Sound Call Graph Construction for Java Object Deserialization.
CoRR(2023)
摘要
Object serialization and deserialization is widely used for storing and
preserving objects in files, memory, or database as well as for transporting
them across machines, enabling remote interaction among processes and many
more. This mechanism relies on reflection, a dynamic language that introduces
serious challenges for static analyses. Current state-of-the-art call graph
construction algorithms does not fully support object
serialization/deserialization, i.e., they are unable to uncover the callback
methods that are invoked when objects are serialized and deserialized. Since
call graphs are a core data structure for multiple type of analysis (e.g.,
vulnerability detection), an appropriate analysis cannot be performed since the
call graph does not capture hidden (vulnerable) paths that occur via callback
methods. In this paper, we present Seneca, an approach for handling
serialization with improved soundness in the context of call graph
construction. Our approach relies on taint analysis and API modeling to
construct sound call graphs. We evaluated our approach with respect to
soundness, precision, performance, and usefulness in detecting untrusted object
deserialization vulnerabilities. Our results show that Seneca can create sound
call graphs with respect to serialization features. The resulting call graphs
do not incur significant overhead and were shown to be useful for performing
identification of vulnerable paths caused by untrusted object deserialization.
更多查看译文
关键词
graph,sound
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要