A System Architecture for Networked Computers

We are implementing a Java virtual machine based on a new component architecture that provides better manageability, increased security, higher performance and scalability. In our architecture, virtual machine services such as verification, security enforcement, auditing, compilation and optimization are factored out of clients and are located on network servers. By locating crucial Java Virtual Machine services at administrative-domain boundaries, such as Intranet firewalls, we can make safety enforcement mandatory, ease security management and reduce the memory and processing requirements of Java clients. Under such a centralized security architecture, the trusted computing base consists of small and simple components whose security can be more readily assured. Consequently, under our architecture:

The overall goal of our project is to create a secure, high-performance and scalable distributed computing infrastructure. We believe that our easily upgradable security architecture addresses the problems that were uncovered by our test suite and verifier implementation.

->  Project Overview A description of our project goals.
->  Announcements We have used our verifier to test the strength of verifiers found in commercial products such as Sun's JDK, Netscape Navigator and Microsoft's Internet Explorer. Many security flaws, or potential security flaws in these systems, are described here.
->  Verification We have a small, secure Java verifier that is more robust and more secure than currently available commercial verifiers.
->  Test Suite The description of the test suite and testing methodology we used to find flaws in commercial JVMs.
->  Disassembler We have a disassembler that can be used for auditing and security analysis.
->  Synchronization Elimination We have developed analyses for identifying and eliminating redundant synchronization operations from Java programs.
->  Paper Trail
Papers and talks on Kimera.
->  Related Work Links to work on Java, security and extensibility.
->  Press Pieces of our work were picked up by news organizations.
->  Project Members Who we are.

Emin Gün Sirer

Project Kimera /
Department of Computer Science and Engineering
© 1997, University of Washington