Treffer: Safe Heterogeneous Applications: Curing the Java Native Interface ∗

The Java Native Interface (JNI) allows type-safe Java code to interact with unsafe C code. When a type-safe language interacts with an unsafe language in the same address space, the application becomes unsafe. We identify the loopholes specific to using JNI that would permit C code to bypass the type safety of the JVM. We have designed a solution based on an extension of CCured [9] that makes calling native methods in C as type-safe as pure Java code. We have implemented a significant part of our solution and measured its effect on performance. Porting a native C library (Zlib) into our system requires only minimal changes to the C source code. The performance of this library is faster than a pure Java reimplementation of the library but slower than the original unsafe C version. During our experiments on Zlib, our system identified one type unsafety in the interface code between Zlib and Java. This insecurity can be exploited to crash, or gain extra privileges in a large number of commercially deployed JVMs. 1