November 23, 2017
12:00 pm
Louvain-la-Neuve
Réaumur Building - Paul Otlet room a.327
When created, the Java platform was among the first runtimes designed with security in mind. Yet, numerous Java versions were shown to contain far-reaching vulnerabilities, permitting denial-of-service attacks or even worse allowing intruders to bypass the runtime’s sandbox mechanisms, opening the host system up to many kinds of further attacks.
This paper presents a systematic in-depth study of 87 publicly available Java exploits found in the wild. By collecting, minimizing and categorizing those exploits, we identify their commonalities and root causes, with the goal of determining the weak spots in the Java security architecture and possible
countermeasures.
The analysis allows us to propose ideas for improving the security architecture to spawn further research in this area.
Dr. Alexandre Bartel is a research associate in software engineering at the University of Luxembourg in the Interdisciplinary Centre for Security, Reliability and Trust's Serval Team. His research
is in the area of software engineering and computer security. His current research focuses on system security and on the analysis of permission-based software stacks such as Android.