Whilst my research on the Object-Capability Model continues, I am investigating the native part of the Java Class Library (JCL). This is a part of the JCL that is written in C or C++ and compiled specifically to the target platform and the operating system. These are functions that bind with operating system procedures such as file or network I/O, graphical user interaction or process control. Additionally functionality with an increased performance need (e.g. reflection, array copys, …) can be found.
Users of the JCL are usually oblivious of the fact that parts of the execution that they trigger will be performed outside of the Java VM, its safety guarantees and its security model.
The native part of the JCL is undergoing a manual code review as well as automated checks for common mistakes and vulnerabilities. Nevertheless, as Jack Tang pointed out recently, there is an increase in the number of published vulnerabilities that are related to the native part of the JCL.
Typical attack patterns try to disable the Java security manager (resp. the AccessControlContext) by providing constructed harmful input data to a native method. This is not an easy task in the light of operating system countermeasures such as ASLR and DEP.
In the following days I will present ideas for novel approaches to the problem of finding these vulnerabilities or assessing the current risk. These ideas will be available for CS students of TU Darmstadt in the form of bachelor or master thesis topics.