Visible to the public Biblio

Filters: Author is Rinard, M.  [Clear All Filters]
2021-03-15
Perkins, J., Eikenberry, J., Coglio, A., Rinard, M..  2020.  Comprehensive Java Metadata Tracking for Attack Detection and Repair. 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :39—51.

We present ClearTrack, a system that tracks meta-data for each primitive value in Java programs to detect and nullify a range of vulnerabilities such as integer overflow/underflow and SQL/command injection vulnerabilities. Contributions include new techniques for eliminating false positives associated with benign integer overflows and underflows, new metadata-aware techniques for detecting and nullifying SQL/command command injection attacks, and results from an independent evaluation team. These results show that 1) ClearTrack operates successfully on Java programs comprising hundreds of thousands of lines of code (including instrumented jar files and Java system libraries, the majority of the applications comprise over 3 million lines of code), 2) because of computations such as cryptography and hash table calculations, these applications perform millions of benign integer overflows and underflows, and 3) ClearTrack successfully detects and nullifies all tested integer overflow and underflow and SQL/command injection vulnerabilities in the benchmark applications.