Integrating third-party packages accelerates modern software engineering, but introduces the risk of software supply chain vulnerabilities. Vulnerabilities in applications' dependencies are being exploited worldwide. Often, these exploits leverage features that are present in a package, yet unneeded by an application. Unfortunately, the current generation of permission managers, such as SELinux, Docker containers, and the Java Security Manager, are too coarse-grained to usefully support engineers and operators in mitigating these vulnerabilities. Current approaches offer permissions only at the application's granularity, lumping legitimate operations made by safe packages with illegitimate operations made by exploited packages. This strategy does not reflect modern engineering practice. we need a permission manager capable of distinguishing between actions taken by different packages in an application's supply chain. In this paper, we describe Next-JSM, the first fine-grained ("supply chain aware") permission manager for Java applications. Next-JSM supports permission management at package-level granularity. Next-JSM faces three key challenges: operating on existing JVMs and without access to application or package source code, minimizing performance overhead in applications with many packages, and helping operators manage finer-grained permissions. We show that these challenges can be addressed through bytecode rewriting; appropriate data structures and algorithms; and an expressive permission notation plus automated tooling to establish default permission. In our evaluation, we report that Next-JSM mitigates 11 of the 12 package vulnerabilities we evaluated and incurs an average 2.72% overhead on the Dacapobench benchmark. Qualitatively, we argue that Next-JSM addresses the shortcomings of the (recently deprecated) Java Security Manager (JSM).

翻译：集成第三方包加速了现代软件开发，但引入了软件供应链漏洞的风险。应用程序依赖项中的漏洞正在全球范围内被利用。通常，这些攻击利用了软件包中存在但应用不需要的功能。遗憾的是，当前一代权限管理器（如 SELinux、Docker 容器和 Java 安全管理器）粒度过于粗糙，无法有效支持工程师和运维人员缓解这些漏洞。现有方法仅提供应用级别的权限，将安全包的合法操作与被利用包的非法操作混为一谈。这种策略不符合现代工程实践。我们需要一种能够区分应用程序供应链中不同包所执行操作的权限管理器。本文介绍了 Next-JSM，这是首个面向 Java 应用程序的细粒度（"供应链感知"）权限管理器。Next-JSM 支持包级别的权限管理。它面临三个关键挑战：在现有 JVM 上运行且无法访问应用程序或包的源代码、最小化含大量包的应用的性能开销、以及帮助运维人员管理细粒度权限。我们证明，这些挑战可通过字节码重写、高效的数据结构与算法、以及表达性强的权限表示法与自动化默认权限建立工具来解决。评估结果表明，Next-JSM 可缓解所评估的 12 个包漏洞中的 11 个，且在 Dacapobench 基准测试中平均仅产生 2.72% 的开销。定性分析表明，Next-JSM 解决了（近期已弃用的）Java 安全管理器（JSM）的缺陷。