Runtime Prevention of Deserialization Attacks

2022 IEEE/ACM 44th International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER) Pub Date : 2022-04-20 DOI:10.1145/3510455.3512786

François Gauthier, Sora Bae

引用次数: 0

Abstract

Untrusted deserialization exploits, where a serialised object graph is used to achieve denial-of-service or arbitrary code execution, have become so prominent that they were introduced in the 2017 OWASP Top 10. In this paper, we present a novel and lightweight approach for runtime prevention of deserialization attacks using Markov chains. The intuition behind our work is that the features and ordering of classes in malicious object graphs make them distinguishable from benign ones. Preliminary results indeed show that our approach achieves an Fl-score of 0.94 on a dataset of 264 serialised payloads, collected from an industrial Java BE application server and a repository of deserialization exploits. ACM Reference Format: François Gauthier and Sora Bae. 2022. Runtime Prevention of Deserialization Attacks. In New Ideas and Emerging Results (ICSE-NIER’22), May 21–29, 2022, Pittsburgh, PA, USA. ACM, New York, NY, USA, 5 pages. https://doi.org/10.1145/3510455.3512786

查看原文本刊更多论文

反序列化攻击的运行时防护

不受信任的反序列化漏洞，即使用序列化对象图来实现拒绝服务或任意代码执行，已经变得如此突出，以至于它们被引入了2017年OWASP十大漏洞。在本文中，我们提出了一种新颖的轻量级方法，用于使用马尔可夫链来防止运行时反序列化攻击。我们工作背后的直觉是，恶意对象图中的类的特征和顺序使它们与良性对象图区分开来。初步结果确实表明，我们的方法在264个序列化有效负载的数据集上实现了0.94的fl分数，这些数据集来自工业Java BE应用服务器和反序列化漏洞存储库。ACM参考格式:franois Gauthier and Sora Bae。2022。反序列化攻击的运行时防护。新思想和新成果(ICSE-NIER ' 22)， 2022年5月21-29日，美国宾夕法尼亚州匹兹堡。ACM，纽约，美国，5页。https://doi.org/10.1145/3510455.3512786

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE/ACM 44th International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER)

自引率

0.00%

发文量