In the virtual machine, code modules, such as Java Applet program, OSGi (Open Service Gateway initiative) Bundle, Eclipse Plug-in and .Net Assembly etc., can be downloaded remotely from a possibly untrustworthy third party through network transmission and executed automatically on a local system without explicit installation or execution by a user. The increasingly dynamic character of the high-level language virtual machine-based execution environments such as Java, .Net CLR (Common Language Runtime) requires more secure mechanisms to protect the local virtual machine system from potentially malicious codes. To meet such a requirement, it is generally necessary to apply a method of code verification in the virtual machine which analyzes the structures or behaviors of the codes in accordance with a given security policy, such as type-safety rules, to assure correctness of the code semantics.
However, there exist the following problems in such method of code verification in the virtual machine:
1. This method of code verification is performed at the runtime of the code modules, which brings great impact on the performance of the code modules. For example, Java byte code verification takes 10-30% of program startup time, depending on the different execution scenarios.
2. The code verification takes place at every runtime of the code module no matter whether the code module is newly installed or not. Furthermore, despite the verification result, the verification result would be discarded at the end of the execution of the code module. Thus, the virtual machine learns no information from the previous run of the code module, and needs to verify the code module when the code module runs again. If the environment of the virtual machine is persistent, for example the same code files are deployed for a long time after the code module is downloaded, and the virtual machine just loads or re-loads the same codes over and over, it is quite unnecessary to verify the code module at every runtime.
3. When the code verification is performed, for example, when the type-safety of the codes is checked, the code verification may be executed across modules, i.e. the code verification may depend on the codes in other modules. So the codes in other modules which are dependent on the codes are required to be loaded. Since the dependencies are resolved based on code level, the inter-module code verification impedes the verification of one code module at a time at module level.
PCT application WO00/72149 “Pre-verification of Applications in Mobile Computing” discloses a method for pre-verification of applications in a mobile communication device, wherein a list including application programs and their digital fingerprints is pre-stored in the mobile communication device, and when a certain application program is to be executed, it is determined whether the application program can be executed by checking whether the digital fingerprint of the application program is present in the list. However, the method is the pre-verification on whether the application is authorized to run. It does not involve the code verification of the application program.
Therefore, an effective method for verification of the code modules in the virtual machine is extremely necessary to improve the startup and execution performance of the code modules at runtime.