Abstract
This artefact demonstrates the effects of the serialisation
vulnerabilities described in the companion
paper. It is composed of three components:
scripts, including source code, for Java, Ruby and
C# serialisation-vulnerabilities, two case studies
that demonstrate attacks based on the vulnerabilities,
and a contracts-based mitigation strategy
for serialisation-based attacks on Java applications.
The artefact allows users to witness how
the serialisation-based vulnerabilities result in behavior
that can be used in security attacks. It
also supports the repeatability of the case study
experiments and the benchmark for the mitigation
measures proposed in the paper. Instructions for
running the tasks are provided along with a description
of the artefact setup.
Citation
2017
Date
2017-05-13
Rights
© Jens Dietrich, Kamil Jezek, Shawn Rasheed, Amjed Tahir, and Alex Potanin;
licensed under Creative Commons Attribution 3.0 Germany (CC BY 3.0 DE)
Publisher
http://drops.dagstuhl.de/opus/volltexte/2017/7260/