research-article

Quarantine: a framework to mitigate memory errors in JNI applications

Authors:
Du Li

University of Nebraska-Lincoln, Lincoln, NE

University of Nebraska-Lincoln, Lincoln, NE
View Profile

,
Witawas Srisa-an

University of Nebraska-Lincoln, Lincoln, NE

University of Nebraska-Lincoln, Lincoln, NE
View Profile

PPPJ '11: Proceedings of the 9th International Conference on Principles and Practice of Programming in JavaAugust 2011Pages 1–10https://doi.org/10.1145/2093157.2093159

Published:24 August 2011Publication History

PPPJ '11: Proceedings of the 9th International Conference on Principles and Practice of Programming in Java

Pages 1–10

ABSTRACT

By using Java Native Interface (JNI), programmers can integrate Java programs with legacy applications or third-party libraries written in other languages (e.g., C, C++, and Pascal). However, the use of JNI can bypass the Java boundary checking and exception-handling mechanisms. Furthermore, its use can violate Java's type-safety feature because of the type-mismatches between native programs and Java programs. As a result, such integration can cause various security issues including heap errors that can be dangerous and difficult to detect.

In this paper, we introduce Quarantine, a runtime system that can identify objects accessible by native methods and then migrate these objects to a quarantine area, which is used specifically to host this type of object. The goal of Quarantine is to create a runtime platform that allows programmers to apply existing heap protection techniques that have been designed for native languages but do not work well in the Java domain. We implemented Quarantine in Jikes RVM and evaluated its performance using the optimizing compiler. Our results using nine benchmark programs indicate that Quarantine, on average, incurs execution overhead of 14% and 13% when the heap is two and five times larger than the minimum heap requirement for an application, respectively.

References

E. D. Berger and B. G. Zorn. DieHard: Probabilistic Memory Safety for Unsafe Languages. In Proceedings of the 2006 ACM SIGPLAN Conference on Programming language design and implementation, pages 158--168, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
S. M. Blackburn, P. Cheng, and K. S. McKinley. Oil and Water? High Performance Garbage Collection in Java with MMTk. In Proceedings of the 26th International Conference on Software Engineering (ICSE), pages 137--146, Scotland, UK, May 2004. Google ScholarDigital Library
S. M. Blackburn, R. Garner, C. Hoffmann, A. M. Khang, K. S. McKinley, R. Bentzur, A. Diwan, D. Feinberg, D. Frampton, S. Z. Guyer, M. Hirzel, A. Hosking, M. Jump, H. Lee, J. Eliot, B. Moss, A. Phansalkar, D. Stefanović, T. VanDrunen, D. von Dincklage, and B. Wiedermann. The DaCapo Benchmarks: Java Benchmarking Development and Analysis. In Proceedings of the ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications, pages 169--190, Portland, Oregon, USA, 2006. Google ScholarDigital Library
S. M. Blackburn and A. L. Hosking. Barriers: Friend or Foe? In Proceedings of the 4th ACM International Symposium on Memory Management, pages 143--151, Vancouver, BC, Canada, 2004. Google ScholarDigital Library
Y. Chiba. Heap protection for Java Virtual Machines. In Proceedings of the 4th International Symposium on Principles and Practice of Programming in Java, pages 103--112, Mannheim, Germany, 2006. Google ScholarDigital Library
Y. Chiba. Java Heap Protection for Debugging Native Methods. Science of Computer Programming, 70(2--3):149--167, 2008. Google ScholarDigital Library
D. J. Dimmich and C. L. Jacobsen. A Foreign Function Interface Generator for occam-pi. In Communicating Process Architectures 2005, pages 235--248, Amsterdam, The Netherlands, September 2005. IOS Press.Google Scholar
M. Furr and J. S. Foster. Checking Type Safety of Foreign Function Calls. SIGPLAN Notices, 40(6):62--72, 2005. Google ScholarDigital Library
L. Hellyer. Primitive write barrier support. http://jira.codehaus.org/browse/RVM-845.Google Scholar
M. Hirzel and R. Grimm. Jeannie: Granting Java Native Interface Developers their Wishes. In Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications, pages 19--38, Montreal, Quebec, Canada, 2007. ACM. Google ScholarDigital Library
G. Kondoh and T. Onodera. Finding Bugs in Java Native Interface Programs. In Proceedings of the 2008 international symposium on Software testing and analysis, pages 109--118, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
B. Lee, M. Hirzel, R. Grimm, and K. S. McKinley. Debug All Your Code: Portable Mixed-Environment Debugging. In Proceeding of the 24th ACM SIGPLAN conference on Object oriented programming systems languages and applications, pages 207--226, Orlando, Florida, USA, 2009. Google ScholarDigital Library
B. Lee, B. Wiedermann, M. Hirzel, R. Grimm, and K. S. McKinley. Jinn: Synthesizing Dynamic Bug Detectors for Foreign Language Interfaces. In Proceedings of the 2010 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 36--49, Toronto, Ontario, Canada, 2010. Google ScholarDigital Library
S. Li and G. Tan. Finding Bugs in Exceptional Situations of JNI programs. In Proceedings of the 16th ACM Conference on Computer and Communications Security, pages 442--452, Chicago, Illinois, USA, 2009. Google ScholarDigital Library
S. Liang. Java Native Interface: Programmer's Guide and Reference. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 1999. Google ScholarDigital Library
V. B. Lvin, G. Novark, E. D. Berger, and B. G. Zorn. Archipelago: Trading Address Space for Reliability and Security. In Proceedings of the 13th international conference on Architectural support for programming languages and operating systems, pages 115--124, Seattle, WA, USA, March 2008. Google ScholarDigital Library
G. Novark, E. D. Berger, and B. G. Zorn. Exterminator: Automatically Correcting Memory Errors with High Probability. Communications of the ACM, 51(12):87--95, 2008. Google ScholarDigital Library
Oracle Corp. Java Native Interface Specification. http://download.oracle.com/javase/6/docs/technotes/guides/jni/spec/jniTOC.html.Google Scholar
Oracle Forums: HotSpot Internals. Exception Access Violation + JNI. http://forums.sun.com/thread.jspa?threadID=5349664.Google Scholar
Oracle Forums: JNI. Win32: Heap Corruption Detected. http://forums.sun.com/thread.jspa?threadID=5419764.Google Scholar
Oracle Forums: JVM. GCTaskThread Crashes Under Heavy Load. http://forums.sun.com/thread.jspa?threadID=5424728.Google Scholar
Oracle Forums: JVM. Server JVM Crashing. http://forums.sun.com/thread.jspa?threadID=631588.Google Scholar
V. J. Reddi, A. Settle, D. A. Connors, and R. S. Cohn. PIN: A Binary Instrumentation Tool for Computer Architecture Research and Education. In Proceedings of the 2004 workshop on Computer architecture education: held in conjunction with the 31st International Symposium on Computer Architecture, Munich, Germany, 2004. Google ScholarDigital Library
J. Siefers, G. Tan, and G. Morrisett. Robusta: Taming the Native Beast of the JVM. In Proceedings of the 17th ACM conference on Computer and Communications Security, pages 201--211, Chicago, Illinois, USA, 2010. Google ScholarDigital Library
Standard Performance Evaluation Corporation. SPECjbb2005. On-Line Documentation, 2005. http://www.spec.org/jbb2005.Google Scholar
Sun Microsystems. Crash in Native Code. http://java.sun.com/javase/6/webnotes/trouble/TSG-VM/html/crashes.html.Google Scholar
G. Tan, S. Chakradhar, R. Srivaths, and R. D. Wang. Safe Java Native Interface. In In Proceedings of the 2006 IEEE International Symposium on Secure Software Engineering, pages 97--106, 2006.Google Scholar
G. Tan and J. Croft. An Empirical Security Study of the Native Code in the JDK. In Proceedings of the 17th conference on Security symposium, pages 365--377, Berkeley, CA, USA, 2008. USENIX Association. Google ScholarDigital Library
G. Xu and A. Rountev. Precise Memory Leak Detection for Java Software using Container Profiling. In Proceedings of the 30th international conference on Software engineering, ICSE '08, pages 151--160, New York, NY, USA, 2008. ACM. Google ScholarDigital Library

Index Terms

Quarantine: a framework to mitigate memory errors in JNI applications
1. Software and its engineering
  1. Software organization and properties
    1. Contextual software domains
      1. Operating systems
        Memory management
        Garbage collection

Recommendations

CHERI JNI: Sinking the Java Security Model into the C
Asplos'17

Java provides security and robustness by building a high-level security model atop the foundation of memory protection. Unfortunately, any native code linked into a Java program -- including the million lines used to implement the standard library -- is ...
Read More
An efficient native function interface for Java
PPPJ '13: Proceedings of the 2013 International Conference on Principles and Practices of Programming on the Java Platform: Virtual Machines, Languages, and Tools

We present an efficient and dynamic approach for calling native functions from within Java. Traditionally, programmers use the Java Native Interface (JNI) to call such functions. This paper introduces a new mechanism which we tailored specifically ...
Read More
JNICodejail: native code isolation for Java programs
PPPJ '13: Proceedings of the 2013 International Conference on Principles and Practices of Programming on the Java Platform: Virtual Machines, Languages, and Tools

The Java Native Interface (JNI) allows Java programmers to inter-operate with code written in other languages like C and C++. One reason to use JNI is to get higher performance. Other reasons are to access low-level implementation features not available ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
PPPJ '11: Proceedings of the 9th International Conference on Principles and Practice of Programming in Java
August 2011
186 pages
ISBN:9781450309356
DOI:10.1145/2093157
Conference Chairs:
Christian W. Probst
Technical University of Denmark
,
Christian Wimmer
Oracle Labs
Copyright © 2011 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 24 August 2011
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
JNI
Java
heap protection
virtual machine
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate29of58submissions,50%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 6
  Total Citations
  View Citations
- 193
  Total Downloads
- Downloads (Last 12 months)5
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Quarantine: a framework to mitigate memory errors in JNI applications

PPPJ '11: Proceedings of the 9th International Conference on Principles and Practice of Programming in Java

ABSTRACT

References

Cited By

Index Terms

Recommendations

CHERI JNI: Sinking the Java Security Model into the C

An efficient native function interface for Java

JNICodejail: native code isolation for Java programs