Logo des Repositoriums
 
Konferenzbeitrag

Anti-patterns in JDK security and refactorings

Lade...
Vorschaubild

Volltext URI

Dokumententyp

Text/Conference Paper

Zusatzinformation

Datum

2004

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Verlag

Gesellschaft für Informatik e.V.

Zusammenfassung

This paper underlines the importance of security awareness whilst programming Java applications. Several problems in current JDK implementations are demonstrated that allow to undermine the security of Java applications. Coding errors and quality problems in current Java distributions create possibilities to create covert channels, cause resource blocking and denial-of-service attacks. To make things worse Java components are often deployed according to the AllPermissions antipattern with non-restrictive security settings, which allows bugs on the system layer to be exploited by attackers. Coping with this antipattern from the user side is connected with the definition of adequate permission sets. A tool that automates this time consuming task is presented as a refactoring for the AllPermission antipattern.

Beschreibung

Schönefeld, Marc (2004): Anti-patterns in JDK security and refactorings. Detection of intrusions and malware & vulnerability assessment, GI SIG SIDAR workshop, DIMVA 2004. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 3-88579-375-X. pp. 175-186. Regular Research Papers. Dortmund. July 6-7, 2004

Schlagwörter

Zitierform

DOI

Tags