Current research on software security has tended to focus on directed techniques such as detecting known flaws, finding coding anomalies that might indicate problems and protecting against known attacks or vulnerabilities. In contrast, process-based approaches such as the Common Criteria have the potential to discover or prevent unknown flaws. Unfortunately, such process-based approaches offer no benefit to pre-existing software, or software developed under a different methodology.
In this paper we investigate the security issues raised by dynamic classloading, as related to large, highassurance Java products. We describe a previously unknown vulnerability in Java which allows remote attacks. We also derive a set of build requirements, based upon the Common Criteria, that can be applied to non-Common Criteria Java products. We conduct an experiment on two large, mature, widely used Java systems, one commercial and one open-source, evaluating them against our requirements. This resulted in the discovery of previously unknown security and reliability issues in both products, related to dynamic classloading.
By: Sam Weber; Paul Karger
Published in: RC24232 in 2007
LIMITED DISTRIBUTION NOTICE:
This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.
Questions about this service can be mailed to reports@us.ibm.com .