Java vulnerability analysis with JAPCT: java access permission checking tree

Hyo-Seong Park, Young-Chan Lim, Chul-Woo Park, Luna Clout, Ki-Chang Kim
2014 Contemporary Engineerng Sciences  
Java Security Manager is automatically enabled when the web browser downloads a Java applet. Java Security Manager monitors the behavior of the applet and raises an exception and blocks further process when it tries illegally to access system classes or methods. In order to test the legality of the access request, Java Security Manager steps through a tree-like decision path. In this paper, we analyze various kinds of malicious Java applet code and classify them according to the 1384 Hyo-Seong
more » ... the 1384 Hyo-Seong et al. path they take to avoid the blockage by Java Security Manager. The result of this classification is JAPCT (Java Access Permission Checking Tree). We believe JAPCT will greatly enhance our ability to understand Java security vulnerabilities in the past and to predict possible security problems in the future Java Virtual Machine.
doi:10.12988/ces.2014.49170 fatcat:e7acdu5hvjfmnpxku7xexnxqyy