JVM-portable sandboxing of Java's native libraries

Mengtao Sun, Gang Tan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Scopus citations


Although Java provides strong support for safety and security, native libraries used in a Java application can open security holes. Previous work, Robusta, puts native libraries in a sandbox to protect the integrity and security of Java. However, Robusta's implementation modifies the internals of OpenJDK, a particular implementation of a Java Virtual Machine (JVM). As such, it is not portable to other JVM implementations. This paper shows how to make the idea of sandboxing native libraries JVM-portable. We present a two-layer approach for sandboxing without modifying the internals of a JVM. We also discuss our experience of sandboxing Java's core native libraries. Experiments show that our approach of JVM-portable sandboxing incurs modest performance overhead on SPECjvm 2008 benchmark programs.

Original languageEnglish (US)
Title of host publicationComputer Security, ESORICS 2012 - 17th European Symposium on Research in Computer Security, Proceedings
Number of pages17
StatePublished - 2012
Event17th European Symposium on Research in Computer Security, ESORICS 2012 - Pisa, Italy
Duration: Sep 10 2012Sep 12 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7459 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other17th European Symposium on Research in Computer Security, ESORICS 2012

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'JVM-portable sandboxing of Java's native libraries'. Together they form a unique fingerprint.

Cite this