A secure java TM virtual machine

The JavaTM Virtual Machine is viewed by many as inherently insecure despite all the efforts to improve its security. In this paper we take a different approach to Java security and describe the design and implementation of a system that provides operating system style protection for Java code. We use hardware protection domains to separate Java classes, provide access control on cross domain method invocations, efficient data sharing between protection domains, and memory and CPU resource control. These security measures, when they do not violate the policy, are all transparent to the Java programs, even when a subclass is in one domain and its superclass is in another. To reduce the performance impact we group classes and share them between protection domains and map data on demand as it is being shared.

[1]  Ken Arnold,et al.  The Java Programming Language, Second Edition , 1999 .

[2]  Leslie Lamport,et al.  On-the-fly garbage collection: an exercise in cooperation , 1975, CACM.

[3]  Trent Jaeger,et al.  Achieved IPC performance (still the foundation for extensibility) , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[4]  Damien Doligez,et al.  Portable, unobtrusive garbage collection for multiprocessor systems , 1994, POPL '94.

[5]  Deyu Hu,et al.  Implementing Multiple Protection Domains in Java , 1998, USENIX Annual Technical Conference.

[6]  H. T. Kung,et al.  An efficient parallel garbage collection system and ITS correctness proof , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[7]  Barry W. Boehm,et al.  Software Engineering Economics , 1993, IEEE Transactions on Software Engineering.

[8]  Niklaus Wirth,et al.  Project Oberon - the design of an operating system and compiler , 1992 .

[9]  Wilson C. Hsieh,et al.  The persistent relevance of IPC performance: new techniques for reducing the IPC penalty , 1993, Proceedings of IEEE 4th Workshop on Workstation Operating Systems. WWOS-III.

[10]  David Robson,et al.  Smalltalk-80: The Language and Its Implementation , 1983 .

[11]  Ken Arnold,et al.  The Java Programming Language , 1996 .

[12]  Greg Nelson,et al.  Systems programming in modula-3 , 1991 .

[13]  Andrew S. Tanenbaum,et al.  Paramecium: an extensible object-based kernel , 1995, Proceedings 5th Workshop on Hot Topics in Operating Systems (HotOS-V).

[14]  寺岡 寛,et al.  Engineering Economics , 2018, Nature.

[15]  Scott B. Guthery,et al.  Smart Card Developer's Kit , 1998 .

[16]  Guy L. Steele,et al.  Multiprocessing compactifying garbage collection , 1975, CACM.

[17]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[18]  Dawson R. Engler,et al.  Exokernel: an operating system architecture for application-level resource management , 1995, SOSP.

[19]  Paul Hudak,et al.  Memory coherence in shared virtual memory systems , 1986, PODC '86.

[20]  Brian N. Bershad,et al.  Extensibility safety and performance in the SPIN operating system , 1995, SOSP.

[21]  Hans-Juergen Boehm,et al.  Garbage collection in an uncooperative environment , 1988, Softw. Pract. Exp..

[22]  David L. Tennenhouse,et al.  The ACTIVE IP option , 1996, EW 7.

[23]  Leslie Lamport,et al.  On-the-fly garbage collection: an exercise in cooperation , 1975, Language Hierarchies and Interfaces.

[24]  Franco Travostino,et al.  Towards a Resource-safe Java for Service Guarantees in Uncooperative Environments , 1998 .

[25]  D. A. Moon,et al.  Genera retrospective , 1991, Proceedings 1991 International Workshop on Object Orientation in Operating Systems.

[26]  Tom Saulpaugh,et al.  Inside the JavaOS operating system , 1999 .

[27]  S. Weber,et al.  Verifying Operating System Security , 2000 .

[28]  Michael Factor,et al.  cJVM: a single system image of a JVM on a cluster , 1999, Proceedings of the 1999 International Conference on Parallel Processing.

[29]  Jay Lepreau,et al.  The Flux OSKit: a substrate for kernel and language research , 1997, SOSP.

[30]  Jay Lepreau,et al.  Evolving Mach 3.0 to A Migrating Thread Model , 1994, USENIX Winter.

[31]  Jonathan M. Smith,et al.  The measured performance of a fast local IPC , 1996, Proceedings of the Fifth International Workshop on Object-Orientation in Operation Systems.

[32]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[33]  Dan S. Wallach,et al.  Java security: from HotJava to Netscape and beyond , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[34]  Warren Teitelman A Tour Through Cedar , 1984, IEEE Softw..

[35]  Brian N. Bershad,et al.  Lightweight remote procedure call , 1989, TOCS.

[36]  Godmar Back Patrick Tullmann Leigh Stoller Wilson C. Hsie Lepreau Java Operating Systems : Design and Implementation , 1998 .

[37]  Ware Myers Can Software for the Strategic Defense Initiative ever be Error-Free? , 1986, Computer.

[38]  Rafael Dueire Lins,et al.  Garbage collection: algorithms for automatic dynamic memory management , 1996 .