Sun 14 Jun 2015 15:00 - 15:30 at B110-B11 - session 3 Chair(s): Mayur Naik

Late 2012 and early 2013 saw a spike of new Java vulnerabilities being reported in 0-day attacks and used in the wild, that allowed bypass of the Java sandbox. These vulnerabilities were of a variety of types: unguarded caller-sensitive methods, unsafe use of doPrivileged, invalid deserialisation, invalid serialisation, and more. Oracle reacted quickly by making available patches and has now increased the scheduled patch update cycle to 4 releases a year. Unlike more traditional vulnerabilities such as buffer overflow and cross-site scripting that have been studied in the literature for many years, these new Java vulnerabilities lack a clear definition of what the corresponding security bug type is, and what rules apply to each bug type. In this paper we give an overview of one type of access control vulnerabilities that affects the Java platform—unguarded caller-sensitive method calls. The aim of the paper is to explain to the practitioner what the vulnerability is, why it happens in the context of the Java security model, and how to fix it. For the program analysis community, the aim is to define the security bug type, to be able to detect this type of vulnerability.