CHERI JNI: Sinking the Java security model into the C
D Chisnall, B Davis, K Gudka, D Brazdil… - ACM SIGARCH …, 2017 - dl.acm.org
ACM SIGARCH Computer Architecture News, 2017•dl.acm.org
Java provides security and robustness by building a high-level security model atop the
foundation of memory protection. Unfortunately, any native code linked into a Java program--
including the million lines used to implement the standard library--is able to bypass both the
memory protection and the higher-level policies. We present a hardware-assisted
implementation of the Java native code interface, which extends the guarantees required for
Java's security model to native code. Our design supports safe direct access to buffers …
foundation of memory protection. Unfortunately, any native code linked into a Java program--
including the million lines used to implement the standard library--is able to bypass both the
memory protection and the higher-level policies. We present a hardware-assisted
implementation of the Java native code interface, which extends the guarantees required for
Java's security model to native code. Our design supports safe direct access to buffers …
Java provides security and robustness by building a high-level security model atop the foundation of memory protection. Unfortunately, any native code linked into a Java program -- including the million lines used to implement the standard library -- is able to bypass both the memory protection and the higher-level policies. We present a hardware-assisted implementation of the Java native code interface, which extends the guarantees required for Java's security model to native code.
Our design supports safe direct access to buffers owned by the JVM, including hardware-enforced read-only access where appropriate. We also present Java language syntax to declaratively describe isolated compartments for native code.
We show that it is possible to preserve the memory safety and isolation requirements of the Java security model in C code, allowing native code to run in the same process as Java code with the same impact on security as running equivalent Java code. Our approach has a negligible impact on performance, compared with the existing unsafe native code interface. We demonstrate a prototype implementation running on the CHERI microprocessor synthesized in FPGA.
ACM Digital Library
以上显示的是最相近的搜索结果。 查看全部搜索结果