ABSTRACT
By using Java Native Interface (JNI), programmers can integrate Java programs with legacy applications or third-party libraries written in other languages (e.g., C, C++, and Pascal). However, the use of JNI can bypass the Java boundary checking and exception-handling mechanisms. Furthermore, its use can violate Java's type-safety feature because of the type-mismatches between native programs and Java programs. As a result, such integration can cause various security issues including heap errors that can be dangerous and difficult to detect.
In this paper, we introduce Quarantine, a runtime system that can identify objects accessible by native methods and then migrate these objects to a quarantine area, which is used specifically to host this type of object. The goal of Quarantine is to create a runtime platform that allows programmers to apply existing heap protection techniques that have been designed for native languages but do not work well in the Java domain. We implemented Quarantine in Jikes RVM and evaluated its performance using the optimizing compiler. Our results using nine benchmark programs indicate that Quarantine, on average, incurs execution overhead of 14% and 13% when the heap is two and five times larger than the minimum heap requirement for an application, respectively.
- E. D. Berger and B. G. Zorn. DieHard: Probabilistic Memory Safety for Unsafe Languages. In Proceedings of the 2006 ACM SIGPLAN Conference on Programming language design and implementation, pages 158--168, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
- S. M. Blackburn, P. Cheng, and K. S. McKinley. Oil and Water? High Performance Garbage Collection in Java with MMTk. In Proceedings of the 26th International Conference on Software Engineering (ICSE), pages 137--146, Scotland, UK, May 2004. Google ScholarDigital Library
- S. M. Blackburn, R. Garner, C. Hoffmann, A. M. Khang, K. S. McKinley, R. Bentzur, A. Diwan, D. Feinberg, D. Frampton, S. Z. Guyer, M. Hirzel, A. Hosking, M. Jump, H. Lee, J. Eliot, B. Moss, A. Phansalkar, D. Stefanović, T. VanDrunen, D. von Dincklage, and B. Wiedermann. The DaCapo Benchmarks: Java Benchmarking Development and Analysis. In Proceedings of the ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications, pages 169--190, Portland, Oregon, USA, 2006. Google ScholarDigital Library
- S. M. Blackburn and A. L. Hosking. Barriers: Friend or Foe? In Proceedings of the 4th ACM International Symposium on Memory Management, pages 143--151, Vancouver, BC, Canada, 2004. Google ScholarDigital Library
- Y. Chiba. Heap protection for Java Virtual Machines. In Proceedings of the 4th International Symposium on Principles and Practice of Programming in Java, pages 103--112, Mannheim, Germany, 2006. Google ScholarDigital Library
- Y. Chiba. Java Heap Protection for Debugging Native Methods. Science of Computer Programming, 70(2--3):149--167, 2008. Google ScholarDigital Library
- D. J. Dimmich and C. L. Jacobsen. A Foreign Function Interface Generator for occam-pi. In Communicating Process Architectures 2005, pages 235--248, Amsterdam, The Netherlands, September 2005. IOS Press.Google Scholar
- M. Furr and J. S. Foster. Checking Type Safety of Foreign Function Calls. SIGPLAN Notices, 40(6):62--72, 2005. Google ScholarDigital Library
- L. Hellyer. Primitive write barrier support. http://jira.codehaus.org/browse/RVM-845.Google Scholar
- M. Hirzel and R. Grimm. Jeannie: Granting Java Native Interface Developers their Wishes. In Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications, pages 19--38, Montreal, Quebec, Canada, 2007. ACM. Google ScholarDigital Library
- G. Kondoh and T. Onodera. Finding Bugs in Java Native Interface Programs. In Proceedings of the 2008 international symposium on Software testing and analysis, pages 109--118, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- B. Lee, M. Hirzel, R. Grimm, and K. S. McKinley. Debug All Your Code: Portable Mixed-Environment Debugging. In Proceeding of the 24th ACM SIGPLAN conference on Object oriented programming systems languages and applications, pages 207--226, Orlando, Florida, USA, 2009. Google ScholarDigital Library
- B. Lee, B. Wiedermann, M. Hirzel, R. Grimm, and K. S. McKinley. Jinn: Synthesizing Dynamic Bug Detectors for Foreign Language Interfaces. In Proceedings of the 2010 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 36--49, Toronto, Ontario, Canada, 2010. Google ScholarDigital Library
- S. Li and G. Tan. Finding Bugs in Exceptional Situations of JNI programs. In Proceedings of the 16th ACM Conference on Computer and Communications Security, pages 442--452, Chicago, Illinois, USA, 2009. Google ScholarDigital Library
- S. Liang. Java Native Interface: Programmer's Guide and Reference. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 1999. Google ScholarDigital Library
- V. B. Lvin, G. Novark, E. D. Berger, and B. G. Zorn. Archipelago: Trading Address Space for Reliability and Security. In Proceedings of the 13th international conference on Architectural support for programming languages and operating systems, pages 115--124, Seattle, WA, USA, March 2008. Google ScholarDigital Library
- G. Novark, E. D. Berger, and B. G. Zorn. Exterminator: Automatically Correcting Memory Errors with High Probability. Communications of the ACM, 51(12):87--95, 2008. Google ScholarDigital Library
- Oracle Corp. Java Native Interface Specification. http://download.oracle.com/javase/6/docs/technotes/guides/jni/spec/jniTOC.html.Google Scholar
- Oracle Forums: HotSpot Internals. Exception Access Violation + JNI. http://forums.sun.com/thread.jspa?threadID=5349664.Google Scholar
- Oracle Forums: JNI. Win32: Heap Corruption Detected. http://forums.sun.com/thread.jspa?threadID=5419764.Google Scholar
- Oracle Forums: JVM. GCTaskThread Crashes Under Heavy Load. http://forums.sun.com/thread.jspa?threadID=5424728.Google Scholar
- Oracle Forums: JVM. Server JVM Crashing. http://forums.sun.com/thread.jspa?threadID=631588.Google Scholar
- V. J. Reddi, A. Settle, D. A. Connors, and R. S. Cohn. PIN: A Binary Instrumentation Tool for Computer Architecture Research and Education. In Proceedings of the 2004 workshop on Computer architecture education: held in conjunction with the 31st International Symposium on Computer Architecture, Munich, Germany, 2004. Google ScholarDigital Library
- J. Siefers, G. Tan, and G. Morrisett. Robusta: Taming the Native Beast of the JVM. In Proceedings of the 17th ACM conference on Computer and Communications Security, pages 201--211, Chicago, Illinois, USA, 2010. Google ScholarDigital Library
- Standard Performance Evaluation Corporation. SPECjbb2005. On-Line Documentation, 2005. http://www.spec.org/jbb2005.Google Scholar
- Sun Microsystems. Crash in Native Code. http://java.sun.com/javase/6/webnotes/trouble/TSG-VM/html/crashes.html.Google Scholar
- G. Tan, S. Chakradhar, R. Srivaths, and R. D. Wang. Safe Java Native Interface. In In Proceedings of the 2006 IEEE International Symposium on Secure Software Engineering, pages 97--106, 2006.Google Scholar
- G. Tan and J. Croft. An Empirical Security Study of the Native Code in the JDK. In Proceedings of the 17th conference on Security symposium, pages 365--377, Berkeley, CA, USA, 2008. USENIX Association. Google ScholarDigital Library
- G. Xu and A. Rountev. Precise Memory Leak Detection for Java Software using Container Profiling. In Proceedings of the 30th international conference on Software engineering, ICSE '08, pages 151--160, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
Index Terms
- Quarantine: a framework to mitigate memory errors in JNI applications
Recommendations
CHERI JNI: Sinking the Java Security Model into the C
Asplos'17Java provides security and robustness by building a high-level security model atop the foundation of memory protection. Unfortunately, any native code linked into a Java program -- including the million lines used to implement the standard library -- is ...
An efficient native function interface for Java
PPPJ '13: Proceedings of the 2013 International Conference on Principles and Practices of Programming on the Java Platform: Virtual Machines, Languages, and ToolsWe present an efficient and dynamic approach for calling native functions from within Java. Traditionally, programmers use the Java Native Interface (JNI) to call such functions. This paper introduces a new mechanism which we tailored specifically ...
JNICodejail: native code isolation for Java programs
PPPJ '13: Proceedings of the 2013 International Conference on Principles and Practices of Programming on the Java Platform: Virtual Machines, Languages, and ToolsThe Java Native Interface (JNI) allows Java programmers to inter-operate with code written in other languages like C and C++. One reason to use JNI is to get higher performance. Other reasons are to access low-level implementation features not available ...
Comments