Java Security Sandbox (iii) security features built into Java virtual machines (and languages)

Java is a type-safe language that has four types of security mechanisms known as the security sandbox mechanism to guarantee the security of the language, and these four types of security sandboxes are:

• .class File verifier

• Security manager and Java API

This blog mainly introduces the "built-in Java Virtual machine (and language) security features", and other security mechanisms will be introduced in subsequent blogs.

Brief introduction

The JVM loads a class, and the bytecode is scanned four times, and the bytecode can be executed safely. However, with these security checks, the JVM also performs some built-in security checks when executing bytecode. These security mechanisms mainly include:

• Automatic memory allocation

• Automatic Drawing machine Recycling mechanism

• Array bounds checking

• Null pointer check

• Exception handling mechanism
  

Automatic memory allocation

It is almost impossible to allocate memory directly when writing a Java program, such as when a new object is used, the JVM automatically allocates memory to the program in the heap, and when a reference or constant is declared in the method, the JVM automatically allocates the memory on the stack ; Unable to allocate memory directly can control program accidentally or maliciously overwrite some important memory data. Note that the preceding "almost impossible" is because it can be called by Reflection . the Sun.misc.Unsafe method is to manipulate the memory at the specified location (and of course there is a limit); There is also a way to break memory auto-allocation, that is, to invoke JNI, for local methods, Java security mechanism completely does not work, when a thread executes the local method, it jumps out of the Java security sandbox; JNI is a sacrifice of some security for extensibility.

Automatic garbage collection mechanism

The automatic garbage collection mechanism is an important feature of Java, and its main purpose is to prevent memory leaks, which is also a security mechanism. Some languages that do not have automatic garbage collection, such as C + +, often occur when you forget to call the destructor of an object and cause a memory leak. However, the automatic garbage collection mechanism of Java does not mean that programmers do not care about memory leaks, because automatic garbage collection of memory requires certain conditions (no references); The automatic garbage collection mechanism is a long topic, and it is recommended to refer to chapter III of the Java Performance Optimization Authority Guide for more information.

Array bounds checking

Array bounds checking is also a security mechanism to control memory access, and other languages that do not have an array boundary check are a "buffer overflow attack", such as a number with a length of 16 defined in the program, and if there is no array boundary exception, A vulnerable or malicious program may read or manipulate the memory labeled 100, and if the memory stores important data, it may not tamper with the read alive, causing security problems.

Null pointer check

A null pointer check is a non-checked exception that throws java.lang.NullPointerException when calling methods or fields of an empty object in order to prevent the program from having unexpected results. The fact that a null pointer is used in a program is likely to be caused by the careless programmer's carelessness, which can lead to unpredictable results if the program is not thrown by throwing an exception, such as a programmer thinking that a method of an object was executed, but not executed because the empty object was used.

Exception handling mechanism

The last security mechanism is Java exception handling, Java exception handling is thread-based, not process-based, so as to ensure that exception handling is lightweight, if there is an exception, Java will follow the method call stack up and down, if there is no processing cocktail to terminate the specified thread, Without terminating the JVM process, so that it does not affect other correctly executed threads.

Java Security Sandbox (iii) security features built into Java virtual machines (and languages)