Code Security in Transformed Java Bytecode

Program code transformation is a useful technique for achieving language extensions like persistence of objects. However, a meta-level program may often introduce security holes unexpectedly through its code transformation, and result in breaking Java’s code security model that base-level application programs assume in order to preserve their application-level security. This paper shows the problem of code security as broken by program transformations and explains the possibility of a security threat caused by it. Based on the security model of program transformations, we formalize a novel action-based security model, which describes a mechanism suitable for safely handling program transformations in Java. Also, this paper describes the design and implementation of our secure program transformation framework. The framework is built upon the standard Java virtual machine using a customized class loader. It checks and transforms bytecode of application classes when they are loaded. Experimental results show its overhead is acceptably small.

By: Michiaki Tatsubori, Akihiko Tozawa, Akira Koseki

Published in: RT0782 in 2008

LIMITED DISTRIBUTION NOTICE:

This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.

RT0782.pdf

Questions about this service can be mailed to reports@us.ibm.com .