1 / 22

Prashant Lamba

CMSC 838 Y Class Paper Presentation. Prashant Lamba. Mechanisms for Secure Modular Programming in JAVA. Lujo Bauer Andrew W Appel Edward W Felten. Theme of the Paper. To provide a new module system for java which improves deficiencies of the java package system.

jerrick
Télécharger la présentation

Prashant Lamba

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CMSC 838 YClass Paper Presentation Prashant Lamba

  2. Mechanisms for Secure Modular Programming in JAVA Lujo Bauer Andrew W Appel Edward W Felten

  3. Theme of the Paper • To provide a new module system for java which improves deficiencies of the java package system. • To emphasize the need of modular systems rather than Object oriented software system.

  4. Deficiencies in JAVA Package System • Limited ability for the control access to their member class. • No explicit interfaces • Don’t support multiple view of modules • Problems with dynamic linking

  5. Solution to the problem • ML-style hierarchical module system • provides Explicit interface • Multiple views of Module • More control over external modules with which the code is linked

  6. Module System Source FilesModule description file Export Membership Import Interface List Statement

  7. Abstract class Codgen{ Frame frame; Abstract Assem.InstrList Codgen(Tree.Stm stm) } Export Interface Membership List Import Interface Access AccessList Codegen Frame Proc Access.Java AccessList.Java Codgen.Java Frame.Java Proc.Java Tree…/Tree/ Temp../Temp/ Assem../Assem/ Util../Util Codegen.Java

  8. Fixing Java Packages • Export Interfaces • Explicit export interfaces • Java package system lacks this feature • Membership List • Deficiency of java package makes malicious code to be part of trusted application like application.

  9. Fixing Java Packages Attack Scenario in Java Package System: Package Class1.Java Class2.java Class3.java Class4.java Malicious Code class.Java Malicious Code class.Java

  10. Fixing Java Packages • Hierarchical Scalability and Multiple Interface • Multiple view of an module is possible. • Example • Module M can have V1 and V2 view with class access A,B,C and A,D respectively

  11. Module MO Exporting A,B,C,and D Multiple View of Module M0 Module M1 Importing M0.A,M0.B,M0.C Module M2 Importing M0.A,M0.D

  12. Fixing Java Packages Name-Space management • Java packages are named it merely lifts the problem to package level. Example: We can have clash between the two classes called Util.Parser

  13. Solution: Module system assigns the names via import statements.

  14. Secure Linking • Java uses Type checking mechanism for the secure dynamic linking • Problem: Type checking guarantees that programs and libraries at least agree on the types they are using. • Java uses code signature when a system must trust the behavior of a particular executable. • Problem: In this scheme also we don’t know about the properties of the code

  15. Solution: • We allow the programmer to require certain properties of the modules on which his code depends. • The properties our system supports are keywords about the behavior of his code. • It will cryptographically hash the < byte code, module description, property name>

  16. Class Loader Module Description File Trf 3 Trf 2 JVM Trf 1 Java Complier Java Source Byte Code Trf = Transform Implementation

  17. Execution in Virtual Machine • Dynamic linking in JVM is managed by Class Loader. • A request to load a class is may be allowed by the digital signature of the class. • The Class loader of the system described uses module description file to set appropriate environment.

  18. Class Loader manipulation leads to security problems and Type system can be broken • New JVM have stricter namespace management policies. • Machine verifies the encoded name of the class(returned by load Class request) with which load class is invoked.

  19. Problem: In our Module system identifiers for class names has very little resemblance with the actual package names they refer. Solution: Rewriting the byte code replacing the symbolic name with actual name.

  20. Future Work • Support for the Refection API • Dynamic linking is an area that deserves more study.

More Related