The java Native Interface (JNI) allows java programmers to inter-operate with code written in other languages like C and C++. One reason to use JNI is to get higher performance. Other reasons are to access low-level i...
详细信息
ISBN:
(纸本)9781450321112
The java Native Interface (JNI) allows java programmers to inter-operate with code written in other languages like C and C++. One reason to use JNI is to get higher performance. Other reasons are to access low-level implementation features not available in pure java and facilitate the reuse of existing code and libraries. However, the drawback is that native code can be used to compromise the security of the rest of java. In this paper, we propose JNICodejail, which sandboxes the native code used in JNI. JNICodejail ensures that the native code is unable to affect the rest of java (except what is allowed through JNI) and is confined only with the appropriate system privileges. However, native code is allowed to read memory outside its sandbox, thus, it is possible to share data which is read-only with the sandbox for improved efficiency. A recent alternative for sandboxing JNI native code is Arabica. We demonstrate that our JNICodejail prototype can have reasonable performance with respect to both normal un-sandboxed JNI execution and sandboxing with Arabica.
programminglanguages and techniques based on logic and constraints, such as the ConstraintHandling Rules (CHR), can support many common programming tasks that can be expressed in the form of a search for feasible or ...
详细信息
programminglanguages and techniques based on logic and constraints, such as the ConstraintHandling Rules (CHR), can support many common programming tasks that can be expressed in the form of a search for feasible or optimal solutions. Developing new constraint solvers using CHR is especially interesting in configuration management for large scale, distributed and dynamic cloud applications, where dynamic configuration and component selection is an integral part of the programming environment. Writing CHR-style constraint solvers in a domain-specific language which is a subset of java - instead of using a separate language layer - solves many integration, development cycle disruption, testing and debugging problems that discourage or make difficult the adoption of the CHR-based approach in the mainstream programming environments. Besides, the prototype implementation exposes awell-defined API that supports transactional store behavior, safe termination, and debugging via event notifications.
We present the JOANA (java Object-sensitive ANAlysis) framework for information flow control (IFC) of java programs. JOANA can analyze a given java program and guarantee the absence of security leaks, e.g. that a onli...
详细信息
Over the past 15 years the author has worked with numerous java® applications and has used a number of techniques to pinpoint issues with those applications. This paper describes a number of those techniques that...
详细信息
ISBN:
(纸本)9781629935836
Over the past 15 years the author has worked with numerous java® applications and has used a number of techniques to pinpoint issues with those applications. This paper describes a number of those techniques that the author has found to be most helpful. The paper includes such topics as solving memory issues and pinpointing problem areas.
The rapid adoption of non-java JVM languages is impressive: major international corporations are staking critical parts of their software infrastructure on components built from languages such as Scala and Clojure. Ho...
详细信息
This article presents the OCaml-java project whose goal is to allow compilation of OCaml sources into java bytecodes. The ability to run OCaml code on a java virtual machine provides the developer with means to levera...
详细信息
Most of the runtime failures of a software system can be revealed during test execution only, which has a very high cost. In java programs, runtime failures are manifested as unhandled runtime exceptions. In this pape...
详细信息
ISBN:
(纸本)9789633062289
Most of the runtime failures of a software system can be revealed during test execution only, which has a very high cost. In java programs, runtime failures are manifested as unhandled runtime exceptions. In this paper we present an approach and tool for detecting runtime exceptions in java programs without having to execute tests on the software. We use the symbolic execution technique to implement the approach. By executing the methods of the program symbolically we can determine those execution branches that throw exceptions. Our algorithm is able to generate concrete test inputs also that cause the program to fail in runtime. We used the Symbolic PathFinder extension of the java PathFinder as the symbolic execution engine. Besides small example codes we evaluated our algorithm on three open source systems: jEdit, ArgoUML, and log4j. We found multiple errors in the log4j system that were also reported as real bugs in its bug tracking system.
Checking for information leaks in real-world applications is a difficult task. IFlow is a model-driven approach which allows to develop information flow-secure applications using intuitive modeling guidelines. It supp...
详细信息
In this session, we introduce an application of javassist technology for commercial purposes. The java troubleshooting tool "ENdoSnipe", developed by Acroquest Technology, realizes noninvasive diagnosis look...
详细信息
暂无评论