Type safety is a promising approach to enhancing software security. Programs written in type-safe programming languages such as Java are type-safe by construction. However, in practice, many complex applications are heterogeneous, i.e., they contain components written in different languages. The Java Native Interface (JNI) allows type-safe Java code to interact with unsafe C code. When a type-safe language interacts with an unsafe language in the same address space, in general, the overall application becomes unsafe. In this work, we propose a framework called Safe Java Native Interface (SafeJNI) that ensures type safety of heterogeneous programs that contain Java and C components. We identify the loopholes of using JNI that would permit C code to bypass the type safety of Java. The proposed SafeJNI system fixes these loopholes and guarantees type safety when native C methods are called. The overall approach consists of (i) retro-fitting the native C methods to make them safe, and (ii) developing an enhanced system that captures additional invariants that must be satisfied to guarantee safe interoperation. The SafeJNI framework is implemented through a combination of static and dynamic checks on the C code. We have measured our system’s effectiveness and performance on a set of benchmarks. During our experiments on the Zlib open source compression library, our system identified one vulnerability in the glue code between Zlib and Java. This vulnerability could be exploited to crash a large number of commercially deployed Java Virtual Machines (JVMs). The performance impact of SafeJNI on Zlib, while considerable, is less than reimplementing the C cod
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.