Safe Heterogeneous Applications: Curing the Java Native Interface

Abstract:

The Java Native Interface (JNI) allows type-safe Java code to interact
with unsafe C code. When a type-safe language interacts with an unsafe
language in the same address space, the application becomes unsafe. We identify the loopholes specific to using JNI that would permit C code to bypass the
type safety of the JVM. We have designed a solution based on an extension
of CCured that makes calling native methods in C as type-safe as pure Java
code.

We have implemented a significant part of our solution and measured its
effect on performance. Porting a native C library (Zlib) into our system
requires only minimal changes to the C source code. The performance of
this library is faster than a pure Java reimplementation of the library
but slower than the original unsafe C version. During our experiments on
Zlib, our system identified one type unsafety in the interface code
between Zlib and Java. This insecurity can be exploited to crash, or gain
extra privileges in a large number of commercially deployed JVMs.