Anti-Patterns in JDK Security and Refactorings

Schönefeld, Marc

Autor(en):	Schönefeld, Marc
Titel:	Anti-Patterns in JDK Security and Refactorings
Sprache (ISO):	en
Zusammenfassung:	This paper underlines the importance of security awareness whilst programming Java applications. Several problems in current JDK implementations are demonstrated that allow to undermine the security of Java applications. Coding errors and quality problems in current Java distributions create possibilities to create covert channels, cause resource blocking and denial-of-service attacks. To make things worse Java components are often deployed according to the AllPermissions antipattern with non-restrictive security settings, which allows bugs on the system layer to be exploited by attackers. Coping with this antipattern from the user side is connected with the definition of adequate permission sets. A tool that automates this time consuming task is presented as a refactoring for the AllPermission antipattern.
Schlagwörter:	Vulnerability Assessment
URI:	http://hdl.handle.net/2003/22789 http://dx.doi.org/10.17877/DE290R-2015
Erscheinungsdatum:	2004-07
Provinienz:	Gesellschaft für Informatik
Zitierform:	Schönefeld, Marc: Anti-Patterns in JDK Security and Refactorings. In Flegel, U.; Meier, M. (Eds.): Proc. of the International GI Workshop on Detection of Intrusions and Malware & Vulnerability Assessment, number P-46 in Lecture Notes in Informatics, pp. 175-186, Dortmund, Germany, July 2004, Köllen Verlag; ISBN 3-88579-365-X.
Ist Teil von:	DIMVA 2004, July 6-7, Dortmund, Germany
Enthalten in den Sammlungen:	Papers

Dateien zu dieser Ressource:

Datei	Beschreibung	Größe	Format
DIMVA2004-Schoenefeld.pdf		302.58 kB	Adobe PDF	Öffnen/Anzeigen

Diese Ressource ist urheberrechtlich geschützt.

Lizenzbestimmungen ansehen

Zur Langanzeige

Diese Ressource ist urheberrechtlich geschützt. rightsstatements.org