Java deserialization vulnerability defense technologybased on run-time detection
The discovery of deserialization vulnerabilities has garnered significant attention from cybersecurity researchers, with an increasing number of vulnerabilities being uncovered, posing severe threats to enterprise network security. The Java language's polymorphism and reflection capabilities re...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2024-04-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024021 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529523774947328 |
|---|---|
| author | LI Yulin CHEN Libo LIU Yujiang DU Wenlong XUE Zhi |
| author_facet | LI Yulin CHEN Libo LIU Yujiang DU Wenlong XUE Zhi |
| author_sort | LI Yulin |
| collection | DOAJ |
| description | The discovery of deserialization vulnerabilities has garnered significant attention from cybersecurity researchers, with an increasing number of vulnerabilities being uncovered, posing severe threats to enterprise network security. The Java language's polymorphism and reflection capabilities render its deserialization vulnerability exploitation chains more varied and intricate, amplifying the challenges in defense and detection efforts. Consequently, developing strategies to counter Java deserialization vulnerability attacks has become a critical aspect of network security. Following an examination of numerous publicly known Java deserialization vulnerabilities, a runtime detection-based defense technology solution for Java deserialization vulnerabilities was proposed. Deserialization vulnerabilities were categorized into four types based on the data formats involved: Java native deserialization vulnerability, JSON deserialization vulnerability, XML deserialization vulnerability, and YAML deserialization vulnerability. For each type, the entry function within the exploitation process was identified and summarized. Utilizing Java's runtime protection technology, the solution monitored sensitive behaviors, such as command execution at the Java level, and captured the current runtime context information of the system. By correlating the deserialization entry function with the context information, the system can determine if the current behavior constitutes an exploitation of a deserialization vulnerability. The solution's efficacy was validated through testing on prevalent Java applications, including WebLogic, JBoss, and Jenkins. The results demonstrate that this approach can effectively protect against Java deserialization vulnerability attacks without inflicting a substantial performance penalty on the targeted system. Furthermore, when compared to other mainstream protection solutions, this method exhibits superior protective efficacy. |
| format | Article |
| id | doaj-art-650528a0ddff4ffeb578311d9aed95a1 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2024-04-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-650528a0ddff4ffeb578311d9aed95a12025-01-15T03:17:07ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2024-04-011015416463897291Java deserialization vulnerability defense technologybased on run-time detectionLI YulinCHEN LiboLIU YujiangDU WenlongXUE ZhiThe discovery of deserialization vulnerabilities has garnered significant attention from cybersecurity researchers, with an increasing number of vulnerabilities being uncovered, posing severe threats to enterprise network security. The Java language's polymorphism and reflection capabilities render its deserialization vulnerability exploitation chains more varied and intricate, amplifying the challenges in defense and detection efforts. Consequently, developing strategies to counter Java deserialization vulnerability attacks has become a critical aspect of network security. Following an examination of numerous publicly known Java deserialization vulnerabilities, a runtime detection-based defense technology solution for Java deserialization vulnerabilities was proposed. Deserialization vulnerabilities were categorized into four types based on the data formats involved: Java native deserialization vulnerability, JSON deserialization vulnerability, XML deserialization vulnerability, and YAML deserialization vulnerability. For each type, the entry function within the exploitation process was identified and summarized. Utilizing Java's runtime protection technology, the solution monitored sensitive behaviors, such as command execution at the Java level, and captured the current runtime context information of the system. By correlating the deserialization entry function with the context information, the system can determine if the current behavior constitutes an exploitation of a deserialization vulnerability. The solution's efficacy was validated through testing on prevalent Java applications, including WebLogic, JBoss, and Jenkins. The results demonstrate that this approach can effectively protect against Java deserialization vulnerability attacks without inflicting a substantial performance penalty on the targeted system. Furthermore, when compared to other mainstream protection solutions, this method exhibits superior protective efficacy.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024021deserialization vulnerabilityrun-time application self-protectiongadget chainsvulnerability defense |
| spellingShingle | LI Yulin CHEN Libo LIU Yujiang DU Wenlong XUE Zhi Java deserialization vulnerability defense technologybased on run-time detection 网络与信息安全学报 deserialization vulnerability run-time application self-protection gadget chains vulnerability defense |
| title | Java deserialization vulnerability defense technologybased on run-time detection |
| title_full | Java deserialization vulnerability defense technologybased on run-time detection |
| title_fullStr | Java deserialization vulnerability defense technologybased on run-time detection |
| title_full_unstemmed | Java deserialization vulnerability defense technologybased on run-time detection |
| title_short | Java deserialization vulnerability defense technologybased on run-time detection |
| title_sort | java deserialization vulnerability defense technologybased on run time detection |
| topic | deserialization vulnerability run-time application self-protection gadget chains vulnerability defense |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024021 |
| work_keys_str_mv | AT liyulin javadeserializationvulnerabilitydefensetechnologybasedonruntimedetection AT chenlibo javadeserializationvulnerabilitydefensetechnologybasedonruntimedetection AT liuyujiang javadeserializationvulnerabilitydefensetechnologybasedonruntimedetection AT duwenlong javadeserializationvulnerabilitydefensetechnologybasedonruntimedetection AT xuezhi javadeserializationvulnerabilitydefensetechnologybasedonruntimedetection |