Abstract
Java is the most popular language for web programming. However it suffers from some well-known denial-of-service attacks (e.g., obscuring the screen) due to the execution of malicious code that uses resources in an improper way. In this paper we present a new approach to alleviate these problems by patching the Java Virtual Machine, in order to force the needed checks on resources usage bounds directly at the level of the source code.
Chapter PDF
References
Vincenzo Ciaschini. The patch itself, http://www.cnaf.infn.it/~marotta/ patch.html.
J. Goslin, K. Arnold, The Java Programming Language, Addison-Wesley, Reading, MA 1996
Mary Campione, Kathy Walrath, The Java tutorial, ftp://ftp.javasoft.com/docs/tutorial.tar.gz, May 2001
T. Lindholm, F. Yellyn, The Java Virtual Machine Specification, ftp://ftp.javasoft.com/docs/specs/vmspec.html.tar.gz
G. McGraw, E.W. Felten, Java Security. Hostile Applets, Holes and Antidotes, Wiley, 1997.
G. McGraw, E.W. Felten, Securing Java, Wiley, 1999.
M. LaDue, Hostile Applets Home Page, http://www.cigital.com/hostileapplets/index.html.
M.F. Florio, R. Gorrieri, G. Marchetti, Coping with denial of service due to malicious Java applets, Computer Communications 23 (2000) 1645–1654.
Li Gong, Inside Java 2 Platform Security, Addison-Wesley, Reading, MA, 1999.
D. Martin, S. Rajagopalan, A.D. Rubin, Blocking Java Applets at the Firewall, Procs. Internet Society Symp. on Network and Distributed System Security (1997) 123–133.
Finjan Software, www.finjan.com
Citrix, www.citrix.com
D. Malki, M. K. Reiter, A. D. Rubin, Secure Execution of Java Applets Using a Remote Playground, procs. IEEE Computer Society, Symposium on Security and Privacy, pages 40–51, 1998
The Princeton Java Filter, http://www.cs.princeton.edu/sip/JavaFilter/
David S. Platt, Introducing the Microsoft .NET Platform, Microsoft Press International, 2001
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 IFIP International Federation for Information Processing
About this paper
Cite this paper
Ciaschini, V., Gorrieri, R. (2004). Contrasting Malicious Applets by Modifying the Java Virtual Machine. In: Deswarte, Y., Cuppens, F., Jajodia, S., Wang, L. (eds) Security and Protection in Information Processing Systems. SEC 2004. IFIP — The International Federation for Information Processing, vol 147. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8143-X_4
Download citation
DOI: https://doi.org/10.1007/1-4020-8143-X_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-8016-1
Online ISBN: 978-1-4020-8143-9
eBook Packages: Springer Book Archive