research-article

Finding bugs in exceptional situations of JNI programs

Authors:

Gang TanAuthors Info & Claims

CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Pages 442 - 452

https://doi.org/10.1145/1653662.1653716

Published: 09 November 2009 Publication History

Abstract

Software flaws in native methods may defeat Java's guarantees of safety and security. One common kind of flaws in native methods results from the discrepancy on how exceptions are handled in Java and in native methods. Unlike exceptions in Java, exceptions raised in the native code through the Java Native Interface (JNI) are not controlled by the Java Virtual Machine (JVM). Only after the native code finishes execution will the JVM's mechanism for exceptions take over. This discrepancy makes handling of JNI exceptions an error prone process and can cause serious security flaws in software written using the JNI.

We propose a novel static analysis framework to examine exceptions and report errors in JNI programs. We have built a complete tool consisting of exception analysis, static taint analysis, and warning recovery. Experimental results demonstrated this tool allows finding of mishandling of exceptions with high accuracy (15.4% false-positive rate on over 260k lines of code). Our framework can be easily applied to analyzing software written in other foreign function interfaces, including the Python/C interface and the OCaml/C interface.

References

[1]

K. Ashcraft and D. Engler. Using programmer-written compiler extensions to catch security holes. In IEEE Symposium on Security and Privacy (S&P), pages 143--159, Washington, DC, USA, 2002. IEEE Computer Society.

Digital Library

[2]

B.-M. Chang, J.-W. Jo, K. Yi, and K.-M. Choe. Interprocedural exception analysis for Java. In SAC'01: Proceedings of the 2001 ACM symposium on Applied computing, pages 620--625, New York, NY, USA, 2001. ACM.

Digital Library

[3]

W. Chang, B. Streiff, and C. Lin. Efficient and extensible security enforcement using dynamic data flow analysis. In CCS '08: Proceedings of the 15th ACM conference on Computer and communications security, pages 39--50, 2008.

Digital Library

[4]

H. Chen and D. Wagner. Mops: an infrastructure for examining security properties of software. In CCS '02: Proceedings of the 9th ACM conference on Computer and communications security, pages 235--244, 2002.

Digital Library

[5]

M. Das, S. Lerner, and M. Seigle. ESP: path-sensitive program verification in polynomial time. In ACM Conference on Programming Language Design and Implementation (PLDI), pages 57--68, 2002.

Digital Library

[6]

M. Furr and J. S. Foster. Polymorphic type inference for the JNI. In 15th European Symposium on Programming (ESOP), pages 309--324, 2006.

Digital Library

[7]

S. D. Gathman. java-posix. http://www.bmsi.com/java/posix/package.html. Fetched on August 7, 2009.

[8]

The java-gnome user interface library. http://java-gnome.sourceforge.net/. Fetched on August 7, 2009.

[9]

JOGL API project. https://jogl.dev.java.net/. Fetched on August 7, 2009.

[10]

N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: A static analysis tool for detecting web application vulnerabilities (short paper). In IEEE Symposium on Security and Privacy (S&P), pages 258--263, 2006.

Digital Library

[11]

G. Kondoh and T. Onodera. Finding bugs in Java Native Interface programs. In International Symposium on Software Testing and Analysis (ISSTA), pages 109--118, New York, NY, USA, 2008. ACM.

Digital Library

[12]

X. Leroy. The Objective Caml system, 2008. http://caml.inria.fr/pub/docs/manual-ocaml/index.html.

[13]

S. Liang. Java Native Interface: Programmer's Guide and Reference. Addison-Wesley Longman Publishing Co., Inc., 1999.

Digital Library

[14]

B. Livshits and M. Lam. Finding security vulnerabilities in Java applications with static analysis. In 14th Usenix Security Symposium, pages 271--286, 2005.

Digital Library

[15]

D. Malayeri and J. Aldrich. Practical exception specifications. In Advanced Topics in Exception Handling Techniques, volume 4119 of Lecture Notes in Computer Science, pages 200--220. Springer, 2006.

Digital Library

[16]

G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. Ccured: type-safe retrofitting of legacy software. ACM Transactions on Programming Languages and Systems, 27(3):477--526, 2005.

Digital Library

[17]

G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In International Conference on Compiler Construction (CC), pages 213--228, 2002.

Digital Library

[18]

J. Newsome and D. Song. Dynamic taint analysis for automatic dedection, analysis, and signature generation of exploits on commodity software. In Network and Distributed System Security Symposium(NDSS), 2005.

[19]

A. Nguyen-tuong, S. Guarnieri, D. Greene, and D. Evans. Automatically hardening web applications using precise tainting. In In 20th IFIP International Information Security Conference, pages 372--382, 2005.

[20]

F. Nielson, H. R. Nielson, and C. Hankin. Principles of Program Analysis. Springer-Verlag Berlin, 1999.

Digital Library

[21]

Python/C API reference manual. http://docs.python.org/c-api/index.html, Apr. 2009.

[22]

T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In 22nd ACM Symposium on Principles of Programming Languages (POPL), pages 49--61, 1995.

Digital Library

[23]

M. P. Robillard and G. C. Murphy. Static analysis to support the evolution of exception structure in object-oriented systems. ACM Transactions on Programming Languages and Systems, 12(2):191--221, 2003.

Digital Library

[24]

M. Schoenefeld. Denial-of-service holes in JDK 1.3.1 and 1.4.1 01. Retrieved Apr 26th, 2008, from http://www.illegalaccess.org/java/ZipBugs.php, 2003.

[25]

U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting format string vulnerabilities with type qualifiers. In In Proceedings of the 10th USENIX Security Symposium, pages 201--220, 2001.

Digital Library

[26]

R. E. Strom and S. Yemini. Typestate: A programming language concept for enhancing software reliability. IEEE Transactions on Software Engineering, 12(1):157--171, 1986.

Digital Library

[27]

G. Tan, A. W. Appel, S. Chakradhar, A. Raghunathan, S. Ravi, and D. Wang. Safe Java Native Interface. In Proceedings of IEEE International Symposium on Secure Software Engineering, pages 97--106, 2006.

[28]

G. Tan and J. Croft. An empirical security study of the native code in the JDK. In 17th Usenix Security Symposium, pages 365--377, 2008.

Digital Library

[29]

US-CERT. Vulnerability note VU#138545: Java Runtime Environment image parsing code buffer overflow vulnerability, June 2007. Credit goes to Chris Evans.

[30]

US-CERT. Vulnerability note VU#939609: Sun Java JRE vulnerable to arbitrary code execution via an unspecified error, Jan. 2007. Credit goes to Chris Evans.

[31]

W. Weimer and G. Necula. Exceptional situations and program reliability. ACM Transactions on Programming Languages and Systems, 30(2):1--51, 2008.

Digital Library

[32]

Y. Xie and A. Aiken. Static detection of security vulnerabilities in scripting languages. In 15th Usenix Security Symposium, pages 179--192, Berkeley, CA, USA, 2006. USENIX Association.

Digital Library

[33]

W. Xinran, J. Yoon-Chan, Z. Sencun, and L. Peng. Still: Exploit code detection via static taint and initialization analyses. In ACSAC '08: Proceedings of the 2008 Annual Computer Security Applications Conference, pages 289--298, Washington, DC, USA, 2008. IEEE Computer Society.

Digital Library

[34]

W. Xu, S. Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks. In 15th Usenix Security Symposium, Berkeley, CA, USA, 2006. USENIX Association.

Digital Library

Cited By

Prakash JTiwari AHammer C(2025)Modular Unification of Unilingual Pointer Analyses to Multilingual FFI-Based ProgramsScience of Computer Programming10.1016/j.scico.2025.103278(103278)Online publication date: Feb-2025
https://doi.org/10.1016/j.scico.2025.103278
Xiong HDai QChang RQiu MWang RShen WZhou YChristakis MPradel M(2024)Atlas: Automating Cross-Language Fuzzing on Android Closed-Source LibrariesProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652133(350-362)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3652133
Hwang SLee SRyu S(2024)An Empirical Study of JVMs’ Behaviors on Erroneous JNI InteroperationsIEEE Transactions on Software Engineering10.1109/TSE.2024.337323950:4(979-994)Online publication date: Apr-2024
https://doi.org/10.1109/TSE.2024.3373239
Show More Cited By

Index Terms

Finding bugs in exceptional situations of JNI programs

Recommendations

Finding bugs in java native interface programs
ISSTA '08: Proceedings of the 2008 international symposium on Software testing and analysis

In this paper, we describe static analysis techniques for finding bugs in programs using the Java Native Interface (JNI). The JNI is both tedious and error-prone because there are many JNI-specific mistakes that are not caught by a native compiler. This ...
Evaluating the Java Native Interface JNI: Leveraging Existing Native Code, Libraries and Threads to a Running Java Virtual Machine

This article aims to explore JNI features and to discover fundamental operations of the Java programming language, such as arrays, objects, classes, threads and exception handling, and to illustrate these by using various algorithms and code samples. ...
Evaluating the Java Native Interface JNI: Data Types and Strings

This article describes how the java native interface JNI is a powerful feature of the java platform that started to draw attention in the latter years as an efficient programming framework for building and delivering innovative technological ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

November 2009

664 pages

ISBN:9781605588940

DOI:10.1145/1653662

General Chair:
Ehab Al-Shaer
University of North Carolina, Charlotte, USA
,
Program Chairs:
Somesh Jha
University of Wisconsin, USA
,
Angelos D. Keromytis
Columbia University, USA and Symantec Research Labs Europe, France

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 November 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '09

Sponsor:

SIGSAC

CCS '09: 16th ACM Conference on Computer and Communications Security 2009

November 9 - 13, 2009

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

48
Total Citations
View Citations
601
Total Downloads

Downloads (Last 12 months)24
Downloads (Last 6 weeks)5

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Prakash JTiwari AHammer C(2025)Modular Unification of Unilingual Pointer Analyses to Multilingual FFI-Based ProgramsScience of Computer Programming10.1016/j.scico.2025.103278(103278)Online publication date: Feb-2025
https://doi.org/10.1016/j.scico.2025.103278
Xiong HDai QChang RQiu MWang RShen WZhou YChristakis MPradel M(2024)Atlas: Automating Cross-Language Fuzzing on Android Closed-Source LibrariesProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652133(350-362)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3652133
Hwang SLee SRyu S(2024)An Empirical Study of JVMs’ Behaviors on Erroneous JNI InteroperationsIEEE Transactions on Software Engineering10.1109/TSE.2024.337323950:4(979-994)Online publication date: Apr-2024
https://doi.org/10.1109/TSE.2024.3373239
Xu YZhou MGao QZhang SWu Z(2024)SWAT4J: Generating System Call Allowlist for Java Container Attack Surface Reduction2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER60148.2024.00101(929-939)Online publication date: 12-Mar-2024
https://doi.org/10.1109/SANER60148.2024.00101
Abidi MRahman MOpenja MKhomh F(2024)Design smells in multi-language systems and bug-proneness: a survival analysisEmpirical Software Engineering10.1007/s10664-024-10476-229:5Online publication date: 3-Jul-2024
https://doi.org/10.1007/s10664-024-10476-2
Hu MZhao QZhang YXiong Y(2023)Cross-Language Call Graph Construction Supporting Different Host Languages2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER56733.2023.00024(155-166)Online publication date: Mar-2023
https://doi.org/10.1109/SANER56733.2023.00024
Tiwari APrakash JRahimov AHammer C(2023)Understanding the Impact of Fingerprinting in Android Hybrid Apps2023 IEEE/ACM 10th International Conference on Mobile Software Engineering and Systems (MOBILESoft)10.1109/MOBILSoft59058.2023.00011(28-39)Online publication date: May-2023
https://doi.org/10.1109/MOBILSoft59058.2023.00011
Zhang HLuo JHu MYan JZhang JQiu Z(2023)Detecting Exception Handling Bugs in C++ Programs2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)10.1109/ICSE48619.2023.00098(1084-1095)Online publication date: May-2023
https://doi.org/10.1109/ICSE48619.2023.00098
Ma XYan JZhang HYan JZhang J(2023)Detecting Memory Errors in Python Native Code by Tracking Object Lifecycle with Reference Count2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE)10.1109/ASE56229.2023.00198(1429-1440)Online publication date: 11-Sep-2023
https://doi.org/10.1109/ASE56229.2023.00198
Buro SCrole RMastroeni I(2023)On multi-language abstraction: Towards a static analysis of multi-language programsFormal Methods in System Design10.1007/s10703-022-00405-8Online publication date: 28-Mar-2023
https://doi.org/10.1007/s10703-022-00405-8
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten