Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Hardening Java's Access Control by Abolishing Implicit Privilege Elevation

IEEE via YouTube

Overview

Explore a comprehensive analysis of Java's access control vulnerabilities in this IEEE Symposium on Security & Privacy conference talk. Delve into the study of shortcuts that bypass stack-based access control, leading to implicit privilege elevation and potential security risks. Examine the consequences of these shortcuts, including their impact on software maintenance and the introduction of confused-deputy vulnerabilities. Learn about a proposed solution involving a tool-assisted adaptation of the Java Class Library to implement explicit privilege elevation. Discover how these changes can significantly enhance the security of Java applications by hindering new vulnerabilities and restricting attacker capabilities. Gain insights into usability considerations and performance implications of implementing faithful stack-based access control in Java.

Syllabus

Introduction
Joint Work
Java Security Model
Information Checks
Model Deviation
Example
Permission Check
Shortcut
Consequences
Shortcuts prevent
Shortcut example
System class example
Sample exploits
Moving from Implicit to Explicit
Removing Conditionals
Implementation
General Lessons
Questions

Taught by

IEEE Symposium on Security and Privacy

Reviews

Start your review of Hardening Java's Access Control by Abolishing Implicit Privilege Elevation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.