As object-oriented programming languages become more widely used, computer systems are being designed to manipulate objects more efficiently. In general, these high-performance and complex object-based systems access an object using an object reference, which is a pointer identifying the base address of the object in memory.
One way of compromising security in an object-based system is to convince the system that a non-reference value (i.e., an immediate value, such as an integer or character) is an object reference. If successful, this kind of exploit may result in unauthorized access to arbitrary objects and/or data within the application and the run-time environment (e.g., internal state of a virtual machine). Although the design of an object-based system may, in theory, preclude such a violation, it may inadvertently allow such an exploit because of one or more software bugs within the execution engine of the object-based system.
It is desirable that such bugs not lead to compromises, adhering to the principle of “defense in depth” (i.e., each layer of the system providing its own security guarantees and defenses). Accordingly, one or more embodiments of the invention provide a system and method to minimize the likelihood that an immediate value (i.e., a non-reference value) will be treated as an object reference, and used to access (maliciously or otherwise) an object.