Page History

Java 5 introduced the JVM Tool Interface (JVMTI) \[[Sun 04d|AA. Bibliography#SunReferences#Sun 04d]\], replacing both the JVM Profiler Interface (JVMPI) and the JVM Debug Interface (JVMDI), which are now deprecated.

The Java Platform Debugger Architecture (JPDA) builds on the JVMTI and provides high-level facilities for debugging Java systems while they are running \[[JPDA 2004|AA. Bibliography#JPDAReferences#JPDA 2004]\]. 

Java contains extensive facilities for monitoring and managing a JVM \[[JMX 2006|AA. Bibliography#JMXReferences#JMX 2006]\]. In particular, the Java Management Extension (JMX) API enables the monitoring and control of class loading, thread state and stack traces, deadlock detection, memory usage, garbage collection, operating system information, and other operations \[[Sun 04a|AA. Bibliography#SunReferences#Sun 04a]\]. It also has facilities for logging monitoring and management.

 When remote monitoring and management is enabled, access is password-controlled by default. However, password control can be disabled. Disabling password authentication is insecure because any user who can discover the port number that the JMX service is listening on can monitor and control the Java applications running on the JVM \[[JMXG 2006|AA. Bibliography#JMXGReferences#JMXG 06]\].

The JVM remote monitoring and management facility uses a secure communication channel (Secure Sockets Layer [SSL]) by default. However, if an attacker can start a bogus remote method invocation (RMI) registry server on the monitored machine before the legitimate RMI registry server is started, JMX passwords can be intercepted. Also, SSL can be disabled when using remote monitoring and management, which could, again, compromise security. See _The Java SE Monitoring and Management Guide_ \[[JMXG 2006|AA. Bibliography#JMXGReferences#JMXG 06]\] for further details and for mitigation strategies.

Some JVMs allow agents to be started when the JVM is already running. This is insecure in a production environment. Refer to the JVMTI documentation \[[JVMTI 2006|AA. Bibliography#JVMTIReferences#JVMTI 06]\] for platform-specific information on enabling/disabling this feature. 

Platforms that support environment variables allow agents to be specified in such variables. "Platforms may disable this feature in cases where security is a concern; for example, the Reference Implementation disables this feature on UNIX systems when the effective user or group ID differs from the real ID" \[[JVMTI 2006|AA. Bibliography#JVMTIReferences#JVMTI 06]\].

The _Java SE Monitoring and Management Guide_ \[[JMXG 2006|AA. Bibliography#JMXGReferences#JMXG 06]\] provides further advice: