TY - GEN
T1 - JVM-portable sandboxing of Java's native libraries
AU - Sun, Mengtao
AU - Tan, Gang
N1 - Copyright:
Copyright 2012 Elsevier B.V., All rights reserved.
PY - 2012
Y1 - 2012
N2 - Although Java provides strong support for safety and security, native libraries used in a Java application can open security holes. Previous work, Robusta, puts native libraries in a sandbox to protect the integrity and security of Java. However, Robusta's implementation modifies the internals of OpenJDK, a particular implementation of a Java Virtual Machine (JVM). As such, it is not portable to other JVM implementations. This paper shows how to make the idea of sandboxing native libraries JVM-portable. We present a two-layer approach for sandboxing without modifying the internals of a JVM. We also discuss our experience of sandboxing Java's core native libraries. Experiments show that our approach of JVM-portable sandboxing incurs modest performance overhead on SPECjvm 2008 benchmark programs.
AB - Although Java provides strong support for safety and security, native libraries used in a Java application can open security holes. Previous work, Robusta, puts native libraries in a sandbox to protect the integrity and security of Java. However, Robusta's implementation modifies the internals of OpenJDK, a particular implementation of a Java Virtual Machine (JVM). As such, it is not portable to other JVM implementations. This paper shows how to make the idea of sandboxing native libraries JVM-portable. We present a two-layer approach for sandboxing without modifying the internals of a JVM. We also discuss our experience of sandboxing Java's core native libraries. Experiments show that our approach of JVM-portable sandboxing incurs modest performance overhead on SPECjvm 2008 benchmark programs.
UR - http://www.scopus.com/inward/record.url?scp=84865597209&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84865597209&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-33167-1_48
DO - 10.1007/978-3-642-33167-1_48
M3 - Conference contribution
AN - SCOPUS:84865597209
SN - 9783642331664
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 842
EP - 858
BT - Computer Security, ESORICS 2012 - 17th European Symposium on Research in Computer Security, Proceedings
T2 - 17th European Symposium on Research in Computer Security, ESORICS 2012
Y2 - 10 September 2012 through 12 September 2012
ER -