Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
From system F to typed assembly language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
From system F to typed assembly language
ACM Transactions on Programming Languages and Systems (TOPLAS)
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Java Native Interface: Programmer's Guide and Reference
Java Native Interface: Programmer's Guide and Reference
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
Mondrix: memory isolation for linux using mondriaan memory protection
Proceedings of the twentieth ACM symposium on Operating systems principles
Proceedings of the 12th ACM conference on Computer and communications security
A Safety-Oriented Platform for Web Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Sub-operating systems: a new approach to application security
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
The DaCapo benchmarks: java benchmarking development and analysis
Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Heap protection for Java virtual machines
PPPJ '06 Proceedings of the 4th international symposium on Principles and practice of programming in Java
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Evaluating SFI for a CISC architecture
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
A tool for constructing safe extensible C++ systems
COOTS'97 Proceedings of the 3rd conference on USENIX Conference on Object-Oriented Technologies (COOTS) - Volume 3
Robust composition: towards a unified approach to access control and concurrency control
Robust composition: towards a unified approach to access control and concurrency control
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Extending .NET security to unmanaged code
International Journal of Information Security
Jeannie: granting java native interface developers their wishes
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Ilea: inter-language analysis across java and c
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Wedge: splitting applications into reduced-privilege compartments
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Finding bugs in java native interface programs
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Vx32: lightweight user-level sandboxing on the x86
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
An empirical security study of the native code in the JDK
SS'08 Proceedings of the 17th conference on Security symposium
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Finding bugs in exceptional situations of JNI programs
Proceedings of the 16th ACM conference on Computer and communications security
Fine-grained privilege separation for web applications
Proceedings of the 19th international conference on World wide web
Jinn: synthesizing dynamic bug detectors for foreign language interfaces
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Leveraging legacy code to deploy desktop applications on the web
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Robusta: taming the native beast of the JVM
Proceedings of the 17th ACM conference on Computer and communications security
Retaining sandbox containment despite bugs in privileged memory-safe code
Proceedings of the 17th ACM conference on Computer and communications security
Adapting software fault isolation to contemporary CPU architectures
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Capsicum: practical capabilities for UNIX
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Language-independent sandboxing of just-in-time compilation and self-modifying code
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Polymorphic type inference for the JNI
ESOP'06 Proceedings of the 15th European conference on Programming Languages and Systems
Dune: safe user-level access to privileged CPU features
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Securing untrusted code via compiler-agnostic binary rewriting
Proceedings of the 28th Annual Computer Security Applications Conference
Hi-index | 0.00 |
For performance and for incorporating legacy libraries, many Java applications contain native-code components written in unsafe languages such as C and C++. Native-code components interoperate with Java components through the Java Native Interface (JNI). As native code is not regulated by Java's security model, it poses serious security threats to the managed Java world. We introduce a security framework that extends Java's security model and brings native code under control. Leveraging software-based fault isolation, the framework puts native code in a separate sandbox and allows the interaction between the native world and the Java world only through a carefully designed pathway. Two different implementations were built. In one implementation, the security framework is integrated into a Java Virtual Machine (JVM). In the second implementation, the framework is built outside of the JVM and takes advantage of JVM-independent interfaces. The second implementation provides JVM portability, at the expense of some performance degradation. Evaluation of our framework demonstrates that it incurs modest runtime overhead while significantly enhancing the security of Java applications.