MTE4JNI: A Memory Tagging Method to Protect Java Heap Memory from Illicit Native Code Access
With the proliferation of mobile devices in daily life, ensuring the security and performance of these devices has become crucial. On Android, the Java Native Interface (JNI) acts as a bridge, allowing native libraries to directly access Java heap memory via raw pointers, bypassing Java’s built-in safety checks. While this offers powerful functionality and performance, it also threatens the memory safety of the Java heap. Recently, Memory Tagging Extension (MTE) is introduced into the ARM architectures to enhance memory safety, reducing software vulnerabilities caused by illegal memory operations. This paper proposes MTE4JNI, an MTE-based JNI checking method, to protect Java heap memory from illicit native code access. Experimental results on real Android devices demonstrate that, compared to the currently employed guarded copy method, the proposed MTE4JNI method provides superior memory safety protection, while significantly reducing the runtime overhead on average by 11x and 27x for single-threaded and multi-threaded environments, respectively.
Tue 4 MarDisplayed time zone: Pacific Time (US & Canada) change
10:00 - 11:00 | Safety & ResilienceMain Conference at Willow (Level 2) Chair(s): Fabrice Rastello University Grenoble Alpes - Inria - CNRS - Grenoble INP - LIG | ||
10:00 20mTalk | FastFlip: Compositional SDC Resiliency Analysis Main Conference Keyur Joshi University of Illinois at Urbana-Champaign, Rahul Singh University of Illinois Urbana-Champaign, Tommaso Bassetto University of Illinois Urbana-Champaign, Sarita Adve University of Illinois at Urbana-Champaign, Darko Marinov University of Illinois at Urbana-Champaign, Sasa Misailovic University of Illinois at Urbana-Champaign | ||
10:20 20mTalk | MTE4JNI: A Memory Tagging Method to Protect Java Heap Memory from Illicit Native Code Access Main Conference Huinan Chen Wuhan University, Jiang Ma OPPO Electronics Corp., Jason Xue MBZUAI, Qingan Li Wuhan University, China | ||
10:40 20mTalk | Compiler-Based Memory Safety Instrumentations in Practice: Usability, Performance, and Security Guarantees Main Conference Tina Jung Saarland Informatics Campus, Saarland University, Fabian Ritter Saarland University, Germany, Sebastian Hack Saarland University, Saarland Informatics Campus |