{"id":4091,"date":"2016-08-16T19:30:33","date_gmt":"2016-08-16T17:30:33","guid":{"rendered":"https:\/\/blogs.uni-paderborn.de\/sse\/?p=4091"},"modified":"2016-08-16T20:30:55","modified_gmt":"2016-08-16T18:30:55","slug":"ccs-paper-java-exploits","status":"publish","type":"post","link":"https:\/\/blogs.uni-paderborn.de\/sse\/2016\/08\/16\/ccs-paper-java-exploits\/","title":{"rendered":"An In-Depth Study of More Than Ten Years of Java Exploitation"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_4091 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_4091')){$('.twoclick_social_bookmarks_post_4091').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blogs.uni-paderborn.de\\\/sse\\\/2016\\\/08\\\/16\\\/ccs-paper-java-exploits\\\/\",\"post_id\":4091,\"post_title_referrer_track\":\"An+In-Depth+Study+of+More+Than+Ten+Years+of+Java+Exploitation\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p><img loading=\"lazy\" decoding=\"async\" class=\"alignright\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/en\/8\/88\/Java_logo.png\" width=\"149\" height=\"149\" \/>I am happy and proud to present our first <a href=\"https:\/\/www.sigsac.org\/ccs\/CCS2016\/\">CCS<\/a> paper! Co-authored with Philipp Holzinger, Stefan Triller and Alexandre Bartel, we present an in-depth study of all available Java exploits we were able to find online. The exploits cover all different sorts of attack vectors and\u00a0more than 15 years, they highlight important weaknesses in the Java runtime. The study explains in detail the different weaknesses the exploits exploit. <a href=\"http:\/\/bodden.de\/pubs\/htb+16exploits.pdf\">The paper is available here<\/a>\u00a0already.\u00a0Further,\u00a0we will soon make available some artifacts\u00a0<a href=\"https:\/\/github.com\/pholzinger\/exploitstudy\">on this website<\/a>\u00a0(not the exploits, though).<\/p>\n<p>Thanks to\u00a0Marco Pistoia for his constructive feedback and Julian Dolby for providing us with the IBM JDKs we required for our study! Thanks also to\u00a0Oracle which supported us through a Collaborative\u00a0Research Grant and to the\u00a0DFG&#8217;s <a href=\"https:\/\/www.spp-rs3.de\/\">Priority Program 1496 Reliably Secure Software Systems<\/a> who funded the work through its project\u00a0INTERFLOW!<\/p>\n<p>See you all at Vienna!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I am happy and proud to present our first CCS paper! Co-authored with Philipp Holzinger, Stefan Triller and Alexandre Bartel, we present an in-depth study of all available Java exploits we were able to find online. The exploits cover all &hellip; <a href=\"https:\/\/blogs.uni-paderborn.de\/sse\/2016\/08\/16\/ccs-paper-java-exploits\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":6542,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,41],"tags":[],"class_list":["post-4091","post","type-post","status-publish","format-standard","hentry","category-general","category-research-paper"],"_links":{"self":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/4091","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/users\/6542"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/comments?post=4091"}],"version-history":[{"count":5,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/4091\/revisions"}],"predecessor-version":[{"id":4101,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/4091\/revisions\/4101"}],"wp:attachment":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/media?parent=4091"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/categories?post=4091"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/tags?post=4091"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}