IEEE S&P Paper on Hardening the Java Runtime is now available

Eric | March 20, 2017

Our new S&P paper Hardening Java’s Access Control by Abolishing Implicit Privilege Elevation is now available online. It is a follow-up work to our previous CCS’16 paper An In-Depth Study of More Than Ten Years of Java Exploitation. In this former paper we classified a large number of history Java exploits. In doing so, we found that the largest class of exploits was made possible by shortcuts in Java’s implementation of access control. In the S&P paper we now show that it is possible to go without those shortcuts, without any loss of performance. We also discuss the usability implications that this removal of shortcuts would have.

Cross-posted from Secure Software Engineering

Related Posts

  1. An In-Depth Study of More Than Ten Years of Java Exploitation
  2. Eric Bodden named Associate Editor of IEEE TSE
  3. Eric Bodden named Associate Editor of IEEE TSE
  4. GaLity accepted at ESSoS 2016
  5. GaLity accepted at ESSoS 2016
Categories
Misc, Research, Uncategorized
Comments rss
Comments rss

« »