FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4312756098> ?p ?o ?g. }

• W4312756098 abstract "Java deserialization vulnerability has become a server security problem at present. An attacker can execute arbitrary commands by submitting a malicious object for deserialization. However, existing methods for detecting Java deserialization vulnerability only find program paths to deserialize input data, it doesn't consider whether the program itself can build malicious deserialization objects, which may bring false positives. In order to solve this problem, people need to discover gadget chains in the program manually, however, it takes a lot of time. In this paper, we present a method for discovering gadget chains automatically and build a tool named Hawk Gadget in practice. The method is based on static analysis that analyzes every method in the program with control flow graph. We also Compare the Hawk Gadget with Gadget Inspector that is a tool to find gadget chains, the result shows that Hawk Gadget can find more gadget chains and has a lower false-positive rate. In addition, we use gadget chains found by Hawk Gadget in Apache-commons-collections-3 to generate malicious objects for CVE-2016-4437, and verify the effectiveness of gadget chains." @default.
• W4312756098 created "2023-01-05" @default.
• W4312756098 creator A5001019377 @default.
• W4312756098 creator A5011916209 @default.
• W4312756098 creator A5058398313 @default.
• W4312756098 date "2022-06-24" @default.
• W4312756098 modified "2023-09-23" @default.
• W4312756098 title "A Static Method to Discover Deserialization Gadget Chains in Java Programs" @default.
• W4312756098 cites W2080696000 @default.
• W4312756098 cites W2116774218 @default.
• W4312756098 cites W2142503704 @default.
• W4312756098 cites W2765944901 @default.
• W4312756098 cites W3016643650 @default.
• W4312756098 cites W4240951837 @default.
• W4312756098 doi "https://doi.org/10.1145/3548608.3559310" @default.
• W4312756098 hasPublicationYear "2022" @default.
• W4312756098 type Work @default.
• W4312756098 citedByCount "1" @default.
• W4312756098 countsByYear W43127560982023 @default.
• W4312756098 crossrefType "proceedings-article" @default.
• W4312756098 hasAuthorship W4312756098A5001019377 @default.
• W4312756098 hasAuthorship W4312756098A5011916209 @default.
• W4312756098 hasAuthorship W4312756098A5058398313 @default.
• W4312756098 hasConcept C11413529 @default.
• W4312756098 hasConcept C119770614 @default.
• W4312756098 hasConcept C199360897 @default.
• W4312756098 hasConcept C38652104 @default.
• W4312756098 hasConcept C41008148 @default.
• W4312756098 hasConcept C548217200 @default.
• W4312756098 hasConcept C95713431 @default.
• W4312756098 hasConceptScore W4312756098C11413529 @default.
• W4312756098 hasConceptScore W4312756098C119770614 @default.
• W4312756098 hasConceptScore W4312756098C199360897 @default.
• W4312756098 hasConceptScore W4312756098C38652104 @default.
• W4312756098 hasConceptScore W4312756098C41008148 @default.
• W4312756098 hasConceptScore W4312756098C548217200 @default.
• W4312756098 hasConceptScore W4312756098C95713431 @default.
• W4312756098 hasLocation W43127560981 @default.
• W4312756098 hasOpenAccess W4312756098 @default.
• W4312756098 hasPrimaryLocation W43127560981 @default.
• W4312756098 hasRelatedWork W1481383228 @default.
• W4312756098 hasRelatedWork W1493446239 @default.
• W4312756098 hasRelatedWork W1825982205 @default.
• W4312756098 hasRelatedWork W1979547103 @default.
• W4312756098 hasRelatedWork W2000780397 @default.
• W4312756098 hasRelatedWork W2020120252 @default.
• W4312756098 hasRelatedWork W2137409926 @default.
• W4312756098 hasRelatedWork W2162118494 @default.
• W4312756098 hasRelatedWork W4254917997 @default.
• W4312756098 hasRelatedWork W2528467228 @default.
• W4312756098 isParatext "false" @default.
• W4312756098 isRetracted "false" @default.
• W4312756098 workType "article" @default.