Mobile Code Security
Through Java Byte-Code Modification
This project is about modification of java bytecode to make
mobile Java code more secure. We are most concerned about preventing malicious
behaviour in e-commerce apps(e.g. business to business e-commerce).
We do this by changing the java bytecode on the fly before
it runs on the client. The user writes a safety policy and certain safe
classes based on which the filters do their modification.
Applet safety, Safety of corba based systems which use Java,
Safety for Jini based code, Safety from forms of hostile mobile code other
than Java, E-commerce based applications like SUN's Java Wallet,
Hostile moble code which exploit implementation bugs of E-commerce based
We already have built our system and tested it on some
example hostile mobile code. please see future work
also. At the moment this project is not very active. You may not find active
support for your doubts or problems. (jul 19th,2000)
paper (by Insik et al.)
DownLoading, Installing and Using this System
(The filter code has not been under maintainance since sep,
1999. newer versions of JavaClass Library and muffin proxy may cause problems.)
Steps in Downloading and Installing:
Steps in using the system:
The Muffin Proxy can be downloaded from here.(it
is free. Muffin and our filters are written in java and therefore ideally
should work on any OS which has java1.1 or above. but we have tested our
system only on linux.)
Download the muffin Proxy (ver 0.8.1) and untar/unzip it.
Download our Java-filter files from
here.(unix tar file)
Copy the Java-filter files to the following directory. Assume the home
directory for Muffin is /user/joe/Muffin. Then copy the filter files to
The current version of Java Class Library is organized very differently
from the one I used to write my code. you can download a tar gunzziped
java class library which i used from here.
If you want the latest Java Class Library you can Install it from here
Class Library. (the filters use this library)
Run the intall script provided by muffin in /user/joe/Muffin
Choose a machine which will run your proxy server muffin.
Goto netscape's preferences and then go to "advanced" menu. Then go to
"proxies" and open the manual proxy option in it. Fill in the IP address
of the machine running the proxy in the "http proxy" and set port as "51966".
(this information comes with Muffin Installation)
Create two files in your home directory call .methodnames and .classnames.
These files are read by the filters to get information on the methods
and classes to modify.(sample .classnames
The syntax used in these files is very simple. In both .classnames and
.methodnames files the class can be specified by giving its full api name
for example java/awt/Dialog.
sytax of .classnames file: write the complete api name of the class and
write exactly one classname in every line.
syntax of .methodnames file: write the complete api name of the class on
one line and make sure to end it with a "." In the subsequent lines write
down the methodnames of the methods to be modified. If the method is static
then put "/static" at the end of the complete method name. Exactly one
methodname should be written on one line.
create a /user/joe/www/safeclass directory. Write your safe classes, compile
them and put them in this directory.
SafeClasses are classes which override the malicious behaviour of the incoming
applet. As explained in the core paper the filters modify the applet to
ensure that the safeclasses are invoked. as of now the user has to write
the safeclasses. (please refer paper for more info on safeclasses. here
is a sample safeclass
for limiting the number of dialog boxes opened by an applet)
Now you are all set to use the system to prevent annoying and malicious
Running the System
After Installing the system if you want to protect
against any new malicious java applets then you will have to write your
own safeclasses. (Unfortunately we cannot write all possible safeclasses)
Notes About the Source Code and Libraries
The filters provided in this page modify java-bytecode. These
filters need to be plugged into a proxy server for proper operation. At
the moment they are interfaced with an off the shelf proxy called Muffin.
To understand the code it is imperative that the person reading the code
familiarise him/herself with the following pieces of information:
Java ByteCode Format
and Virtual-Machine Spec
Java Class Library
The bytecode modification techniques used by our group at Stanford.(refer
paper and code above)
Hostile Applet Sites
Mark Laude's Hostile
rstcorp's homepage provides lots of
info on hostile applets.
Developing a formal, extremely easy to use safety language to specify safety
Develop a mechanism to automatically generate Safe Classes. (the main caveat
of this method as of now is that the sys-admin/user will have to write
their own safeclasses at the moment. mechanism to easily generate the safeclasses
from a standardized safety policy would be a very cool idea)
Apply the technique to more significant applications.
Prof. John Mitchell. (Principal Investigator)
Vijay Ganesh. (re-implemented the filters in Java and made a working
prototype with Muffin proxy)
Other Previous Contributors
Insik Shin. (Amit and Insik first developed the technique and implemented
a proxy and filters in Python.)
This page is maintained by Vijay
(last modified 9th september,1999)