Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

A Systematic Hardening of Java's Information Hiding

 
: Holzinger, Philipp; Boden, Eric

:

Meng, W. ; Association for Computing Machinery -ACM-, Special Interest Group on Security, Audit and Control -SIGSAC-:
International Symposium on Advanced Security on Software and Systems 2021. Proceedings
New York: ACM, 2021
ISBN: 978-1-4503-8403-2
pp.11-22
International Symposium on Advanced Security on Software and Systems (ASSS) <1, 2021, Online>
Asia Conference on Computer and Communications Security (ASIA CCS) <2021, Online>
English
Conference Paper
Fraunhofer SIT ()

Abstract
The Java runtime is installed on billions of devices worldwide, and over years it has been a primary attack vector for online criminals. In this work, we address that many attack vectors exploit weaknesses in Java's information hiding, making use of illegal access to private members of system classes. To study to what extent such attacks can be mitigated, and at what cost, this paper demonstrates a proof-of-concept solution to strengthen information hiding. Experiments show that this approach is backward compatible, and that it blocks 84% of all information-hiding attacks in a large-scale sample set at an average performance overhead below 2%. Based on our experiments, we suggest a solution to strengthen information hiding for productive use that has the potential to outperform our proof o f concept in terms of robustness and performance, and also would block the remaining information-hiding attacks. Finally, we conclude with general advice on the design of secure software.

: http://publica.fraunhofer.de/documents/N-637990.html