Next Article in Journal
Joint Adaptive Coding and Reversible Data Hiding for AMBTC Compressed Images
Next Article in Special Issue
Iterative Group Decomposition for Refining Microaggregation Solutions
Previous Article in Journal
On the Diameter and Incidence Energy of Iterated Total Graphs
Previous Article in Special Issue
A Cluster-Based Boosting Algorithm for Bankruptcy Prediction in a Highly Imbalanced Dataset
Article Menu

Export Article

Open AccessArticle
Symmetry 2018, 10(7), 253; https://doi.org/10.3390/sym10070253

RIM4J: An Architecture for Language-Supported Runtime Measurement against Malicious Bytecode in Cloud Computing

1
College of Computer, National University of Defense Technology, Changsha 410073, China
2
College of Computer and Communication, Hunan Institute of Engineering, Xiangtan 411100, China
These authors contributed equally to this paper.
*
Author to whom correspondence should be addressed.
Received: 13 June 2018 / Revised: 28 June 2018 / Accepted: 29 June 2018 / Published: 2 July 2018
(This article belongs to the Special Issue Information Technology and Its Applications 2018)
View Full-Text   |   Download PDF [1575 KB, uploaded 2 July 2018]   |  

Abstract

While cloud customers can benefit from migrating applications to the cloud, they are concerned about the security of the hosted applications. This is complicated by the customers not knowing whether their cloud applications are working as expected. Although memory-safety Java Virtual Machine (JVM) can alleviate their anxiety due to the control flow integrity, their applications are prone to a violation of bytecode integrity. The analysis of some Java exploits indicates that the violation results primarily from the given excess sandbox permission, loading flaws in Java class libraries and third-party middlewares and the abuse of sun.misc.UnsafeAPI. To such an end, we design an architecture, called RIM4J, to enforce a runtime integrity measurement of Java bytecode within a cloud system, with the ability to attest this to a cloud customer in an unforgeable manner. Our RIM4J architecture is portable, such that it can be quickly deployed and adopted for real-world purposes, without requiring modifications to the underlying systems and access to application source code. Moreover, our RIM4J architecture is the first to measure dynamically-generated bytecode. We apply our runtime measurement architecture to a messaging server application where we show how RIM4J can detect undesirable behaviors, such as uploading arbitrary files and remote code execution. This paper also reports the experimental evaluation of a RIM4J prototype using both a macro- and a micro-benchmark; the experimental results indicate that RIM4J is a practical solution for real-world applications. View Full-Text
Keywords: Java bytecode; runtime measurement; cloud security; trusted computing Java bytecode; runtime measurement; cloud security; trusted computing
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

Ba, H.; Zhou, H.; Qiao, H.; Wang, Z.; Ren, J. RIM4J: An Architecture for Language-Supported Runtime Measurement against Malicious Bytecode in Cloud Computing. Symmetry 2018, 10, 253.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Symmetry EISSN 2073-8994 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top