By Topic

Utilizing Binary Rewriting for Improving End-Host Security

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Yougang Song ; Univ. of California, Riverside ; Fleisch, B.D.

Conventional methods supporting Java binary security mainly rely on the security of the host Java Virtual Machine (JVM). However, malicious Java binaries keep exploiting the vulnerabilities of JVMs, escaping their sandbox restrictions and allowing attacks on end-user systems. Administrators must confront the difficulties and dilemmas brought on by security upgrades. On the other hand, binary rewriting techniques have been advanced to allow users to enforce security policies directly on the mobile code. They have the advantages of supporting a richer set of security policies and a self-constrained written code. However, the high administrative and performance overhead caused by security configuration and code rewriting have prevented rewriters from becoming a practical security tool. In this paper, we address these problems by integrating binary code rewriters with Web caching proxies and build the security system called PB-JARS, a Proxy-based JAva Rewriting System. PB-JARS works as a complimentary system to existing JVM security mechanisms by placing another line of defense between users and their end-user systems. It gives system administrators centralized security control and management for the mobile code and security policies. We evaluated PB-JARS using a real Java binary traffic model derived from analyzing real Web trace records. Our results show that adding binary rewriting to a Web caching system can be very efficient in improving end-host security at a low cost.

Published in:

Parallel and Distributed Systems, IEEE Transactions on  (Volume:18 ,  Issue: 12 )