed or denied based on the block type. The basic syntax is:

policy      ::= access '{' conditions permissions '}' name?
access      ::= 'ALLOW' | 'DENY'       // case insensitive 
conditions  ::= ( '[' qname quoted-string* ']' )*
permissions ::= ( '(' qname (quoted-string quoted-string?)? ')' )+
name        ::= quoted-string

The following snippet shows an example of a deny-access block for the flow sandbox An execution environment within a JVM process that provides isolation for a CorDapp. It shields it from outside threats but it also restricts what it can do so that running potentially dangerous code cannot harm others. :

DENY {
[org.osgi.service.condpermadmin.BundleLocationCondition "FLOW/*"]

(java.io.FilePermission "<<ALL FILES>>" "read,write,delete,execute,readLink")
(java.lang.RuntimePermission "getFileSystemAttributes" "")
(java.lang.RuntimePermission "readFileDescriptor" "")
(java.lang.RuntimePermission "writeFileDescriptor" "")
(java.net.SocketPermission "*:1−" "accept,listen,connect,resolve")
(java.net.URLPermission "http://*:*" "*:*")
(java.net.URLPermission "https://*:*" "*:*")
(java.lang.RuntimePermission "accessDeclaredMembers" "")
(java.lang.reflect.ReflectPermission "suppressAccessChecks" "")
(java.lang.reflect.ReflectPermission "newProxyInPackage.*" "")

} "High security profile for FLOW Sandbox"

For more information about JDK permissions, see the Oracle documentation.

Was this page helpful?

Thanks for your feedback!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.

We're sorry this page wasn't helpful. Let us know how we can make it better!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Create an issue

Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.