Reference : MUSTI: Dynamic Prevention of Invalid Object Initialization Attacks
Scientific journals : Article
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/42590
MUSTI: Dynamic Prevention of Invalid Object Initialization Attacks
English
Bartel, Alexandre mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Klein, Jacques mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC) >]
Le Traon, Yves mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC) >]
2019
IEEE Transactions on Information Forensics and Security
Institute of Electrical and Electronics Engineers
Yes
1556-6013
1556-6021
Los Angeles
United States
[en] java ; security ; vulnerability
[en] Invalid object initialization vulnerabilities have been identified since the 1990’s by a research group at Princeton University. These vulnerabilities are critical since they can be used to totally compromise the security of a Java virtual machine.Recently, such a vulnerability identified as CVE-2017-3289 has been found again in the bytecode verifier of the JVM and affects more than 40 versions of the JVM. In this paper, we present a runtime solution called MUSTIto detect and prevent attacks leveraging this kind of critical vulnerabilities. We optimize MUSTI to have a runtime overhead below 0.5% and a memory overhead below 0.42%. Compared to state-of-the-art, MUSTI is completely automated and does not require to manually annotate the code.
http://hdl.handle.net/10993/42590
https://www.abartel.net/static/p/tifs2019-musti.pdf

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
tifs2019-musti.pdfPublisher postprint681.2 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.