Proceedings 2024 Network and Distributed System Security Symposium 2024 Help me understand this report
QUACK: Hindering Deserialization Attacks via Static Duck Typing
Abstract: Managed languages facilitate convenient ways for serializing objects, allowing applications to persist and transfer them easily, yet this feature opens them up to attacks. By manipulating serialized objects, attackers can trigger a chained execution of existing code segments, using them as gadgets to form an exploit. Protecting deserialization calls against attacks is cumbersome and tedious, leading to many developers avoiding deploying defenses properly. We present QUACK, a framework for automatically protect…
Search citation statements
Paper Sections
Select...
Citation Types
0
0
0
Year Published
2024
2024
Publication Types
Select...
1
Relationship
0
1
Authors
Journals
Cited by 1 publication
References 23 publications
(28 reference statements)
0
0
0
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
