Security Enhanced Java: Mandatory Access Control for the Java Virtual Machine

Since 70´s, and despite its operational complexity, Mandatory Access Control (MAC) has demonstrated its reliability to enforce integrity and confidentiality. Surprisingly, the Java technology, despite its popularity, has not yet adopted this protection principle. Current security features within the JVM (JAAS and bytecode verifier) can be bypassed, as demonstrated by summer 2012 attacks. Thus, a MAC model for Java and a cross platform reference monitor are required for the Java Virtual Machine. Security Enhanced Java (SEJava) enables to control dynamically the information flows between all the Java objects requiring neither bytecode nor source code instrumentations. The main idea is to consider Java types as security contexts, and method calls/field accesses as permissions. SEJava allows fine-grain MAC rules between the Java objects. Thus, SEJava controls all the information flows within the JVM. Our implementation is faster than concurrent approaches while allowing both finer and more advanced controls. A use case shows the efficiency to protect against Common Vulnerability and Exposures in an efficient manner.