Trusted Execution Path for Protecting Java Applications Against Deserialization of Untrusted Data-Reference-Cited by-同舟云学术

Trusted Execution Path for Protecting Java Applications Against Deserialization of Untrusted Data

Published:2018 Issue: Volume: Page:445-464
ISSN:0302-9743
Container-title:Research in Attacks, Intrusions, and Defenses
language:
Short-container-title:

Author:

Cristalli Stefano^ORCID,Vignati Edoardo^ORCID,Bruschi Danilo,Lanzi Andrea

Publisher

Springer International Publishing

Link

http://link.springer.com/content/pdf/10.1007/978-3-030-00470-5_21

Reference22 articles.

1. Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.K.: Non-control-data attacks are realistic threats. In: USENIX Security Symposium, vol. 14 (2005)

2. Cristalli, S., Pagnozzi, M., Graziano, M., Lanzi, A., Balzarotti, D.: Micro-virtualization memory tracing to detect and prevent spraying attacks. In: Proceedings of the 25th USENIX Security Symposium (USENIX Security) (2016)

3. Dahse, J., Krein, N., Holz, T.: Code reuse attacks in php: automated pop chain generation. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 42–53. ACM (2014)

4. Fattori, A., Lanzi, A., Balzarotti, D., Kirda, E.: Hypervisor-based malware protection with accessminer. Comput. Secur. 52, 33–50 (2015). https://doi.org/10.1016/j.cose.2015.03.007

5. Feng, H.H., Kolesnikov, O.M., Fogla, P., Lee, W., Gong, W.: Anomaly detection using call stack information. In: Proceedings of 2003 Symposium on Security and Privacy, pp. 62–75. IEEE (2003)

Cited by 10 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Efficient Detection of Java Deserialization Gadget Chains via Bottom-up Gadget Search and Dataflow-aided Payload Construction;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

2. Crystallizer: A Hybrid Path Analysis Framework to Aid in Uncovering Deserialization Vulnerabilities;Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering;2023-11-30

3. ODDFuzz: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing;2023 IEEE Symposium on Security and Privacy (SP);2023-05

4. Improving Java Deserialization Gadget Chain Mining via Overriding-Guided Object Generation;2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE);2023-05

5. An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities;ACM Transactions on Software Engineering and Methodology;2023-01-31