Kimera
A Java System Architecture
We are implementing a new Java security architecture based on factored components for security, performance, and scalability. By locating crucial Java Virtual Machine services at trust-domain boundaries, such as Intranet firewalls, we can make safety enforcement mandatory, ease security management and reduce the processing requirements of Java endpoints. Under such a centralized security architecture, the trusted computing base is minimal and consists of small and simple components whose security can be more readily assured. Consequently, under our architecture:
The overall goal of our project is to create a secure, high-performance and scalable distributed computing infrastructure. We believe that our easily upgradable security architecture addresses the problems that were uncovered by our test suite and verifier implementation.
Project Overview | A description of our project goals. |
---|---|
Announcements | We have used our verifier to test the strength of verifiers found in commercial products such as Sun's JDK, Netscape Navigator and Microsoft's Internet Explorer. Many security flaws, or potential security flaws in these systems, are described here. |
Verification | We have a small, secure Java verifier that is more robust and more secure than currently available commercial verifiers. |
Test Suite | The description of the test suite and testing methodology we used to find flaws in commercial JVMs. |
Disassembler | We have a disassembler that can be used for auditing and security analysis. |
Related Work | Links to work on Java, security and extensibility. |
Press | Pieces of our work were picked up by news organizations. |
Project Members | Who we are. |