Repository logo
 

CHERI JNI: Sinking the Java security model into the C

cam.issuedOnline2017-04-04
dc.contributor.authorChisnall, DT
dc.contributor.authorDavis, B
dc.contributor.authorGudka, K
dc.contributor.authorBrazdil, D
dc.contributor.authorJoannou, A
dc.contributor.authorWoodruff, J
dc.contributor.authorMarkettos, AT
dc.contributor.authorMaste, JE
dc.contributor.authorNorton, R
dc.contributor.authorSon, S
dc.contributor.authorRoe, M
dc.contributor.authorMoore, SW
dc.contributor.authorNeumann, PG
dc.contributor.authorLaurie, B
dc.contributor.authorWatson, RNM
dc.contributor.orcidNorton-Wright, Robert [0000-0002-6095-6405]
dc.contributor.orcidMoore, Simon [0000-0002-2806-495X]
dc.date.accessioned2017-05-19T10:41:43Z
dc.date.available2017-05-19T10:41:43Z
dc.date.issued2017
dc.description.abstractJava provides security and robustness by building a high-level security model atop the foundation of memory protection. Unfortunately, any native code linked into a Java program – including the million lines used to implement the standard library – is able to bypass both the memory protection and the higher-level policies. We present a hardware-assisted implementation of the Java native code interface, which extends the guarantees required for Java’s security model to native code. Our design supports safe direct access to buffers owned by the JVM, including hardware-enforced read-only access where appropriate. We also present Java language syntax to declaratively describe isolated compartments for native code. We show that it is possible to preserve the memory safety and isolation requirements of the Java security model in C code, allowing native code to run in the same process as Java code with the same impact on security as running equivalent Java code. Our approach has a negligible impact on performance, compared with the existing unsafe native code interface. We demonstrate a prototype implementation running on the CHERI microprocessor synthesized in FPGA.
dc.description.sponsorshipThis work is part of the CTSRD and MRC2 projects sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C- 0237 and FA8750-11-C-0249. The views, opinions, and/or findings contained in this paper are those of the authors and should not be interpreted as representing the official views or policies, either expressed or implied, of the Department of Defense or the U.S. Government. We also acknowledge the EPSRC REMS Programme Grant [EP/K008528/1], the EPSRC Impact Acceleration Account [EP/K503757/1], Isaac Newton Trust, UK Higher Education Innovation Fund (HEIF), Thales E-Security, and Google, Inc.
dc.identifier.doi10.17863/CAM.9783
dc.identifier.eissn1558-1160
dc.identifier.isbn978-1-4503-4465-4
dc.identifier.issn1523-2867
dc.identifier.urihttps://www.repository.cam.ac.uk/handle/1810/264315
dc.language.isoeng
dc.publisherACM
dc.publisher.urlhttp://dx.doi.org/10.1145/3037697.3037725
dc.subject46 Information and Computing Sciences
dc.subject4604 Cybersecurity and Privacy
dc.titleCHERI JNI: Sinking the Java security model into the C
dc.typeConference Object
dcterms.dateAccepted2016-11-10
prism.endingPage583
prism.publicationNameProceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems
prism.startingPage569
pubs.conference-finish-date2017-04-12
pubs.conference-nameASPLOS 2017: 22nd ACM International Conference on Architectural Support for Programming Languages and Operating Systems
pubs.conference-start-date2017-04-08
pubs.funder-project-idEngineering and Physical Sciences Research Council (EP/K008528/1)
rioxxterms.licenseref.startdate2016-11-10
rioxxterms.licenseref.urihttp://www.rioxx.net/licenses/all-rights-reserved
rioxxterms.typeConference Paper/Proceeding/Abstract
rioxxterms.versionAM
rioxxterms.versionofrecord10.1145/3037697.3037725

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
cheri-jni.preprint.pdf
Size:
317.51 KB
Format:
Adobe Portable Document Format
Description:
Accepted version
Licence
http://www.rioxx.net/licenses/all-rights-reserved
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
DepositLicenceAgreement.pdf
Size:
417.78 KB
Format:
Adobe Portable Document Format