A Hybrid Analysis to Detect Java Serialisation Vulnerabilities
Serialisation related security vulnerabilities have recently been reported for numerous Java applications. Since serialisation presents both soundness and precision challenges for static analysis, it can be difficult for analyses to precisely pinpoint serialisation vulnerabilities in a Java library. In this paper, we propose a hybrid approach that extends a static analysis with fuzzing to detect serialisation vulnerabilities. The novelty of our approach is in its use of a heap model to direct fuzzing for vulnerabilities in Java libraries. The advantage is that the analysis guides fuzzing to quickly and effectively produce results, which may also automatically validate static analysis reports.
Wed 23 SepDisplayed time zone: (UTC) Coordinated Universal Time change
01:10 - 02:10
|SADT: Syntax-Aware Differential Testing of Certificate Validation in SSL/TLS Implementions|
Lili Quan College of Intelligence and Computing,Tianjin University, Qianyu Guo College of Intelligence and Computing, Tianjin University, Hongxu Chen Research Associate, xiexiaofei , Xiaohong Li TianJin University, Yang Liu Nanyang Technological University, Singapore, Jing Hu Tianjin Key Laboratory of Advanced Networking (TANK), College of Intelligence and Computing,Tianjin University
|A Hybrid Analysis to Detect Java Serialisation Vulnerabilities|
|EXPRESS: An Energy-Efficient and Secure Framework for Mobile Edge Computing and Blockchain based Smart Systems|