JEP Review Request: Improve Security Manager Performance

David M. Lloyd david.lloyd at redhat.com
Fri Jul 18 21:43:21 UTC 2014 

On 04/25/2014 09:36 AM, Sean Mullan wrote:
> Please review a draft of a proposed research JEP to improve the
> performance of the Security Manager:
>
>
> http://cr.openjdk.java.net/~mullan/jeps/Improve-Security-Manager-Performance.00
>
>
> I am particularly interested in any experience you have measuring or
> profiling the performance of your code when run with a Security Manager,
> and any potential ideas for optimizations that you may have.

It occurs to me that there is also another axis along which SM 
performance might be improved.  The first part is clearly making the 
various stages of permission checking, access control context 
acquisition, etc. all more efficient, as previously discussed, but 
another thing worth looking at is examining and reducing the number of 
permission checks and privileged actions actually required by a typical 
application.

For example, most commonly, the privileged actions in our code bases are 
doing things like:

1. Getting a class loader for a class
2. Getting and (less commonly) setting system properties
3. Getting environment properties
4. Making reflection objects accessible

The permission checks for all of these actions could be hoisted to 
dedicated object classes which perform the action, where the permission 
is actually checked when the object instance is acquired.  For example:

   public final class ClassClassLoaderAccessor {

       [...]

       public static ClassClassLoaderAccessor getInstance() {
 
System.getSecurityManager().checkPermission(CLASS_LOADER_PERMISSION);
           return INSTANCE;
       }

       public ClassLoader getClassLoader(Class<?> clazz) {
           // bypass security check (this is a contrived example)
           return clazz.classLoader;
       }
   }

The exact mechanism would necessarily be JDK specific - especially if 
these classes would reside in separate packages from their related 
functionality - but the point is that the permission check only happens 
once, and the object could then be efficiently utilized in a tight loop.

We use a similar pattern in a few places where permission checks are 
done, and it seems to work adequately.  The command object instance can 
easily be placed into a non-public static final field for convenient access.

-- 
- DML

More information about the security-dev mailing list