Quick links

Safe Heterogeneous Applications: Curing the Java Native Interface

Report ID:
TR-715-04
Date:
September 2004
Pages:
10
Download Formats:
[PDF]

Abstract:

The Java Native Interface (JNI) allows type-safe Java code to interact
with unsafe C code. When a type-safe language interacts with an unsafe
language in the same address space, the application becomes unsafe. We identify the loopholes specific to using JNI that would permit C code to bypass the
type safety of the JVM. We have designed a solution based on an extension
of CCured that makes calling native methods in C as type-safe as pure Java
code.

We have implemented a significant part of our solution and measured its
effect on performance. Porting a native C library (Zlib) into our system
requires only minimal changes to the C source code. The performance of
this library is faster than a pure Java reimplementation of the library
but slower than the original unsafe C version. During our experiments on
Zlib, our system identified one type unsafety in the interface code
between Zlib and Java. This insecurity can be exploited to crash, or gain
extra privileges in a large number of commercially deployed JVMs.

Follow us: Facebook Facebook