Abstract
Preventing abusive resource consumption is indispensable for all kinds of systems that execute untrusted mobile coee, such as mobile object sytems, extensible web servers, and web browsers. To implement the required defense mechanisms, some support for resource control must be available: accounting and limiting the usage of physical resources like CPU and memory, and of logical resources like threads. Java is the predominant implementation language for the kind of systems envisaged here, even though resource control is a missing feature on standard Java platforms. This paper describes the model and implementation mechanisms underlying the new resource-aware version of the J-SEAL2 mobile object kernel. Our fundamental objective is to achieve complete portability, and our approach is therefore based on Java bytecode transformations. Whereas resource control may be targeted towards the provision of quality of service or of usage-based billing, the focus of this paper is on security, and more specificlly on prevention of denial-of-service attacks orginating from hostile or poorly implemented mobile code.
- 1 G. Back and W. Hsieh. Drawing the red line in Java. In Seventh IEEE Workshop on Hot Topics in Operating Systems, Rio Rico, AZ, USA, Mar. 1999.]] Google ScholarDigital Library
- 2 G. Back, W. Hsieh, and J. Lepreau. Processes in KaffeOS: Isolation, resource management, and sharing in Java. In Proceedings of the Fourth Symposium on Operating Systems Design and Implementation (OSDI'2000), San Diego, CA, USA, Oct. 2000.]] Google ScholarDigital Library
- 3 G. Back, P. Tullmann, L. Stoller, W. Hsieh, and J. Lepreau. Techniques for the design of Java operating systems. In Proceedings of the 2000 USENIX Annual Technical Conference, San Diego, CA, USA, June 2000.]] Google ScholarDigital Library
- 4 G. Back, P. Tullmann, L. Stoller, W. C. Hsieh, and J. Lepreau. Java operating systems: Design and implementation. Technical Report UUCS-98-015, University of Utah, Department of Computer Science, Aug. 6, 1998.]]Google Scholar
- 5 W. Binder. J-SEAL2 - A secure high-performance mobile agent system. In IAT'99 Workshop on Agents in Electronic Commerce, Hong Kong, Dec. 1999.]]Google Scholar
- 6 W. Binder. Design and implementation of the J-SEAL2 mobile agent kernel. In The 2001 Symposium on Applications and the Internet (SAINT-2001), San Diego, CA, USA, Jan. 2001.]] Google ScholarDigital Library
- 7 W. Binder, J. Hulaas, and A. Villazon. Resource control in J-SEAL2. Technical Report Cahier du CUI No. 124, University of Geneva, Oct. 2000. ftp: //cui.unige.ch/pub/tios/papers/TR-124-2000.pdf.]]Google Scholar
- 8 G. Bollella, B. Brosgol, P. Dibble, S. Furr, J. Gosling, D. Hardin, and M. Turnbull. The Real-Time Specification for Java. Addison-Wesley, Reading, MA, USA, 2000.]]Google ScholarDigital Library
- 9 C. Bryce and J. Vitek. The JavaSeal mobile agent kernel. In First International Symposium on Agent Systems and Applications (ASA'99)/Third International Symposium on Mobile Agents (MA'99), Palm Springs, CA, USA, Oct. 1999.]] Google ScholarDigital Library
- 10 S. Chiba. Load-time structural re ection in Java. In ECOOP, pages 313-336, 2000.]] Google ScholarDigital Library
- 11 G. Cohen, J. Chase, and D. Kaminsky. Automatic program transformation with JOIE. In 1998 USENIX Annual Technical Symposium, pages 167-178, 1998.]] Google ScholarDigital Library
- 12 G. Czajkowski and T. von Eicken. JRes: A resource accounting interface for Java. In Proceedings of the 13th Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA-98), volume 33, 10 of ACM SIGPLAN Notices, pages 21-35, New York, USA, Oct. 18-22 1998. ACM Press.]] Google ScholarDigital Library
- 13 M. Dahm. Byte code engineering. In Java-Information-Tage 1999 (JIT'99), Sept. 1999. http://bcel.sourceforge.net/.]]Google Scholar
- 14 B. Ford, M. Hibler, J. Lepreau, R. McGrath, and P. Tullmann. Interface and execution models in the uke kernel. In Proceedings of the Third Symposium on Operating Systems Design and Implementation (OSDI-99), pages 101-116, Berkeley, CA, USA, Feb. 22-25 1999. Usenix Association.]] Google ScholarDigital Library
- 15 B. Ford and S. Susarla. CPU Inheritance Scheduling. In Usenix Association Second Symposium on Operating Systems Design and Implementation (OSDI), pages 91-105, 1996.]] Google ScholarDigital Library
- 16 M. Godfrey, T. Mayr, P. Seshadri, and T. von Eicken. Secure and portable database extensibility. In Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD-98), volume 27,2 of ACM SIGMOD Record, pages 390-401, New York, USA, June 1-4 1998. ACM Press.]] Google ScholarDigital Library
- 17 J. Gosling, B. Joy, and G. L. Steele. The Java Language Specification. The Java Series. Addison-Wesley, Reading, MA, USA, 1996.]] Google ScholarDigital Library
- 18 J. Hulaas, L. Gannoune, J. Francioli, S. Chachkov, F. Sch. utz, and J. Harms. Electronic commerce of internet domain names using mobile agents. In Proceedings of the Second International Conference on Telecommunications and Electronic Commerce (ICTEC'99), Nashville, TN, USA, Oct. 1999.]]Google Scholar
- 19 R. Keller and U. H.olzle. Binary component adaptation. In E. Jul, editor, ECOOP '98|Object-Oriented Programming, volume 1445 of Lecture Notes in Computer Science, pages 307-329. Springer, 1998.]] Google ScholarDigital Library
- 20 H. B. Lee and B. G. Zorn. BIT: A tool for instrumenting Java bytecodes. In Proceedings of the USENIX Symposium on Internet Technologies and Systems (ITS-97), pages 73-82, Berkeley, Dec. 8-11 1997. USENIX Association.]] Google ScholarDigital Library
- 21 T. Lindholm and F. Yellin. The Java Virtual Machine Specification. Addison-Wesley, Reading, MA, USA, second edition, 1999.]] Google ScholarDigital Library
- 22 L. Moreau and C. Queinnec. Design and semantics of Quantum: a language to control resource consumption in distributed computing. In Usenix Conference on Domain-Specific Languages (DSL'97), pages 183-197, Santa-Barbara, CA, USA, Oct. 1997.]] Google ScholarDigital Library
- 23 K. Nilsen. Java for real-time. Real-Time Systems Journal, 11(2), 1996.]] Google ScholarDigital Library
- 24 T. Suganuma, T. Ogasawara, M. Takeuchi, T. Yasue, M. Kawahito, K. Ishizaki, H. Komatsu, and T. Nakatani. Overview of the IBM Java Just-in-Time compiler. IBM Systems Journal, 39(1):175-193, 2000.]] Google ScholarDigital Library
- 25 Sun Microsystems, Inc. Enterprise JavaBeans Technology. Web pages at http://java.sun.com/products/ejb/.]]Google Scholar
- 26 Sun Microsystems, Inc. JAVA 2 Platform, Standard Edition. Web pages at http://java.sun.com/j2se/1.3/.]]Google Scholar
- 27 Sun Microsystems, Inc. Java Servlet Technology. Web pages at http://java.sun.com/products/servlet/.]]Google Scholar
- 28 Sun Microsystems, Inc. Java Virtual Machine Profiler Interface (JVMPI). Web pages at http://java.sun. com/j2se/1.3/docs/guide/jvmpi/index.html.]]Google Scholar
- 29 N. Suri, J. M. Bradshaw, M. R. Breedy, P. T. Groth, G. A. Hill, R. Jeffers, T. S. Mitrovich, B. R. Pouliot, and D. S. Smith. NOMADS: toward a strong and safe mobile agent system. In C. Sierra, G. Maria, and J. S. Rosenschein, editors, Proceedings of the 4th International Conference on Autonomous Agents (AGENTS-00), pages 163-164, NY, June 3-7 2000. ACM Press.]] Google ScholarDigital Library
- 30 The Standard Performance Evaluation Corporation. SPEC JVM98 Benchmarks. Web pages at http://www.spec.org/osg/jvm98/.]]Google Scholar
- 31 C. F. Tschudin. Open resource allocation for mobile code. In Proceedings of The First Workshop on Mobile Agents, Berlin, Germany, Apr. 1997.]] Google ScholarDigital Library
- 32 P. Tullmann and J. Lepreau. Nested Java processes: OS structure for mobile code. In Eighth ACM SIGOPS European Workshop, Sintra, Portugal, Sept. 1998.]] Google ScholarDigital Library
- 33 J. Vitek and G. Castagna. Seal: A framework for secure mobile computations. In Internet Programming Languages, 1999.]] Google ScholarDigital Library
- 34 T. Von Eicken, C.-C. Chang, G. Czajkowski, and C. Hawblitzel. J-Kernel: A capability-based operating system for Java. Lecture Notes in Computer Science, 1603:369-394, 1999.]] Google ScholarDigital Library
- 35 T. Wilkinson. Kaffe - a Java virtual machine. Web pages at http://www.kaffe.org/.]]Google Scholar
Index Terms
- Portable resource control in Java
Recommendations
Portable resource control in Java
OOPSLA '01: Proceedings of the 16th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applicationsPreventing abusive resource consumption is indispensable for all kinds of systems that execute untrusted mobile coee, such as mobile object sytems, extensible web servers, and web browsers. To implement the required defense mechanisms, some support for ...
Portable resource control in the J-SEAL2 mobile agent system
AGENTS '01: Proceedings of the fifth international conference on Autonomous agentsResource control, i.e., accounting and limiting the allocation of resources like CPU, memory, and threads, is necessary for distributed agent systems to prevent denial-of-service attacks. Currently, the majority of mobile agent systems is based on Java, ...
Extending standard java runtime systems for resource management
SEM'04: Proceedings of the 4th international conference on Software Engineering and MiddlewareResource management is a precondition to build reliable, extensible middleware and to host potentially untrusted user components. Resource accounting allows to charge users for the resource consumption of their deployed components, while resource ...
Comments