Bringing Java's wild native world under control

ACM Transactions on Information and System Security

Volumn 16, Issue 3, 2013, Pages

  Sun, Mengtao ^a   Tan, Gang ^a   Siefers, Joseph ^a   Zeng, Bin ^a   Morrisett, Greg ^b  

^a Lehigh University   (United States)

^b HARVARD UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

JAVA APPLICATIONS; JAVA COMPONENTS; JAVA NATIVE INTERFACES; JAVA VIRTUAL MACHINES; PERFORMANCE DEGRADATION; RUNTIME OVERHEADS; SECURITY FRAMEWORKS; SECURITY THREATS;

COMPUTER SCIENCE; SAFETY ENGINEERING;

JAVA PROGRAMMING LANGUAGE;

EID: 84890392640     PISSN: 10949224     EISSN: 15577406     Source Type: Journal    
DOI: 10.1145/2535505     Document Type: Article

References (58)

1. ABADI, M., BUDIU, M., ERLINGSSON, U., AND LIGATTI, J. 2005. Control-flow integrity. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS'05). 340-353.
2. ANSEL, J.,MARCHENKO, P.,ERLINGSSON, U.,TAYLOR, E.,CHEN, B.,SCHUFF, D.,SEHR, D.,BIFFLE, C., AND YEE, B. 2011. Language-independent sandboxing of just-in-time compilation and self-modifying code. In Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI'11). 355-366.
3. BELAY, A., BITTAU, A.,MASHTIZADEH, A., TEREI, D.,MAZIERES, D., AND KOZYRAKIS, C. 2012. Dune: Safe user-level access to privileged cpu features. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI'12). 335-348.
4. BITTAU, A., MARCHENKO, P., HANDLEY, M., AND KARP, B. 2008. Wedge: Splitting applications into reducedprivilege compartments. In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation. 309-322.
5. BLACKBURN, S. M., GARNER, R., HOFFMANN, C., KHAN, A. M.,MCKINLEY, K. S., BENTZUR, R., DIWAN, A., FEINBERG, D., FRAMPTON, D.,GUYER, S. Z.,HIRZEL, M.,HOSKING, A. L., JUMP, M., LEE, H. B.,MOSS, J. E. B., PHANSALKAR, A., STEFANOVIC, D., VANDRUNEN, T., VON DINCKLAGE, D., ANDWIEDERMANN, B. 2006. The dacapo benchmarks: Java benchmarking development and analysis. In Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA'06). 169-190.
6. CAPPOS, J., DADGAR, A., RASLEY, J., SAMUEL, J., BESCHASTNIKH, I., BARSAN, C., KRISHNAMURTHY, A., AND ANDERSON, T. E. 2010. Retaining sandbox containment despite bugs in privileged memory-safe code. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS'10). 212-223.
7. CHIBA, Y. 2006. Heap protection for java virtual machines. In Proceedings of the 4th International Symposium on Principles and Practice of Programming in Java. 103-112. (Pubitemid 47142497)
8. COX, R. S.,GRIBBLE, S. D.,LEVY, H. M., AND HANSEN, J. G. 2006. A safety-oriented platform for web applications. In Proceedings of the IEEE Symposium on Security and Privacy (S&P'06). 350-364. (Pubitemid 44753736)
9. DOUCEUR, J. R., ELSON, J., HOWELL, J., AND LORCH, J. R. 2008. Leveraging legacy code to deploy desktop applications on the web. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI'08). 339-354.
10. DREWRY, W. 2012. Dynamic seccomp policies http://lwn.net/Articles/475019/ (using BPF filters). .
11. EFSTATHOPOULOS, P.,KROHN, M., VANDEBOGART, S., FREY, C., ZIEGLER, D.,KOHLER, E.,MAZIERES, D., KAASHOEK, M. F., AND MORRIS, R. 2005. Labels and event processes in the asbestos operating system. In Proceedings of the ACM SIGOPS Symposium on Operating Systems Principles (SOSP'05). 17-30. (Pubitemid 44892202)
12. ERLINGSSON, U. AND SCHNEIDER, F. 1999. SASI enforcement of security policies: A retrospective. In Proceedings of the New Security Paradigms Workshop (NSPW'99). ACM Press, New York, 87-95.
13. FORD, B. AND COX, R. 2008. Vx32: Lightweight user-level sandboxing on the x86. In Proceedings of theUSENIX Annual Technical Conference. 293-306.
14. FURR, M. AND FOSTER, J. 2006. Polymorphic type inference for the jni. In Proceedings of the 15th European Symposium on Programming (ESOP'06). 309-324. (Pubitemid 44019567)
15. GARFINKEL, T., PFAFF, B., AND ROSENBLUM, M. 2004. Ostia: A delegating architecture for secure system call interposition. In Proceedings of the Network and Distributed System Security Symposium (NDSS'04).
16. GOLDBERG, I., WAGNER, D., THOMAS, R., AND BREWER, E. A. 1996. A secure environment for untrusted helper applications: Confining the wily hacker. In Proceedings of the 6th Conference on USENIX Security Symposium.
17. GONG, L. 2002. Java 2 Platform Security Architecture. Sun Microsystems.
18. HIRZEL, M. AND GRIMM, R. 2007. Jeannie: Granting java native interface developers their wishes. In Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA'07). 19-38.
19. IOANNIDIS, S., BELLOVIN, S. M., AND SMITH, J. M. 2002. Sub-operating systems: a new approach to application security. In Proceedings of the ACM SIGOPS European Workshop. 108-115.
20. JIM, T., MORRISETT, G., GROSSMAN, D., HICKS, M. W., CHENEY, J., AND WANG, Y. 2002. Cyclone: A safe dialect of C. In Proceedings of the General Track USENIX Annual Technical Conference. USENIX Association, 275-288.
21. KLINKOFF, P., KIRDA, E., KRUEGEL, C., AND VIGNA, G. 2007. Extending .net security to unmanaged code. Int. J. Inf. Secur. 6, 6, 417-428. (Pubitemid 47570524)
22. KONDOH, G. AND ONODERA, T. 2008. Finding bugs in java native Interface programs. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA'08). ACM Press, New York, 109-118.
23. KRISHNAMURTHY, A.,METTLER, A., ANDWAGNER, D. 2010. Fine-grained privilege separation for web applications. In Proceedings of the 19th International Conference on World Wide Web (WWW'10). 551-560.
24. KROHN, M., YIP, A., BRODSKY, M., CLIFFER, N., KAASHOEK, M. F., KOHLER, E., AND MORRIS, R. 2007. Information flow control for standard os abstractions. In Proceedings of the ACM SIGOPS Symposium on Operating Systems Principles (SOSP'07). 321-334.
25. LEE, B., HIRZEL, M., GRIMM, R., WIEDERMANN, B., AND MCKINLEY, K. S. 2010. Jinn: Synthesizing a dynamic bug detector for foreign language interfaces. In Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI'10). 36-49.
26. LEROY, X. 2008. The Objective Caml system. http://caml.inria.fr/pub/docs/ manual-ocaml/index.html.
27. LI, S. AND TAN, G. 2009. Finding bugs in exceptional situations of jni programs. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS'09). 442-452.
28. LIANG, S. 1999. Java Native Interface: Programmer's Guide and Reference. Addison-Wesley Longman Publishing Co.
29. MCCAMANT, S. AND MORRISETT, G. 2006. Evaluating sfi for a cisc architecture. In Proceedings of the 15th Usenix Security Symposium.
30. METTLER, A.,WAGNER, D., AND CLOSE, T. 2010. Joe-E: A security-oriented subset of java. In Proceedings of the Network and Distributed System Security Symposium (NDSS'10).
31. MILLER, M. 2006. Robust composition: Towards a unified approach to access control and concurrency control. Ph.D. thesis, Johns Hopkins University, Baltimore, MD.
32. MITRE. 2012. CVE-2012-4681. http://web.nvd.nist.gov/view/vuln/detail? vulnId=CVE-2012-4681.
33. MITRE. 2013. CVE-2013-0422. http://web.nvd.nist.gov/view/vuln/detail? vulnId=CVE-2013-0422.
34. MORRISETT, G., WALKER, D., CRARY, K., AND GLEW, N. 1998. From System F to typed assembly language. In Proceedings of the 25th ACM Symposium on Principles of Programming Languages (POPL'98). ACM Press, New York, 85-97.
35. MORRISETT, G., WALKER, D., CRARY, K., AND GLEW, N. 1999. From system f to typed assembly language. ACM Trans. Program. Lang. Syst. 21, 3, 527-568.
36. NECULA, G. 1997. Proof-carrying code. In Proceedings of the 24th ACM Symposium on Principles of Programming Languages (POPL'97). ACM Press, New York, 106-119.
37. NECULA, G.,MCPEAK, S., AND WEIMER, W. 2002. CCured: Type-safe retrofitting of legacy code. In Proceedings of the 29th ACM Symposium on Principles of Programming Languages (POPL'02). 128-139. (Pubitemid 35009037)
38. NEUMANN, P. AND WATSON, R. 2010. Capabilities revisited: A holistic approach to bottom-to-top assurance of trustworthy systems. In Proceedings of the 4th Layered Assurance Workshop.
39. ORACLE. 1999. JAR file specification. http://docs.oracle.com/javase/1.4. 2/docs/guide/jar/jar.html.
40. ORACLE. 2010. JVM tool interface, version 1.0. http://docs.oracle.com/ javase/1.5.0/docs/guide/jvmti/jvmti.html.
41. PROVOS, N. 2003. Improving host security with system call policies. In Proceedings of the 12th Usenix Security Symposium. 257-272.
42. PYTHON/C FFI, 2009, Python/C api reference manual, http://docs.python. org/c-api/index.html
43. SEHR, D., MUTH, R., BIFFLE, C., KHIMENKO, V., PASKO, E., SCHIMPF, K., YEE, B., AND CHEN, B. 2010. Adapting software fault isolation to contemporary cpu architectures. In Proceedings of the 19th Usenix Security Symposium. 1-12.
44. SHACHAM, H. 2007. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS'07). 552-561.
45. SIEFERS, J., TAN, G., AND MORRISETT, G. 2010. Robusta: Taming the native beast of the jvm. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS'10). 201-211.
46. SMALL, C. 1997. A tool for constructing safe extensible C++ systems. In Proceedings of the 3rd Conference on USENIX Conference on Object-Oriented Technologies (COOTS'97). 174-184.
47. SUN, M. AND TAN, G. 2012. JVM-portable sandboxing of java's native libraries. In Proceedings of the 17th European Symposium on Research in Computer Security (ESORICS'12). 842-858.
48. SWIFT, M. M., ANNAMALAI, M., BERSHAD, B. N., AND LEVY, H. M. 2004. Recovering device drivers. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI'04). 1-16.
49. TAN, G.,APPEL, A.,CHAKRADHAR, S.,RAGHUNATHAN, A.,RAVI, S., ANDWANG, D. 2006. Safe java native interface. In Proceedings of the IEEE International Symposium on Secure Software Engineering (ISSSE'06). 97-106.
50. TAN, G. AND CROFT, J. 2008. An empirical security study of the native code in the jdk. In Proceedings of the 17th Usenix Security Symposium. 365-377.
51. TAN, G. AND MORRISETT, G. 2007. ILEA: Inter-language analysis across java and C. In Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA'07). 39-56.
52. WAHBE, R., LUCCO, S., ANDERSON, T., AND GRAHAM, S. 1993. Efficient software-based fault isolation. In Proceedings of the ACM SIGOPS Symposium on Operating Systems Principles (SOSP'93). ACM Press, New York, 203-216.
53. WALLACH, D. S. AND FELTEN, E. W. 1998. Understanding java stack inspection. In Proceedings of the IEEE Symposium on Security and Privacy (S&P'98). 52-63.
54. WARTELL, R.,MOHAN, V.,HAMLEN, K. W., AND LIN, Z. 2012. Securing untrusted code via compileragnostic binary rewriting. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC'12). 299-308.
55. WATSON, R., ANDERSON, J., LAURIE, B., AND KENNAWAY, K. 2010. Capsicum: Practical capabilities for unix. In Proceedings of the 19th Usenix Security Symposium. 29-46.
56. WITCHEL, E., RHEE, J., AND ASANOVIC, K. 2005. Mondrix: Memory isolation for linux using mondriaan memory protection. In Proceedings of the ACM SIGOPS Symposium on Operating Systems Principles (SOSP'05). 31-44. (Pubitemid 44892203)
57. YEE, B., SEHR, D., DARDYK, G., CHEN, B., MUTH, R., ORMANDY, T., OKASAKA, S., NARULA, N., AND FULLAGAR, N.2009. Native client: A sandbox for portable, untrusted x86 native code. In Proceedings of the 30th IEEE Symposium on Security and Privacy (S&P'09). 79-93
58. ZELDOVICH, N., BOYD-WICKIZER, S., KOHLER, E., AND MAZIERES, D. 2006. Making information flow explicit in histar. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI'06). 263-278.