Java security protection method and device based on JVM sandbox and black and white lists and medium

A black-and-white list and security protection technology, applied in the field of Java security protection, can solve the problems that the security of Java applications cannot be guaranteed, and the white list cannot be pre-written for safe operation, so as to achieve the effect of network resource isolation and security assurance

Pending Publication Date: 2021-11-19
济南浪潮数据技术有限公司
View PDF0 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

That is to say, the reflection behavior is generally unknown in advance and can only be realized during the use of Java applications; therefore, for Java applications using the reflection mechanism, it is impossible to pre-write the corresponding whitelist to ensure its safe operation
Therefore, for the existing JVM sandbox security model, Java applications can bypass the whitelist through reflection, resulting in the security of Java applications in the JVM sandbox cannot be guaranteed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Java security protection method and device based on JVM sandbox and black and white lists and medium
  • Java security protection method and device based on JVM sandbox and black and white lists and medium
  • Java security protection method and device based on JVM sandbox and black and white lists and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0060] refer to figure 1 As shown, the embodiment of the present application provides a Java security prevention method based on JVM sandbox and black and white list, including:

[0061] S100, automatically and repeatedly start the Java application in the JVM sandbox to determine the first strategy according to the exception encountered each time, and add the first strategy to the strategy file until the Java application starts successfully; for the specific implementation process, refer to figure 2 As shown, the specific process includes:

[0062] S101, enabling the JVM sandbox, and starting a default security mode in the JVM sandbox; no parameters are configured in the default security mode policy file, and the content is empty.

[0063] S102, start the Java application in the JVM sandbox according to the policy file; since the relevant first policy is not provided in the policy file at the initial stage, that is, the class loader and security manager of the JVM are not co...

Embodiment 2

[0092] The embodiment of this application provides a device for realizing Java security protection based on JVM sandbox and black and white list, refer to Figure 8 As shown, the device for implementing Java security protection based on the JVM sandbox and black and white lists includes:

[0093] A strategy extraction module, the strategy extraction module is used to control the repeated automatic restart of the Java application in the JVM sandbox, and obtains the first strategy that affects the startup of the Java application according to the exception encountered at each startup, and adds the first strategy to the policy file;

[0094] a whitelist configuration module, the whitelist configuration module configures a corresponding whitelist according to the policy file;

[0095] A blacklist configuration module, the blacklist configuration module provides a policy management interface, and the administrator configures a second policy to form a blacklist according to paths kn...

Embodiment 3

[0100] The embodiment of the present application provides a storage medium for realizing the Java security protection method based on the JVM sandbox and the black and white list. The storage medium for realizing the Java security protection method based on the JVM sandbox and the black and white list stores at least one instruction, and executes the described The instructions implement the Java security prevention method based on the JVM sandbox and the black and white lists.

[0101] This application repeatedly starts the Java application in the JVM security sandbox until the Java application starts successfully, traverses and obtains all exceptions that affect the startup of the Java application, determines the first strategy for handling exceptions and adds it to the policy file, and configures the whitelist according to the policy file to achieve Automatic customization of the whitelist.

[0102] This application uses the formed whitelist combined with a custom blacklist ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a Java security protection method and device based on a JVM sandbox and black and white lists and a medium. The method comprises the following steps: automatically and repeatedly starting a Java application in a JVM sandbox so as to determine a first strategy according to an exception encountered in each starting, and adding the first strategy into a strategy file until the Java application is successfully started; configuring a white list according to the strategy file; configuring a second strategy through the strategy management interface according to the known path with the security hole to form a blacklist, and limiting the API under the path with the security hole to execute Java reflection through the blacklist; and running the Java application according to the white list and the black list, and managing hardware and network resources which can be accessed by the Java application. The operation boundary of the unknown Java application is limited through cooperation of the white list and the blacklist, potential safety hazards caused by the fact that the Java application bypasses the white list through reflection are avoided through the blacklist, the defects in the prior art are overcome, and safety protection of the Java application is enhanced.

Description

technical field [0001] This application relates to the field of Java security protection, in particular to a Java security protection method, device and medium based on JVM sandbox and black and white lists. Background technique [0002] Java is currently the mainstream enterprise-level application solution in the market, and it is also the trend and trend of the transformation of web development languages ​​such as PHP. [0003] Java applications are run by the JVM virtual machine, and the JVM itself has a set of sandbox mechanisms to provide an isolated environment for running Java applications. However, the sandbox mechanism of the JVM is implemented based on a whitelist, and a corresponding whitelist needs to be configured for each Java application, which is not universal and less flexible to use. And because the Java language supports the reflection mechanism, it allows the Java application to obtain the internal information of any class by means of the reflection inte...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/53G06F21/57
CPCG06F21/53G06F21/577
Inventor 陈文
Owner 济南浪潮数据技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap