Philipp Holzinger
ABSTRACT
The Java runtime is installed on billions of devices worldwide, and over years it has been a primary attack vector for online criminals. In this work, we address that many attack vectors exploit weaknesses in Java's information hiding, making use of illegal access to private members of system classes. To study to what extent such attacks can be mitigated, and at what cost, this paper demonstrates a proof-of-concept solution to strengthen information hiding. Experiments show that this approach is backward compatible, and that it blocks 84% of all information-hiding attacks in a large-scale sample set at an average performance overhead below 2%. Based on our experiments, we suggest a solution to strengthen information hiding for productive use that has the potential to outperform our proof of concept in terms of robustness and performance, and also would block the remaining information-hiding attacks. Finally, we conclude with general advice on the design of secure software.
Supplemental Material
- [n.d.]. https://asm.ow2.io/.Google Scholar
- Martin Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti. 2005. Control-flow integrity. In Proceedings of the 12th ACM conference on Computer and communications security. ACM, 340--353. Google ScholarDigital Library
- Martin Abadi and Cédric Fournet. 2003. Access Control Based on Execution History.. In NDSS, Vol. 3. 107--121.Google Scholar
- James P Anderson. 1972. Computer Security Technology Planning Study. Volume 2. Technical Report. DTIC Document.Google Scholar
- Sandeep Bhatkar, Daniel C DuVarney, and Ron Sekar. 2003. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits.. In USENIX Security Symposium, Vol. 12. 291--301. Google ScholarDigital Library
- S. M. Blackburn, R. Garner, C. Hoffman, A. M. Khan, K. S. McKinley, R. Bentzur, A. Diwan, D. Feinberg, D. Frampton, S. Z. Guyer, M. Hirzel, A. Hosking, M. Jump, H. Lee, J. E. B. Moss, A. Phansalkar, D. Stefanoviç, T. VanDrunen, D. von Dincklage, and B. Wiedermann. 2006. The DaCapo Benchmarks: Java Benchmarking Development and Analysis. In OOPSLA '06: Proceedings of the 21st annual ACM SIGPLAN conference on Object-Oriented Programing, Systems, Languages, and Applications (Portland, OR, USA). ACM Press, New York, NY, USA, 169--190. https://doi.org/10.1145/1167473.1167488 Google ScholarDigital Library
- Shigeru Chiba. 1998. Javassist - a reflection-based programming wizard for Java. In Proceedings of OOPSLA'98 Workshop on Reflective Programming in C+ and Java (Vol. 174) .Google Scholar
- David Chisnall, Brooks Davis, Khilan Gudka, David Brazdil, Alexandre Joannou, Jonathan Woodruff, A Theodore Markettos, J Edward Maste, Robert Norton, Stacey Son, et al. 2017. CHERI JNI: Sinking the Java security model into the C. In Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, 569--583. Google ScholarDigital Library
- Cisco. 2013. 2013 Cisco Annual Security Report. http://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2013_ASR.pdf.Google Scholar
- Cisco. 2014. 2014 Cisco Annual Security Report. http://www.cisco.com/web/offers/lp/2014-annual-security-report/index.html.Google Scholar
- Zack Coker, Michael Maass, Tianyuan Ding, Claire Le Goues, and Joshua Sunshine. 2015. Evaluating the flexibility of the Java sandbox. In Proceedings of the 31st Annual Computer Security Applications Conference. ACM, 1--10. Google ScholarDigital Library
- Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, and Heather Hinton. 1998. Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks.. In Usenix Security, Vol. 98. 63--78. Google ScholarDigital Library
- Michael Dalton, Hari Kannan, and Christos Kozyrakis. 2008. Real-World Buffer Overflow Protection for Userspace and Kernelspace.. In USENIX Security Symposium. 395--410. Google ScholarDigital Library
- Andreas Dann, Ben Hermann, and Eric Bodden. 2019. ModGuard: Identifying Integrity &Confidentiality Violations in Java Modules. IEEE Transactions on Software Engineering (2019).Google Scholar
- Drew Dean, Edward W Felten, and Dan S Wallach. 1996. Java security: From HotJava to Netscape and beyond. In Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on. IEEE, 190--200. Google ScholarDigital Library
- Joseph Yossi Gil, Keren Lenz, and Yuval Shimron. 2011. A microbenchmark case study and lessons learned. In Proceedings of the compilation of the co-located workshops on DSM'11, TMC'11, AGERE! 2011, AOOPES'11, NEAT'11, & VMIL'11. ACM, 297--308. Google ScholarDigital Library
- Li Gong and Gary Ellison. 2003. Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation 2nd ed.). Pearson Education. Google ScholarDigital Library
- James Gosling, Bill Joy, Guy Steele, Gilad Bracha, and Alex Buckley. 2014. The Java Language Specification, Java SE 8 Edition (Java Series). Google ScholarDigital Library
- Dayong Gu, Clark Verbrugge, and Etienne M Gagnon. 2006. Relative factors in performance analysis of Java virtual machines. In Proceedings of the 2nd international conference on Virtual execution environments. ACM, 111--121. Google ScholarDigital Library
- Philipp Holzinger, Ben Hermann, Johannes Lerch, Eric Bodden, and Mira Mezini. 2017. Hardening Java's Access Control by Abolishing Implicit Privilege Elevation. In 2017 IEEE Symposium on Security and Privacy (Oakland S&P). IEEE, IEEE Press. To appear .Google ScholarCross Ref
- Philipp Holzinger, Stefan Triller, Alexandre Bartel, and Eric Bodden. 2016. An In-Depth Study of More Than Ten Years of Java Exploitation. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 779--790. Google ScholarDigital Library
- Chongkyung Kil, Jinsuk Jun, Christopher Bookholt, Jun Xu, and Peng Ning. 2006. Address space layout permutation (ASLP): Towards fine-grained randomization of commodity software. In Computer Security Applications Conference, 2006. ACSAC'06. 22nd Annual. IEEE, 339--348. Google ScholarDigital Library
- David Larochelle, David Evans, et al. 2001. Statically Detecting Likely Buffer Overflow Vulnerabilities.. In USENIX Security Symposium, Vol. 32. Washington DC. Google ScholarDigital Library
- Nicholas D Matsakis and Felix S Klock II. 2014. The rust language. In ACM SIGAda Ada Letters, Vol. 34. ACM, 103--104. Google ScholarDigital Library
- Marco Pistoia, Anindya Banerjee, and David A Naumann. 2007. Beyond stack inspection: A unified access-control and information-flow security model. In Security and Privacy, 2007. SP'07. IEEE Symposium on. IEEE, 149--163. Google ScholarDigital Library
- Mark Reinhold. 2017. The Java Platform Module System (JSR 376). http://cr.openjdk.java.net/ mr/jigsaw/spec/.Google Scholar
- Olatunji Ruwase and Monica S Lam. 2004. A Practical Dynamic Buffer Overflow Detector.. In NDSS, Vol. 2004. 159--169.Google Scholar
- Roger R Schell, Peter J Downey, and Gerald J Popek. 1973. Preliminary Notes on the Design of Secure Military Computer Systems. Technical Report. DTIC Document.Google Scholar
- Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, and Dan Boneh. 2004. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM conference on Computer and communications security. ACM, 298--307. Google ScholarDigital Library
- Nenad Stojanovski, Marjan Gusev, Danilo Gligoroski, and Svein J Knapskog. 2007. Bypassing data execution prevention on microsoftwindows xp sp2. In Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on. IEEE, 1222--1226. Google ScholarDigital Library
- Rodolfo Toledo, Angel Nunez, Eric Tanter, and Jacques Noyé. 2012. Aspectizing Java access control. IEEE Transactions on Software Engineering, Vol. 38, 1 (2012), 101--117. Google ScholarDigital Library
- Dan S Wallach, Andrew W Appel, and Edward W Felten. 2000. SAFKASI: A security mechanism for language-based systems. ACM Transactions on Software Engineering and Methodology (TOSEM), Vol. 9, 4 (2000), 341--378. Google ScholarDigital Library
- Jonathan Woodruff, Robert NM Watson, David Chisnall, Simon W Moore, Jonathan Anderson, Brooks Davis, Ben Laurie, Peter G Neumann, Robert Norton, and Michael Roe. 2014. The CHERI capability model: Revisiting RISC in an age of risk. In Computer Architecture (ISCA), 2014 ACM/IEEE 41st International Symposium on. IEEE, 457--468. Google ScholarDigital Library
- Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, and Wei Zou. 2013. Practical control flow integrity and randomization for binary executables. In Security and Privacy (SP), 2013 IEEE Symposium on. IEEE, 559--573. Google ScholarDigital Library
Index Terms
- A Systematic Hardening of Java's Information Hiding
Recommendations
An Information-Hiding Scheme Based on Quantization-Based Embedding Technique
Information hiding is a technique that embeds secret data in digital media for using in a variety of applications, including ownership protection, authentication, access control, annotation and so on. In this paper, we propose an information hiding ...
An Information-Hiding Scheme Based on Quantization-Based Embedding Technique
Information hiding is a technique that embeds secret data in digital media for using in a variety of applications, including ownership protection, authentication, access control, annotation and so on. In this paper, we propose an information hiding ...
Reliable Information Hiding Based on Support Vector Machine
In this paper, a reliable information hiding scheme based on support vector machine and error correcting codes is proposed. To extract the hidden information bits from a possibly tampered watermarked image with a lower error probability, information ...
Comments