Write a Blog >>
ASE 2020
Mon 21 - Fri 25 September 2020 Melbourne, Australia
Wed 23 Sep 2020 01:50 - 02:00 at Platypus - Software Security and Trust (1) Chair(s): Christoph Csallner

Serialisation related security vulnerabilities have recently been reported for numerous Java applications. Since serialisation presents both soundness and precision challenges for static analysis, it can be difficult for analyses to precisely pinpoint serialisation vulnerabilities in a Java library. In this paper, we propose a hybrid approach that extends a static analysis with fuzzing to detect serialisation vulnerabilities. The novelty of our approach is in its use of a heap model to direct fuzzing for vulnerabilities in Java libraries. The advantage is that the analysis guides fuzzing to quickly and effectively produce results, which may also automatically validate static analysis reports.

Wed 23 Sep
Times are displayed in time zone: (UTC) Coordinated Universal Time

01:10 - 02:10: Software Security and Trust (1) Research Papers / NIER track / Tool Demonstrations at Platypus
Chair(s): Christoph CsallnerUniversity of Texas at Arlington
01:10 - 01:30
Continuous ComplianceExperience
Research Papers
Martin KelloggUniversity of Washington, Seattle, Martin SchäfAmazon Web Services, Serdar TasiranAmazon Web Services, Michael D. ErnstUniversity of Washington, USA
01:30 - 01:50
SADT: Syntax-Aware Differential Testing of Certificate Validation in SSL/TLS Implementions
Research Papers
Lili QuanCollege of Intelligence and Computing,Tianjin University, Qianyu GuoCollege of Intelligence and Computing, Tianjin University, Hongxu ChenResearch Associate, xiexiaofei , Li XiaohongTianJin University, Yang LiuNanyang Technological University, Singapore, Jing HuTianjin Key Laboratory of Advanced Networking (TANK), College of Intelligence and Computing,Tianjin University
01:50 - 02:00
A Hybrid Analysis to Detect Java Serialisation Vulnerabilities
NIER track
Shawn RasheedMassey University, Jens DietrichVictoria University of Wellington
02:00 - 02:10
EXPRESS: An Energy-Efficient and Secure Framework for Mobile Edge Computing and Blockchain based Smart Systems
Tool Demonstrations
Jia XuSchool of Computer Science and Technology, Anhui University, Xiao LiuSchool of Information Technology, Deakin University, Xuejun LiSchool of Computer Science and Technology, Anhui University, Lei ZhangAntwork Robotics Co., Ltm., Hangzhou, China, Yun YangSwinburne University of Technology