Main navigation | Main content
Sudhakar Govindavajhala and Andrew W. Appel. “Using memory
errors to attack a virtual machine”. In IEEE Symposium on
Security and Privacy “Oakland”, pages 154–165,
Oakland, CA, USA, May 2003.
[IEEE]
Ajay Chander, John C. Mitchell, and Insik Shin. “Mobile code
security by Java bytecode instrumentation”. In DARPA
Information Survivability Conference & Exposition (DISCEX),
pages 27–40, Anaheim, CA, USA, June 2001.
[IEEE (scan)]
[Author copy (Postscript)]
[CiteSeerX-cached author PDF]
Presentation slides about this paper are available as PDF and Powerpoint.
Question: The Java bytecode instrumentation paper (second reading) mentions two points at which to apply bytecode rewriting: in a network proxy, and in the JVM class loading process. But one could imagining applying the rewriting at other times as well. Give another example of a place/time at which one could apply bytecode rewriting, and describe the advantages and disadvantages of your placement as compared to the ones given in the paper.