Mobile Code Security Through Java Byte Code Modification

Mobile Code Security

Through Java Byte-Code Modification

Objective

This project is about modification of Java byte-code to make mobile Java code more secure. We are most concerned about preventing malicious behaviour in e-commerce applications (e.g. business to business e-commerce).

Technique

We do this by changing the Java byte-code on the fly before it runs on the client. The user writes a safety policy and certain safe classes based on which the filters do their modification.

Applications

Applet safety, safety of Corba-based systems which use Java, safety for Jini-based code, safety from forms of hostile mobile code other than Java, E-commerce-based applications like SUN's Java Wallet, Hostile moble code which exploits implementation bugs of E-commerce-based applications.

Status

We already have built our system and tested it on some example hostile mobile code. Please see future work also. At the moment this project is not very active. You may not find active support for your doubts or problems. (July 19, 2000)

Core Paper

Filter paper (by Insik et al.)

Downloading, Installing and Using this System

(The filter code has not been under maintainance since September, 1999. Newer versions of JavaClass Library and muffin proxy may cause problems.)

Steps in Downloading and Installing:

The Muffin Proxy can be downloaded from here.(It is free. Muffin and our filters are written in Java and therefore ideally should work on any OS which has Java 1.1 or above. But we have tested our system only on Linux.)
Download the Muffin Proxy (ver 0.8.1) and untar/unzip it.
Download our Java-filter files from here.(unix tar file)
Copy the Java-filter files to the following directory. Assume the home directory for Muffin is /user/joe/Muffin. Then copy the filter files to /user/joe/Muffin /src/org/doit/muffin/filter.
The current version of Java Class Library is organized very differently from the one I used to write my code. You can download a tar gunziped java class library which I used from here.
If you want the latest Java Class Library you can Install it from here Java Class Library. (the filters use this library)
Run the intall script provided by Muffin in /user/joe/Muffin
Steps in using the system:

Choose a machine which will run your proxy server muffin.
Goto netscape's preferences and then go to the "Advanced" menu. Then go to "Proxies" and open the manual proxy option in it. Fill in the IP address of the machine running the proxy in the "http proxy" box and set the port to "51966" (this information comes with the Muffin Installation).
Create two files in your home directory called .methodnames and .classnames.
These files are read by the filters to get information on the methods and classes to modify.(sample .classnames and .methodnames files). The syntax used in these files is very simple. In both .classnames and .methodnames the class can be specified by giving its full API name (for example, java/awt/Dialog).
Syntax of .classnames file: write the complete API name of the class and write exactly one classname in every line.
Syntax of .methodnames file: write the complete API name of the class on one line and make sure to end it with a "." In the subsequent lines write down the methodnames of the methods to be modified. If the method is static then put "/static" at the end of the complete method name. Exactly one methodname should be written on one line.
create a /user/joe/www/safeclass directory. Write your safe classes, compile them and put them in this directory.
SafeClasses are classes which override the malicious behaviour of the incoming applet. As explained in the core paper the filters modify the applet to ensure that the safeclasses are invoked. As of now the user has to write the safe classes. (Please refer to the paper for more info on safe classes. Here is a sample safe class for limiting the number of dialog boxes opened by an applet.)
Now you are all set to use the system to prevent annoying and malicious applets.

Running the System

After installing the system if you want to protect against any new malicious Java applets then you will have to write your own safe classes. (Unfortunately we cannot write all possible safe classes.)

Notes About the Source Code and Libraries

The filters provided in this page modify Java byte-code. These filters need to be plugged into a proxy server for proper operation. At the moment they are interfaced with an off-the-shelf proxy called Muffin. To understand the code it is imperative that the person reading the code familiarise him/herself with the following pieces of information:

Java ByteCode Format and Virtual-Machine Spec
Java Class Library
The bytecode modification techniques used by our group at Stanford (refer paper and code above).

Hostile Applet Sites

Mark Laude's Hostile Applet Site.
rstcorp's homepage provides lots of info on hostile applets.

Future Work

Developing a formal, extremely easy to use safety language to specify safety policy.
Develop a mechanism to automatically generate safe classes. The main caveat of this method as of now is that the sys-admin/user will have to write their own safe classes at the moment. A mechanism to easily generate the safe classes from a standardized safety policy would be a very cool idea.
Apply the technique to more significant applications.

People

Prof. John Mitchell. (Principal Investigator)
Vijay Ganesh. (re-implemented the filters in Java and made a working prototype with Muffin proxy)

Other Previous Contributors

Amit Patel.
Insik Shin. (Amit and Insik first developed the technique and implemented a proxy and filters in Python.)

This page is maintained by Vijay Ganesh.

(last modified 9th September,1999)