Presentation is loading. Please wait.

Presentation is loading. Please wait.

KVM Class File Verification On Board Verification of Untrusted Classes.

Published byKatelin Hulett Modified over 9 years ago

Similar presentations

Presentation on theme: "KVM Class File Verification On Board Verification of Untrusted Classes."— Presentation transcript:

1 KVM Class File Verification On Board Verification of Untrusted Classes

2 So no RMI, and no JINI, J2EE, or other RMI based technologies. No sharing of applications among friends No discovery and use of network services which require downloading classes to the client No Mechanism for establishing trustworthiness of classes obtained from untrusted sources

3 Loaded Classes The KVM does minimal verification Loads class file into class data structure Verifies symbolic references Does some checking of byte code Relies on an offline preverifier to check classes before they are put on the device KVM Trusted Classes Class Loader

4 Preverifier Performs the majority of class verification Taken directly from the Sun JVM source code and converted to a standalone program

5 Our Plans

6 On Board Verification Only classes from untrusted sources will need the extra verification All other classes will be managed as they are currently Loaded Classes KVM Trusted Classes Class loader verifier Untrusted classes

7 On Board Verification We will move the preverifier into the KVM for use as a verifier Once a foreign class has been run though it, it is fed to the existing mechanism just like any other class Loaded Classes KVM Trusted Classes Class loader verifier Untrusted classes

8 The preverifier is not optimized for memory savings We will optimize our verifier’s memory usage as much as possible We will use simple measurement tools to determine memory savings We will use a set of test classes to verify that behavior doesn’t change

9 KVM has no mechanism for loading foreign classes We will implement a very simple mechanism in VmExtra In addition to the class path, the desktop version will read from a separate foreign class path Any classes loaded from the foreign class path are subject to verification

10 Things To Do Testing and measurement tools Integrate preverifier with KVM Optimize verifier Add foreign class path to VmExtra Select verification by class source Deliver fully functional and optimized application

Download ppt "KVM Class File Verification On Board Verification of Untrusted Classes."

Similar presentations

Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.

Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Java Applet Security Diana Dong CS 265 Spring 2004.

Java Applet Security Diana Dong CS 265 Spring 2004.
Java security (in a nutshell)

Java security (in a nutshell)
Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.

Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.
ECE 750 Topic 8 Meta-programming languages, systems, and applications Load-time structural reflection in Java – Shigeru Chiba, 2000 May 27, 2004 Shimin.

ECE 750 Topic 8 Meta-programming languages, systems, and applications Load-time structural reflection in Java – Shigeru Chiba, 2000 May 27, 2004 Shimin.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Lab Information Security Using Java (Review) Lab#0 Omaima Al-Matrafi.

Lab Information Security Using Java (Review) Lab#0 Omaima Al-Matrafi.
J2ME 25 July 2002. Overview  What is J2ME?  The CLDC and CDC configurations  MIDP and MIDlets  Development Tools  Demonstrations.

J2ME 25 July Overview  What is J2ME?  The CLDC and CDC configurations  MIDP and MIDlets  Development Tools  Demonstrations.
Lab#1 (14/3/1431h) Introduction To java programming cs425

Lab#1 (14/3/1431h) Introduction To java programming cs425
Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science ©2002-2004 Matt Bishop.

Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science © Matt Bishop.
The road to reliable, autonomous distributed systems

The road to reliable, autonomous distributed systems
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Java: History and Introduction (Lecture # 1). History… Java – Based on C and C++ – Developed in 1991 for intelligent consumer electronic devices – Green.

Java: History and Introduction (Lecture # 1). History… Java – Based on C and C++ – Developed in 1991 for intelligent consumer electronic devices – Green.
Wednesday, June 07, 2006 “Unix is user friendly … it’s just picky about it’s friends”. - Anonymous.

Wednesday, June 07, 2006 “Unix is user friendly … it’s just picky about it’s friends”. - Anonymous.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Scite Scintilla integrated text editor. Click here.

Scite Scintilla integrated text editor. Click here.
Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.

Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.
For more Lectures and Notes Visit www.basicsofprogramming.wordpress.com.

For more Lectures and Notes Visit

Similar presentations

Ads by Google