Mobile Code Security

Through Java Byte-Code Modification

Objective

This project is about modification of java bytecode to make mobile Java code more secure. We are most concerned about preventing malicious behaviour in e-commerce apps(e.g. business to business e-commerce).

Technique

We do this by changing the java bytecode on the fly before it runs on the client. The user writes a safety policy and certain safe classes based on which the filters do their modification.

Applications

Applet safety, Safety of corba based systems which use Java, Safety for Jini based code, Safety from forms of hostile mobile code other than Java, E-commerce based  applications like SUN's Java Wallet, Hostile moble code which exploit implementation bugs of E-commerce based applications.

Status

We already  have built our system and tested it on some example hostile mobile code. please see future work also.

Core Paper

Filter paper (by Insik et al.)

DownLoading, Installing and Using this System

Steps in Downloading and Installing:
  • The Muffin Proxy can be downloaded from here.(it is free)
  • Download the muffin Proxy and untar/unzip it.
  • Download our Java-filter files from here.(unix tar file)
  • Copy the Java-filter files to the following directory. Assume the home directory for Muffin is /user/joe/Muffin. Then copy the filter files to /user/joe/Muffin /src/org/doit/muffin/filter.
  • Install the Java Class Library. (the filters use this library)
  • Run the intall script provided by muffin in /user/joe/Muffin
  •  Steps in using the system:
  •  Choose a machine which will run your proxy server muffin.
  • Goto netscape's preferences and then go to "advanced" menu. Then go to "proxies" and open the manual proxy option in it. Fill in the IP address of the machine running the proxy in the "http proxy" and set port as "51966". (this information comes with Muffin Installation)
  • Create two files in your home directory call .methodnames and .classnames.
  • These files are read by the filters to get information on the  methods and classes to modify.(sample .classnames and .methodnames files). The syntax used in these files is very simple. In both .classnames and .methodnames files the class can be specified by giving its full api name for example java/awt/Dialog.
  • sytax of .classnames file: write the complete api name of the class and write exactly one classname in every line.
  • syntax of .methodnames file: write the complete api name of the class on one line and make sure to end it with a "." In the subsequent lines write down the methodnames of the methods to be modified. If the method is static then put "/static" at the end of the complete method name. Exactly one methodname should be written on one line.
  • create a /user/joe/www/safeclass directory. Write your safe classes, compile them and put them in this directory.
  • SafeClasses are classes which override the malicious behaviour of the incoming applet. As explained in the core paper the filters modify the applet to ensure that the safeclasses are invoked. as of now the user has to write the safeclasses. (please refer paper for more info on safeclasses. here is a sample safeclass for limiting the number of dialog boxes opened by an applet)
  • Now you are all set to use the system to prevent annoying and malicious applets.
  • Running the System

    After Installing the system if you want to protect against any new malicious java applets then you will have to write your own safeclasses. (Unfortunately we cannot write all possible safeclasses)

    Notes About the Source Code and Libraries

    The filters provided in this page modify java-bytecode. These filters need to be plugged into a proxy server for proper operation. At the moment they are interfaced with an off the shelf proxy called Muffin. To understand the code it is imperative that the person reading the code familiarise him/herself with the following pieces of information:
  • Java ByteCode Format and Virtual-Machine Spec
  • Java Class Library
  • The bytecode modification techniques used by our group at Stanford.(refer paper and code above)
  • Hostile Applet Sites

  • Mark Laude's Hostile Applet Site.
  • rstcorp's homepage provides lots of info on hostile applets.
  • Future Work

  • Developing a formal, extremely easy to use safety language to specify safety policy.
  • Develop a mechanism to automatically generate Safe Classes. (the main caveat of this method as of now is that the sys-admin/user will have to write their own safeclasses at the moment. mechanism to easily generate the safeclasses from a standardized safety policy would be a very cool idea)
  • Apply the technique to more significant applications.
  • People

  • Prof. John Mitchell. (Principal Investigator)
  • Vijay Ganesh. (re-implemented the filters in Java and made a working prototype with Muffin proxy)
  • Other Previous Contributors

  • Amit Patel.
  • Insik Shin. (Amit and Insik first developed the technique and implemented a proxy and filters in Python.)
  • This page is maintained by Vijay Ganesh.
    (last modified 9th september,1999)