Through Java Byte-Code
This project is about modification of Java byte-code to make
mobile Java code more secure. We are most concerned about preventing malicious
behaviour in e-commerce applications (e.g. business to business
We do this by changing the Java byte-code on the fly before it
runs on the client. The user writes a safety policy and certain safe classes
based on which the filters do their modification.
Applet safety, safety of Corba-based systems which use Java,
safety for Jini-based code, safety from forms of hostile mobile code other
than Java, E-commerce-based applications like SUN's Java Wallet, Hostile
moble code which exploits implementation bugs of E-commerce-based
We already have built our system and tested it on some
example hostile mobile code. Please see future
work also. At the moment this project is not very active. You may not find
active support for your doubts or problems. (July 19, 2000)
paper (by Insik et al.)
Downloading, Installing and Using this System
(The filter code has not been under maintainance since
September, 1999. Newer versions of JavaClass Library and muffin proxy may cause
Steps in Downloading and Installing:
Steps in using the system:
- The Muffin Proxy can be downloaded from here.(It is free. Muffin and our filters
are written in Java and therefore ideally should work on any OS which has
Java 1.1 or above. But we have tested our system only on Linux.)
- Download the Muffin Proxy (ver 0.8.1) and untar/unzip it.
- Download our Java-filter files from here.(unix
- Copy the Java-filter files to the following directory. Assume the home
directory for Muffin is /user/joe/Muffin. Then copy the filter files to
- The current version of Java Class Library is organized very differently
from the one I used to write my code. You can download a tar gunziped java
class library which I used from here.
- If you want the latest Java Class Library you can Install it from here
Library. (the filters use this library)
- Run the intall script provided by Muffin in /user/joe/Muffin
- Choose a machine which will run your proxy server muffin.
- Goto netscape's preferences and then go to the "Advanced" menu. Then go
to "Proxies" and open the manual proxy option in it. Fill in the IP address
of the machine running the proxy in the "http proxy" box and set the port to
"51966" (this information comes with the Muffin Installation).
- Create two files in your home directory called .methodnames and
- These files are read by the filters to get information on the
methods and classes to modify.(sample .classnames and
.methodnames files). The syntax used in these files is very simple. In both
.classnames and .methodnames the class can be specified by giving its full
API name (for example, java/awt/Dialog).
- Syntax of .classnames file: write the complete API name of the class and
write exactly one classname in every line.
- Syntax of .methodnames file: write the complete API name of the class on
one line and make sure to end it with a "." In the subsequent lines write
down the methodnames of the methods to be modified. If the method is static
then put "/static" at the end of the complete method name. Exactly one
methodname should be written on one line.
- create a /user/joe/www/safeclass directory. Write your safe classes,
compile them and put them in this directory.
- SafeClasses are classes which override the malicious behaviour of the
incoming applet. As explained in the core paper the filters modify the
applet to ensure that the safeclasses are invoked. As of now the user has to
write the safe classes. (Please refer to the paper for more info on safe
classes. Here is a sample safe class for
limiting the number of dialog boxes opened by an applet.)
- Now you are all set to use the system to prevent annoying and malicious
Running the System
After installing the system if you want to protect
against any new malicious Java applets then you will have to write your own
safe classes. (Unfortunately we cannot write all possible safe
Notes About the Source Code and Libraries
The filters provided in this page modify Java byte-code. These
filters need to be plugged into a proxy server for proper operation. At the
moment they are interfaced with an off-the-shelf proxy called Muffin. To understand the code it is
imperative that the person reading the code familiarise him/herself with the
following pieces of information:
Format and Virtual-Machine Spec
The bytecode modification techniques used by our group at Stanford
(refer paper and code above).
Hostile Applet Sites
Mark Laude's Hostile Applet
rstcorp's homepage provides lots of
info on hostile applets.
Developing a formal, extremely easy to use safety language to specify
Develop a mechanism to automatically generate safe classes. The main
caveat of this method as of now is that the sys-admin/user will have to write
their own safe classes at the moment. A mechanism to easily generate the safe
classes from a standardized safety policy would be a very cool idea.
Apply the technique to more significant applications.
Prof. John Mitchell. (Principal Investigator)
Vijay Ganesh. (re-implemented the filters in Java and made a
working prototype with Muffin proxy)
Other Previous Contributors
Insik Shin. (Amit and Insik first developed the technique and
implemented a proxy and filters in Python.)
This page is maintained by Vijay Ganesh.
(last modified 9th September,1999)