DOCSLIB.ORG

Evaluating the Flexibility of the Java Sandbox

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Evaluating the Flexibility of the Java Sandbox Zack Coker, Michael Maass, Tianyuan Ding, Claire Le Goues, and Joshua Sunshine Carnegie Mellon University {zfc,mmaass}@cs.cmu.edu, [email protected], {clegoues,sunshine}@cs.cmu.edu ABSTRACT should protect both the host application and machine from The ubiquitously-installed Java Runtime Environment (JRE) malicious behavior. In practice, these security mechanisms provides a complex, flexible set of mechanisms that support are problematically buggy such that Java malware is often the execution of untrusted code inside a secure sandbox. able to alter the sandbox's settings [4] to override security However, many recent exploits have successfully escaped the mechanisms. Such exploits take advantage of defects in either sandbox, allowing attackers to infect numerous Java hosts. the JRE itself or the application's sandbox configuration to We hypothesize that the Java security model affords devel- disable the security manager, the component of the sandbox opers more flexibility than they need or use in practice, and responsible for enforcing the security policy [5, 6, 7, 8]. thus its complexity compromises security without improving In this paper, we investigate this disconnect between theory practical functionality. We describe an empirical study of the and practice. We hypothesize that it results primarily from ways benign open-source Java applications use and interact unnecessary complexity and flexibility in the design and with the Java security manager. We found that developers engineering of Java's security mechanisms. For example, regularly misunderstand or misuse Java security mechanisms, applications are allowed to change the security manager at that benign programs do not use all of the vast flexibility runtime, whereas static-only configuration of the manager afforded by the Java security model, and that there are clear would be more secure. The JRE also provides a number of differences between the ways benign and exploit programs security permissions that are so powerful that a sandbox that interact with the security manager. We validate these results enforces any of them cannot be secure. We hypothesize that by deriving two restrictions on application behavior that benign applications do not need all of this power, and that restrict (1) security manager modifications and (2) privilege they interact with the security manager in ways that are escalation. We demonstrate that enforcing these rules at measurably different from exploits. If true, these differences runtime stop a representative proportion of modern Java can be leveraged to improve the overall security of Java 7 exploits without breaking backwards compatibility with applications, and prevent future attacks. benign applications. These practical rules should be enforced To validate these insights, we conducted an empirical study in the JRE to fortify the Java sandbox. to answer the question: How do benign applications interact with the Java security manager? We studied and character- ized those interactions in 36 open-source Java projects that 1. INTRODUCTION use the security manager, taken from the Qualitas Corpus There are three broad reasons that Java is such a popular [9] and GitHub. target for attackers. First, the Java Runtime Environment We discovered two types of security managers in practice. (JRE) is widely installed on user endpoints. Second, the Defenseless managers enforce a policy that allows sandboxed JRE can and often does execute external code, in the form of code to modify sandbox settings. Such applications are inher- applets and Java Web Start (JWS) applications [1, 2]. Finally, ently insecure, because externally-loaded malicious code can there are hundreds of known and zero-day vulnerabilities [3] modify or disable the security manager. We found defense- in Java. In the common scenario, often referred to as a less managers in use by applications that modified sandbox \drive-by download," attackers lure users to a website that settings at runtime, typically as workarounds to using more contains a hidden applet to exploit JRE vulnerabilities. complicated (but more correct) security mechanisms or to en- In theory, such attacks should not be so common: Java force policies or implement functionality unrelated to security. provides a sandbox to enable the safe execution of untrusted We believe that such applications use the sandbox to imple- code and to isolate components from one another. This ment certain non-security requirements because Java does not provide better mechanisms for doing so. The sandbox is Permission to make digital or hard copies of all or part of this work for personal or not intended to be used this way, and these use cases both classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation reduce security in practice and limit the potential exploit on the first page. Copyrights for components of this work owned by others than the mitigations that are backwards compatible with benign appli- author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or cations. On the other hand, applications with self-protecting republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]. managers do not allow sandboxed code to modify security ACSAC ’15, December 07 - 11, 2015, Los Angeles, CA, USA settings. It might still be possible to exploit such applications c 2015 Copyright held by the owner/author(s). Publication rights licensed to ACM. due to defects in the JRE code that enforces security policies, ISBN 978-1-4503-3682-6/15/12. $15.00 but not due to poorly-deployed local security settings. DOI: http://dx.doi.org/10.1145/2818000.2818003 We found that software that uses the sandbox as intended| Class Loader Loads classes for protection from malicious external code|does not use its Defines a class's... vast flexibility. For these applications, the flexibility decreases Indicates where code originates their security without obviously benefiting the developers or Code Source application functionality. In fact, we found and reported a Associates a class with a... security vulnerability related to the sandbox in one of the Protection Domain Partitions program components by security level applications under study. Contains a set of... We propose two runtime rules that restrict the flexibility of Permissions Enables specific operations (e.g., write to file, connect to the sandbox and fortify Java against the two most common server, etc.) modern attack types without breaking backwards compat- Defined in a... ibility in practice. We evaluate our rules with respect to Policy Defines what a codebase is allowed to do their ability to guard against ten applets in a popular exploit development and delivery framework, Metasploit 4.10.01, Enforced by... that successfully attack unpatched versions of Java 7. Taken Security Manager Acts as the gateway to policy enforcement together, the rules stopped all ten exploits and did not break 1 backwards-compatibility when tested against a corpus of be- Figure 1: High-level summary of the Java sandbox. nign applications. We are engaged in an ongoing discussion on the OpenJDK security-dev mailing list about implement- ing runtime enforcement of these rules in the JVM itself. actions are disallowed. Policies written in the Java policy The contributions of this papers are as follows: language [11] define permission sets and their associated code • A study of open-source applications' interactions with the sources. By default, all classes not loaded from the local file security manager (Section 4). We identify open-source system are run within a restrictive sandbox that restricts applications that enforce constraints on sub-components their ability to interact with the host application or machine. via the Java sandbox, as well as unconventional behaviors The sandbox is activated by setting a security manager, that indicate usability and security problems that the Java which acts as the gateway between the sandbox and the rest security model can be improved to mitigate. of the application. Whenever a sandboxed class attempts to • An enumeration of Java permissions that make security execute a method with security implications, that method policies difficult to enforce (Section 2.2), a discussion of queries the security manager to determine if the operation real-world cases where these permissions are used (Sec- should be permitted. To perform a permission check, the tions 4.3 and 4.4), and a sandbox-bypassing exploit for a security manager walks the call stack to ensure each class in popular open-source application made vulnerable due to the current stack frame has the specific permission needed 2 their use (Section 4.4). to perform the action. • Two novel rules for distinguishing between benign and Missing checks in code that should be protected are a malicious Java programs, validated empirically (Section 5). common source of Java vulnerabilities, because the security- • A discussion of tactics for practically implementing the critical code must initiate the check. Note that such vulner- rules, with a case for direct JVM adoption (Section 5.1). abilities lie in the JRE itself (i.e., the code written by the Java developers), not in code using the sandbox to execute We begin by discussing necessary background on the Java untrusted code. sandbox and exploits (Section 2). We present the methodol- ogy and dataset for our empirical study in Section 3. The 2.2 Defenseless vs. self-protecting managers results of the study are discussed in Section 4, leading to our Java is flexible about when the sandbox is enabled, config- rules which are defined and evaluated in Section 5. Finally, ured, and reconfigured. The default case for web applets and we discuss limitations, cover related work, and conclude in applications that use Java Web Start is to set what we call a Sections 6, 7, and 8 respectively.
Recommended publications
  • A Java Security Scanner for Eclipse

    A Java Security Scanner for Eclipse

    Colby College Digital Commons @ Colby Honors Theses Student Research 2005 JeSS – a Java Security Scanner for Eclipse Russell Spitler Colby College Follow this and additional works at: https://digitalcommons.colby.edu/honorstheses Part of the Databases and Information Systems Commons, Other Computer Engineering Commons, Programming Languages and Compilers Commons, and the Systems Architecture Commons Colby College theses are protected by copyright. They may be viewed or downloaded from this site for the purposes of research and scholarship. Reproduction or distribution for commercial purposes is prohibited without written permission of the author. Recommended Citation Spitler, Russell, "JeSS – a Java Security Scanner for Eclipse" (2005). Honors Theses. Paper 567. https://digitalcommons.colby.edu/honorstheses/567 This Honors Thesis (Open Access) is brought to you for free and open access by the Student Research at Digital Commons @ Colby. It has been accepted for inclusion in Honors Theses by an authorized administrator of Digital Commons @ Colby. JeSS – a Java Security Scanner for Eclipse Russell Spitler Senior Honors Thesis Spring 2005 Colby College Department of Computer Science Advisor: Dale Skrien Contents Chapter 1 Introduction 1 Chapter 2 Secure Coding and Java Security 2.1 – Secure Coding 3 2.2 – Java Security 7 Chapter 3 Java Security Holes 3.1 – Don’t depend on initialization 13 3.2 – Make everything final 14 3.3 – Make your code unserializable and undeserializable 16 3.4 – Make your class non-Cloneable 19 3.5 – Don’t rely on
  • Using Findbugs in Anger

    Using Findbugs in Anger

    Making Static Analysis Part Of Your Build Process William Pugh Professor, Univ. of Maryland Visiting Scientist, Google Learn how to effectively use FindBugs on large software projects (100,000+ lines of code), and make effective use of the limited time you can schedule/afford for static analysis 2 Agenda FindBugs and static analysis Using FindBugs effectively Running FindBugs Scaling up FindBugs Historical Bug results 3 Static Analysis Analyzes your program without executing it Doesn’t depend on having good test cases • or even any test cases Doesn’t know what your software is supposed to do • Looks for violations of reasonable programming practices • Shouldn’t throw NPE • All statements should be reachable • Shouldn’t allow SQL injection Not a replacement for testing • Very good at finding problems on untested paths • But many defects can’t be found with static analysis 4 Common (Incorrect) Wisdom about Bugs and Static Analysis Programmers are smart Smart people don’t make dumb mistakes We have good techniques (e.g., unit testing, pair programming, code inspections) for finding bugs early I tried lint and it sucked: lots of warnings, few real issues So, bugs remaining in production code must be subtle, and finding them must require sophisticated static analysis techniques 5 Can You Find The Bug? if (listeners == null) listeners.remove(listener); JDK1.6.0, b105, sun.awt.x11.XMSelection • lines 243-244 6 Why Do Bugs Occur? Nobody is perfect Common types of errors: • Misunderstood language features, API methods • Typos (using wrong boolean
  • Rich Internet Applications for the Enterprise

    Rich Internet Applications for the Enterprise

    Final Thesis Rich Internet Applications for the Enterprise A comparative study of WebWork and Java Web Start by Emil Jönsson LITH-IDA-EX–07/063–SE 2007-12-07 Linköping University Department of Computer and Information Science Final Thesis Rich Internet Applications for the Enterprise A comparative study of WebWork and Java Web Start by Emil Jönsson LITH-IDA-EX–07/063–SE Supervisors: Valérie Viale Amadeus Philippe Larosa Amadeus Examiner: Kristian Sandahl Department of Computer and Information Science Linköping University Abstract Web applications initially became popular much thanks to low deployment costs and programming simplicity. However, as business requirements grow more complex, limitations in the web programming model might become evident. With the advent of techniques such as AJAX, the bar has been raised for what users have come to expect from web applications. To successfully implement a large-scale web application, software developers need to have knowledge of a big set of complementary technologies. This thesis highlights some of the current problems with the web programming model and discusses how using desktop technologies can improve the user experience. The foundation of the thesis is an implementation of a prototype of a central hotel property management system using web technologies. These technologies have then been compared to an alternative set of technologies, which were used for implementing a second prototype; a stand-alone desktop client distributed using Java Web Start. Keywords: web development, Rich Internet Applications, WebWork, Java Web Start, Property Management System, hospitality software Acknowledgements First I would like to thank Amadeus for giving me the opportunity to do an internship at their development site in Sophia Antipolis.
  • Towards Our Development Environment

    Towards Our Development Environment

    Euclid Consortium Towards our development environment 2012, Dec. 4th SDC meeting 1 Euclid External constraints Consortium ● CODEEN (Redmine and http://apceucliddev.in2p3.fr/jenkins/) ● Common tools – Python / C++ – Jira – Eclipse – Sonar – Subversion – Doxygen – Xunit – Goolge talk – Maven – Redmine – Nexus – Adobe Connect – Jenkins 2012, Dec. 4th SDC meeting 2 Euclid Language and architecture Consortium ● Language: Python (C, C++) ● Central svn repository (http://euclid.esac.esa.int/svn/EC/SGS/) ● IDE: Eclipse + PyDev ● Software architecture and packaging – Model the testbed, data trains and taker Gaia concepts – Separate the data handling and algorithmic programming – Data model, Framework, Algo (projects? Modules?) ● Study flexible solutions for – local development, testing and survey data analysis – integration into the IAL – distributing the software? 2012, Dec. 4th SDC meeting 3 Euclid Data model and data handling Consortium ● Data model: first version as XML schema on SVN – PyXB for automatic Python code generation ● Framework with data handling, loading data from – ASCII files : SciPy (loadtxt) – Database : SQLAlchemy ORM – FITS files : PyFits ● Panda : large table ● Pickle : object serialization 2012, Dec. 4th SDC meeting 4 Euclid Dependencies and building managementConsortium ● Nexus, Ivy and Ant used in Gaia ● Maven - Nexus is proposed, is it too Java oriented? – Difference between Ant and Maven? ● How can we used the Python “setup” files ● Hubert proposals – http://zero-install.sourceforge.net/ – http://www.cmake.org/ ● Solution for – local software development and usage – distribution 2012, Dec. 4th SDC meeting 5 Euclid Configuration, testing and doc Consortium ● Solution for handling configuration – model the Gaia XML based solution? (Java “properties” thread unsafe) – Python solution? Init? ● Testing set up and conventions – xUnit and PyUnit? ● Javadoc as an example (look up in Eclipse, automatic doc generation) – Doxygen 2012, Dec.
  • Technologies We Use IT Project Management

    Technologies We Use IT Project Management

    SolDevelo Sp. z o.o. is a dynamic software development and information technology outsourcing company, focused on delivering high quality software and innovative solutions. Our approach is a unique mix of highly experienced development team, client-oriented service and passion for IT. This guarantees projects to be completed on time, with the superior quality and precisely the way client imagined it. IT Project Management Requirements Specification Architecture Implementation Detailed Design Testing Integration Validation Maintenance Technologies We Use Software development and Integration Ý Application Servers Languages Web Servers Glassfish, JBOSS, Geronimo Java/JEE, Python, C#/.NET Nginx, Apache HTTP Android, PHP, Objective-C, Swift, Ruby Frameworks Web Technologies Database Environments Hibernate, Datanucleus, J2EE, PHP, XML, JavaScript, Oracle, SQL, PL/SQL, MySQL, OSGi, Spring Integration, SOAP, WSDL, RichFaces, PostgreSQL, HSQLDB, CouchDB, Quartz, Spring Batch, jQuery, JSP, JSF, AJAX, (S)CSS, SQLite3, Hypersonic Android Designer, LESS, XHTML, ASP.NET, Robotium, JBoss Seam Node.js Mobile Technologies Servlet Containers Android, iOS Tomcat, Jetty Web Frameworks AngularJS, Django, Spring WebFlow, Bootstrap, Zend, Ə CMS ǡ Business Intelligence Symfony, Express, Ruby on Rails Drupal, Wordpress, Joomla! DHIS2, Tableau 01 Competence Map Tools we use IDE Wiki < Knowledge Sharing IntelliJ IDEA, Eclipse, Android Confluence, Assembla Wiki, Trac Studio, Xcode, PHPStorm Project Methodology Issue/Bug Tracking Agile/Scrum JIRA, Assembla,
  • Eu-19-Zhang-New-Exploit-Technique

    Eu-19-Zhang-New-Exploit-Technique

    New Exploit Technique In Java Deserialization Attack • Yang Zhang • Yongtao Wang Keyi Li “在此键⼊引⽂。• ” • Kunzhe Chai –Johnny Appleseed New Exploit Technique In Java Deserialization Attack Back2Zero Team BCM Social Corp. BCM Social Group Who are we? Yang Zhang(Lucas) • Founder of Back2Zero Team & Leader of Security Research Department in BCM Social Corp. • Focus on Application Security, Cloud Security, Penetration Testing. • Spoke at various security conferences such as CanSecWest, POC, ZeroNights. Keyi Li(Kevin) • Master degree majoring in Cyber Security at Syracuse University. • Co-founder of Back2Zero team and core member of n0tr00t security team. • Internationally renowned security conference speaker. –Johnny Appleseed Who are we? Yongtao Wang • Co-founder of PegasusTeam and Leader of Red Team in BCM Social Corp. • Specializes in penetration testing and wireless security. • Blackhat, Codeblue, POC, Kcon, etc. Conference speaker. Kunzhe Chai(Anthony) • Founder of PegasusTeam and Chief Information Security Officer in BCM Social Corp. • Author of the well-known security tool MDK4. • Maker of China's first Wireless Security Defense Product Standard and he also is the world's first inventor of Fake Base Stations defense technology–Johnny Appleseed Agenda • Introduction to Java Deserialization • Well-Known Defense Solutions • Critical vulnerabilities in Java • URLConnection • JDBC • New exploit for Java Deserialization • Takeaways 2015: Chris Frohoff and Gabriel Lawrence presented their research into Java object deserialization vulnerabilities ultimately resulting in what can be readily described as the biggest wave of RCE bugs in Java history. Introduction to Java Deserialization Java Deserialization Serialization • The process of converting a Java object into stream of bytes. Databases Deserialization Serialization • A reverse process of creating a Java object from stream of bytes.
  • Apache Harmony Project Tim Ellison Geir Magnusson Jr

    Apache Harmony Project Tim Ellison Geir Magnusson Jr

    The Apache Harmony Project Tim Ellison Geir Magnusson Jr. Apache Harmony Project http://harmony.apache.org TS-7820 2007 JavaOneSM Conference | Session TS-7820 | Goal of This Talk In the next 45 minutes you will... Learn about the motivations, current status, and future plans of the Apache Harmony project 2007 JavaOneSM Conference | Session TS-7820 | 2 Agenda Project History Development Model Modularity VM Interface How Are We Doing? Relevance in the Age of OpenJDK Summary 2007 JavaOneSM Conference | Session TS-7820 | 3 Agenda Project History Development Model Modularity VM Interface How Are We Doing? Relevance in the Age of OpenJDK Summary 2007 JavaOneSM Conference | Session TS-7820 | 4 Apache Harmony In the Beginning May 2005—founded in the Apache Incubator Primary Goals 1. Compatible, independent implementation of Java™ Platform, Standard Edition (Java SE platform) under the Apache License 2. Community-developed, modular architecture allowing sharing and independent innovation 3. Protect IP rights of ecosystem 2007 JavaOneSM Conference | Session TS-7820 | 5 Apache Harmony Early history: 2005 Broad community discussion • Technical issues • Legal and IP issues • Project governance issues Goal: Consolidation and Consensus 2007 JavaOneSM Conference | Session TS-7820 | 6 Early History Early history: 2005/2006 Initial Code Contributions • Three Virtual machines ● JCHEVM, BootVM, DRLVM • Class Libraries ● Core classes, VM interface, test cases ● Security, beans, regex, Swing, AWT ● RMI and math 2007 JavaOneSM Conference | Session TS-7820 |
  • Java Security, 2Nd Edition

    Java Security, 2Nd Edition

    Table of Contents Preface..................................................................................................................................................................1 Who Should Read This Book?.................................................................................................................1 Versions Used in This Book....................................................................................................................2 Conventions Used in This Book..............................................................................................................2 Organization of This Book.......................................................................................................................3 What's New in This Edition.....................................................................................................................5 How to Contact Us...................................................................................................................................5 Acknowledgments....................................................................................................................................6 Feedback for the Author..........................................................................................................................6 Chapter 1. Java Application Security...............................................................................................................7 1.1 What Is Security?...............................................................................................................................7
  • Migrating from Java Applets to Plugin-Free Java Technologies

    Migrating from Java Applets to Plugin-Free Java Technologies

    Migrating from Java Applets to plugin-free Java technologies An Oracle White Paper January, 2016 Migrating from Java Applets to plugin-free Java technologies Migrating from Java Applets to plugin-free Java technologies Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Migrating from Java Applets to plugin-free Java technologies Executive Overview ........................................................................... 4 Browser Plugin Perspectives ............................................................. 4 Java Web Start .................................................................................. 5 Alternatives ....................................................................................... 6 Native Windows/OS X/Linux Installers ........................................... 6 Inverted Browser Control ............................................................... 7 Detecting Applets .............................................................................. 7 Migrating from Java Applets to plugin-free Java technologies Executive Overview With modern browser vendors working to restrict or reduce the support of plugins like
  • Java(8$ Andrew$Binstock,$Editor$In$Chief,$Dr.Dobbs$

    Java(8$ Andrew$Binstock,$Editor$In$Chief,$Dr.Dobbs$

    Java$Update$and$Roadmap$ November(2014( Tomas$Nilsson$ Senior$Principal$Product$Manager$ Java$SE$ Copyright$©$2014,$Oracle$and/or$its$affiliates.$All$rights$reserved.$$|$ Safe$Harbor$Statement$ The$following$is$intended$to$outline$our$general$product$direcNon.$It$is$intended$for$ informaNon$purposes$only,$and$may$not$be$incorporated$into$any$contract.$It$is$not$a$ commitment$to$deliver$any$material,$code,$or$funcNonality,$and$should$not$be$relied$upon$ in$making$purchasing$decisions.$The$development,$release,$and$Nming$of$any$features$or$ funcNonality$described$for$Oracle’s$products$remains$at$the$sole$discreNon$of$Oracle.$ Copyright$©$2014,$Oracle$and/or$its$affiliates.$All$rights$reserved.$$|$ Agenda$ 1( Oracle$and$Java$ 2( Java$SE$8$Overview$ 3( Java$SE$9$and$Beyond$ Copyright$©$2014,$Oracle$and/or$its$affiliates.$All$rights$reserved.$$|$ 1( Oracle$and$Java$ 2( Java$SE$8$Overview$ 3( Roadmap$ Copyright$©$2014,$Oracle$and/or$its$affiliates.$All$rights$reserved.$$|$ Oracle$and$Java$ • Oracle$has$used$Java$since$the$beginning$of$Nme$(eg$1990s)$ • Acquired$JAVA$(Sun$Microsystems)$in$2010,$including$Java$IP,$trademarks$ • Embraced$OpenJDK,$open$community,$open$JCP$ – Welcomed$IBM,$Apple,$SAP,$ARM,$AMD,$Intel,$Twi\er,$Goldman$Sachs,$Microso^$and$many$others$ – Made$OpenJDK$official$Java$SE$reference$implementaNon$ – Ongoing$move$towards$open$development,$governance,$transparency$ • JDK$development:$Oracle$and$community$ – Oracle$focus$on$modernizaNon,$security,$big$Ncket$R&D$and$commercial$value$to$Oracle$ – Community$contributes$based$on$interest$and$ability,$examples:$
  • Openjdk 8 Getting Started with Openjdk 8 Legal Notice

    Openjdk 8 Getting Started with Openjdk 8 Legal Notice

    OpenJDK 8 Getting started with OpenJDK 8 Last Updated: 2021-07-21 OpenJDK 8 Getting started with OpenJDK 8 Legal Notice Copyright © 2021 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project. The OpenStack ® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission.
  • Manual De Freeplane

    Manual De Freeplane

    Manual de Freeplane – Luis Javier González Caballero [email protected] 31 de enero de 2019 Acerca del autor Luis Javier González Caballero es un Técnico en Informática con amplia experiencia en soporte a usuarios. Ha realizado algu- nos trabajos de programación, fundamentalmente en Python. Es Ingeniero Técnico Industrial por la Universidad de León e Inge- niero en Informática por la Universidad de Educación Nacional a Distancia. Es una persona activa con una gran capacidad de aprendizaje, lo que le permite ponerse al día rápidamente en los proyectos en los que se involucra. Aparte de su carrera profesional colabora con numerosas orga- nizaciones sin ánimo de lucro y proyectos libres y es amante de los animales. Vive en León, una pequeña ciudad en el noroeste de España con su familia. [email protected] 1 Índice general I Freeplane básico8 1. Mapas mentales 9 1.1. Introducción............................................9 1.2. La sociedad de la información..................................9 1.3. El cerebro............................................. 10 1.4. Procesando la información.................................... 11 1.5. Elaboración de los mapas mentales............................... 11 1.6. Ejemplos............................................. 12 1.6.1. Mapas al estilo de Tony Buzan............................. 12 1.6.2. Mapa de Gestión..................................... 13 1.6.3. Mapa circular....................................... 15 2. Comenzando con Freeplane 17 2.1. Instalación............................................ 17 2.2. La ventana de la aplicación................................... 17 2.3. Creando el primer mapa..................................... 19 2.4. Uso del mapa........................................... 20 2.5. Elementos de un mapa...................................... 22 2.6. Elementos de un nodo...................................... 23 3. Personalizando nuestro mapa 25 3.1. El panel de formato....................................... 25 3.2. Modificando el texto del nodo.................................