Abstract:
Java-based applications are widely used by companies, government agencies, and financial institutions. Every day, these applications process a considerable amount of sens...Show MoreMetadata
Abstract:
Java-based applications are widely used by companies, government agencies, and financial institutions. Every day, these applications process a considerable amount of sensitive data, such as people's credit card numbers and passwords. Research has found that the Java Virtual Machine (JVM), an essential component for executing Java-based applications, stores data in memory for an unknown period of time even after the data are no longer used. This mismanagement of JVM puts all the data, sensitive or non-sensitive, in danger and raises a huge concern to all Java-based applications globally. This problem has serious implications for many “secure” applications that employ Java-based frameworks or libraries with a severe security risk of having sensitive data that attackers can access after the data are thought to be cleared. This paper presents a prototype of a secure Java API we design through an undergraduate student research project. The API is implemented using direct Byte buffer so that sensitive data are not managed by JVM garbage collection. We also implement the API using obfuscation so that data are encrypted. Using an initial experimental evaluation, the proposed secure API can successfully protect sensitive data from being accessed by malicious users.
Published in: 2022 IEEE/ACIS 20th International Conference on Software Engineering Research, Management and Applications (SERA)
Date of Conference: 25-27 May 2022
Date Added to IEEE Xplore: 30 June 2022
ISBN Information: