Presentation is loading. Please wait.

Presentation is loading. Please wait.

Quarantine: A Framework to Mitigate Memory Errors in JNI Applications Du Li , Witawas Srisa-an University of Nebraska-Lincoln.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Quarantine: A Framework to Mitigate Memory Errors in JNI Applications Du Li , Witawas Srisa-an University of Nebraska-Lincoln."— Presentation transcript:

1 Quarantine: A Framework to Mitigate Memory Errors in JNI Applications Du Li , Witawas Srisa-an University of Nebraska-Lincoln

2 JNI(Java Native Interface) Integrating legacy code, making use of existing libraries, components. Developing applications in multiple languages –Java UI + C backend Java CodeJNINative Code Application 2

3 When Java meets C, C++ … Issues in JNI Type mismatching Access mechanism mismatching Memory leaking Memory safety … 3

4 Example of JNI App Get() Put() … Java C Interface Table JNI Hashtable 4

5 Example of JNI App int addr Get() Put() … Java C Interface Table 32-bit JNI Hashtable 5

6 Example of JNI App int addr Get() Put() … Java C Interface Table 64-bit JNI Hashtable 6

7 Example of JNI App int addr Get() Put() … Java C Interface Table 64-bit JNI Hashtable 7

8 And Even Worse … 8

9 Motivation JNI can cause nasty memory bugs Lack of mechanism to address or mitigate memory faults in JNI applications 9

10 Empirical Study on JNI Bugs 126 JNI related bugs are identified in OpenJDK 1.6 59 out of 126 bugs are security critical “A time bomb” An Empirical Security Study of the Native Code in the JDK. G. Tan and J. Croft. In USENIX Security 2008 10

11 Bug Patterns C pointers as Java integers Memory Management Flaws Buffer Overflows Mishandling JNI exceptions Race conditions in file accesses Insufficient error checking An Empirical Security Study of the Native Code in the JDK. G. Tan and J. Croft. In USENIX Security 2008 11

12 Bug Patterns C pointers as Java integers Memory Management Flaws Buffer Overflows Mishandling JNI exceptions Race conditions in file accesses Insufficient error checking Related to memory faults Caused by mismatching of heap management mechanism An Empirical Security Study of the Native Code in the JDK. G. Tan and J. Croft. In USENIX Security 2008 12

13 C pointers as Java Integers As we showed in JNI hashtable example –Store C pointers as Java integers –Pass back to C and cast to pointers when needed –Native code will update the Java Interger –It can corrupt Java heap by writing arbitrary data 13

14 Memory Management Flaws Automatic memory management in Java Manual memory management for Java heap in JNI –e.g. Get/ReleaseIntArrayElements, Get/ReleaseStringUTFChars … 14

15 Buffer Overflow No type safety in some native code –C is not type safe language No type checking in JNI read/write –e.g. native code can write a float value to a byte type variable in Java 15

16 Challenge Existing techniques(DieHard, LeakingChaser) can detect and mitigate the above issues –But the overhead is too high to feasibly apply such techniques to the whole heap 16 Emery D. Berger and Benjamin G. Zorn. 2006. DieHard: probabilistic memory safety for unsafe languages (PLDI '06) Xu, Bond, Qin, Rountev, LeakChaser: Helping Programmers Narrow Down Causes of Memory Leaks (PLDI'11)

17 Unsafe objects are few Unsafe objects: objects accessible by native code Less than 1% objects are unsafe. 17 BenchmarkAllocated ObjectsUnsafe Objects% of Unsafe Objects bloat435925093710.215 fop136516652250.383 hsqldb1439461930.006 jython746419923290.031 luindex123897742510.343 lusearch36317753210.009 pmd94997116170.170 xalan21947261570.007 SPECjbb2005157990612413300.000

18 Status × × × × × × 18

19 Goal × ×× × × × 19

20 Approach Quarantine –Identify unsafe objects –Segment identified unsafe objects –Apply treatment to segmented objects 20

21 Identify Unsafe Objects Instrument “native” methods to find –Objects created by native code –Objects created by Java code and exposed to native code 21

22 Segmentation All unsafe objects will be allocated in or copied to JNI space 22

23 Implementation Based on Jikes RVM 3.1.0 –Build object migration mechanism –Change object header to record forwarding address –Leverage the read/write barriers 23

24 Runtime Overhead 24

25 Breaking Down Overhead 25

26 Experiment: Applying Padding Inspired by a mechanism in DieHard –Creating object x-times larger than the actual size Do this for every object Do this for only quarantined objects a bab 26

27 Experiment: Applying Padding Performance of RVM with Quarantine with 2x Padding 27 BenchmarkRVM pad Quarantine pad Speed-Up (%) bloat83170617.70 fop19814635.61 hsqldb344347-0.87 jython3373253.69 luindex2252154.65 lusearch75156233.63 pmd20195.25 xalan59535667.13 SPECjbb20053865524935.80 Arithmetic mean22.50

28 Experiment: Applying Padding GC Performance of RVM with Quarantine with 2x Padding 28 BenchmarkRVM pad Quarantine pad bloat126 fop52 hsqldb76 jython169 luindex42 lusearch2211 pmd32 xalan126 SPECjbb200538652532 GC Invocations

29 Conclusion Develop a framework –to identify JNI accessible objects –to segment JNI accessible objects –to facilitate applying protection technique to mitigate JNI related bugs 29

30 Acknowledgments Partial support for this work is provided by NSF ( CNS-0720757 ) and AFOSR ( FA9550- 09-1- 0129 ) We thank Laurence Hellyer for making the primitive barrier code available and spending time to answer our questions 30

31 Question & Answer & Discussion 31

Download ppt "Quarantine: A Framework to Mitigate Memory Errors in JNI Applications Du Li , Witawas Srisa-an University of Nebraska-Lincoln."

Similar presentations

Uncovering Performance Problems in Java Applications with Reference Propagation Profiling PRESTO: Program Analyses and Software Tools Research Group, Ohio.

Uncovering Performance Problems in Java Applications with Reference Propagation Profiling PRESTO: Program Analyses and Software Tools Research Group, Ohio.
Program Transformations to Remove Integer-Handling Vulnerabilities in C Programs Zack Coker, Munawar Hafiz

Program Transformations to Remove Integer-Handling Vulnerabilities in C Programs Zack Coker, Munawar Hafiz
Garbage collection David Walker CS 320. Where are we? Last time: A survey of common garbage collection techniques –Manual memory management –Reference.

Garbage collection David Walker CS 320. Where are we? Last time: A survey of common garbage collection techniques –Manual memory management –Reference.
U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science 2007 Exterminator: Automatically Correcting Memory Errors with High Probability Gene.

U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science 2007 Exterminator: Automatically Correcting Memory Errors with High Probability Gene.
Resurrector: A Tunable Object Lifetime Profiling Technique Guoqing Xu University of California, Irvine OOPSLA’13 Conference Talk 1.

Resurrector: A Tunable Object Lifetime Profiling Technique Guoqing Xu University of California, Irvine OOPSLA’13 Conference Talk 1.
Data Types in Java Data is the information that a program has to work with. Data is of different types. The type of a piece of data tells Java what can.

Data Types in Java Data is the information that a program has to work with. Data is of different types. The type of a piece of data tells Java what can.
By Gene Novark, Emery D. Berger and Benjamin G. Zorn Presented by Matthew Kent Exterminator: Automatically Correcting Memory Errors with High Probability.

By Gene Novark, Emery D. Berger and Benjamin G. Zorn Presented by Matthew Kent Exterminator: Automatically Correcting Memory Errors with High Probability.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Lab#1 (14/3/1431h) Introduction To java programming cs425

Lab#1 (14/3/1431h) Introduction To java programming cs425
SOS: Saving Time in Dynamic Race Detection with Stationary Analysis Du Li, Witawas Srisa-an, Matthew B. Dwyer.

SOS: Saving Time in Dynamic Race Detection with Stationary Analysis Du Li, Witawas Srisa-an, Matthew B. Dwyer.
A Practical Dynamic Buffer Overflow Detector (CRED) Olatunji Ruwase Monica S. Lam Transmeta Corp. Stanford University Network and Distributed Security.

A Practical Dynamic Buffer Overflow Detector (CRED) Olatunji Ruwase Monica S. Lam Transmeta Corp. Stanford University Network and Distributed Security.
By Emery D. Berger and Benjamin G. Zorn Presented by: David Roitman.

By Emery D. Berger and Benjamin G. Zorn Presented by: David Roitman.
Efficient and Flexible Architectural Support for Dynamic Monitoring YUANYUAN ZHOU, PIN ZHOU, FENG QIN, WEI LIU, & JOSEP TORRELLAS UIUC.

Efficient and Flexible Architectural Support for Dynamic Monitoring YUANYUAN ZHOU, PIN ZHOU, FENG QIN, WEI LIU, & JOSEP TORRELLAS UIUC.
Securing Software Systems Gaurav S. Kc Programming Systems Lab 9 th April, 2003.

Securing Software Systems Gaurav S. Kc Programming Systems Lab 9 th April, 2003.
Programming Language Semantics Java Threads and Locks Informal Introduction The Java Specification Language Chapter 17.

Programming Language Semantics Java Threads and Locks Informal Introduction The Java Specification Language Chapter 17.
LeakChaser: Helping Programmers Narrow Down Causes of Memory Leaks Guoqing Xu, Michael D. Bond, Feng Qin, Atanas Rountev Ohio State University.

LeakChaser: Helping Programmers Narrow Down Causes of Memory Leaks Guoqing Xu, Michael D. Bond, Feng Qin, Atanas Rountev Ohio State University.
U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science PLDI 2006 DieHard: Probabilistic Memory Safety for Unsafe Programming Languages Emery.

U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science PLDI 2006 DieHard: Probabilistic Memory Safety for Unsafe Programming Languages Emery.
Peter Juszczyk CS 492/493 - ISGS. // Is this C# or Java? class TestApp { static void Main() { int counter = 0; counter++; } } The answer is C# - In C#

Peter Juszczyk CS 492/493 - ISGS. // Is this C# or Java? class TestApp { static void Main() { int counter = 0; counter++; } } The answer is C# - In C#
U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science 2006 Exterminator: Automatically Correcting Memory Errors Gene Novark, Emery Berger.

U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science 2006 Exterminator: Automatically Correcting Memory Errors Gene Novark, Emery Berger.
Tolerating Memory Leaks Michael D. Bond Kathryn S. McKinley.

Tolerating Memory Leaks Michael D. Bond Kathryn S. McKinley.

Similar presentations

Ads by Google