Using Reflection as a Mechanism for Enforcing Security Policies on Compiled Code

Securing application resources or defining finer-gained access control for system resources using the Java security architecture requires manual changes to source code. This is error-prone and cannot be done if only compiled code is present. We show how behavioural reflection can be used to enforce security policies on compiled code. Other authors have implemented code rewriting toolkits that achieve the same effect but they either require policies to be expressed in terms of low level abstractions or require the use of new high level policy languages. Our approach allows reuseable policies to be implemented as metaobjects in a high level objecl oriented language (Java), and then bound to application objects at loadtime. The binding between metaobjects and objects is implemented through bytecode rewriting under the control of a declarative binding specification. We have implemented this approach using Kava which is a portable reflective Java implementation. Kava allows customisation of a rich range of runtime behaviour. and provides a non-bypassable meta level suitable for implementing security enforcement. We discuss how we have used Kava to show how to secure a third-party application, how we prevent Kava being bypassed, and compare its performance with non-reflective security enforcement.

[1]  Michael Golm,et al.  Jumping to the Meta Level: Behavioral Reflection Can Be Fast and Flexible , 1999, Reflection.

[2]  Shigeru Chiba,et al.  Load-Time Structural Reflection in Java , 2000, ECOOP.

[3]  Daniel G. Bobrow,et al.  Book review: The Art of the MetaObject Protocol By Gregor Kiczales, Jim des Rivieres, Daniel G. and Bobrow(MIT Press, 1991) , 1991, SGAR.

[4]  Alexander Romanovsky,et al.  Aspects of Exceptions at the Meta-level , 2001, Reflection.

[5]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[6]  Satoshi Matsuoka,et al.  Compiling away the meta-level in object-oriented concurrent reflective languages using partial evaluation , 1995, OOPSLA.

[7]  Roberto Gorrieri,et al.  Coping with denial of service due to malicious Java applets , 2000, Comput. Commun..

[8]  Timothy Fraser,et al.  Hardening COTS software with generic software wrappers , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[9]  Raju Pandey,et al.  Providing Fine-Grained Access Control for Mobile Programs Through Binary Editing , 1998 .

[10]  Ian Welch,et al.  Supporting real world security models in Java , 1999, Proceedings 7th IEEE Workshop on Future Trends of Distributed Computing Systems.

[11]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[12]  Fred B. Schneider,et al.  A Language-Based Approach to Security , 2001, Informatics.

[13]  Geoff A. Cohen,et al.  Automatic Program Transformation with JOIE , 1998, USENIX Annual Technical Conference.

[14]  Bob Blakley,et al.  Approach to Object Security in Distributed SOM , 1996, IBM Syst. J..

[15]  David E. Evans,et al.  Flexible policy-directed code safety , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[16]  Úlfar Erlingsson,et al.  IRM enforcement of Java stack inspection , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[17]  Franz J. Hauck,et al.  Meta objects for access control: extending capability-based security , 1998, NSPW '97.

[18]  Pattie Maes Concepts and experiments in computational reflection , 1987, OOPSLA 1987.

[19]  Gary McGraw,et al.  Securing Java: getting down to business with mobile code , 1999 .

[20]  Raju Pandey,et al.  Providing Fine-grained Access Control for Java Programs , 1999, ECOOP.

[21]  Winfried E. Kühnhauser,et al.  The BirliX Security Architecture , 2013, J. Comput. Secur..

[22]  Ian Welch,et al.  Kava - Using Byte code Rewriting to add Behavioural Reflection to Java , 2001, COOTS.

[23]  Franz J. Hauck,et al.  Meta objects for access control: a formal model for role-based principals , 1998, NSPW '98.

[24]  Ian Welch,et al.  Kava - A Reflective Java Based on Bytecode Rewriting , 1999, Reflection and Software Engineering.

[25]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[26]  Urs Hölzle,et al.  Integrating Independently-Developed Components in Object-Oriented Languages , 1993, ECOOP.

[27]  José de Oliveira Guimarães,et al.  Reflection for Statically Typed Languages , 1998, ECOOP.

[28]  Thorsten von Eicken,et al.  JRes: a resource accounting interface for Java , 1998, OOPSLA '98.