Kimera
A Java System Architecture
We are implementing a new Java security architecture based on
factored components for security, performance, and scalability.
By locating crucial Java Virtual Machine services at trust-domain
boundaries, such as Intranet firewalls, we can make safety
enforcement mandatory, ease security management and reduce the
processing requirements of Java endpoints. Under such a centralized
security architecture, the trusted computing base is minimal and
consists of small and simple components whose security can be more readily assured. Consequently, under our architecture:
- security is manageable, centralized, and security restrictions
are mandatory, not discretionary
- auditing is performed independently of Java end-points, and
audit trails are physically protected from foreign code
- memory and processing requirements at the end nodes are
reduced through ahead-of-time compilation and separate verification
- security upgrades and bug fixes do not require end-user
assistance or action
The overall goal of our project is to create a secure,
high-performance and scalable distributed computing
infrastructure. We believe that our easily upgradable security
architecture addresses the problems that were
uncovered by our test suite and verifier implementation.
Project Overview
|
A description of our project goals.
|
 Announcements
|
We have used our verifier to test the strength of verifiers
found in commercial products such as Sun's JDK, Netscape
Navigator and Microsoft's Internet Explorer. Many security
flaws, or potential security flaws in these systems, are
described here.
|
|
Verification
|
We have a small, secure Java verifier that is more robust and
more secure than currently available commercial verifiers.
|
|
Test Suite
|
The description of the test suite and testing methodology
we used to find flaws in commercial JVMs.
|
|
Disassembler
|
We have a disassembler that can be used for auditing and
security analysis.
|
|
Related Work
|
Links to work on Java, security and extensibility.
|
|
Press
|
Pieces of our work were picked up by news organizations.
|
|
Project Members
|
Who we are.
|
Emin Gün Sirer &
Sean McDirmid &
Brian Bershad