Treffer: Utilizing Binary Rewriting for Improving End-Host Security.

Title:
Utilizing Binary Rewriting for Improving End-Host Security.
Authors:
Yougang Song1 ysong@cs.ucr.edu, Fleisch, Brett D.1 brett@cs.ucr.edu
Source:
IEEE Transactions on Parallel & Distributed Systems. Dec2007, Vol. 18 Issue 12, p1687-1699. 13p. 1 Diagram, 4 Charts, 16 Graphs.
Subject Terms:
*COMPUTER security, *DATA protection, *INTERNET servers, *PERFORMANCE evaluation, *END-user computing, *COMPUTER architecture, *COMPUTER science, JAVA programming language, COMPUTER engineering
Database:
Business Source Premier

Weitere Informationen

Conventional methods supporting Java binary security mainly rely on the security of the host Java Virtual Machine (JVM). However, malicious Java binaries keep exploiting the vulnerabilities of JVMs, escaping their sandbox restrictions and allowing attacks on end-user systems. Administrators must confront the difticulties and dilemmas brought on by security upgrades. On the other hand, binary rewriting techniques have been advanced to allow users to enforce security policies directly on the mobile code. They have the advantages of supporting a richer set of security policies and a self-constrained written code. However, the high administrative and performance overhead caused by security configuration and code rewriting have prevented rewriters from becoming a practical security tool. In this paper, we address these problems by integrating binary code rewriters with Web caching proxies and build the security system called PB-JARS, a Proxy-based JAva Rewriting System. PB-JARS works as a complimentary system to existing JVM security mechanisms by placing another line of defense between users and their end-user systems. It gives system administrators centralized security control and management for the mobile code and security policies. We evaluated PB-JARS using a real Java binary traffic model derived from analyzing real Web trace records. Our results show that adding binary rewriting to a Web caching system can be very efficient in improving end-host security at a low cost. [ABSTRACT FROM AUTHOR]

Copyright of IEEE Transactions on Parallel & Distributed Systems is the property of IEEE and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)