Quarantine: A Framework to Mitigate Memory Errors in JNI Applications Du Li , Witawas Srisa-an University of Nebraska-Lincoln.

Slides:



Advertisements
Similar presentations
Uncovering Performance Problems in Java Applications with Reference Propagation Profiling PRESTO: Program Analyses and Software Tools Research Group, Ohio.
Advertisements

Program Transformations to Remove Integer-Handling Vulnerabilities in C Programs Zack Coker, Munawar Hafiz
Garbage collection David Walker CS 320. Where are we? Last time: A survey of common garbage collection techniques –Manual memory management –Reference.
U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science 2007 Exterminator: Automatically Correcting Memory Errors with High Probability Gene.
Resurrector: A Tunable Object Lifetime Profiling Technique Guoqing Xu University of California, Irvine OOPSLA’13 Conference Talk 1.
Data Types in Java Data is the information that a program has to work with. Data is of different types. The type of a piece of data tells Java what can.
By Gene Novark, Emery D. Berger and Benjamin G. Zorn Presented by Matthew Kent Exterminator: Automatically Correcting Memory Errors with High Probability.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Lab#1 (14/3/1431h) Introduction To java programming cs425
SOS: Saving Time in Dynamic Race Detection with Stationary Analysis Du Li, Witawas Srisa-an, Matthew B. Dwyer.
A Practical Dynamic Buffer Overflow Detector (CRED) Olatunji Ruwase Monica S. Lam Transmeta Corp. Stanford University Network and Distributed Security.
By Emery D. Berger and Benjamin G. Zorn Presented by: David Roitman.
Efficient and Flexible Architectural Support for Dynamic Monitoring YUANYUAN ZHOU, PIN ZHOU, FENG QIN, WEI LIU, & JOSEP TORRELLAS UIUC.
Securing Software Systems Gaurav S. Kc Programming Systems Lab 9 th April, 2003.
Programming Language Semantics Java Threads and Locks Informal Introduction The Java Specification Language Chapter 17.
LeakChaser: Helping Programmers Narrow Down Causes of Memory Leaks Guoqing Xu, Michael D. Bond, Feng Qin, Atanas Rountev Ohio State University.
U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science PLDI 2006 DieHard: Probabilistic Memory Safety for Unsafe Programming Languages Emery.
Peter Juszczyk CS 492/493 - ISGS. // Is this C# or Java? class TestApp { static void Main() { int counter = 0; counter++; } } The answer is C# - In C#
U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science 2006 Exterminator: Automatically Correcting Memory Errors Gene Novark, Emery Berger.
Tolerating Memory Leaks Michael D. Bond Kathryn S. McKinley.
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.
Language Evaluation Criteria
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
Address Space Layout Permutation
Types for Programs and Proofs Lecture 1. What are types? int, float, char, …, arrays types of procedures, functions, references, records, objects,...
Java Introduction Lecture 1. Java Powerful, object-oriented language Free SDK and many resources at
Algorithm Programming Bar-Ilan University תשס"ח by Moshe Fresko.
Implications of Inheritance COMP204, Bernhard Pfahringer.
IT253: Computer Organization Lecture 3: Memory and Bit Operations Tonga Institute of Higher Education.
SPL – Practical Session 2 Topics: – C++ Memory Management – Pointers.
Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.
Copyright © Curt Hill Structured Data What this course is about.
CS 376b Introduction to Computer Vision 01 / 23 / 2008 Instructor: Michael Eckmann.
Operating Systems Lecture 14 Segments Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard. Zhiqing Liu School of Software Engineering.
CSCI Rational Purify 1 Rational Purify Overview Michel Izygon - Jim Helm.
C/C++ Basics. Basic Concepts Basic functions of each language: Input, output, math, decision, repetition Types of errors: Syntax errors, logic errors,
CSE 351 Final Exam Review 1. The final exam will be comprehensive, but more heavily weighted towards material after the midterm We will do a few problems.
CoCo: Sound and Adaptive Replacement of Java Collections Guoqing (Harry) Xu Department of Computer Science University of California, Irvine.
Buffer overflow and stack smashing attacks Principles of application software security.
Lecture 4 Mechanisms & Kernel for NOSs. Mechanisms for Network Operating Systems  Network operating systems provide three basic mechanisms that support.
Object-Relative Addressing: Compressed Pointers in 64-bit Java Virtual Machines Kris Venstermans, Lieven Eeckhout, Koen De Bosschere Department of Electronics.
GC Assertions: Using the Garbage Collector To Check Heap Properties Samuel Z. Guyer Tufts University Edward Aftandilian Tufts University.
Free Transactions with Rio Vista Landon Cox April 15, 2016.
Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.
Variables Bryce Boe 2012/09/05 CS32, Summer 2012 B.
Language-Based Security: Overview of Types Deepak Garg Foundations of Security and Privacy October 27, 2009.
Overview Working directly with memory locations is beneficial. In C, pointers allow you to: change values passed as arguments to functions work directly.
Memory-Related Perils and Pitfalls in C
C11, Implications of Inheritance
Object Lifetime and Pointers
Buffer Overflow Buffer overflows are possible because C doesn’t check array boundaries Buffer overflows are dangerous because buffers for user input are.
Protecting Memory What is there to protect in memory?
Free Transactions with Rio Vista
Presented by: Daniel Taylor
The Hardware/Software Interface CSE351 Winter 2013
Types for Programs and Proofs
Protecting Memory What is there to protect in memory?
Protecting Memory What is there to protect in memory?
Java Primer 1: Types, Classes and Operators
Introduction Enosis Learning.
Introduction Enosis Learning.
High Coverage Detection of Input-Related Security Faults
Jipeng Huang, Michael D. Bond Ohio State University
Software Security Lesson Introduction
Free Transactions with Rio Vista
C/C++ Basics.
CSC 495/583 Topics of Software Security Format String Bug (2) & Heap
From C++ to Java Java history: Oak, toaster-ovens, internet language, panacea What it is O-O language, not a hybrid (cf. C++) compiled to byte-code, executed.
Chien-Chung Shen CIS/UD
point when a program element is bound to a characteristic or property
Presentation transcript:

Quarantine: A Framework to Mitigate Memory Errors in JNI Applications Du Li , Witawas Srisa-an University of Nebraska-Lincoln

JNI(Java Native Interface) Integrating legacy code, making use of existing libraries, components. Developing applications in multiple languages –Java UI + C backend Java CodeJNINative Code Application 2

When Java meets C, C++ … Issues in JNI Type mismatching Access mechanism mismatching Memory leaking Memory safety … 3

Example of JNI App Get() Put() … Java C Interface Table JNI Hashtable 4

Example of JNI App int addr Get() Put() … Java C Interface Table 32-bit JNI Hashtable 5

Example of JNI App int addr Get() Put() … Java C Interface Table 64-bit JNI Hashtable 6

Example of JNI App int addr Get() Put() … Java C Interface Table 64-bit JNI Hashtable 7

And Even Worse … 8

Motivation JNI can cause nasty memory bugs Lack of mechanism to address or mitigate memory faults in JNI applications 9

Empirical Study on JNI Bugs 126 JNI related bugs are identified in OpenJDK out of 126 bugs are security critical “A time bomb” An Empirical Security Study of the Native Code in the JDK. G. Tan and J. Croft. In USENIX Security

Bug Patterns C pointers as Java integers Memory Management Flaws Buffer Overflows Mishandling JNI exceptions Race conditions in file accesses Insufficient error checking An Empirical Security Study of the Native Code in the JDK. G. Tan and J. Croft. In USENIX Security

Bug Patterns C pointers as Java integers Memory Management Flaws Buffer Overflows Mishandling JNI exceptions Race conditions in file accesses Insufficient error checking Related to memory faults Caused by mismatching of heap management mechanism An Empirical Security Study of the Native Code in the JDK. G. Tan and J. Croft. In USENIX Security

C pointers as Java Integers As we showed in JNI hashtable example –Store C pointers as Java integers –Pass back to C and cast to pointers when needed –Native code will update the Java Interger –It can corrupt Java heap by writing arbitrary data 13

Memory Management Flaws Automatic memory management in Java Manual memory management for Java heap in JNI –e.g. Get/ReleaseIntArrayElements, Get/ReleaseStringUTFChars … 14

Buffer Overflow No type safety in some native code –C is not type safe language No type checking in JNI read/write –e.g. native code can write a float value to a byte type variable in Java 15

Challenge Existing techniques(DieHard, LeakingChaser) can detect and mitigate the above issues –But the overhead is too high to feasibly apply such techniques to the whole heap 16 Emery D. Berger and Benjamin G. Zorn DieHard: probabilistic memory safety for unsafe languages (PLDI '06) Xu, Bond, Qin, Rountev, LeakChaser: Helping Programmers Narrow Down Causes of Memory Leaks (PLDI'11)

Unsafe objects are few Unsafe objects: objects accessible by native code Less than 1% objects are unsafe. 17 BenchmarkAllocated ObjectsUnsafe Objects% of Unsafe Objects bloat fop hsqldb jython luindex lusearch pmd xalan SPECjbb

Status × × × × × × 18

Goal × ×× × × × 19

Approach Quarantine –Identify unsafe objects –Segment identified unsafe objects –Apply treatment to segmented objects 20

Identify Unsafe Objects Instrument “native” methods to find –Objects created by native code –Objects created by Java code and exposed to native code 21

Segmentation All unsafe objects will be allocated in or copied to JNI space 22

Implementation Based on Jikes RVM –Build object migration mechanism –Change object header to record forwarding address –Leverage the read/write barriers 23

Runtime Overhead 24

Breaking Down Overhead 25

Experiment: Applying Padding Inspired by a mechanism in DieHard –Creating object x-times larger than the actual size Do this for every object Do this for only quarantined objects a bab 26

Experiment: Applying Padding Performance of RVM with Quarantine with 2x Padding 27 BenchmarkRVM pad Quarantine pad Speed-Up (%) bloat fop hsqldb jython luindex lusearch pmd xalan SPECjbb Arithmetic mean22.50

Experiment: Applying Padding GC Performance of RVM with Quarantine with 2x Padding 28 BenchmarkRVM pad Quarantine pad bloat126 fop52 hsqldb76 jython169 luindex42 lusearch2211 pmd32 xalan126 SPECjbb GC Invocations

Conclusion Develop a framework –to identify JNI accessible objects –to segment JNI accessible objects –to facilitate applying protection technique to mitigate JNI related bugs 29

Acknowledgments Partial support for this work is provided by NSF ( CNS ) and AFOSR ( FA ) We thank Laurence Hellyer for making the primitive barrier code available and spending time to answer our questions 30

Question & Answer & Discussion 31

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.