Enforcing Java Run-Time Properties Using Bytecode Rewriting

  • Algis Rudys
  • Dan S. Wallach
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2609)


Bytecode rewriting is a portable way of altering Java’s behavior by changing Java classes themselves as they are loaded. This mechanism allows us to modify the semantics of Java while making no changes to the Java virtual machine itself. While this gives us portability and power, there are numerous pitfalls, mostly stemming from the limitations imposed upon Java bytecode by the Java virtual machine. We reflect on our experience building three security systems with bytecode rewriting, presenting observations on where we succeeded and failed, as well as observing areas where future JVMs might present improved interfaces to Java bytecode rewriting systems.


Java Virtual Machine Java Classis Method Invocation Garbage Collector Open World 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Lindholm, T., Yellin, F.: The Java Virtual Machine Specification. Addison-Wesley, Reading, Massachusetts (1996)Google Scholar
  2. 2.
    Wallach, D.S., Felten, E.W., Appel, A.W.: The security architecture formerly known as stack inspection: A security mechanism for language-based systems. ACM Transactions on Software Engineering and Methodology 9 (2000) 341–378CrossRefGoogle Scholar
  3. 3.
    Rudys, A., Wallach, D.S.: Termination in language-based systems. ACM Transactions on Information and System Security 5 (2002) 138–168CrossRefGoogle Scholar
  4. 4.
    Rudys, A., Wallach, D.S.: Transactional rollback for language-based systems. In: Proceedings of the 2002 International Conference on Dependable Systems and Networks,Washington, DC (2002)Google Scholar
  5. 5.
    Pandey, R., Hashii, B.: Providing fine-grained access control for Java programs. In Guerraoui, R., ed.: 13th Conference on Object-Oriented Programming (ECOOP’99). Number 1628 in Lecture Notes in Computer Science, Lisbon, Portugal, Springer-Verlag (1999)Google Scholar
  6. 6.
    Erlingsson, U., Schneider, F.B.: IRM enforcement of Java stack inspection. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy, Berkeley, California (2000) 246–255Google Scholar
  7. 7.
    Chander, A., Mitchell, J.C., Shin, I.: Mobile code security by Java bytecode instrumentation. In: 2001DARPAInformation Survivability Conferenceamp;Exposition (DISCEX II),Anaheim, CA, USA (2001)Google Scholar
  8. 8.
    Hawblitzel, C., Chang, C.C., Czajkowski, G., Hu, D., von Eicken, T.: Implementing multiple protection domains in Java. In: USENIX Annual Technical Conference, New Orleans, Louisiana, USENIX (1998)Google Scholar
  9. 9.
    Binder, W.: Design and implementation of the J-SEAL2 mobile agent kernel. In: 2001 Symposium on Applications and the Internet, San Diego, CA, USA (2001)Google Scholar
  10. 10.
    Czajkowski, G., von Eicken, T.: JRes:A resource accounting interface for Java. In: Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, Vancouver, British Columbia (1998) 21–35Google Scholar
  11. 11.
    Clausen, L.R.: A Java bytecode optimizer using side-effect analysis. Concurrency: Practice and Experience 9 (1997) 1031–1045CrossRefGoogle Scholar
  12. 12.
    Nystrom, N.J.: Bytecode level analysis and optimization of Java classes. Master’s thesis, Purdue University (1998)Google Scholar
  13. 13.
    Cytron, R., Ferrante, J., Rosen, B.K., Wegman, M.N., Zadeck, F.K.: Efficiently computing static single assignment form and the control dependence graph. ACM Transactions on Programming Languages and Systems 13 (1991) 451–490CrossRefGoogle Scholar
  14. 14.
    Lee, H.B., Zorn, B.G.: BIT:Atool for instrumenting java bytecodes. In: USENIX Symposium on Internet Technologies and Systems, Monterey, California, USA (1997)Google Scholar
  15. 15.
    Cohen, G., Chase, J., Kaminsky, D.: Automatic program transformation with JOIE. In: Proceedings of the 1998 Usenix Annual Technical Symposium, New Orleans, Louisiana (1998) 167–178Google Scholar
  16. 16.
    Vallée-Rai, R., Hendren, L., Sundaresan, V., Lam, P., Gagnon, E., Co, P: Soot-a Java bytecode optimization framework. In: Proceedings of CASCON 1999, Mississauga, Ontario, Canada (1999) 125–135Google Scholar
  17. 17.
    Sakamoto, T., Sekiguchi, T., Yonezawa, A.: Bytecode transformation for portable thread migration in Java. In: Proceedings of the Joint Symposium on Agent Systems and Applications / Mobile Agents (ASA/MA). (2000) 16–28Google Scholar
  18. 18.
    Marquez, A., Zigman, J.N., Blackburn, S.M.: A fast portable orthogonally persistent Java. Software: Practice and Experience Special Issue: Persistent Object Systems 30 (2000) 449–479zbMATHGoogle Scholar
  19. 19.
    Welch, I., Stroud, R.: Kava-a reflective Java based on bytecode rewriting. In: Lecture Notes in Computer Science 1826. Springer-Verlag (2000)Google Scholar
  20. 20.
    Deutsch, P., Grant, C.A.: A flexible measurement tool for software systems. In: Information Processing 71: Proceedings of the IFIP Congress. Volume 1., Ljubljana,Yugoslavia (1971)Google Scholar
  21. 21.
    Gong, L.: Inside Java 2 Platform Security: Architecture, API Design, and Implementation. Addison-Wesley, Reading, Massachusetts (1999)Google Scholar
  22. 22.
    NaturalBridge, LLC: BulletTrain Java Compiler. (1998) http://www.naturalbridge.-com.
  23. 23.
    Gosling, J., Joy, B., Steele, G.: The Java Language Specification. Addison-Wesley, Reading, Massachusetts (1996)zbMATHGoogle Scholar
  24. 24.
    Alpern, B., Attanasio, C.R., Barton, J.J., Burke, M.G., Cheng, P., Choi, J.D., Cocchi, A., Fink, S.J., Grove, D., Hind, M., Hummel, S.F., Lieber, D., Litvinov, V., Mergen, M.F., Ngo, T., Russell, J.R., Sarkar, V., Serrano, M.J., Shepherd, J.C., Smith, S.E., Sreedhar, V.C., Srinivasan, H., Whaley, J.: The Jalapeño virtual machine. IBM System Journal 39 (2000)Google Scholar
  25. 25.
    Price, D., Rudys, A., Wallach, D.S.: Garbage collector memory accounting in language-based systems. Technical Report TR02-407, Department of Computer Science, Rice University, Houston, TX (2002)Google Scholar
  26. 26.
    Blackburn, S.M., Singhai, S., Hertz, M., McKinley, K.S., Moss, J.E.B.: Pretenuring for Java. In: OOPSLA 2001: Conference on Object-Oriented Programming Systems, Languages, and Applications. Volume 36 of ACM SIGPLAN Notices., Tampa Bay, Florida (2001) 342–352Google Scholar
  27. 27.
    Dean, J., Grove, D., Chambers, C.: Optimization of object-oriented programs using static class hierarchy analysis. In: Proceedings of the European Conference on Object-Oriented Programming (ECOOP’ 95), Århus, Denmark (1995)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Algis Rudys
    • 1
  • Dan S. Wallach
    • 1
  1. 1.Rice UniversityHoustonUSA

Personalised recommendations