Close
Publizieren
Besondere Sammlungen
Digitalisierungsservice
Hilfe
Impressum
Datenschutz
Close
Publizieren
Besondere Sammlungen
Digitalisierungsservice
Hilfe
Impressum
Datenschutz
jump to main content
Search Details
Quicksearch:
OK
Result-List
Title
Title
Content
Content
Page
Page
Search Book
A systematic analysis and hardening of the Java security architecture / by Philipp Albert Holzinger ; Advisor: Prof. Dr. Eric Bodden. Paderborn, 2019
Content
Abstract
Zusammenfassung
Publications
Acknowledgments
Contents
List of Figures
List of Tables
List of Listings
Introduction and contributions
Introduction
Research motivation
Context and scope
Challenges and risks
Thesis statement
Summary of contributions
Systematic large-scale analysis of Java exploits
Mitigating attacks on information hiding
Hardening access control by abolishing implicit privilege elevation
General related work
Thesis organization
The Java security architecture
Architectural overview
System scope
High-level components
The Java Native Interface
Class loading
Class introspection
Protection mechanisms
Stack-based access control
Bytecode verification
Automatic memory management
In-depth analysis of Java exploitation
Motivation and contributions
Creating an exploit sample set
Modeling exploit behavior
Exploit behavior
A meta model to document exploits
Documenting the exploit sample set
Analysis and findings
Commonly exploited weaknesses
Combinations of weaknesses in attack vectors
Discussion
Related work
Conclusion
Hardening Java's information hiding
Motivation and contributions
Threat model
Attacker capabilities
Attack vectors to break information hiding
Proof-of-concept solution
Conceptual overview
Design
Implementation
Limitations
Evaluation
RQ1: Effectiveness
RQ2: Backward compatibility
RQ3: Performance
Solution for productive use
Related work
Conclusion
Hardening Java's access control
Motivation and contributions
Comparison of privileged blocks and shortcuts
Privileged blocks
Shortcuts
Problem statement
Increased attack surface
Decreased maintainability
Summary
Proof-of-concept solution
Overview
Locating shortcuts
Removing shortcuts
Adapting all callers
Benefits
Performance evaluation
Evaluation setup
Results of macro benchmark tests
Results of micro benchmark tests
Discussion
Productive use and further research
Adjusting security policies
Reworking Java's standard permissions
Lessons learned
Related work
Conclusion
Conclusion
Summary
Discussion
Relevance to other systems
Secure software design
Directions for future work
Bibliography
Extension to the JVM instruction set
The search-operation requires javascript to be activated.