查看文章

Type safety is a promising approach to enhancing software security. Programs written in type-safe programming languages such as Java are type-safe by construction. However, in practice, many complex applications are heterogeneous, ie, they contain components written in different languages. The Java Native Interface (JNI) allows type-safe Java code to interact with unsafe C code. When a type-safe language interacts with an unsafe language in the same address space, in general, the overall application becomes unsafe.

In this work, we propose a framework called Safe Java Native Interface (SafeJNI) that ensures type safety of heterogeneous programs that contain Java and C components. We identify the loopholes of using JNI that would permit C code to bypass the type safety of Java. The proposed SafeJNI system fixes these loopholes and guarantees type safety when native C methods are called. The overall approach consists of (i) retro-fitting the native C methods to make them safe, and (ii) developing an enhanced system that captures additional invariants that must be satisfied to guarantee safe interoperation. The SafeJNI framework is implemented through a combination of static and dynamic checks on the C code.