skip to main content
10.1145/2771284.2771286acmconferencesArticle/Chapter ViewAbstractPublication PagespldiConference Proceedingsconference-collections
research-article

Understanding caller-sensitive method vulnerabilities: a class of access control vulnerabilities in the Java platform

Published: 14 June 2015 Publication History

Abstract

Late 2012 and early 2013 saw a spike of new Java vulnerabilities being reported in 0-day attacks and used in the wild, that allowed bypass of the Java sandbox. These vulnerabilities were of a variety of types: unguarded caller-sensitive methods, unsafe use of doPrivileged, invalid deserialisation, invalid serialisation, and more. Oracle reacted quickly by making available patches and has now increased the scheduled patch update cycle to 4 releases a year. Unlike more traditional vulnerabilities such as buffer overflow and cross-site scripting that have been studied in the literature for many years, these new Java vulnerabilities lack a clear definition of what the corresponding security bug type is, and what rules apply to each bug type. In this paper we give an overview of one type of access control vulnerabilities that affects the Java platform---unguarded caller-sensitive method calls. The aim of the paper is to explain to the practitioner what the vulnerability is, why it happens in the context of the Java security model, and how to fix it. For the program analysis community, the aim is to define the security bug type, to be able to detect this type of vulnerability.

References

[1]
CERT. Vulnerability note VU#636312: Oracle Java JRE 1.7 Expression.execute() and SunToolkit.getField() fail to restrict access to privileged code. https://www.kb.cert.org/vuls/id/636312, Aug 27, 2012.
[2]
G. Cluley. How to turn off Java in your browser - and why you should do it now. https://nakedsecurity.sophos.com/ 2012/08/30/how-turn-off-java-browser, Aug 30, 2012.
[3]
CVE2012. CVE-2012-4681. http://cve.mitre.org/ cgi-bin/cvename.cgi?name=2012-4681, 2012.
[4]
L. Garber. Have Java’s security issues gotten out of hand? IEEE Computer, pages 18–21, December 2012.
[5]
L. Gong. Java security: A ten year retrospective. In Proceedings of the Computer Security Applications Conference (ACSAC), pages 395– 405. IEEE Press, 2009.
[6]
L. Gong, G. Ellison, and M. Dageforde. Inside Java 2 Platform Security. The Java Series. Addison Wesley, 2003.
[7]
Java Product Group. Secure coding guidelines for Java SE. http:// www.oracle.com/technetwork/java/seccodeguide-139067.html, 2014. Document version 5.0, published 2 April 2014, last updated 25 September 2014.
[8]
John Rose and Christian Thalinger and Mandy Chung. JEP 176: Mechanical checking of caller-sensitive methods. http://openjdk.java.net/jeps/176, 2014. Created 5 February 2013, last updated 10 July 2014.
[9]
J. Saltzer. Protection and the control of information sharing in multics. Communications of the ACM, 17(7):389, 1974.
[10]
Sean Mullan. JEP 140: Limited doPrivileged. http://openjdk.java.net/jeps/140, 2014.
[11]
Created 25 August 2011, last updated 10 July 2014.

Cited By

View all
  • (2024)Seneca: Taint-Based Call Graph Construction for Java Object DeserializationProceedings of the ACM on Programming Languages10.1145/36498518:OOPSLA1(1125-1153)Online publication date: 29-Apr-2024
  • (2023)The role of program analysis in security vulnerability detection: Then and nowComputers & Security10.1016/j.cose.2023.103463135(103463)Online publication date: Dec-2023
  • (2022)An empirical study of the Python/C API on evolution and bug patternsJournal of Software: Evolution and Process10.1002/smr.250735:2Online publication date: 6-Sep-2022
  • Show More Cited By

Index Terms

  1. Understanding caller-sensitive method vulnerabilities: a class of access control vulnerabilities in the Java platform

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SOAP 2015: Proceedings of the 4th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis
    June 2015
    30 pages
    ISBN:9781450335850
    DOI:10.1145/2771284
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 14 June 2015

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Java security model
    2. Principle of least privilege

    Qualifiers

    • Research-article

    Conference

    PLDI '15
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 11 of 11 submissions, 100%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)18
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 27 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Seneca: Taint-Based Call Graph Construction for Java Object DeserializationProceedings of the ACM on Programming Languages10.1145/36498518:OOPSLA1(1125-1153)Online publication date: 29-Apr-2024
    • (2023)The role of program analysis in security vulnerability detection: Then and nowComputers & Security10.1016/j.cose.2023.103463135(103463)Online publication date: Dec-2023
    • (2022)An empirical study of the Python/C API on evolution and bug patternsJournal of Software: Evolution and Process10.1002/smr.250735:2Online publication date: 6-Sep-2022
    • (2020)Salsa: static analysis of serialization featuresProceedings of the 22nd ACM SIGPLAN International Workshop on Formal Techniques for Java-Like Programs10.1145/3427761.3428343(18-25)Online publication date: 23-Jul-2020
    • (2020)Deep Learning for Source Code Modeling and GenerationACM Computing Surveys10.1145/338345853:3(1-38)Online publication date: 12-Jun-2020
    • (2020)A hybrid analysis to detect Java serialisation vulnerabilitiesProceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering10.1145/3324884.3418931(1209-1213)Online publication date: 21-Dec-2020
    • (2017)Hardening Java’s Access Control by Abolishing Implicit Privilege Elevation2017 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2017.16(1027-1040)Online publication date: May-2017
    • (2017)Capabilities for Java: Secure Access to ResourcesProgramming Languages and Systems10.1007/978-3-319-71237-6_4(67-84)Online publication date: 19-Nov-2017
    • (2016)Soufflé: On Synthesis of Program AnalyzersComputer Aided Verification10.1007/978-3-319-41540-6_23(422-430)Online publication date: 13-Jul-2016

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media