{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T04:00:34Z","timestamp":1760241634074,"version":"build-2065373602"},"reference-count":59,"publisher":"MDPI AG","issue":"7","license":[{"start":{"date-parts":[[2018,7,2]],"date-time":"2018-07-02T00:00:00Z","timestamp":1530489600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61303191","61402508"],"award-info":[{"award-number":["61303191","61402508"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National High Technology Research and Development Program of China","award":["2015AA016010"],"award-info":[{"award-number":["2015AA016010"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>While cloud customers can benefit from migrating applications to the cloud, they are concerned about the security of the hosted applications. This is complicated by the customers not knowing whether their cloud applications are working as expected. Although memory-safety Java Virtual Machine (JVM) can alleviate their anxiety due to the control flow integrity, their applications are prone to a violation of bytecode integrity. The analysis of some Java exploits indicates that the violation results primarily from the given excess sandbox permission, loading flaws in Java class libraries and third-party middlewares and the abuse of sun.misc.UnsafeAPI. To such an end, we design an architecture, called RIM4J, to enforce a runtime integrity measurement of Java bytecode within a cloud system, with the ability to attest this to a cloud customer in an unforgeable manner. Our RIM4J architecture is portable, such that it can be quickly deployed and adopted for real-world purposes, without requiring modifications to the underlying systems and access to application source code. Moreover, our RIM4J architecture is the first to measure dynamically-generated bytecode. We apply our runtime measurement architecture to a messaging server application where we show how RIM4J can detect undesirable behaviors, such as uploading arbitrary files and remote code execution. This paper also reports the experimental evaluation of a RIM4J prototype using both a macro- and a micro-benchmark; the experimental results indicate that RIM4J is a practical solution for real-world applications.<\/jats:p>","DOI":"10.3390\/sym10070253","type":"journal-article","created":{"date-parts":[[2018,7,2]],"date-time":"2018-07-02T10:56:52Z","timestamp":1530529012000},"page":"253","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["RIM4J: An Architecture for Language-Supported Runtime Measurement against Malicious Bytecode in Cloud Computing"],"prefix":"10.3390","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7532-3187","authenticated-orcid":false,"given":"Haihe","family":"Ba","sequence":"first","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha 410073, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Huaizhe","family":"Zhou","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha 410073, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2950-1039","authenticated-orcid":false,"given":"Huidong","family":"Qiao","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha 410073, China"},{"name":"College of Computer and Communication, Hunan Institute of Engineering, Xiangtan 411100, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhiying","family":"Wang","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha 410073, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jiangchun","family":"Ren","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha 410073, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2018,7,2]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1145\/1721654.1721672","article-title":"A View of Cloud Computing","volume":"53","author":"Armbrust","year":"2010","journal-title":"Commun. ACM"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1016\/j.jnca.2016.11.027","article-title":"Cloud security issues and challenges: A survey","volume":"79","author":"Singh","year":"2017","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1016\/j.jnca.2016.05.010","article-title":"A survey of security issues for cloud computing","volume":"71","author":"Khan","year":"2016","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"200","DOI":"10.1016\/j.jnca.2016.09.002","article-title":"A survey on cloud computing security: Issues, threats, and solutions","volume":"75","author":"Singh","year":"2016","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Szekeres, L., Payer, M., Wei, T., and Song, D. (2013, January 19\u201322). SoK: Eternal War in Memory. Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP\u201913), Berkeley, CA, USA.","DOI":"10.1109\/SP.2013.13"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Coker, Z., Maass, M., Ding, T., Le Goues, C., and Sunshine, J. (2015, January 7\u201311). Evaluating the Flexibility of the Java Sandbox. Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC\u201915), Los Angeles, CA, USA.","DOI":"10.1145\/2818000.2818003"},{"key":"ref_7","first-page":"18","article-title":"Have Java\u2019s Security Issues Gotten out of Hand?","volume":"45","author":"Garber","year":"2012","journal-title":"Computer"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Holzinger, P., Triller, S., Bartel, A., and Bodden, E. (2016, January 24\u201328). An In-Depth Study of More Than Ten Years of Java Exploitation. Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS\u201916), Vienna, Austria.","DOI":"10.1145\/2976749.2978361"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Mastrangelo, L., Ponzanelli, L., Mocci, A., Lanza, M., Hauswirth, M., and Nystrom, N. (2015, January 25\u201330). Use at Your Own Risk: The Java Unsafe API in the Wild. Proceedings of the 2015 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA\u201915), Pittsburgh, PA, USA.","DOI":"10.1145\/2814270.2814313"},{"key":"ref_10","unstructured":"(2017, October 08). CVE-2012-0507. Available online: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2012-0507."},{"key":"ref_11","unstructured":"(2017, October 08). CVE-2012-5088. Available online: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2012-5088."},{"key":"ref_12","unstructured":"(2017, October 08). CVE-2013-0422. Available online: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=cve-2013-0422."},{"key":"ref_13","unstructured":"(2018, May 08). CVE-2018-1000146. Available online: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-1000146."},{"key":"ref_14","unstructured":"(2018, March 08). CVE-2017-12617. Available online: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-12617."},{"key":"ref_15","unstructured":"(2018, March 08). CVE-2017-12615. Available online: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-12615."},{"key":"ref_16","unstructured":"(2017, March 08). CVE-2014-0116. Available online: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0116."},{"key":"ref_17","unstructured":"(2017, March 08). CVE-2014-0113. Available online: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0113."},{"key":"ref_18","unstructured":"(2017, March 08). CVE-2014-0112. Available online: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0112."},{"key":"ref_19","unstructured":"(2017, March 08). CVE-2014-0094. Available online: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=cve-2014-0094."},{"key":"ref_20","unstructured":"(2017, March 08). CVE-2014-0114. Available online: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2014-0114."},{"key":"ref_21","unstructured":"(2017, October 08). CVE-2013-4444. Available online: http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2013-4444."},{"key":"ref_22","unstructured":"(2017, October 08). CVE-2016-3088. Available online: http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016-3088."},{"key":"ref_23","unstructured":"(2017, March 08). CVE-2010-1622. Available online: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2010-1622."},{"key":"ref_24","unstructured":"(2017, October 08). CVE-2012-5076. Available online: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2012-5076."},{"key":"ref_25","first-page":"223","article-title":"Design and Implementation of a TCG-based Integrity Measurement Architecture","volume":"Volume 13","author":"Sailer","year":"2004","journal-title":"Proceedings of the 13th Conference on USENIX Security Symposium (SSYM\u201904)"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Jaeger, T., Sailer, R., and Shankar, U. (2006, January 7\u20139). PRIMA: Policy-reduced Integrity Measurement Architecture. Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (SACMAT\u201906), Lake Tahoe, CA, USA.","DOI":"10.1145\/1133058.1133063"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"429","DOI":"10.1109\/TDSC.2011.61","article-title":"Remote Attestation with Domain-Based Integrity Model and Policy Analysis","volume":"9","author":"Xu","year":"2012","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"1092","DOI":"10.1002\/cpe.3273","article-title":"OB-IMA: out-of-the-box integrity measurement approach for guest virtual machines","volume":"27","author":"Xing","year":"2015","journal-title":"Concurr. Comput. Pract. Exp."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Thober, M., Pendergrass, J.A., and Jurik, A.D. (2012, January 15). JMF: Java Measurement Framework: Language-supported Runtime Integrity Measurement. Proceedings of the 7th ACM Workshop on Scalable Trusted Computing (STC\u201912), Raleigh, NC, USA.","DOI":"10.1145\/2382536.2382542"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Zhang, T., and Lee, R.B. (2015, January 13\u201317). CloudMonatt: An Architecture for Security Health Monitoring and Attestation of Virtual Machines in Cloud Computing. Proceedings of the 42nd Annual International Symposium on Computer Architecture (ISCA\u201915), Portland, OR, USA.","DOI":"10.1145\/2749469.2750422"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Ren, J., Liu, L., Zhang, D., Zhang, Q., and Ba, H. (July, January 27). Tenants Attested Trusted Cloud Service. Proceedings of the 2016 IEEE 9th International Conference on Cloud Computing (CLOUD\u201916), San Francisco, CA, USA.","DOI":"10.1109\/CLOUD.2016.0085"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Ba, H., Zhou, H., Ren, J., and Wang, Z. (2017, January 26\u201329). Runtime Measurement Architecture for Bytecode Integrity in JVM-Based Cloud. Proceedings of the 2017 IEEE 36th Symposium on Reliable Distributed Systems (SRDS\u201917), Hong Kong, China.","DOI":"10.1109\/SRDS.2017.39"},{"key":"ref_33","unstructured":"(2018, June 06). TIOBE Index for May 2018. Available online: https:\/\/www.tiobe.com\/tiobe-index\/\/."},{"key":"ref_34","unstructured":"Beneke, T., and Wieldt, T. (2017, September 25). JavaOne 2013 Review: Java Takes on the Internet of Things. Available online: http:\/\/www.oracle.com\/technetwork\/articles\/java\/afterglow2013-2030343.html."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Gosling, J. (1995, January 22). Java Intermediate Bytecodes. Proceedings of the 1995 ACM SIGPLAN Workshop on Intermediate Representations (IR\u201995), San Francisco, CA, USA.","DOI":"10.1145\/202529.202541"},{"key":"ref_36","unstructured":"Lindholm, T., and Yellin, F. (1999). Java Virtual Machine Specification, Addison-Wesley Longman Publishing Co., Inc.. [2nd ed.]."},{"key":"ref_37","unstructured":"(2017, September 25). Java ClassFile Format. Available online: http:\/\/commons.apache.org\/proper\/commons-bcel\/manual\/jvm.html."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Smith, S.W. (2002, January 14\u201316). Outbound Authentication for Programmable Secure Coprocessors. Proceedings of the 7th European Symposium on Research in Computer Security (ESORICS\u201902), Zurich, Switzerland.","DOI":"10.1007\/3-540-45853-0_5"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1007\/s10207-004-0033-0","article-title":"Outbound authentication for programmable secure coprocessors","volume":"3","author":"Smith","year":"2004","journal-title":"Int. J. Inf. Secur."},{"key":"ref_40","unstructured":"Berger, S., C\u00e1ceres, R., Goldman, K.A., Perez, R., Sailer, R., and van Doorn, L. (4, January 31). vTPM: Virtualizing the Trusted Platform Module. Proceedings of the 15th Conference on USENIX Security Symposium (USENIX-SS\u201906), Vancouver, BC, Canada."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Liu, Y., Zhou, T., Chen, K., Chen, H., and Xia, Y. (2015, January 12\u201316). Thwarting Memory Disclosure with Efficient Hypervisor- enforced Intra-domain Isolation. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS\u201915), Denver, CO, USA.","DOI":"10.1145\/2810103.2813690"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"799","DOI":"10.1109\/TC.2017.2780823","article-title":"Design, Implementation and Verification of Cloud Architecture for Monitoring a Virtual Machine\u2019s Security Health","volume":"67","author":"Zhang","year":"2018","journal-title":"IEEE Trans. Comput."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Ba, H., Wang, Z., Ren, J., and Zhou, H. (2014, January 24\u201326). JVM-Based Dynamic Attestation in Cloud Computing. Proceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom\u201914), Beijing, China.","DOI":"10.1109\/TrustCom.2014.123"},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1504\/IJES.2016.073751","article-title":"User-policy-based dynamic remote attestation in cloud computing","volume":"8","author":"Ba","year":"2016","journal-title":"Int. J. Embed. Syst."},{"key":"ref_45","unstructured":"(2017, December 10). SPECjvm2008. Available online: https:\/\/www.spec.org\/jvm2008\/."},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Hou, K.Y., Shin, K.G., and Sung, J.L. (2015, January 21\u201324). Application-assisted Live Migration of Virtual Machines with Java Applications. Proceedings of the Tenth European Conference on Computer Systems (EuroSys\u201915), Bordeaux, France.","DOI":"10.1145\/2741948.2741950"},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Bull, J.M., Smith, L.A., Westhead, M.D., Henty, D.S., and Davey, R.A. (1999, January 12\u201314). A Methodology for Benchmarking Java Grande Applications. Proceedings of the ACM 1999 Conference on Java Grande (JAVA\u201999), San Francisco, CA, USA.","DOI":"10.1145\/304065.304103"},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Gil, J.Y., Lenz, K., and Shimron, Y. (2011, January 23\u201324). A Microbenchmark Case Study and Lessons Learned. Proceedings of the Compilation of the Co-located Workshops on DSM\u201911, TMC\u201911, AOOPES\u201911, NEAT\u201911, & VMIL\u201911 (SPLASH\u201911 Workshops), Portland, OR, USA.","DOI":"10.1145\/2095050.2095100"},{"key":"ref_49","doi-asserted-by":"crossref","unstructured":"Blackburn, S.M., Garner, R., Hoffmann, C., Khang, A.M., McKinley, K.S., Bentzur, R., Diwan, A., Feinberg, D., Frampton, D., and Guyer, S.Z. (2006, January 22\u201326). The DaCapo Benchmarks: Java Benchmarking Development and Analysis. Proceedings of the 21st Annual ACM SIGPLAN Conference on Object-oriented Programming Systems, Languages, and Applications (OOPSLA\u201906), Portland, OR, USA.","DOI":"10.1145\/1167473.1167488"},{"key":"ref_50","unstructured":"Garfinkel, T., and Rosenblum, M. (2003, January 6\u20137). A Virtual Machine Introspection Based Architecture for Intrusion Detection. Proceedings of the Network and Distributed System Security Symposium (NDSS\u201903), San Diego, CA, USA."},{"key":"ref_51","unstructured":"Haldar, V., Chandra, D., and Franz, M. (2004, January 6\u20137). Semantic Remote Attestation: A Virtual Machine Directed Approach to Trusted Computing. Proceedings of the 3rd Conference on Virtual Machine Research And Technology Symposium (VM\u201904), San Jose, CA, USA."},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"924","DOI":"10.1080\/18756891.2012.733231","article-title":"Trusted Bytecode Virtual Machine Module: A Novel Method for Dynamic Remote Attestation in Cloud Computing","volume":"5","author":"Mei","year":"2012","journal-title":"Int. J. Comput. Intell. Syst."},{"key":"ref_53","unstructured":"Shankar, U., Jaeger, T., and Sailer, R. (2006, January 2\u20133). Toward Automated Information-Flow Integrity Verification for Security- Critical Applications. Proceedings of the Network and Distributed System Security Symposium (NDSS\u201906), San Diego, CA, USA."},{"key":"ref_54","doi-asserted-by":"crossref","first-page":"647","DOI":"10.1186\/s40064-016-2257-7","article-title":"Hardware Assisted Hypervisor Introspection","volume":"5","author":"Shi","year":"2016","journal-title":"SpringerPlus"},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"Pistoia, M., Banerjee, A., and Naumann, D.A. (2007, January 20\u201323). Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model. Proceedings of the 28th IEEE Symposium on Security and Privacy (SP\u201907), Berkeley, CA, USA.","DOI":"10.1109\/SP.2007.10"},{"key":"ref_56","doi-asserted-by":"crossref","unstructured":"Holzinger, P., Hermann, B., Lerch, J., Bodden, E., and Mezini, M. (2017, January 22\u201326). Hardening Java\u2019s Access Control by Abolishing Implicit Privilege Elevation. Proceedings of the 38th IEEE Symposium on Security and Privacy (SP\u201917), San Jose, CA, USA.","DOI":"10.1109\/SP.2017.16"},{"key":"ref_57","doi-asserted-by":"crossref","unstructured":"Sridharan, M., Artzi, S., Pistoia, M., Guarnieri, S., Tripp, O., and Berg, R. (2011, January 22\u201327). F4F: Taint Analysis of Framework-based Web Applications. Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA\u201911), Portland, OR, USA.","DOI":"10.1145\/2048066.2048145"},{"key":"ref_58","doi-asserted-by":"crossref","unstructured":"Bell, J., and Kaiser, G. (2014, January 20\u201324). Phosphor: Illuminating Dynamic Data Flow in Commodity Jvms. Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications (OOPSLA\u201914), Portland, OR, USA.","DOI":"10.1145\/2660193.2660212"},{"key":"ref_59","doi-asserted-by":"crossref","unstructured":"Focardi, R., Palmarini, F., Squarcina, M., Steel, G., and Tempesta, M. (2018, January 18\u201321). Mind Your Keys? A Security Evaluation of Java Keystores. Proceedings of the Network and Distributed System Security Symposium (NDSS\u201918), San Diego, CA USA.","DOI":"10.14722\/ndss.2018.23083"}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/10\/7\/253\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T15:10:58Z","timestamp":1760195458000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/10\/7\/253"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,7,2]]},"references-count":59,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2018,7]]}},"alternative-id":["sym10070253"],"URL":"https:\/\/doi.org\/10.3390\/sym10070253","relation":{},"ISSN":["2073-8994"],"issn-type":[{"type":"electronic","value":"2073-8994"}],"subject":[],"published":{"date-parts":[[2018,7,2]]}}}