Java Mobile Code Dynamic Verification by Bytecode Modification for Host Confidentiality
نویسندگان
چکیده
In this paper we present a novel dynamic verification approach to protect the local host confidentiality from malicious Java mobile code. In our approach we use Bytecode Modification to add the verification function to the Java mobile code’s class files before the local JVM executes them. Thus the verification work is done when the host JVM executes the modified class files. By this way our approach could achieve higher verification precision because the verification is done in runtime. Furthermore our approach can deal with the information flow in exception handling, which makes our approach more practicable.
منابع مشابه
Java Mobile Code Security by Bytecode Analysis
Since mobile code can migrate from a remote site to a host and can interact with the resources and facilities of the host, security becomes the key to the success of mobile code computation. Existing mobile code security mechanisms such as access control are not able to fully address the import security properties of the host including confidentiality and integrity. And these practices tend to ...
متن کاملProof Linking A Modular Verification Architecture for Mobile Code Systems
This dissertation presents a critical rethinking of the Java bytecode verification architecture from the perspective of a software engineer. In existing commercial implementations of the Java Virtual Machine, there is a tight coupling between the dynamic linking process and the bytecode verifier. This leads to delocalized and interleaving program plans, making the verifier difficult to maintain...
متن کاملMobile Code Security by Java Bytecode Instrumentation
Mobile code provides significant opportunities and risks. Java bytecode is used to provide executable content to web pages and is the basis for dynamic service configuration in the Jini framework. While the Java Virtual Machine includes a bytecode verifier that checks bytecode programs before execution, and a bytecode interpreter that performs run-time tests, mobile code may still behave in way...
متن کاملJava Bytecode Dependence Analysis for Secure Information Flow
Java programs can be transmitted and executed on another host in bytecode format, thus the sensitive information of the host may be leaked via these assembly-like programs. Information flow policy can ensure data confidentiality, however, conventional information flow analysis mainly focused on the programs written in high-level programming languages and is generally performed by type checking ...
متن کاملImproving the Java Virtual Machine Using Type-Separated Bytecode
Java Bytecode is currently the most used mobile code representation, although it contains some well-known major flaws. In the paper we introduce the principle operation of type-separated bytecode. Type-separated bytecode is a new intermediate representation that compensates some of the drawbacks introduced by Java Bytecode. In particular the use of type-separated bytecode can considerably speed...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- I. J. Network Security
دوره 7 شماره
صفحات -
تاریخ انتشار 2008