21. October 2019

We congratulate Philipp Holzinger to her doctorate

Philipp Holzinger has successfully passed his doctoral examination. He received his doctorate for the topic „A Systematic Analysis and Hardening of the Java Security Architecture“ under Prof. Dr. Eric Bodden.

Java is one of the most popular development platforms and it is applied in a broad range of different application contexts. The Java Runtime Environment (JRE) implements a complex security architecture that enforces security policies in such a way that untrusted code can run along trusted code within the same process. However, over the course of its entire lifespan, a large number of attacks revealed many severe security vulnerabilities in the JRE that allowed for a full bypass of all security mechanisms.

Despite the many examples of security vulnerabilities in the platform, only little was previously known about conceptual commonalities of different exploits and the extent to which design weaknesses in the Java security architecture enabled the attacks. Thus, in this work, we systematically collected and analyzed a large body of exploits for different versions of the JRE, covering vulnerabilities of more then ten years. One result of this analysis is that there is a set of nine commonly abused weaknesses, and we further show that all exploits in the sample set can be divided into three categories of attacks. Finally, we identified two major design weaknesses that enabled many of the attacks.

 

 

 

back to overview