Skip to main content
USENIX
  • Conferences
  • Students
Sign in

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป Detecting Malicious Java Code Using Virtual Machine Auditing
Tweet

connect with us

Detecting Malicious Java Code Using Virtual Machine Auditing

Abstract: 

The Java Virtual Machine (JVM) is evolving as an infrastructure for the efficient execution of large-scale, network-based applications. To enable secure execution in this environment, industrial and academic efforts have implemented extensive support for verification of type-safety, authentication, and access control. However, JVMs continue to lack intrinsic support for intrusion detection.

Existing operating system auditing facilities and host-based intrusion detection systems operate at the process level, with the assumption that one application is mapped onto one process. However, in many cases, multiple Java applications are executed concurrently as threads within a single JVM process. As such, it is difficult to analyze the behavior of Java applications using the corresponding OS-level audit trail. In addition, the malicious actions of a single Java application may trigger a response that disables an entire execution environment. To overcome these limitations, we have developed a thread-level auditing facility for the Java Virtual Machine and an intrusion detection tool that uses audit data generated by this facility to detect attacks by malicious Java code. This paper describes the JVM auditing mechanisms, the intrusion detection tool, and the quantitative evaluation of their performance.

Sunil Soman, University of California, Santa Barbara

Chandra Krintz, University of California, Santa Barbara

Giovanni Vigna, University of California, Santa Barbara

BibTeX
@inproceedings {270159,
author = {Sunil Soman and Chandra Krintz and Giovanni Vigna},
title = {Detecting Malicious Java Code Using Virtual Machine Auditing},
booktitle = {12th USENIX Security Symposium (USENIX Security 03)},
year = {2003},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/12th-usenix-security-symposium/detecting-malicious-java-code-using-virtual-machine},
publisher = {USENIX Association},
month = aug,
}
Download

Links

Paper: 
http://www.usenix.org/events/sec03/tech/full_papers/soman/soman.pdf
Paper (HTML): 
http://www.usenix.org/events/sec03/tech/full_papers/soman/soman_html/index.html
  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Contact Us