A hybrid analysis to detect Java serialisation vulnerabilities
Author:
Affiliation:
1. Massey University, Palmerston North, New Zealand
2. Victoria University of Wellington, Wellington, New Zealand
Publisher
ACM
Link
https://dl.acm.org/doi/pdf/10.1145/3324884.3418931
Reference36 articles.
1. Steven Arzt Siegfried Rasthofer and Eric Bodden. 2013. SuSi: A Tool for the Fully Automated Classification and Categorization of Android Sources and Sinks. Steven Arzt Siegfried Rasthofer and Eric Bodden. 2013. SuSi: A Tool for the Fully Automated Classification and Categorization of Android Sources and Sinks.
2. Korat
3. Strictly declarative specification of sophisticated points-to analyses
Cited by 10 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Improving Precision of Detecting Deserialization Vulnerabilities with Bytecode Analysis;2023 IEEE/ACM 31st International Symposium on Quality of Service (IWQoS);2023-06-19
2. Tabby: Automated Gadget Chain Detection for Java Deserialization Vulnerabilities;2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN);2023-06
3. Improving Java Deserialization Gadget Chain Mining via Overriding-Guided Object Generation;2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE);2023-05
4. ODDFuzz: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing;2023 IEEE Symposium on Security and Privacy (SP);2023-05
5. An In-depth Study of Java Deserialization Remote-Code Execution Exploits and Vulnerabilities;ACM Transactions on Software Engineering and Methodology;2023-01-31
1.学者识别学者识别
2.学术分析学术分析
3.人才评估人才评估
"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370
www.globalauthorid.com
TOP
Copyright © 2019-2024 北京同舟云网络信息技术有限公司 京公网安备11010802033243号 京ICP备18003416号-3