Tue Jul 29, 2008, 11:00-12:00, 4549 Boelter Hall

Language-Based Security for Java-C Interoperation

Gang Tan
Lehigh University

Most real software systems are multilingual; that is, they consist of
components developed in multiple programming languages. For example,
Sun's Java Development Kit 1.6 (JDK) contains around 2 million lines
of Java code as well as 800,000 lines of C/C++ code.  Unfortunately,
the interface code that glues multilingual software components is a
constant source of software bugs and vulnerabilities.  This is
demonstrated by our empirical security study of JDK 1.6, which
identified O(100) bugs in the interface code between Java and C
components.

In this talk, we present two systems that follow a language-based
approach for ensuring safety and security of Java-C interoperation.
The first system, SafeJNI, uses program rewriting and a static type
system to enforce that C code is isolated and respects Java's
invariants. The second system, ILEA, enables existing Java analyses to
understand foreign C code, by automatically extracting an approximate
Java specification from C code.

About the speaker: Gang Tan is an assistant professor of 
Computer Science and Engineering at Lehigh University.  
He received his B.E. degree in Computer Science from 
Tsinghua University in 1999, and his Ph.D. degree from 
Princeton University in 2005.  His research interests are 
in the areas of programming languages and computer security.

Host: Todd Millstein