{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:20:36Z","timestamp":1750306836853,"version":"3.41.0"},"reference-count":57,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2013,11,1]],"date-time":"2013-11-01T00:00:00Z","timestamp":1383264000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000143","name":"Division of Computing and Communication Foundations","doi-asserted-by":"publisher","award":["CCF-0915157, CCF-0915030, CCF-1149211"],"award-info":[{"award-number":["CCF-0915157, CCF-0915030, CCF-1149211"]}],"id":[{"id":"10.13039\/100000143","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2013,11]]},"abstract":"For performance and for incorporating legacy libraries, many Java applications contain native-code components written in unsafe languages such as C and C++. Native-code components interoperate with Java components through the Java Native Interface (JNI). As native code is not regulated by Java's security model, it poses serious security threats to the managed Java world. We introduce a security framework that extends Java's security model and brings native code under control. Leveraging software-based fault isolation, the framework puts native code in a separate sandbox and allows the interaction between the native world and the Java world only through a carefully designed pathway. Two different implementations were built. In one implementation, the security framework is integrated into a Java Virtual Machine (JVM). In the second implementation, the framework is built outside of the JVM and takes advantage of JVM-independent interfaces. The second implementation provides JVM portability, at the expense of some performance degradation. Evaluation of our framework demonstrates that it incurs modest runtime overhead while significantly enhancing the security of Java applications.<\/jats:p>","DOI":"10.1145\/2535505","type":"journal-article","created":{"date-parts":[[2013,12,10]],"date-time":"2013-12-10T13:28:12Z","timestamp":1386682092000},"page":"1-28","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":14,"title":["Bringing java's wild native world under control"],"prefix":"10.1145","volume":"16","author":[{"given":"Mengtao","family":"Sun","sequence":"first","affiliation":[{"name":"Lehigh University, Bethlehem, PA"}]},{"given":"Gang","family":"Tan","sequence":"additional","affiliation":[{"name":"Lehigh University, Bethlehem, PA"}]},{"given":"Joseph","family":"Siefers","sequence":"additional","affiliation":[{"name":"Lehigh University, Bethlehem, PA"}]},{"given":"Bin","family":"Zeng","sequence":"additional","affiliation":[{"name":"Lehigh University, Bethlehem, PA"}]},{"given":"Greg","family":"Morrisett","sequence":"additional","affiliation":[{"name":"Harvard University, Cambridge, MA"}]}],"member":"320","published-online":{"date-parts":[[2013,12,6]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102165"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1993498.1993540"},{"volume-title":"Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI'12)","author":"Belay A.","key":"e_1_2_1_3_1","unstructured":"Belay , A. , Bittau , A. , Mashtizadeh , A. , Terei , D. , Mazieres , D. , and Kozyrakis , C . 2012. Dune: Safe user-level access to privileged cpu features . In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI'12) . 335--348. Belay, A., Bittau, A., Mashtizadeh, A., Terei, D., Mazieres, D., and Kozyrakis, C. 2012. Dune: Safe user-level access to privileged cpu features. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI'12). 335--348."},{"volume-title":"Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation. 309--322","author":"Bittau A.","key":"e_1_2_1_4_1","unstructured":"Bittau , A. , Marchenko , P. , Handley , M. , and Karp , B . 2008. Wedge: Splitting applications into reduced-privilege compartments . In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation. 309--322 . Bittau, A., Marchenko, P., Handley, M., and Karp, B. 2008. Wedge: Splitting applications into reduced-privilege compartments. In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation. 309--322."},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1167473.1167488"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866332"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1168054.1168069"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.4"},{"volume-title":"Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI'08)","author":"Douceur J. R.","key":"e_1_2_1_9_1","unstructured":"Douceur , J. R. , Elson , J. , Howell , J. , and Lorch , J. R . 2008. Leveraging legacy code to deploy desktop applications on the web . In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI'08) . 339--354. Douceur, J. R., Elson, J., Howell, J., and Lorch, J. R. 2008. Leveraging legacy code to deploy desktop applications on the web. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI'08). 339--354."},{"key":"e_1_2_1_10_1","unstructured":"Drewry W. 2012. Dynamic seccomp policies (using BPF filters). http:\/\/lwn.net\/Articles\/475019\/. Drewry W. 2012. Dynamic seccomp policies (using BPF filters). http:\/\/lwn.net\/Articles\/475019\/."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095813"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/335169.335201"},{"volume-title":"Proceedings of the USENIX Annual Technical Conference. 293--306","author":"Ford B.","key":"e_1_2_1_13_1","unstructured":"Ford , B. and Cox , R . 2008. Vx32: Lightweight user-level sandboxing on the x86 . In Proceedings of the USENIX Annual Technical Conference. 293--306 . Ford, B. and Cox, R. 2008. Vx32: Lightweight user-level sandboxing on the x86. In Proceedings of the USENIX Annual Technical Conference. 293--306."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/11693024_21"},{"volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS'04)","author":"Garfinkel T.","key":"e_1_2_1_15_1","unstructured":"Garfinkel , T. , Pfaff , B. , and Rosenblum , M . 2004. Ostia: A delegating architecture for secure system call interposition . In Proceedings of the Network and Distributed System Security Symposium (NDSS'04) . Garfinkel, T., Pfaff, B., and Rosenblum, M. 2004. Ostia: A delegating architecture for secure system call interposition. In Proceedings of the Network and Distributed System Security Symposium (NDSS'04)."},{"volume-title":"Proceedings of the 6th Conference on USENIX Security Symposium.","author":"Goldberg I.","key":"e_1_2_1_16_1","unstructured":"Goldberg , I. , Wagner , D. , Thomas , R. , and Brewer , E. A . 1996. A secure environment for untrusted helper applications: Confining the wily hacker . In Proceedings of the 6th Conference on USENIX Security Symposium. Goldberg, I., Wagner, D., Thomas, R., and Brewer, E. A. 1996. A secure environment for untrusted helper applications: Confining the wily hacker. In Proceedings of the 6th Conference on USENIX Security Symposium."},{"key":"e_1_2_1_17_1","unstructured":"Gong L. 2002. Java 2 Platform Security Architecture. Sun Microsystems. Gong L. 2002. Java 2 Platform Security Architecture. Sun Microsystems."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1297027.1297030"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1133373.1133394"},{"volume-title":"Proceedings of the General Track USENIX Annual Technical Conference. USENIX Association, 275--288","author":"Jim T.","key":"e_1_2_1_20_1","unstructured":"Jim , T. , Morrisett , G. , Grossman , D. , Hicks , M. W. , Cheney , J. , and Wang , Y . 2002. Cyclone: A safe dialect of C . In Proceedings of the General Track USENIX Annual Technical Conference. USENIX Association, 275--288 . Jim, T., Morrisett, G., Grossman, D., Hicks, M. W., Cheney, J., and Wang, Y. 2002. Cyclone: A safe dialect of C. In Proceedings of the General Track USENIX Annual Technical Conference. USENIX Association, 275--288."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-007-0031-0"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1390630.1390645"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772747"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294293"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1806596.1806601"},{"key":"e_1_2_1_26_1","unstructured":"Leroy X. 2008. The Objective Caml system. http:\/\/caml.inria.fr\/pub\/docs\/manual-ocaml\/index.html. Leroy X. 2008. The Objective Caml system. http:\/\/caml.inria.fr\/pub\/docs\/manual-ocaml\/index.html."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653716"},{"volume-title":"Java Native Interface: Programmer's Guide and Reference","author":"Liang S.","key":"e_1_2_1_28_1","unstructured":"Liang , S. 1999. Java Native Interface: Programmer's Guide and Reference . Addison-Wesley Longman Publishing Co. Liang, S. 1999. Java Native Interface: Programmer's Guide and Reference. Addison-Wesley Longman Publishing Co."},{"volume-title":"Proceedings of the 15th Usenix Security Symposium.","author":"McCamant S.","key":"e_1_2_1_29_1","unstructured":"McCamant , S. and Morrisett , G . 2006. Evaluating sfi for a cisc architecture . In Proceedings of the 15th Usenix Security Symposium. McCamant, S. and Morrisett, G. 2006. Evaluating sfi for a cisc architecture. In Proceedings of the 15th Usenix Security Symposium."},{"volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS'10)","author":"Mettler A.","key":"e_1_2_1_30_1","unstructured":"Mettler , A. , Wagner , D. , and Close , T . 2010. Joe-E: A security-oriented subset of java . In Proceedings of the Network and Distributed System Security Symposium (NDSS'10) . Mettler, A., Wagner, D., and Close, T. 2010. Joe-E: A security-oriented subset of java. In Proceedings of the Network and Distributed System Security Symposium (NDSS'10)."},{"key":"e_1_2_1_32_1","unstructured":"Mitre. 2012. CVE-2012-4681. http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2012-4681. Mitre. 2012. CVE-2012-4681. http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2012-4681."},{"key":"e_1_2_1_33_1","unstructured":"Mitre. 2013. CVE-2013-0422. http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2013-0422. Mitre. 2013. CVE-2013-0422. http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2013-0422."},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/268946.268954"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/319301.319345"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/263699.263712"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/503272.503286"},{"volume-title":"Proceedings of the 4th Layered Assurance Workshop.","author":"Neumann P.","key":"e_1_2_1_38_1","unstructured":"Neumann , P. and Watson , R . 2010. Capabilities revisited: A holistic approach to bottom-to-top assurance of trustworthy systems . In Proceedings of the 4th Layered Assurance Workshop. Neumann, P. and Watson, R. 2010. Capabilities revisited: A holistic approach to bottom-to-top assurance of trustworthy systems. In Proceedings of the 4th Layered Assurance Workshop."},{"key":"e_1_2_1_39_1","unstructured":"Oracle. 1999. JAR file specification. http:\/\/docs.oracle.com\/javase\/1.4.2\/docs\/guide\/jar\/jar.html. Oracle. 1999. JAR file specification. http:\/\/docs.oracle.com\/javase\/1.4.2\/docs\/guide\/jar\/jar.html."},{"key":"e_1_2_1_40_1","unstructured":"Oracle. 2010. JVM tool interface version 1.0. http:\/\/docs.oracle.com\/javase\/1.5.0\/docs\/guide\/jvmti\/jvmti.html. Oracle. 2010. JVM tool interface version 1.0. http:\/\/docs.oracle.com\/javase\/1.5.0\/docs\/guide\/jvmti\/jvmti.html."},{"key":"e_1_2_1_41_1","volume-title":"Proceedings of the 12th Usenix Security Symposium. 257--272","author":"Provos N.","year":"2003","unstructured":"Provos , N. 2003 . Improving host security with system call policies . In Proceedings of the 12th Usenix Security Symposium. 257--272 . Provos, N. 2003. Improving host security with system call policies. In Proceedings of the 12th Usenix Security Symposium. 257--272."},{"key":"e_1_2_1_42_1","unstructured":"Python\/C FFI. 2009. Python\/C api reference manual. http:\/\/docs.python.org\/c-api\/index.html. Python\/C FFI. 2009. Python\/C api reference manual. http:\/\/docs.python.org\/c-api\/index.html."},{"volume-title":"Proceedings of the 19th Usenix Security Symposium. 1--12","author":"Sehr D.","key":"e_1_2_1_43_1","unstructured":"Sehr , D. , Muth , R. , Biffle , C. , Khimenko , V. , Pasko , E. , Schimpf , K. , Yee , B. , and Chen , B . 2010. Adapting software fault isolation to contemporary cpu architectures . In Proceedings of the 19th Usenix Security Symposium. 1--12 . Sehr, D., Muth, R., Biffle, C., Khimenko, V., Pasko, E., Schimpf, K., Yee, B., and Chen, B. 2010. Adapting software fault isolation to contemporary cpu architectures. In Proceedings of the 19th Usenix Security Symposium. 1--12."},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866331"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.5555\/1268028.1268041"},{"volume-title":"Proceedings of the 17th European Symposium on Research in Computer Security (ESORICS'12)","author":"Sun M.","key":"e_1_2_1_47_1","unstructured":"Sun , M. and Tan , G . 2012. JVM-portable sandboxing of java's native libraries . In Proceedings of the 17th European Symposium on Research in Computer Security (ESORICS'12) . 842--858. Sun, M. and Tan, G. 2012. JVM-portable sandboxing of java's native libraries. In Proceedings of the 17th European Symposium on Research in Computer Security (ESORICS'12). 842--858."},{"volume-title":"Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI'04)","author":"Swift M. M.","key":"e_1_2_1_48_1","unstructured":"Swift , M. M. , Annamalai , M. , Bershad , B. N. , and Levy , H. M . 2004. Recovering device drivers . In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI'04) . 1--16. Swift, M. M., Annamalai, M., Bershad, B. N., and Levy, H. M. 2004. Recovering device drivers. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI'04). 1--16."},{"volume-title":"Proceedings of the IEEE International Symposium on Secure Software Engineering (ISSSE'06)","author":"Tan G.","key":"e_1_2_1_49_1","unstructured":"Tan , G. , Appel , A. , Chakradhar , S. , Raghunathan , A. , Ravi , S. , and Wang , D . 2006. Safe java native interface . In Proceedings of the IEEE International Symposium on Secure Software Engineering (ISSSE'06) . 97--106. Tan, G., Appel, A., Chakradhar, S., Raghunathan, A., Ravi, S., and Wang, D. 2006. Safe java native interface. In Proceedings of the IEEE International Symposium on Secure Software Engineering (ISSSE'06). 97--106."},{"volume-title":"Proceedings of the 17th Usenix Security Symposium. 365--377","author":"Tan G.","key":"e_1_2_1_50_1","unstructured":"Tan , G. and Croft , J . 2008. An empirical security study of the native code in the jdk . In Proceedings of the 17th Usenix Security Symposium. 365--377 . Tan, G. and Croft, J. 2008. An empirical security study of the native code in the jdk. In Proceedings of the 17th Usenix Security Symposium. 365--377."},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/1297027.1297031"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/168619.168635"},{"volume-title":"Proceedings of the IEEE Symposium on Security and Privacy (S&P'98)","author":"Wallach D. S.","key":"e_1_2_1_53_1","unstructured":"Wallach , D. S. and Felten , E. W . 1998. Understanding java stack inspection . In Proceedings of the IEEE Symposium on Security and Privacy (S&P'98) . 52--63. Wallach, D. S. and Felten, E. W. 1998. Understanding java stack inspection. In Proceedings of the IEEE Symposium on Security and Privacy (S&P'98). 52--63."},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420995"},{"volume-title":"Proceedings of the 19th Usenix Security Symposium. 29--46","author":"Watson R.","key":"e_1_2_1_55_1","unstructured":"Watson , R. , Anderson , J. , Laurie , B. , and Kennaway , K . 2010. Capsicum: Practical capabilities for unix . In Proceedings of the 19th Usenix Security Symposium. 29--46 . Watson, R., Anderson, J., Laurie, B., and Kennaway, K. 2010. Capsicum: Practical capabilities for unix. In Proceedings of the 19th Usenix Security Symposium. 29--46."},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/1095810.1095814"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.25"},{"volume-title":"Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI'06)","author":"Zeldovich N.","key":"e_1_2_1_58_1","unstructured":"Zeldovich , N. , Boyd-Wickizer , S. , Kohler , E. , and Mazieres , D . 2006. Making information flow explicit in histar . In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI'06) . 263--278. Zeldovich, N., Boyd-Wickizer, S., Kohler, E., and Mazieres, D. 2006. Making information flow explicit in histar. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI'06). 263--278."}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2535505","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2535505","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T08:09:57Z","timestamp":1750234197000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2535505"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,11]]},"references-count":57,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2013,11]]}},"alternative-id":["10.1145\/2535505"],"URL":"https:\/\/doi.org\/10.1145\/2535505","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"type":"print","value":"1094-9224"},{"type":"electronic","value":"1557-7406"}],"subject":[],"published":{"date-parts":[[2013,11]]},"assertion":[{"value":"2013-02-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2013-06-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2013-12-06","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}