English
Related papers

Related papers: Deserialization Gadget Chains are not a Pathologic…

200 papers

Nowadays, an increasing number of applications uses deserialization. This technique, based on rebuilding the instance of objects from serialized byte streams, can be dangerous since it can open the application to attacks such as remote code…

Cryptography and Security · Computer Science 2022-08-18 Imen Sayar , Alexandre Bartel , Eric Bodden , Yves Le Traon

Java (de)serialization is prone to causing security-critical vulnerabilities that attackers can invoke existing methods (gadgets) on the application's classpath to construct a gadget chain to perform malicious behaviors. Several techniques…

Cryptography and Security · Computer Science 2023-04-05 Sicong Cao , Xiaobing Sun , Xiaoxue Wu , Lili Bo , Bin Li , Rongxin Wu , Wei Liu , Biao He , Yu Ouyang , Jiajia Li

Java deserialization gadget chains are a well-researched critical software weakness. The vast majority of known gadget chains rely on gadgets from software dependencies. Furthermore, it has been shown that small code changes in dependencies…

Cryptography and Security · Computer Science 2025-04-30 Bruno Kreyssig , Sabine Houy , Timothée Riom , Alexandre Bartel

Java deserialization vulnerability is a severe threat in practice. Researchers have proposed static analysis solutions to locate candidate vulnerabilities and fuzzing solutions to generate proof-of-concept (PoC) serialized objects to…

Cryptography and Security · Computer Science 2023-04-11 Sicong Cao , Biao He , Xiaobing Sun , Yu Ouyang , Chao Zhang , Xiaoxue Wu , Ting Su , Lili Bo , Bin Li , Chuanlei Ma , Jiajia Li , Tao Wei

Object serialization and deserialization are widely used for storing and preserving objects in files, memory, or database as well as for transporting them across machines, enabling remote interaction among processes and many more. This…

Software Engineering · Computer Science 2024-09-04 Joanna C. S. Santos , Mehdi Mirakhorli , Ali Shokri

Android allows apps to communicate with its system services via system service helpers so that these apps can use various functions provided by the system services. Meanwhile, the system services rely on their service helpers to enforce…

Cryptography and Security · Computer Science 2022-03-25 Yi He , Yacong Gu , Purui Su , Kun Sun , Yajin Zhou , Zhi Wang , Qi Li

Google's Android is a comprehensive software framework for mobile communication devices (i.e., smartphones, PDAs). The Android framework includes an operating system, middleware and a set of key applications. The incorporation of integrated…

Cryptography and Security · Computer Science 2009-12-31 A. Shabtai , Y. Fledel , U. Kanonov , Y. Elovici , S. Dolev

Untrusted deserialization exploits, where a serialised object graph is used to achieve denial-of-service or arbitrary code execution, have become so prominent that they were introduced in the 2017 OWASP Top 10. In this paper, we present a…

Cryptography and Security · Computer Science 2022-04-21 Francois Gauthier , Sora Bae

The Android ecosystem is profoundly fragmented due to the frequent updates of the Android system and the prevalent customizations by mobile device manufacturers. Previous research primarily focused on identifying and repairing…

Software Engineering · Computer Science 2024-08-06 Junfeng Chen , Kevin Li , Yifei Chen , Lili Wei , Yepang Liu

Cross-app collaboration via inter-component communication is a fundamental mechanism on Android. Although it brings the benefits such as functionality reuse and data sharing, a threat called component hijacking is also introduced. By…

Cryptography and Security · Computer Science 2016-09-14 Daoyuan Wu , Debin Gao , Yingjiu Li , Robert H. Deng

As the popularity of Android smart phones has increased in recent years, so too has the number of malicious applications. Due to the potential for data theft mobile phone users face, the detection of malware on Android devices has become an…

Cryptography and Security · Computer Science 2019-08-14 Chenglin Li , Keith Mills , Rui Zhu , Di Niu , Hongwen Zhang , Husam Kinawi

Resource leak bugs in Android apps are pervasive and can cause serious performance degradation and system crashes. In recent years, several resource leak detection techniques have been proposed to assist Android developers in correctly…

Software Engineering · Computer Science 2016-11-28 Yepang Liu , Lili Wei , Chang Xu , Shing-Chi Cheung

Android has been the most popular smartphone system, with multiple platform versions (e.g., KITKAT and Lollipop) active in the market. To manage the application's compatibility with one or more platform versions, Android allows apps to…

Software Engineering · Computer Science 2017-03-20 Daoyuan Wu , Ximing Liu , Jiayun Xu , David Lo , Debin Gao

Third-party Software Development Kits (SDKs) are widely adopted in Android app development, to effortlessly accelerate development pipelines and enhance app functionality. However, this convenience raises substantial concerns about…

Cryptography and Security · Computer Science 2025-06-19 Mark Huasong Meng , Chuan Yan , Qing Zhang , Zeyu Wang , Kailong Wang , Sin Gee Teo , Guangdong Bai , Jin Song Dong

Contact tracing has historically been used to retard the spread of infectious diseases, but if it is exercised by hand in large-scale, it is known to be a resource-intensive and quite deficient process. Nowadays, digital contact tracing has…

Cryptography and Security · Computer Science 2021-05-24 Vasileios Kouliaridis , Georgios Kambourakis , Efstratios Chatzoglou , Dimitrios Geneiatakis , Hua Wang

The open-source nature of the Android OS makes it possible for manufacturers to ship custom versions of the OS along with a set of pre-installed apps, often for product differentiation. Some device vendors have recently come under scrutiny…

Cryptography and Security · Computer Science 2019-05-08 Julien Gamba , Mohammed Rashed , Abbas Razaghpanah , Juan Tapiador , Narseo Vallina-Rodriguez

Mobile apps are predominantly integrated with cloud services to benefit from enhanced functionalities. Adopting authentication using secrets such as API keys is crucial to ensure secure mobile-cloud interactions. However, developers often…

Cryptography and Security · Computer Science 2025-11-11 Kevin Li , Lin Ling , Jinqiu Yang , Lili Wei

Java programming language has been long used to develop native Android mobile applications. In the last few years many companies and freelancers have switched into using Kotlin partially or entirely. As such, many projects are released as…

Cryptography and Security · Computer Science 2021-05-21 Fadi Mohsen , Loran Oosterhaven , Fatih Turkmen

We present a DSP simulation environment that will enable students to perform laboratory exercises using Android mobile devices and tablets. Due to the pervasive nature of the mobile technology, education applications designed for mobile…

Computers and Society · Computer Science 2015-02-26 Suhas Ranganath , JJ Thiagarajan , KN Ramamurthy , Shuang Hu , Mahesh Banavar , Andreas Spanias

Android is the most popular operating systems for smartphones and is also well-known for its flexibility and security. However, although it is overall considered very secure, there are still some vulnerabilities occasionally discovered that…

Cryptography and Security · Computer Science 2022-04-13 Valerio Brussani
‹ Prev 1 2 3 10 Next ›