Robusta: Taming the Native Beast of the JVM

DSpace/Manakin Repository

Robusta: Taming the Native Beast of the JVM

Citable link to this page


Title: Robusta: Taming the Native Beast of the JVM
Author: Siefers, Joseph; Tan, Gang; Morrisett, John Gregory

Note: Order does not necessarily reflect citation order of authors.

Citation: Siefers, Joseph, Gang Tan, and Greg Morissett. 2010. Robusta: Taming the native beast of the JVM. In proceedings of the 17th ACM Conference on Computer and Communications Security (CCS '10), October 4-8, 2010, Chicago, IL, 201-211. New York: Association for Computing Machinery.
Full Text & Related Files:
Abstract: Java applications often need to incorporate native-code components for efficiency and for reusing legacy code. However, it is well known that the use of native code defeats Java's security model. We describe the design and implementation of Robusta, a complete framework that provides safety and security to native code in Java applications. Starting from software-based fault isolation (SFI), Robusta isolates native code into a sandbox where dynamic linking/loading of libraries is supported and unsafe system modification and confidentiality violations are prevented. It also mediates native system calls according to a security policy by connecting to Java's security manager. Our prototype implementation of Robusta is based on Native Client and OpenJDK. Experiments in this prototype demonstrate Robusta is effective and efficient, with modest runtime overhead on a set of JNI benchmark programs. Robusta can be used to sandbox native libraries used in Java's system classes to prevent attackers from exploiting bugs in the libraries. It can also enable trustworthy execution of mobile Java programs with native libraries. The design of Robusta should also be applicable when other type-safe languages (e.g., C#, Python) want to ensure safe interoperation with native libraries.
Published Version: doi:10.1145/1866307.1866331
Terms of Use: This article is made available under the terms and conditions applicable to Open Access Policy Articles, as set forth at
Citable link to this page:
Downloads of this work:

Show full Dublin Core record

This item appears in the following Collection(s)


Search DASH

Advanced Search