RZO Web Page - networks and Co

Bienvenue sur la page RZO

Ressources de Jean et Pierre Parrend en informatique, telecoms et reseaux







Ressources techniques

A Lire


Home-Pierre-Jean-Enseignement-Ressources techniques-Contact

Classification of Component Vulnerabilities in Java Service Oriented Programming (SOP) Platforms

Pierre Parrend and Stephane Frenot

Conference on Component-Based Software Engineering (CBSE), 25-17 October 2008, Karlsruhe, Germany

Abstract: Java-based systems have evolved from stand-alone applications to multi-component to Service Oriented Programming (SOP) platforms. Each step of this evolution makes a set of Java vulnerabilities directly exploitable by malicious code: access to classes in multi-component platforms, and access to object in SOP, is granted to them with often no control.

This paper defines two taxonomies that characterize vulnerabilities in Java components: the vulnerability categories, and the goals of the attacks that are based on these vulnerabilities. The `vulnerability category' taxonomy is based on three application types: stand-alone, class sharing, and SOP. Entries express the absence of proper security features at places they are required to build secure component-based systems. The `goal' taxonomy is based on the distinction between undue access, which encompasses the traditional integrity and confidentiality security properties, and denial-of-service. It provides a matching between the vulnerability categories and their consequences. The exploitability of each vulnerability is validated through the development of a pair of malicious and vulnerable components. Experiments are conducted in the context of the OSGi Platform. Based on the vulnerability taxonomies, recommendations for writing hardened component code are issued.

Keywords :Software Security, Service-oriented Programming, Component Middleware

Bibtex :

author = {Pierre Parrend and St\'{e}phane Fr\'{e}not},
title = {Classification of Component Vulnerabilities in {J}ava Service Oriented Programming ({SOP}) Platforms},
booktitle = {Conference on Component-based Software Engineering (CBSE'2008)},
year = {2008},
volume = {5282/2008},
series = {LNCS},
address = {Karlsruhe, Germany}, month = {October},
publisher = {Springer Berlin / Heidelberg},

Go to the English version

Home-Pierre-Jean-Enseignement-Ressources techniques-Contact

Last update : 22 April 2008 - contact the webmaster