Fall 2010 UVa David Evans cs2220: Engineering Software Image from www.clean-funny.com, GoldenBlue LLC. Class 21: Hair-Dryer Attacks Plan for Today • Recap: Java Platform Security • Trusted Computing Base: should we trust Java’s? • Hair-Dryer Attacks Project Design Documents 1. A description of your project: what it will do and why it is useful, fun, or interesting. 2. A high-level description of your design, including a module dependency diagram showing the most important modules. 3. A description of your implementation and testing strategy including: – how you will divide the work amongst your team – how you will order the work to support incremental development – how you will do unit testing and integration testing – a list of milestones and a schedule for achieving them, leading to a completed project on December 7 4. A list of questions Due: on paper, beginning of class Tuesday Schedule Design Review meetings (link on course site) Recap: Java Platform javac Compiler malcode.java Java Source Code malcode.class JVML Object Code JavaVM Alice User Bytecode Verifier if OK Running Mistyped Code > java Simple Exception in thread "main" java.lang.VerifyError: (class: Simple, method: main signature: ([Ljava/lang/String;)V) Register 0 contains wrong type .method public static main([Ljava/lang/String;)V … iconst_2 istore_0 aload_0 iconst_2 iconst_3 iadd … return .end method > java –noverify Simple result: 5 Running Mistyped Code > java –noverify Simple Unexpected Signal : EXCEPTION_ACCESS_VIOLATION (0xc0000005) occurred at PC=0x809DCEB Function=JVM_FindSignal+0x1105F Library=C:\j2sdk1.4.2\jre\bin\client\jvm.dll Current Java thread: at Simple.main(Simple.java:7) … # # HotSpot Virtual Machine Error : EXCEPTION_ACCESS_VIOLATION # Error ID : 4F530E43505002EF # Please report this error at # http://java.sun.com/cgi-bin/bugreport.cgi # # Java VM: Java HotSpot(TM) Client VM (1.4.2-b28 mixed mode) .method public static main([Ljava/lang/String;)V … ldc 2220 istore_0 aload_0 iconst_2 iconst_3 iadd … .end method
6
Embed
cs2220: Engineering Software Plan for Today Class …evans/cs2220-f10/classes/class21.pdf · cs2220: Engineering Software ... avionics software and in his opinion causes ... Following
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Fall 2010UVa
David Evans
cs2220: Engineering Software
Image from www.clean-funny.com, GoldenBlue LLC.
Class 21:
Hair-Dryer
Attacks
Plan for Today
• Recap: Java Platform Security
• Trusted Computing Base: should we trust
Java’s?
• Hair-Dryer Attacks
Project Design Documents
1. A description of your project: what it will do and why it is useful, fun, or interesting.
2. A high-level description of your design, including a module dependency diagram showing the most important modules.
3. A description of your implementation and testing strategy including:
– how you will divide the work amongst your team
– how you will order the work to support incremental development
– how you will do unit testing and integration testing
– a list of milestones and a schedule for achieving them, leading to a completed project on December 7
4. A list of questions
Due: on paper, beginning of class Tuesday
Schedule Design Review meetings (link on course site)
Recap: Java Platform
javac
Compiler
malcode.java
Java
Source
Code
malcode.class
JVML
Object
Code
JavaVM
Alice User
Bytecode
Verifierif OK
Running Mistyped Code
> java Simple
Exception in thread "main" java.lang.VerifyError:
(class: Simple, method: main signature:
([Ljava/lang/String;)V)
Register 0 contains wrong type
.method public static main([Ljava/lang/String;)V
…
iconst_2
istore_0
aload_0
iconst_2
iconst_3
iadd
…
return
.end method> java –noverify Simple
result: 5
Running Mistyped Code
> java –noverify SimpleUnexpected Signal : EXCEPTION_ACCESS_VIOLATION