Group colloquium: Verification of JVM Bytecode: The whole story

When: Jan. 24, 2019, 15:45-16:30

Where: Ravelijn 2503

Who: Lukas Miedema

JVM Bytecode is one of the key technologies in the Java ecosystem. It enables new languages to utilize existing JVM libraries and infrastructure, and enables the JVMs "compile once, run anywhere" paradigm. However, JVM bytecode also creates a new attack surface for malicious actors, creating ample opportunity for abuse as JVM bytecode can be dynamically loaded from untrusted sources on the Internet. As such, it is important to verify the bytecode when executing the bytecode instructions. This verification is typically done statically before the execution of the bytecode to enable the JIT and improve runtime performance. The verification algorithm, both the problem it is trying to solve and the implementations, have varied through the years. I provide an overview of the problem and history of JVM verification, both in academia and deployed implementations. I will also dive in to how the responsibility of such a verification phase can be extended to provide new functionality or solve existing problems. Finally, I will give an indication of the direction I take to do my own M-CS research project in.