Hardening Java's Access Control by Abolishing Implicit Privilege Elevation
Offered By: IEEE via YouTube
Course Description
Overview
Explore a comprehensive analysis of Java's access control vulnerabilities in this IEEE Symposium on Security & Privacy conference talk. Delve into the study of shortcuts that bypass stack-based access control, leading to implicit privilege elevation and potential security risks. Examine the consequences of these shortcuts, including their impact on software maintenance and the introduction of confused-deputy vulnerabilities. Learn about a proposed solution involving a tool-assisted adaptation of the Java Class Library to implement explicit privilege elevation. Discover how these changes can significantly enhance the security of Java applications by hindering new vulnerabilities and restricting attacker capabilities. Gain insights into usability considerations and performance implications of implementing faithful stack-based access control in Java.
Syllabus
Introduction
Joint Work
Java Security Model
Information Checks
Model Deviation
Example
Permission Check
Shortcut
Consequences
Shortcuts prevent
Shortcut example
System class example
Sample exploits
Moving from Implicit to Explicit
Removing Conditionals
Implementation
General Lessons
Questions
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
Cybersecurity and Its Ten DomainsUniversity System of Georgia via Coursera Bases de données relationnelles : Comprendre pour maîtriser
Inria (French Institute for Research in Computer Science and Automation) via France Université Numerique Desarrollo de Aplicaciones Web: Seguridad
University of New Mexico via Coursera Web Application Development: Security
University of New Mexico via Coursera Computing, Storage and Security with Google Cloud Platform
Google via Coursera