Prashant lamba l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 22

Prashant Lamba PowerPoint PPT Presentation


  • 112 Views
  • Uploaded on
  • Presentation posted in: General

CMSC 838 Y Class Paper Presentation. Prashant Lamba. Mechanisms for Secure Modular Programming in JAVA. Lujo Bauer Andrew W Appel Edward W Felten. Theme of the Paper. To provide a new module system for java which improves deficiencies of the java package system.

Download Presentation

Prashant Lamba

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Prashant lamba l.jpg

CMSC 838 YClass Paper Presentation

Prashant Lamba


Mechanisms for secure modular programming in java l.jpg

Mechanisms for Secure Modular Programming in JAVA

Lujo Bauer

Andrew W Appel

Edward W Felten


Theme of the paper l.jpg

Theme of the Paper

  • To provide a new module system for java which improves deficiencies of the java package system.

  • To emphasize the need of modular systems rather than Object oriented software system.


Deficiencies in java package system l.jpg

Deficiencies in JAVA Package System

  • Limited ability for the control access to their member class.

  • No explicit interfaces

  • Don’t support multiple view of modules

  • Problems with dynamic linking


Solution to the problem l.jpg

Solution to the problem

  • ML-style hierarchical module system

    • provides Explicit interface

    • Multiple views of Module

  • More control over external modules with which the code is linked


Slide6 l.jpg

Module System

Source FilesModule description file

Export Membership Import

InterfaceList Statement


Slide7 l.jpg

Abstract class Codgen{

Frame frame;

Abstract Assem.InstrList Codgen(Tree.Stm stm)

}

Export Interface

Membership List

Import Interface

Access

AccessList

Codegen

Frame

Proc

Access.Java

AccessList.Java

Codgen.Java

Frame.Java

Proc.Java

Tree…/Tree/

Temp../Temp/

Assem../Assem/

Util../Util

Codegen.Java


Fixing java packages l.jpg

Fixing Java Packages

  • Export Interfaces

    • Explicit export interfaces

      • Java package system lacks this feature

  • Membership List

    • Deficiency of java package makes malicious code to be part of trusted application like application.


Fixing java packages10 l.jpg

Fixing Java Packages

Attack Scenario in Java Package System:

Package

Class1.Java

Class2.java

Class3.java

Class4.java

Malicious Code class.Java

Malicious Code class.Java


Slide11 l.jpg

Fixing Java Packages

  • Hierarchical Scalability and Multiple Interface

    • Multiple view of an module is possible.

    • Example

    • Module M can have V1 and V2 view with class access A,B,C and A,D respectively


Slide12 l.jpg

Module MO

Exporting A,B,C,and D

Multiple View of Module M0

Module M1

Importing M0.A,M0.B,M0.C

Module M2

Importing M0.A,M0.D


Fixing java packages13 l.jpg

Fixing Java Packages

Name-Space management

  • Java packages are named it merely lifts the problem to package level.

    Example:

    We can have clash between the two classes called Util.Parser


Slide14 l.jpg

Solution:

Module system assigns the names via

import statements.


Secure linking l.jpg

Secure Linking

  • Java uses Type checking mechanism for the secure dynamic linking

    • Problem:

      Type checking guarantees that programs and libraries at least agree on the types they are using.

  • Java uses code signature when a system must trust the behavior of a particular executable.

    • Problem:

      In this scheme also we don’t know about the

      properties of the code


Slide16 l.jpg

Solution:

  • We allow the programmer to require certain properties of the modules on which his code depends.

  • The properties our system supports are keywords about the behavior of his code.

  • It will cryptographically hash the < byte code, module description, property name>


Implementation l.jpg

Class Loader

Module Description File

Trf 3

Trf 2

JVM

Trf 1

Java

Complier

Java Source

Byte Code

Trf = Transform

Implementation


Execution in virtual machine l.jpg

Execution in Virtual Machine

  • Dynamic linking in JVM is managed by Class Loader.

  • A request to load a class is may be allowed by the digital signature of the class.

  • The Class loader of the system described uses module description file to set appropriate environment.


Slide20 l.jpg

  • Class Loader manipulation leads to security problems and Type system can be broken

    • New JVM have stricter namespace management policies.

      • Machine verifies the encoded name of the class(returned by load Class request) with which load class is invoked.


Slide21 l.jpg

Problem:

In our Module system identifiers for class names has

very little resemblance with the actual package names

they refer.

Solution:

Rewriting the byte code replacing the symbolic

name with actual name.


Future work l.jpg

Future Work

  • Support for the Refection API

  • Dynamic linking is an area that deserves more study.


  • Login