Mobile Code Security
Through Java Byte-Code Modification
Objective
This project is about modification of java bytecode to make
mobile Java code more secure. We are most concerned about preventing malicious
behaviour in e-commerce apps(e.g. business to business e-commerce).
Technique
We do this by changing the java bytecode on the fly before
it runs on the client. The user writes a safety policy and certain safe
classes based on which the filters do their modification.
Applications
Applet safety, Safety of corba based systems which use Java,
Safety for Jini based code, Safety from forms of hostile mobile code other
than Java, E-commerce based applications like SUN's Java Wallet,
Hostile moble code which exploit implementation bugs of E-commerce based
applications.
Status
We already have built our system and tested it on some
example hostile mobile code. please see future work
also.
Core Paper
Filter
paper (by Insik et al.)
DownLoading, Installing and Using this System
Steps in Downloading and Installing:
The Muffin Proxy can be downloaded from here.(it
is free)
Download the muffin Proxy and untar/unzip it.
Download our Java-filter files from
here.(unix tar file)
Copy the Java-filter files to the following directory. Assume the home
directory for Muffin is /user/joe/Muffin. Then copy the filter files to
/user/joe/Muffin /src/org/doit/muffin/filter.
Install the Java
Class Library. (the filters use this library)
Run the intall script provided by muffin in /user/joe/Muffin
Steps in using the system:
Choose a machine which will run your proxy server muffin.
Goto netscape's preferences and then go to "advanced" menu. Then go to
"proxies" and open the manual proxy option in it. Fill in the IP address
of the machine running the proxy in the "http proxy" and set port as "51966".
(this information comes with Muffin Installation)
Create two files in your home directory call .methodnames and .classnames.
These files are read by the filters to get information on the methods
and classes to modify.(sample .classnames
and
.methodnames
files).
The syntax used in these files is very simple. In both .classnames and
.methodnames files the class can be specified by giving its full api name
for example java/awt/Dialog.
sytax of .classnames file: write the complete api name of the class and
write exactly one classname in every line.
syntax of .methodnames file: write the complete api name of the class on
one line and make sure to end it with a "." In the subsequent lines write
down the methodnames of the methods to be modified. If the method is static
then put "/static" at the end of the complete method name. Exactly one
methodname should be written on one line.
create a /user/joe/www/safeclass directory. Write your safe classes, compile
them and put them in this directory.
SafeClasses are classes which override the malicious behaviour of the incoming
applet. As explained in the core paper the filters modify the applet to
ensure that the safeclasses are invoked. as of now the user has to write
the safeclasses. (please refer paper for more info on safeclasses. here
is a sample safeclass
for limiting the number of dialog boxes opened by an applet)
Now you are all set to use the system to prevent annoying and malicious
applets.
Running the System
After Installing the system if you want to protect
against any new malicious java applets then you will have to write your
own safeclasses. (Unfortunately we cannot write all possible safeclasses)
Notes About the Source Code and Libraries
The filters provided in this page modify java-bytecode. These
filters need to be plugged into a proxy server for proper operation. At
the moment they are interfaced with an off the shelf proxy called Muffin.
To understand the code it is imperative that the person reading the code
familiarise him/herself with the following pieces of information:
Java ByteCode Format
and Virtual-Machine Spec
Java Class Library
The bytecode modification techniques used by our group at Stanford.(refer
paper and code above)
Hostile Applet Sites
Mark Laude's Hostile
Applet Site.
rstcorp's homepage provides lots of
info on hostile applets.
Future Work
Developing a formal, extremely easy to use safety language to specify safety
policy.
Develop a mechanism to automatically generate Safe Classes. (the main caveat
of this method as of now is that the sys-admin/user will have to write
their own safeclasses at the moment. mechanism to easily generate the safeclasses
from a standardized safety policy would be a very cool idea)
Apply the technique to more significant applications.
People
Prof. John Mitchell. (Principal Investigator)
Vijay Ganesh. (re-implemented the filters in Java and made a working
prototype with Muffin proxy)
Other Previous Contributors
Amit Patel.
Insik Shin. (Amit and Insik first developed the technique and implemented
a proxy and filters in Python.)
This page is maintained by Vijay
Ganesh.
(last modified 9th september,1999)