MUSTI: Dynamic Prevention of Invalid Object Initialization Attacks

Bartel, Alexandre; Klein, Jacques; Le Traon, Yves

doi:10.1109/TIFS.2019.2894356

Download

Article (Scientific journals)

MUSTI: Dynamic Prevention of Invalid Object Initialization Attacks

Bartel, Alexandre; Klein, Jacques; Le Traon, Yves

2019 • In IEEE Transactions on Information Forensics and Security

Peer Reviewed verified by ORBi

Permalink
https://hdl.handle.net/10993/42590

DOI
10.1109/TIFS.2019.2894356

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

tifs2019-musti.pdf

Publisher postprint (697.55 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

java; security; vulnerability

Abstract :

[en] Invalid object initialization vulnerabilities have been identified since the 1990’s by a research group at Princeton University. These vulnerabilities are critical since they can be used to totally compromise the security of a Java virtual machine.Recently, such a vulnerability identified as CVE-2017-3289 has been found again in the bytecode verifier of the JVM and affects more than 40 versions of the JVM. In this paper, we present a runtime solution called MUSTIto detect and prevent attacks leveraging this kind of critical vulnerabilities. We optimize MUSTI to have a runtime overhead below 0.5% and a memory overhead below 0.42%. Compared to state-of-the-art, MUSTI is completely automated and does not require to manually annotate the code.

Disciplines :

Computer science

Author, co-author :

Bartel, Alexandre ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Klein, Jacques ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC)

Le Traon, Yves ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC)

External co-authors :

Language :

English

Title :

MUSTI: Dynamic Prevention of Invalid Object Initialization Attacks

Publication date :

2019

Journal title :

IEEE Transactions on Information Forensics and Security

ISSN :

1556-6021

Publisher :

Institute of Electrical and Electronics Engineers, Los Angeles, United States

Peer reviewed :

Peer Reviewed verified by ORBi

Additional URL :

https://www.abartel.net/static/p/tifs2019-musti.pdf

Available on ORBilu :

since 21 February 2020

Statistics

Number of views

179 (1 by Unilu)

Number of downloads

57 (1 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

WoS citations^™