Abstract

Java applications often need to incorporate native-code components for efficiency and for reusing legacy code. However, it is well known that the use of native code defeats Java's security model. We describe the design and implementation of Robusta, a complete framework that provides safety and security to native code in Java applications. Starting from software-based fault isolation (SFI), Robusta isolates native code into a sandbox where dynamic linking/loading of libraries in supported and unsafe system modification and confidentiality violations are prevented. It also mediates native system calls according to a security policy by connecting to Java's security manager. Our prototype implementation of Robusta is based onNative Client and OpenJDK. Experiments in this prototype demonstrate Robusta is effective and efficient, with modest runtime overhead on a set of JNI benchmark programs. Robusta can be used to sandbox native libraries used in Java's system classes to prevent attackers from exploiting bugs in the libraries. It can also enable trustworthy execution of mobile Java programs with native libraries. The design of Robusta should also be applicable when other type-safe languages (e.g., C#, Python) want to ensure safe interoperation with native libraries

Highlights

  • It is rare that a large software system is written in one single programming language

  • Java programmers often find it necessary to incorporate native-code components into their applications. They reuse a widely adopted software library written in a different programming language for its maturity and for saving development time

  • We propose a novel architecture for security configuration of native code, which reuses much of Java’s security infrastructure

Read more

Summary

INTRODUCTION

It is rare that a large software system is written in one single programming language. Java programmers often find it necessary to incorporate native-code components into their applications They reuse a widely adopted software library written in a different programming language. Programmers may implement performance-critical components in low-level languages such as C or C++ For these reasons, almost all Java applications include some native code. The thrust of this project is to design a framework that allows JVM administrators to constrain native code with different trust levels, similar to how security of Java code can be configured. Robusta allows Java administrators to define a security policy for the native libraries within each napplet. 2napplet—a Native Applet tion and evaluation results in Sec. 6, providing a guideline of how to make the tradeoff between efficiency and security in Robusta.

BACKGROUND
Threat model
Defenses in Robusta
Protection strength
ISOLATING NATIVE CODE
The starting point
Incorporating NaCl into the JVM
Sandboxing JNI calls
MANAGING NATIVE CODE SECURITY
Prototype implementation
Experimental evaluation
RELATED WORK
FUTURE WORK
CONCLUSIONS
Findings
10. REFERENCES
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call