An In-Depth Study of More Than Ten Years of Java Exploitation

I am happy and proud to present our first CCS paper! Co-authored with Philipp Holzinger, Stefan Triller and Alexandre Bartel, we present an in-depth study of all available Java exploits we were able to find online. The exploits cover all different sorts of attack vectors and more than 15 years, they highlight important weaknesses in the Java runtime. The study explains in detail the different weaknesses the exploits exploit. The paper is available here already. Further, we will soon make available some artifacts on this website (not the exploits, though).

Thanks to Marco Pistoia for his constructive feedback and Julian Dolby for providing us with the IBM JDKs we required for our study! Thanks also to Oracle which supported us through a Collaborative Research Grant and to the DFG’s Priority Program 1496 Reliably Secure Software Systems who funded the work through its project INTERFLOW!

See you all at Vienna!