Improving Java Deserialization Gadget Chain Mining via Overriding-Guided Object Generation. (arXiv:2303.07593v1 [cs.CR]) | allinfosecnews.com

Web: http://arxiv.org/abs/2303.07593

March 15, 2023, 1:10 a.m. | Sicong Cao, Xiaobing Sun, Xiaoxue Wu, Lili Bo, Bin Li, Rongxin Wu, Wei Liu, Biao He, Yu Ouyang, Jiajia Li

cs.CR updates on arXiv.org arxiv.org

Java (de)serialization is prone to causing security-critical vulnerabilities
that attackers can invoke existing methods (gadgets) on the application's
classpath to construct a gadget chain to perform malicious behaviors. Several
techniques have been proposed to statically identify suspicious gadget chains
and dynamically generate injection objects for fuzzing. However, due to their
incomplete support for dynamic program features (e.g., Java runtime
polymorphism) and ineffective injection object generation for fuzzing, the
existing techniques are still far from satisfactory.

In this paper, we first …

deserialization gadget java java deserialization mining object

More from arxiv.org / cs.CR updates on arXiv.org

Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset Copyright Protection. (arXiv:2210.00875v2 [cs.CR] UPDATED) 2 days, 10 hours ago | arxiv.org

backdoor copyright protection

Concurrent Composition Theorems for Differential Privacy. (arXiv:2207.08335v3 [cs.DS] UPDATED) 2 days, 10 hours ago | arxiv.org

differential privacy privacy

Longitudinal Analysis of Privacy Labels in the Apple App Store. (arXiv:2206.02658v2 [cs.CR] UPDATED) 2 days, 10 hours ago | arxiv.org

analysis app apple apple app store +2

MeLPUF: Memory-in-Logic PUF Structures for Low-Overhead IC Authentication. (arXiv:2012.03162v3 [cs.CR] UPDATED) 2 days, 10 hours ago | arxiv.org

authentication logic low memory +1

TorKameleon: Improving Tor's Censorship Resistance With K-anonimization and Media-based Covert Channels. (arXiv:2303.17544v1 [cs.CR]) 2 days, 10 hours ago | arxiv.org

censorship covert media tor

Infinite Horizon Privacy in Networked Control Systems: Utility/Privacy Tradeoffs and Design Tools. (arXiv:2303.17519v1 [cs.CR]) 2 days, 10 hours ago | arxiv.org

control control systems design horizon +4

Fuzzified advanced robust hashes for identification of digital and physical objects. (arXiv:2303.17499v1 [cs.CR]) 2 days, 10 hours ago | arxiv.org

advanced digital hashes identification +1

Explainable Intrusion Detection Systems Using Competitive Learning Techniques. (arXiv:2303.17387v1 [cs.CR]) 2 days, 10 hours ago | arxiv.org

competitive detection intrusion intrusion detection +2

URSID: Using formalism to Refine attack Scenarios for vulnerable Infrastructure Deployment. (arXiv:2303.17373v1 [cs.CR]) 2 days, 10 hours ago | arxiv.org

attack deployment infrastructure refine +2

Product Security Architect / Red Team PenTester for AUTOSAR (m/w/d)

@ Bosch Group | Stuttgart, Germany

View on infosec-jobs.com

Cloud Security Engineer - 100% US REMOTE

@ Experian | Allen, TX, United States

View on infosec-jobs.com

System Security Analyst

@ Ashburn Consulting | Baltimore, MD, United States

View on infosec-jobs.com

Senior Advisor, Cyber

@ NielsenIQ | Chicago, IL, United States

View on infosec-jobs.com

Junior Application Security Engineer

@ Netcompany-Intrasoft | Athens, Greece

View on infosec-jobs.com

IT and process Control Security Architect

@ Statkraft | Oslo, Norway

View on infosec-jobs.com

Data Scientist, Sr. Consultant - Cybersecurity AI Research & Products

@ Visa | Ashburn, VA, United States

View on infosec-jobs.com

Senior Platform Security Engineer

@ Block | Melbourne, Australia

View on infosec-jobs.com

Snr Security Engineer (cloud)

@ Verisk | Málaga, Spain

View on infosec-jobs.com

Cybersecurity Analyst

@ Visa | Bengaluru, India

View on infosec-jobs.com

Information Security Engineer

@ ServiceNow | Orlando, FL, United States

View on infosec-jobs.com

Director of Cloud Security - 100% US REMOTE

@ Experian | Allen, TX, United States

View on infosec-jobs.com