Application isolation in the JavaTM Virtual Machine

To date, systems offering multitasking for the JavaTM programming language either use one process or one class loader for each application. Both approaches are unsatisfactory. Using operating system processes is expensive, scales poorly and does not fully exploit the protection features inherent in a safe language. Class loaders replicate application code, obscure the type system, and non-uniformly treat ‘trusted’ and ‘untrusted’ classes, which leads to subtle, but nevertheless, potentially harmful forms of undesirable inter-application interaction. In this paper we propose a novel, simple yet powerful solution. The new model improves on existing designs in terms of resource utilization while offering strong isolation among applications. The approach is applicable both on high-end servers and on small devices. The main idea is to maintain only one copy of every class, regardless of how many applications use it. Classes are transparently and automatically modified, so that each application has a separate copy of its static fields. Two prototypes are described and selected performance data is analyzed. Various aspects of the proposed architectural changes to the Java Virtual Machine are discussed.

[1]  Sheng Liang,et al.  Dynamic class loading in the Java virtual machine , 1998, OOPSLA '98.

[2]  Li Gong,et al.  Implementing Protection Domains in the JavaTM Development Kit 1.2 , 1998, NDSS.

[3]  Li Gong,et al.  Java security: present and near future , 1997, IEEE Micro.

[4]  Brian N. Bershad,et al.  Extensibility safety and performance in the SPIN operating system , 1995, SOSP.

[5]  Ken Arnold,et al.  The Java Programming Language, Second Edition , 1999 .

[6]  Robert Wilson,et al.  Compiling Java just in time , 1997, IEEE Micro.

[7]  Jeffrey M. Bradshaw,et al.  An Overview of the NOMADS Mobile Agent System , 2000 .

[8]  David A. Solomon,et al.  Inside windows nt second edition , 1998 .

[9]  L. Gong,et al.  Experience with secure multi-processing in Java , 1998, Proceedings. 18th International Conference on Distributed Computing Systems (Cat. No.98CB36183).

[10]  Godmar Back Patrick Tullmann Leigh Stoller Wilson C. Hsie Lepreau Java Operating Systems : Design and Implementation , 1998 .

[11]  Greg Nelson,et al.  Systems programming in modula-3 , 1991 .

[12]  Deyu Hu,et al.  Design and Evaluation of an Extensible Web & Telephony Server based on the J-Kernel , 1998 .

[13]  William Pugh Fixing the Java memory model , 1999, JAVA '99.

[14]  Rajesh Bordawekar,et al.  Building a Java virtual machine for server applications: The Jvm on OS/390 , 2000, IBM Syst. J..

[15]  Deyu Hu,et al.  Implementing Multiple Protection Domains in Java , 1998, USENIX Annual Technical Conference.