• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>International symposium on research in attacks, intrusions and defenses >Trusted Execution Path for Protecting Java Applications Against Deserialization of Untrusted Data
【24h】

Trusted Execution Path for Protecting Java Applications Against Deserialization of Untrusted Data

机译:保护Java应用程序免受不可信数据反序列化的可信执行路径

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Deserialization of untrusted data is an issue in many programming languages. In particular, deserialization of untrusted data in Java can lead to Remote Code Execution attacks. Conditions for this type of attack exist, but vulnerabilities are hard to detect. In this paper, we propose a novel sandboxing approach for protecting Java applications based on trusted execution path used for defining the deserialization behavior. We test our defensive mechanism on two main Java Framework JBoss and Jenkins and we show the effectiveness and efficiency of our system. We also discuss the limitations of our current system on newer attacks strategies.
机译:在许多编程语言中,不可信数据的反序列化是一个问题。特别是,Java中不可信数据的反序列化可能导致远程执行代码攻击。存在此类攻击的条件,但很难检测到漏洞。在本文中,我们提出了一种新颖的沙箱方法,该方法基于用于定义反序列化行为的受信任执行路径来保护Java应用程序。我们在两个主要的Java框架JBoss和Jenkins上测试了防御机制,并展示了系统的有效性和效率。我们还讨论了当前系统在新型攻击策略上的局限性。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号