Abstract
Java applications often need to incorporate native-code components for efficiency and for reusing legacy code. However, it is well known that the use of native code defeats Java's security model. We describe the design and implementation of Robusta, a complete framework that provides safety and security to native code in Java applications. Starting from software-based fault isolation (SFI), Robusta isolates native code into a sandbox where dynamic linking/loading of libraries in supported and unsafe system modification and confidentiality violations are prevented. It also mediates native system calls according to a security policy by connecting to Java's security manager. Our prototype implementation of Robusta is based onNative Client and OpenJDK. Experiments in this prototype demonstrate Robusta is effective and efficient, with modest runtime overhead on a set of JNI benchmark programs. Robusta can be used to sandbox native libraries used in Java's system classes to prevent attackers from exploiting bugs in the libraries. It can also enable trustworthy execution of mobile Java programs with native libraries. The design of Robusta should also be applicable when other type-safe languages (e.g., C#, Python) want to ensure safe interoperation with native libraries
Highlights
It is rare that a large software system is written in one single programming language
Java programmers often find it necessary to incorporate native-code components into their applications. They reuse a widely adopted software library written in a different programming language for its maturity and for saving development time
We propose a novel architecture for security configuration of native code, which reuses much of Java’s security infrastructure
Summary
It is rare that a large software system is written in one single programming language. Java programmers often find it necessary to incorporate native-code components into their applications They reuse a widely adopted software library written in a different programming language. Programmers may implement performance-critical components in low-level languages such as C or C++ For these reasons, almost all Java applications include some native code. The thrust of this project is to design a framework that allows JVM administrators to constrain native code with different trust levels, similar to how security of Java code can be configured. Robusta allows Java administrators to define a security policy for the native libraries within each napplet. 2napplet—a Native Applet tion and evaluation results in Sec. 6, providing a guideline of how to make the tradeoff between efficiency and security in Robusta.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have