Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for running third-party codes safely in Java virtual computer

A java virtual machine, safe operation technology, applied in the field of information security

Active Publication Date: 2013-01-30
BEIJING SENSESHIELD TECH
View PDF4 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in practical applications, it is often necessary to control that third-party code itself cannot directly access some external resources (such as files, networks, and loading of some local modules), but can be accessed by calling locally provided methods, and the JVM runs multiple resources at the same time. Different third-party codes need to be isolated from each other. At this time, it is difficult to achieve only by statically providing a security policy file when the JVM starts.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for running third-party codes safely in Java virtual computer
  • Method for running third-party codes safely in Java virtual computer

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] The third-party class that needs to be loaded in this embodiment is ThirdExample. The bytecode of the third-party class ThirdExample exists in the ThirdExample.class file, and only the java.lang.String class and the default java.lang.Object class are allowed to be used directly. The ThirdExample class only allows direct use of the java.lang.String class, and the information is stored in the text file ThirdExampleAccess.txt. The external resource / tmp / example.db file needs to be accessed in the ThirdExample class. This function is realized through the public methods (read and write, that is, read and write functions) provided by the class example.FileAccessWrapper, and example.FileAccessWrapper is an encapsulation class provided by the system provider to access external resources. The encapsulation class is based on the security requirements of the system and business Write logic. In this example, example.FileAccessWrapper implements file operations by using java.io.* ...

Embodiment 2

[0053] It is the same as the above example, only controlling the accessible resources in the third-party class is different. The third-party class code ThirdExample.class (in the file) allows direct use of all classes except java.net.*, and this information is placed in the text file ThirdExampleAccess.txt. The external needs to access TCP port 80 through the network. This function is implemented through the public methods provided by the class example.NetAccessWrapper (open, send, recieve and close, that is, open, send, receive and close functions), and example.NetAccessWrapper hides the details of network access (such as protocols, ports and underlying implementations, etc. ). example. NetAccessWrapper is a package class provided by the system provider to access external resources, written according to the security requirements and business logic of the system. In this example, example.NetAccessWrapper implements file operations by using classes that cannot be used in Thir...

Embodiment 3

[0061] In addition, according to a specific embodiment of the present invention, in addition to the method of determining the list of classes that can be used by ThirdExample (or the list of classes that cannot be loaded) by reading ThirdExampleAccess.txt in the above two specific embodiments, Technologists can use other methods to determine the information of the classes that the third-party classes are allowed to access and / or the classes that are not allowed to be accessed. One specific way is to store the information in the database, or the The above information is directly written in the program code. This change is easy to implement for those skilled in the art, and the corresponding subsequent steps are similar to the subsequent steps of the above-mentioned embodiments 1 and 2, and will not be repeated here.

[0062]

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for running uncontrollable third-party codes safely by using of technologies of a custom classloader provided by a Java virtual computer (JVM). Local modules and classes which are available in third-party codes are controlled, so that access to external resources can be effectively limited, and simultaneously, a plurality of third-party codes which operates at the same time can be isolated. The invention also provides a method for accessing local resources transparently in a controllable mode in third-party codes.

Description

technical field [0001] The invention relates to the field of information security, in particular to a method for safely running uncontrollable third-party codes. Background technique [0002] Software or servers often need to allow users to execute custom code to achieve a high degree of customizability or security. However, due to the uncontrollability of the code written by the third party, it becomes a very important issue to limit its operating environment to protect the normal operation of server resources or upper-layer software. [0003] JVM is the abbreviation of Java Virtual Machine (Java Virtual Machine). JVM is a specification for computing devices. It is a fictitious computer that is realized by simulating various computer functions on an actual computer. The JVM shields the information related to the specific operating system platform, so that the Java program only needs to generate the object code (byte code) that runs on the Java virtual machine, and it can r...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/51G06F9/455G06F9/445
CPCG06F9/445G06F21/51G06F9/455G06F21/53
Inventor 不公告发明人
Owner BEIJING SENSESHIELD TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com