Bringing Java's wild native world under control

Mengtao Sun, Gang Tan, Joseph Siefers, Bin Zeng, Greg Morrisett

Research output: Contribution to journalArticlepeer-review

13 Scopus citations


For performance and for incorporating legacy libraries, many Java applications contain native-code components written in unsafe languages such as C and C++. Native-code components interoperate with Java components through the Java Native Interface (JNI). As native code is not regulated by Java's security model, it poses serious security threats to the managed Java world. We introduce a security framework that extends Java's security model and brings native code under control. Leveraging software-based fault isolation, the framework puts native code in a separate sandbox and allows the interaction between the native world and the Java world only through a carefully designed pathway. Two different implementations were built. In one implementation, the security framework is integrated into a Java Virtual Machine (JVM). In the second implementation, the framework is built outside of the JVM and takes advantage of JVM-independent interfaces. The second implementation provides JVM portability, at the expense of some performance degradation. Evaluation of our framework demonstrates that it incurs modest runtime overhead while significantly enhancing the security of Java applications.

Original languageEnglish (US)
Article number9
JournalACM Transactions on Information and System Security
Issue number3
StatePublished - Nov 2013

All Science Journal Classification (ASJC) codes

  • General Computer Science
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Bringing Java's wild native world under control'. Together they form a unique fingerprint.

Cite this