Preprint Open Access

[Preprint] ObjectMap: Detecting Insecure Object Deserialization

Koutroumpouchos Nikolaos; Lavdanis Georgios; Veroni Eleni; Ntantogian Christoforos; Xenakis Christos


MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nam##2200000uu#4500</leader>
  <datafield tag="041" ind1=" " ind2=" ">
    <subfield code="a">eng</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">insecure deserialization</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">web application</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">security</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">vulnerability scanner</subfield>
  </datafield>
  <controlfield tag="005">20200120164448.0</controlfield>
  <datafield tag="500" ind1=" " ind2=" ">
    <subfield code="a">This work was supported by the European Commission, under the FutureTPM, CUREX, INCOGNITO and SECONDO projects; Grant Agreements no. 779391, 826404, 824015 and 823997, respectively.</subfield>
  </datafield>
  <controlfield tag="001">3553676</controlfield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">University of Piraeus</subfield>
    <subfield code="a">Lavdanis Georgios</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">University of Piraeus</subfield>
    <subfield code="a">Veroni Eleni</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">University of Piraeus</subfield>
    <subfield code="a">Ntantogian Christoforos</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">University of Piraeus</subfield>
    <subfield code="a">Xenakis Christos</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">515635</subfield>
    <subfield code="z">md5:dc5dae19513ae373eed7355fdfaed0c3</subfield>
    <subfield code="u">https://zenodo.org/record/3553676/files/25-ObjectMap Detecting Insecure Object Deserialization.pdf</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2019-11-29</subfield>
  </datafield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">openaire</subfield>
    <subfield code="p">user-futuretpm-h2020</subfield>
    <subfield code="o">oai:zenodo.org:3553676</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">University of Piraeus</subfield>
    <subfield code="a">Koutroumpouchos Nikolaos</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">[Preprint] ObjectMap: Detecting Insecure Object Deserialization</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">user-futuretpm-h2020</subfield>
  </datafield>
  <datafield tag="536" ind1=" " ind2=" ">
    <subfield code="c">824015</subfield>
    <subfield code="a">IdeNtity verifiCatiOn with privacy-preservinG credeNtIals for anonymous access To Online services</subfield>
  </datafield>
  <datafield tag="536" ind1=" " ind2=" ">
    <subfield code="c">826404</subfield>
    <subfield code="a">seCUre and pRivate hEalth data eXchange</subfield>
  </datafield>
  <datafield tag="536" ind1=" " ind2=" ">
    <subfield code="c">823997</subfield>
    <subfield code="a">a Security ECONomics service platform for smart security investments and cyber insurance pricing in the beyonD 2020 netwOrking era</subfield>
  </datafield>
  <datafield tag="536" ind1=" " ind2=" ">
    <subfield code="c">779391</subfield>
    <subfield code="a">Future Proofing the Connected World: A Quantum-Resistant Trusted Platform Module</subfield>
  </datafield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u">https://creativecommons.org/licenses/by/4.0/legalcode</subfield>
    <subfield code="a">Creative Commons Attribution 4.0 International</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;In recent years there is a surge of serialization-based vulnerabilities in web applications which have led to serious incidents, exposing private data of millions of individuals. Although there have been some efforts in addressing this problem, there is still no unified solution that is able to detect implementation-agnostic vulnerabilities. We aim to fill this gap by proposing ObjectMap, an extendable tool for the detection of deserialization and object injection vulnerabilities in Java and PHP based web applications. Furthermore, we also introduce the first deserialization test environment which can be used to test deserialization vulnerability detection tools and for educational purposes. Both of these tools are easily extendable and the first to implement this combination of features to the best of our knowledge and they bring together a synthesis of cross-complementing functionalities that are able to ignite further research in the field and help in the development of more feature-rich solutions.&lt;/p&gt;</subfield>
  </datafield>
  <datafield tag="773" ind1=" " ind2=" ">
    <subfield code="n">doi</subfield>
    <subfield code="i">isVersionOf</subfield>
    <subfield code="a">10.5281/zenodo.3553675</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.5281/zenodo.3553676</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">publication</subfield>
    <subfield code="b">preprint</subfield>
  </datafield>
</record>
69
1,468
views
downloads
All versions This version
Views 6969
Downloads 1,4681,468
Data volume 757.0 MB757.0 MB
Unique views 5858
Unique downloads 1,3961,396

Share

Cite as