Skip to main content
SpringerLink
Log in

J-Kernel: A Capability-Based Operating System for Java

  • Chapter
Book cover Secure Internet Programming

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1603))

Abstract

Safe language technology can be used for protection within a single address space. This protection is enforced by the language’s type system, which ensures that references to objects cannot be forged. A safe language alone, however, lacks many features taken for granted in more traditional operating systems, such as rights revocation, thread protection, resource management, and support for domain termination. This paper describes the J-Kernel, a portable Java-based protection system that addresses these issues. J-Kernel protection domains can communicate through revocable capabilities, but are prevented from directly sharing unrevocable object references. A number of micro-benchmarks characterize the costs of language-based protection, and an extensible web and telephony server based on the J-Kernel demonstrates the use of language-based protection in a large application.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. G. Back, P. Tullmann, L. Stoller, W. C. Hsieh, J. Lepreau. Java Operating Systems: Design and Implementation. Technical Report UUCS-98-015, Department of Computer Science, University of Utah, August, 1998.

    Google Scholar 

  2. D. Balfanz, and Gong, L. Experience with Secure Multi-Processing in Java. Technical Report 560-97, Department of Computer Science, Princeton University, September, 1997.

    Google Scholar 

  3. B. Bershad, S. Savage, P. Pardyak, E. Sirer, M. Fiuczynski, D. Becker, S. Eggers, and C. Chambers. Extensibility, Safety and Performance in the SPIN Operating System. 15th ACM Symposium on Operating Systems Principles, p.267–284, Copper Mountain, CO, December 1995.

    Google Scholar 

  4. B. Bershad, T. Anderson, E. Lazowska, and H. Levy. Lightweight Remote Procedure Call. 12th ACM Symposium on Operating Systems Principles, p. 102–113, Lichtfield Park, AZ, December 1989.

    Google Scholar 

  5. R. S. Boyer, and Y. Yu. Automated proofs of object code for a widely used microprocessor. J. ACM 43(1), p. 166–192, January 1996.

    Article  MATH  MathSciNet  Google Scholar 

  6. J. Chase, H. Levy, E. Lazowska, and M. Baker-Harvey. Lightweight Shared Objects in a 64-Bit Operating System. ACM Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), October 1992.

    Google Scholar 

  7. G. Czajkowski and T. von Eicken. JRes: A Resource Accounting Interface for Java. To appeax in proceedings of the 1998 Conference on Object-Oriented Programming Languages, Systems, and Applications.

    Google Scholar 

  8. Electric Communities. The E White Paper. http://www.communities.eom/products/tools/e.

  9. R. Engler, M. Kaashoek, and J. James O’Toole. Exokernel: An Operating System. Architecture for Application-Level Resource Management. 15th ACM Symposium on Operating Systems Principles, p. 251266, Copper Mountain, CO, December 1995.

    Google Scholar 

  10. B. Ford, G. Back, G. Benson, J. Lepreau, A. Lin, and O. Shivers. The Fluke OSKit: A substrate for OS and language research. In Proc. Of the 16th SOSP, pp. 38–51, St. Malo, France, October 1997.

    Google Scholar 

  11. General Magic. Odyssey. http://www.genmagic.com/agents.

  12. L. Gong, and Schemers, R. Implementing Protection Domains in the Java Development Kit 1.2. Internet Society Symposium on Network and Distributed System Security, San Diego, CA, March 1998.

    Google Scholar 

  13. J. Gosling, B. Joy, and G. Steele. The Java language specification. Addison-Wesley, 1996.

    Google Scholar 

  14. D. Hagimont, and L. Ismail. A Protection Scheme for Mobile Agents on Java. 3rd Annual ACM/IEEE Int’l Conference on Mobile Computing and Networking, Budapest, Hungary, September 2630, 1997.

    Google Scholar 

  15. H. Haertig, et. al. The Performance of μ-Kernel-Based Systems. 16th ACM Symposium on Operating Systems Principles, p. 6677, Saint-Malo, France, October 1997.

    Google Scholar 

  16. C. Hawblitzel, C. C. Chang, G. Czajkowski, D. Hu, and T. von Eicken. Implementing Multiple Protection Domains in Java. 1998 USENIX Annual Technical Conference, p. 259–270, New Orleans, LA, June 1998.

    Google Scholar 

  17. G. Heiser, et. al. Implementation and Performance of the Mungi Single-Address-Space Operating System. Technical Report UNSW-CSE-TR-9704, Univeristy of New South Wales, Sydney, Australia, June 1997.

    Google Scholar 

  18. JavaSoft. Java Telephony API. http://java.sun.com/products/jtapi/index.html.

  19. JavaSoft. Remote Method Invocation Specification. http://java.sun.com.

  20. JavaSoft. New Security Model for JDK1.2. http://java.sun.com

  21. JavaSoft. Java Servlet API. http://java.sun.com.

  22. A. K. Jones and W. A. Wulf. Towards the Design of Secure Systems. Software Practice and Experience, Volume 5, Number 4, p. 321336, 1975.

    Article  Google Scholar 

  23. H. M. Levy. Capability-Based Computer Systems. Digital Press, Bedford, Massachusetts, 1984.

    Google Scholar 

  24. J. Liedtke, et. al. Achieved IPC Performance. 6th Workshop on Hot Topics in Operating Systems, Chatham, MA, May.

    Google Scholar 

  25. Microsoft Corporation. Microsoft Security Management Architecture White Paper. http://www.microsoft.com/ie/ security.

  26. G. Morrisett, D. Walker, K. Crary, and N. Glew. From System F to Typed Assembly Language. 25th ACM Symposium on Principles of Programming Languages. San Diego, CA, January 1998.

    Google Scholar 

  27. G. Necula and P. Lee. Safe Kernel Extensions Without Run-Time Checking. 2nd USENIX Symposium on Operating Systems Design and Implementation, p. 229243, Seattle, WA, October 1996.

    Google Scholar 

  28. G. Necula. Proof-carrying code. 24th ACM Symposium on Principles of Programming Languages, p. 106119, Paris, 1997.

    Google Scholar 

  29. Netscape Corporation. Java Capabilities API. http://www.netscape.com.

  30. Rashid, R. Threads of a New System. Unix Review, p. 3749, August 1986.

    Google Scholar 

  31. D. D. Redell. Naming and Protection in Extendible Operating Systems. Technical Report 140, Project MAC, MIT 1974.

    Google Scholar 

  32. Z. Shao. Typed Common Intermediate Format. 1997 USENIX Conference on Domain-Specific Languages, Santa Barbara, California, October 1997.

    Google Scholar 

  33. J. S. Shapiro, D. J. Farber, and J. M. Smith. The Measured Performance of a Fast Local IPC. 5th Int’l Workshop on Object-Orientation in Operating Systems, Seattle, WA. 1996

    Google Scholar 

  34. R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient Software-Based Fault Isolation. 14th ACM Symposium on Operating Systems Principles, p. 203216, Asheville, NC, December 1993.

    Google Scholar 

  35. D. S. Wallach, D. Balfanz, D. Dean, and E. W. Felten. Extensible Security Architectures for Java. 16th ACM Symposium on Operating Systems Principles, p. 116128, Saint-Malo, France, October 1997.

    Google Scholar 

  36. W. A. Wulf, R. Levin, and S.P. Harbison. Hydra/C. mmp: An Experimental Computer System, McGraw-Hill, New York, NY, 1981.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Cornell University, Ithaca, NY, 14850, USA

    Thorsten von Eicken, Chi-Chao Chang, Grzegorz Czajkowski, Chris Hawblitzel, Deyu Hu & Dan Spoonhower

Authors
  1. Thorsten von Eicken
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chi-Chao Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Grzegorz Czajkowski
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chris Hawblitzel
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Deyu Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Dan Spoonhower
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Object Systems Group, University of Geneva, CH-1211, Geneva 4, Switzerland

    Jan Vitek

  2. Department of Computer Science, O’Reilly Institute, Trinity College Dublin, Dublin 2, Ireland

    Christian D. Jensen

Rights and permissions

Reprints and permissions

Copyright information

© 1999 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

von Eicken, T., Chang, CC., Czajkowski, G., Hawblitzel, C., Hu, D., Spoonhower, D. (1999). J-Kernel: A Capability-Based Operating System for Java. In: Vitek, J., Jensen, C.D. (eds) Secure Internet Programming. Lecture Notes in Computer Science, vol 1603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48749-2_17

Download citation

  • DOI: https://doi.org/10.1007/3-540-48749-2_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-66130-6

  • Online ISBN: 978-3-540-48749-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation