Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
Using Memory Errors to Attack a Virtual Machine Sudhakar Govindavajhala Andrew W. Appel
 

Summary: Using Memory Errors to Attack a Virtual Machine
Sudhakar Govindavajhala Andrew W. Appel
Princeton University
{sudhakar,appel}@cs.princeton.edu
Abstract
We present an experimental study showing that soft
memory errors can lead to serious security vulnerabilities
in Java and .NET virtual machines, or in any system that
relies on type-checking of untrusted programs as a protec-
tion mechanism. Our attack works by sending to the JVM
a Java program that is designed so that almost any mem-
ory error in its address space will allow it to take control
of the JVM. All conventional Java and .NET virtual ma-
chines are vulnerable to this attack. The technique of the
attack is broadly applicable against other language-based
security schemes such as proof-carrying code.
We measured the attack on two commercial Java Vir-
tual Machines: Sun's and IBM's. We show that a single-
bit error in the Java program's data space can be ex-
ploited to execute arbitrary code with a probability of

  

Source: Appel, Andrew W. - Department of Computer Science, Princeton University
Princeton University, Department of Computer Science, Secure Internet Programming,

 

Collections: Computer Technologies and Information Sciences