Anti-Patterns in JDK Security and Refactorings
Loading...
Date
2004-07
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Gesellschaft für Informatik
Abstract
This paper underlines the importance of security awareness whilst programming
Java applications. Several problems in current JDK implementations are
demonstrated that allow to undermine the security of Java applications. Coding errors
and quality problems in current Java distributions create possibilities to create covert
channels, cause resource blocking and denial-of-service attacks. To make things worse
Java components are often deployed according to the AllPermissions antipattern with
non-restrictive security settings, which allows bugs on the system layer to be exploited
by attackers. Coping with this antipattern from the user side is connected with the
definition of adequate permission sets. A tool that automates this time consuming task
is presented as a refactoring for the AllPermission antipattern.
Description
Table of contents
Keywords
Vulnerability Assessment
Citation
Schönefeld, Marc: Anti-Patterns in JDK Security and Refactorings. In Flegel, U.; Meier, M. (Eds.): Proc. of the International GI Workshop on Detection of Intrusions and Malware & Vulnerability Assessment, number P-46 in Lecture Notes in Informatics, pp. 175-186, Dortmund, Germany, July 2004, Köllen Verlag; ISBN 3-88579-365-X.