Comprehensive Java Metadata Tracking for Attack Detection and Repair
| Title | Comprehensive Java Metadata Tracking for Attack Detection and Repair |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Perkins, J., Eikenberry, J., Coglio, A., Rinard, M. |
| Conference Name | 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) |
| Date Published | July 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-5809-9 |
| Keywords | Arrays, command injection attacks, composability, Computer errors, computer security, Containers, Instruments, Intrusion detection, Java, Libraries, maintenance engineering, metadata, Metrics, pubcrawl, resilience, Resiliency, Software safety |
| Abstract | We present ClearTrack, a system that tracks meta-data for each primitive value in Java programs to detect and nullify a range of vulnerabilities such as integer overflow/underflow and SQL/command injection vulnerabilities. Contributions include new techniques for eliminating false positives associated with benign integer overflows and underflows, new metadata-aware techniques for detecting and nullifying SQL/command command injection attacks, and results from an independent evaluation team. These results show that 1) ClearTrack operates successfully on Java programs comprising hundreds of thousands of lines of code (including instrumented jar files and Java system libraries, the majority of the applications comprise over 3 million lines of code), 2) because of computations such as cryptography and hash table calculations, these applications perform millions of benign integer overflows and underflows, and 3) ClearTrack successfully detects and nullifies all tested integer overflow and underflow and SQL/command injection vulnerabilities in the benchmark applications. |
| URL | https://ieeexplore.ieee.org/document/9153376 |
| DOI | 10.1109/DSN48063.2020.00024 |
| Citation Key | perkins_comprehensive_2020 |