JVM-portable sandboxing of Java's native libraries

Mengtao Sun, Gang Tan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

12 Scopus citations

Abstract

Although Java provides strong support for safety and security, native libraries used in a Java application can open security holes. Previous work, Robusta, puts native libraries in a sandbox to protect the integrity and security of Java. However, Robusta's implementation modifies the internals of OpenJDK, a particular implementation of a Java Virtual Machine (JVM). As such, it is not portable to other JVM implementations. This paper shows how to make the idea of sandboxing native libraries JVM-portable. We present a two-layer approach for sandboxing without modifying the internals of a JVM. We also discuss our experience of sandboxing Java's core native libraries. Experiments show that our approach of JVM-portable sandboxing incurs modest performance overhead on SPECjvm 2008 benchmark programs.

Original languageEnglish (US)
Title of host publicationComputer Security, ESORICS 2012 - 17th European Symposium on Research in Computer Security, Proceedings
Pages842-858
Number of pages17
DOIs
StatePublished - Sep 5 2012
Event17th European Symposium on Research in Computer Security, ESORICS 2012 - Pisa, Italy
Duration: Sep 10 2012Sep 12 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7459 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other17th European Symposium on Research in Computer Security, ESORICS 2012
CountryItaly
CityPisa
Period9/10/129/12/12

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'JVM-portable sandboxing of Java's native libraries'. Together they form a unique fingerprint.

  • Cite this

    Sun, M., & Tan, G. (2012). JVM-portable sandboxing of Java's native libraries. In Computer Security, ESORICS 2012 - 17th European Symposium on Research in Computer Security, Proceedings (pp. 842-858). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7459 LNCS). https://doi.org/10.1007/978-3-642-33167-1_48