License: Creative Commons Attribution 3.0 Germany license (CC BY 3.0 DE)
When quoting this document, please refer to the following
DOI: 10.4230/DARTS.3.2.13
URN: urn:nbn:de:0030-drops-72944
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2017/7294/
Go back to Dagstuhl Artifacts Series

Dietrich, Jens ; Jezek, Kamil ; Rasheed, Shawn ; Tahir, Amjed ; Potanin, Alex

Evil Pickles: DoS Attacks Based on Object-Graph Engineering (Artifact)

pdf-format:
DARTS-3-2-13.pdf (0.4 MB)

Abstract

This artefact demonstrates the effects of the serialisation vulnerabilities described in the companion paper. It is composed of three components: scripts, including source code, for Java, Ruby and C# serialisation-vulnerabilities, two case studies that demonstrate attacks based on the vulnerabilities, and a contracts-based mitigation strategy for serialisation-based attacks on Java applications. The artefact allows users to witness how the serialisation-based vulnerabilities result in behavior that can be used in security attacks. It also supports the repeatability of the case study experiments and the benchmark for the mitigation measures proposed in the paper. Instructions for running the tasks are provided along with a description of the artefact setup.

BibTeX - Entry

@Article{dietrich_et_al:DARTS:2017:7294,
  author =	{Jens Dietrich and Kamil Jezek and Shawn Rasheed and Amjed Tahir and Alex Potanin},
  title =	{{Evil Pickles: DoS Attacks Based on Object-Graph Engineering (Artifact)}},
  pages =	{13:1--13:3},
  journal =	{Dagstuhl Artifacts Series},
  ISSN =	{2509-8195},
  year =	{2017},
  volume =	{3},
  number =	{2},
  publisher =	{Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{http://drops.dagstuhl.de/opus/volltexte/2017/7294},
  URN =		{urn:nbn:de:0030-drops-72944},
  doi =		{10.4230/DARTS.3.2.13},
  annote =	{Keywords: serialisation, denial of service, degradation of service, Java, C#, JavaScript, Ruby, vulnerabilities, library design, collection libraries}
}

Keywords: serialisation, denial of service, degradation of service, Java, C#, JavaScript, Ruby, vulnerabilities, library design, collection libraries
Collection: DARTS, Volume 3, Issue 2
Related Scholarly Article: http://dx.doi.org/10.4230/LIPIcs.ECOOP.2017.10
Issue Date: 2017
Date of publication: 20.06.2017

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI