Abstract
Bytecode rewriting is a portable way of altering Java’s behavior by changing Java classes themselves as they are loaded. This mechanism allows us to modify the semantics of Java while making no changes to the Java virtual machine itself. While this gives us portability and power, there are numerous pitfalls, mostly stemming from the limitations imposed upon Java bytecode by the Java virtual machine. We reflect on our experience building three security systems with bytecode rewriting, presenting observations on where we succeeded and failed, as well as observing areas where future JVMs might present improved interfaces to Java bytecode rewriting systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Lindholm, T., Yellin, F.: The Java Virtual Machine Specification. Addison-Wesley, Reading, Massachusetts (1996)
Wallach, D.S., Felten, E.W., Appel, A.W.: The security architecture formerly known as stack inspection: A security mechanism for language-based systems. ACM Transactions on Software Engineering and Methodology 9 (2000) 341–378
Rudys, A., Wallach, D.S.: Termination in language-based systems. ACM Transactions on Information and System Security 5 (2002) 138–168
Rudys, A., Wallach, D.S.: Transactional rollback for language-based systems. In: Proceedings of the 2002 International Conference on Dependable Systems and Networks,Washington, DC (2002)
Pandey, R., Hashii, B.: Providing fine-grained access control for Java programs. In Guerraoui, R., ed.: 13th Conference on Object-Oriented Programming (ECOOP’99). Number 1628 in Lecture Notes in Computer Science, Lisbon, Portugal, Springer-Verlag (1999)
Erlingsson, U., Schneider, F.B.: IRM enforcement of Java stack inspection. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy, Berkeley, California (2000) 246–255
Chander, A., Mitchell, J.C., Shin, I.: Mobile code security by Java bytecode instrumentation. In: 2001DARPAInformation Survivability Conferenceamp;Exposition (DISCEX II),Anaheim, CA, USA (2001)
Hawblitzel, C., Chang, C.C., Czajkowski, G., Hu, D., von Eicken, T.: Implementing multiple protection domains in Java. In: USENIX Annual Technical Conference, New Orleans, Louisiana, USENIX (1998)
Binder, W.: Design and implementation of the J-SEAL2 mobile agent kernel. In: 2001 Symposium on Applications and the Internet, San Diego, CA, USA (2001)
Czajkowski, G., von Eicken, T.: JRes:A resource accounting interface for Java. In: Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications, Vancouver, British Columbia (1998) 21–35
Clausen, L.R.: A Java bytecode optimizer using side-effect analysis. Concurrency: Practice and Experience 9 (1997) 1031–1045
Nystrom, N.J.: Bytecode level analysis and optimization of Java classes. Master’s thesis, Purdue University (1998)
Cytron, R., Ferrante, J., Rosen, B.K., Wegman, M.N., Zadeck, F.K.: Efficiently computing static single assignment form and the control dependence graph. ACM Transactions on Programming Languages and Systems 13 (1991) 451–490
Lee, H.B., Zorn, B.G.: BIT:Atool for instrumenting java bytecodes. In: USENIX Symposium on Internet Technologies and Systems, Monterey, California, USA (1997)
Cohen, G., Chase, J., Kaminsky, D.: Automatic program transformation with JOIE. In: Proceedings of the 1998 Usenix Annual Technical Symposium, New Orleans, Louisiana (1998) 167–178
Vallée-Rai, R., Hendren, L., Sundaresan, V., Lam, P., Gagnon, E., Co, P: Soot-a Java bytecode optimization framework. In: Proceedings of CASCON 1999, Mississauga, Ontario, Canada (1999) 125–135
Sakamoto, T., Sekiguchi, T., Yonezawa, A.: Bytecode transformation for portable thread migration in Java. In: Proceedings of the Joint Symposium on Agent Systems and Applications / Mobile Agents (ASA/MA). (2000) 16–28
Marquez, A., Zigman, J.N., Blackburn, S.M.: A fast portable orthogonally persistent Java. Software: Practice and Experience Special Issue: Persistent Object Systems 30 (2000) 449–479
Welch, I., Stroud, R.: Kava-a reflective Java based on bytecode rewriting. In: Lecture Notes in Computer Science 1826. Springer-Verlag (2000)
Deutsch, P., Grant, C.A.: A flexible measurement tool for software systems. In: Information Processing 71: Proceedings of the IFIP Congress. Volume 1., Ljubljana,Yugoslavia (1971)
Gong, L.: Inside Java 2 Platform Security: Architecture, API Design, and Implementation. Addison-Wesley, Reading, Massachusetts (1999)
NaturalBridge, LLC: BulletTrain Java Compiler. (1998) http://www.naturalbridge.-com.
Gosling, J., Joy, B., Steele, G.: The Java Language Specification. Addison-Wesley, Reading, Massachusetts (1996)
Alpern, B., Attanasio, C.R., Barton, J.J., Burke, M.G., Cheng, P., Choi, J.D., Cocchi, A., Fink, S.J., Grove, D., Hind, M., Hummel, S.F., Lieber, D., Litvinov, V., Mergen, M.F., Ngo, T., Russell, J.R., Sarkar, V., Serrano, M.J., Shepherd, J.C., Smith, S.E., Sreedhar, V.C., Srinivasan, H., Whaley, J.: The Jalapeño virtual machine. IBM System Journal 39 (2000)
Price, D., Rudys, A., Wallach, D.S.: Garbage collector memory accounting in language-based systems. Technical Report TR02-407, Department of Computer Science, Rice University, Houston, TX (2002)
Blackburn, S.M., Singhai, S., Hertz, M., McKinley, K.S., Moss, J.E.B.: Pretenuring for Java. In: OOPSLA 2001: Conference on Object-Oriented Programming Systems, Languages, and Applications. Volume 36 of ACM SIGPLAN Notices., Tampa Bay, Florida (2001) 342–352
Dean, J., Grove, D., Chambers, C.: Optimization of object-oriented programs using static class hierarchy analysis. In: Proceedings of the European Conference on Object-Oriented Programming (ECOOP’ 95), Århus, Denmark (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rudys, A., Wallach, D.S. (2003). Enforcing Java Run-Time Properties Using Bytecode Rewriting. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds) Software Security — Theories and Systems. ISSS 2002. Lecture Notes in Computer Science, vol 2609. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36532-X_12
Download citation
DOI: https://doi.org/10.1007/3-540-36532-X_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00708-1
Online ISBN: 978-3-540-36532-7
eBook Packages: Springer Book Archive