Security Enhanced Java: Mandatory Access Control for the Java Virtual Machine
Résumé
Since 70's, and despite its operational complex- ity, Mandatory Access Control (MAC) has demon- strated its reliability to enforce integrity and confi- dentiality. Surprisingly, the Java technology, despite its popularity, has not yet adopted this protection principle. Current security features within the JVM (JAAS and bytecode verifier) can be bypassed, as demonstrated by summer 2012 attacks. Thus, a MAC model for Java and a cross platform reference monitor are required for the Java Virtual Machine. Security Enhanced Java (SEJava) enables to control dynamical ly the information flows between al l the Java objects requiring neither bytecode nor source code instrumentations. The main idea is to consider Java types as security contexts, and method calls / field accesses as permissions. SEJava allows fine- grain MAC rules between the Java objects. Thus, SEJava controls all the information flows within the JVM. Our implementation is faster than concur- rent approaches while allowing both finer and more advanced controls. A use case shows the efficiency to protect against Common Vulnerability and Expo- sures in an efficient manner.