Mobile Code Security

Through Java Byte-Code Modification

Objective

This project is about modification of Java byte-code to make mobile Java code more secure. We are most concerned about preventing malicious behaviour in e-commerce applications (e.g. business to business e-commerce).

Technique

We do this by changing the Java byte-code on the fly before it runs on the client. The user writes a safety policy and certain safe classes based on which the filters do their modification.

Applications

Applet safety, safety of Corba-based systems which use Java, safety for Jini-based code, safety from forms of hostile mobile code other than Java, E-commerce-based  applications like SUN's Java Wallet, Hostile moble code which exploits implementation bugs of E-commerce-based applications.

Status

We already  have built our system and tested it on some example hostile mobile code. Please see future work also. At the moment this project is not very active. You may not find active support for your doubts or problems. (July 19, 2000)

Core Paper

Filter paper (by Insik et al.)

Downloading, Installing and Using this System

(The filter code has not been under maintainance since September, 1999. Newer versions of JavaClass Library and muffin proxy may cause problems.)

Steps in Downloading and Installing:  Steps in using the system:

Running the System

After installing the system if you want to protect against any new malicious Java applets then you will have to write your own safe classes. (Unfortunately we cannot write all possible safe classes.)

Notes About the Source Code and Libraries

The filters provided in this page modify Java byte-code. These filters need to be plugged into a proxy server for proper operation. At the moment they are interfaced with an off-the-shelf proxy called Muffin. To understand the code it is imperative that the person reading the code familiarise him/herself with the following pieces of information:
  • Java ByteCode Format and Virtual-Machine Spec
  • Java Class Library
  • The bytecode modification techniques used by our group at Stanford (refer paper and code above).
  • Hostile Applet Sites

  • Mark Laude's Hostile Applet Site.
  • rstcorp's homepage provides lots of info on hostile applets.
  • Future Work

  • Developing a formal, extremely easy to use safety language to specify safety policy.
  • Develop a mechanism to automatically generate safe classes. The main caveat of this method as of now is that the sys-admin/user will have to write their own safe classes at the moment. A mechanism to easily generate the safe classes from a standardized safety policy would be a very cool idea.
  • Apply the technique to more significant applications.
  • People

  • Prof. John Mitchell. (Principal Investigator)
  • Vijay Ganesh. (re-implemented the filters in Java and made a working prototype with Muffin proxy)
  • Other Previous Contributors

  • Amit Patel.
  • Insik Shin. (Amit and Insik first developed the technique and implemented a proxy and filters in Python.)
  • This page is maintained by Vijay Ganesh.
    (last modified 9th September,1999)