Java Virtual Machine Security

Project

Detecting Malicious Code Through Virtual Machine Auditing

Java has evolved from a language for enabling dynamic content on web pages to an immensely popular framework for developing a wide range of applications, like e-commerce, supply-chain management, application servers, and grid computing. We study intrusion detection as an approach to Java Virtual Machine (JVM) security in the context of  our vision of a continuously available JVM. Such a virtual machine server system consists of multiple users uploading Java code to access resources and to customize services. Our goal is to enable responsibility attribution through auditing at the virtual machine thread level. In addition, we are concerned with activating a suitable response to malicious code, without jeopardizing the safety or the availability of the virtual machine environment.

People

• Chandra Krintz
• Sunil Soman
• Giovanni Vigna

Library

• Sunil Soman, Chandra Krintz, and Giovanni Vigna, Detecting Malicious Java Code Using Virtual Machine Auditing, 12th USENIX Security Symposium, Washington DC, Aug. 4-8, 2003, (details) (was UCSB Technical Report #2003-04 (Feb. 2003))
• Reference Publications

Software

• JikesRVM Implementation of Virtual Machine Auditing
  • JikesRVM_STAT JikesRVM v2.1.1, FastSemispace build, OS: Linux 7.3 Kernel 2.4.18
  • STAT The external intrusion detection system that works with JikesRVM_STAT
  Please Note: We are no longer supporting this software package as changes to the Linux kernel have caused the system to be nonfunctional. We have not ported the system to more recent versions of JikesRVM but that can be done. The JikesRVM home page can be found here.