Careful Analysis of Type Spoofing

. Saraswat's type spoofing was one of the most long-lasting bugs in the JVM. Recently, its solution was proposed and implemented in JDK1.2. The correctness of this new feature, however, is non-trivial and required the formal soundness proof. Actually, during our work on it, two flaws inside the new JVM implementation were found. This paper briefly reports our work and results. 1 Introduction The most popular but most serious attack to the Java security is the so-called type confusion or type spoofing. The attack destroys the fundamental type system of the JVM, and can modify any authorized system property. To implement a reliable system against these kinds of attacks, type theoretical approach as in our recent work [1] is required. This report briefly summarizes our achievements in the work. Last year, a new version of Sun's official Java Development Kit, JDK1.2, was released. With respect to the type spoofing attack, one of its variations originally reported by Saraswat [3] wa..