Skip to Main content Skip to Navigation

Exploiting Java Code Interactions

François Goichon 1 Guillaume Salagnac 1 Stéphane Frénot 1 
1 AMAZONES - Ambient Middleware Architectures: Service-Oriented, Networked, Efficient and Secured
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services
Abstract : Many Java technologies allow the execution of code provided by multiple parties. Service-oriented platforms based on components such as OSGi are good examples of such a scenario. Those extensible component-based platforms are service-oriented, as components may directly interact with each other via the services they provide. However, even robust languages such as Java were not designed to handle safely code interaction between trusted and untrusted parties. In this technical report, we review how basic Java interactions can break encapsulation or execution safety. The Java security layers contribution is questionable in such environments as they induce tangible overheads without covering all threats. We also review flaws in the Java access control design that can allow untrusted code to bypass restrictions by exploiting vulnerabilities in trusted code. Our audit on real-life trusted bundles from OSGi implementations shows that real-life components do not seem prepared yet to malicious interactions.
Document type :
Complete list of metadata

Cited literature [15 references]  Display  Hide  Download
Contributor : François Goichon Connect in order to contact the contributor
Submitted on : Thursday, December 15, 2011 - 4:50:21 PM
Last modification on : Friday, February 4, 2022 - 3:18:15 AM
Long-term archiving on: : Friday, November 16, 2012 - 3:36:14 PM


Files produced by the author(s)


  • HAL Id : hal-00652110, version 1



François Goichon, Guillaume Salagnac, Stéphane Frénot. Exploiting Java Code Interactions. [Technical Report] RT-0419, INRIA. 2011. ⟨hal-00652110⟩



Record views


Files downloads