Enforcing Java Run-Time Properties Using Bytecode Rewriting

Bytecode rewriting is a portable way of altering Java's behavior by changing Java classes themselves as they are loaded. This mechanism allows us to modify the semantics of Java while making no changes to the Java virtual machine itself. While this gives us portability and power, there are numerous pitfalls, mostly stemming from the limitations imposed upon Java bytecode by the Java virtual machine. We reflect on our experience building three security systems with bytecode rewriting, presenting observations on where we succeeded and failed, as well as observing areas where future JVMs might present improved interfaces to Java bytecode rewriting systems.

[1]  Thorsten von Eicken,et al.  JRes: a resource accounting interface for Java , 1998, OOPSLA '98.

[2]  Deyu Hu,et al.  Implementing Multiple Protection Domains in Java , 1998, USENIX Annual Technical Conference.

[3]  Raju Pandey,et al.  Providing Fine-grained Access Control for Java Programs , 1999, ECOOP.

[4]  Úlfar Erlingsson,et al.  IRM enforcement of Java stack inspection , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[5]  Lars Ræder Clausen A Java Bytecode Optimizer Using Side-Effect Analysis , 1997, Concurr. Pract. Exp..

[6]  Andrew W. Appel,et al.  SAFKASI: a security mechanism for language-based systems , 2000, TSEM.

[7]  Ian Welch,et al.  Kava - A Reflective Java Based on Bytecode Rewriting , 1999, Reflection and Software Engineering.

[8]  Alonso Marquez,et al.  Fast portable orthogonally persistent Java , 2000 .

[9]  David Grove,et al.  Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis , 1995, ECOOP.

[10]  Dan S. Wallach,et al.  Garbage collector memory accounting in language-based systems , 2003, 2003 Symposium on Security and Privacy, 2003..

[11]  Dan S. Wallach,et al.  Termination in language-based systems , 2002, TSEC.

[12]  Frank Yellin,et al.  The java virtual machine , 1996 .

[13]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[14]  Geoff A. Cohen,et al.  Automatic Program Transformation with JOIE , 1998, USENIX Annual Technical Conference.

[15]  Akinori Yonezawa,et al.  Bytecode Transformation for Portable Thread Migration in Java , 2000, ASA/MA.

[16]  Peter Deutsch,et al.  A Flexible Measurement Tool for Software Systems , 1971, IFIP Congress.

[17]  Kathryn S. McKinley,et al.  Pretenuring for Java , 2001, OOPSLA '01.

[18]  Lars Clausen A Java bytecode optimizer using side‐effect analysis , 1997 .

[19]  Walter Binder Design and implementation of the J-SEAL2 mobile agent kernel , 2001, Proceedings 2001 Symposium on Applications and the Internet.

[20]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[21]  Nathaniel John Nystrom,et al.  BYTECODE-LEVELANALYSIS AND OPTIMIZATION OF JAVA CLASSES , 1998 .

[22]  Dan S. Wallach,et al.  Transactional rollback for language-based systems , 2002, Proceedings International Conference on Dependable Systems and Networks.

[23]  Insik Shin,et al.  Mobile code security by Java bytecode instrumentation , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[24]  Benjamin G. Zorn,et al.  BIT: A Tool for Instrumenting Java Bytecodes , 1997, USENIX Symposium on Internet Technologies and Systems.

[25]  Stephen J. Fink,et al.  The Jalapeño virtual machine , 2000, IBM Syst. J..

[26]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.