Скачать или смотреть [OOPSLA24] Seneca: Taint-Based Call Graph Construction for Java Object Deserialization

[OOPSLA24] Seneca: Taint-Based Call Graph Construction for Java Object Deserialization

Скачать [OOPSLA24] Seneca: Taint-Based Call Graph Construction for Java Object Deserialization бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно [OOPSLA24] Seneca: Taint-Based Call Graph Construction for Java Object Deserialization или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Информация по загрузке:

Cкачать музыку [OOPSLA24] Seneca: Taint-Based Call Graph Construction for Java Object Deserialization бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео [OOPSLA24] Seneca: Taint-Based Call Graph Construction for Java Object Deserialization

Seneca: Taint-Based Call Graph Construction for Java Object Deserialization (Video, OOPSLA 2024)
Joanna C. S. Santos, Mehdi Mirakhorli, and Ali Shokri
(University of Notre Dame, USA; University of Hawaii, Manoa, USA; Virginia Tech, USA)

Abstract: Object serialization and deserialization are widely used for storing and preserving objects in files, memory, or database as well as for transporting them across machines, enabling remote interaction among processes and many more. This mechanism relies on reflection, a dynamic language that introduces serious challenges for static analyses. Current state-of-the-art call graph construction algorithms do not fully support object serialization/deserialization, i.e., they are unable to uncover the callback methods that are invoked when objects are serialized and deserialized. Since call graphs are a core data structure for multiple types of analysis (e.g., vulnerability detection), an appropriate analysis cannot be performed since the call graph does not capture hidden (vulnerable) paths that occur via callback methods. In this paper, we present Seneca, an approach for handling serialization with improved soundness in the context of call graph construction. Our approach relies on taint analysis and API modeling to construct sound call graphs. We evaluated our approach with respect to soundness, precision, performance, and usefulness in detecting untrusted object deserialization vulnerabilities. Our results show that Seneca can create sound call graphs with respect to serialization features. The resulting call graphs do not incur significant runtime overhead and were shown to be useful for performing identification of vulnerable paths caused by untrusted object deserialization.

Article: https://doi.org/10.1145/3649851

ORCID: https://orcid.org/0000-0001-8743-2516, https://orcid.org/0000-0003-3470-6856, https://orcid.org/0000-0002-9758-3091

Video Tags: object serialization, untrusted object deserialization, taint analysis, call graphs, oopslaa24main-p145-p, doi:10.1145/3649851, orcid:0000-0001-8743-2516, orcid:0000-0003-3470-6856, orcid:0000-0002-9758-3091

Presentation at the OOPSLA 2024 conference, October 20–25, 2024, https://2024.splashcon.org/track/spla...
Sponsored by ACM SIGPLAN,

Комментарии

Информация по комментариям в разработке