Write a Blog >>
ASE 2020
Mon 21 - Fri 25 September 2020 Melbourne, Australia
Wed 23 Sep 2020 01:50 - 02:00 at Platypus - Software Security and Trust (1) Chair(s): Christoph Csallner

Serialisation related security vulnerabilities have recently been reported for numerous Java applications. Since serialisation presents both soundness and precision challenges for static analysis, it can be difficult for analyses to precisely pinpoint serialisation vulnerabilities in a Java library. In this paper, we propose a hybrid approach that extends a static analysis with fuzzing to detect serialisation vulnerabilities. The novelty of our approach is in its use of a heap model to direct fuzzing for vulnerabilities in Java libraries. The advantage is that the analysis guides fuzzing to quickly and effectively produce results, which may also automatically validate static analysis reports.

Wed 23 Sep

Displayed time zone: (UTC) Coordinated Universal Time change

01:10 - 02:10
Software Security and Trust (1) NIER track / Tool Demonstrations / Research Papers at Platypus
Chair(s): Christoph Csallner University of Texas at Arlington
Continuous ComplianceExperience
Research Papers
Martin Kellogg University of Washington, Seattle, Martin Schäf Amazon Web Services, Serdar Tasiran Amazon Web Services, Michael D. Ernst University of Washington, USA
SADT: Syntax-Aware Differential Testing of Certificate Validation in SSL/TLS Implementions
Research Papers
Lili Quan College of Intelligence and Computing,Tianjin University, Qianyu Guo College of Intelligence and Computing, Tianjin University, Hongxu Chen Research Associate, xiexiaofei , Xiaohong Li TianJin University, Yang Liu Nanyang Technological University, Singapore, Jing Hu Tianjin Key Laboratory of Advanced Networking (TANK), College of Intelligence and Computing,Tianjin University
A Hybrid Analysis to Detect Java Serialisation Vulnerabilities
NIER track
Shawn Rasheed Massey University, Jens Dietrich Victoria University of Wellington
EXPRESS: An Energy-Efficient and Secure Framework for Mobile Edge Computing and Blockchain based Smart Systems
Tool Demonstrations
Jia Xu School of Computer Science and Technology, Anhui University, Xiao Liu School of Information Technology, Deakin University, Xuejun Li School of Computer Science and Technology, Anhui University, Lei Zhang Antwork Robotics Co., Ltm., Hangzhou, China, Yun Yang Swinburne University of Technology