8 research outputs found
What Java Developers Know About Compatibility, And Why This Matters
Real-world programs are neither monolithic nor static -- they are constructed
using platform and third party libraries, and both programs and libraries
continuously evolve in response to change pressure. In case of the Java
language, rules defined in the Java Language and Java Virtual Machine
Specifications define when library evolution is safe. These rules distinguish
between three types of compatibility - binary, source and behavioural. We claim
that some of these rules are counter intuitive and not well-understood by many
developers. We present the results of a survey where we quizzed developers
about their understanding of the various types of compatibility. 414 developers
responded to our survey. We find that while most programmers are familiar with
the rules of source compatibility, they generally lack knowledge about the
rules of binary and behavioural compatibility. This can be problematic when
organisations switch from integration builds to technologies that require
dynamic linking, such as OSGi. We have assessed the gravity of the problem by
studying how often linkage-related problems are referenced in issue tracking
systems, and find that they are common
Magic with Dynamo -- Flexible Cross-Component Linking for Java with Invokedynamic
Modern software systems are not built from scratch. They use functionality provided by libraries. These libraries evolve and often upgrades are deployed without the systems being recompiled.
In Java, this process is particularly error-prone due to the mismatch between source and binary compatibility,
and the lack of API stability in many popular libraries.
We propose a novel approach to mitigate this problem based on the use of invokedynamic instructions for cross-component method invocations. The dispatch mechanism of invokedynamic is used to provide on-the-fly signature adaptation. We show how this idea can be used to construct a Java compiler that produces more resilient bytecode.
We present the dynamo compiler, a proof-of-concept implemented as a javac post compiler. We evaluate our approach using several benchmark examples and two case studies showing how the dynamo compiler can prevent certain types of linkage and stack overflow errors that have been observed in real-world systems
Contracts in the Wild: A Study of Java Programs (Artifact)
This artefact contains a dataset of open-source programs obtained from the Maven Central Repository and scripts that first extract contracts from these programs and then perform several analyses on the contracts extracted. The extraction and analysis is fully automated and directly produces the tables presented in the accompanying paper.
The results show how contracts are used in real-world program, and how their usage changes between versions and within inheritance hierarchies
Evil Pickles: DoS Attacks Based on Object-Graph Engineering (Artifact)
This artefact demonstrates the effects of the serialisation vulnerabilities described in the companion paper. It is composed of three components: scripts, including source code, for Java, Ruby and C# serialisation-vulnerabilities, two case studies that demonstrate attacks based on the vulnerabilities, and a contracts-based mitigation strategy for serialisation-based attacks on Java applications. The artefact allows users to witness how the serialisation-based vulnerabilities result in behavior that can be used in security attacks. It also supports the repeatability of the case study experiments and the benchmark for the mitigation measures proposed in the paper. Instructions for running the tasks are provided along with a description of the artefact setup
Evil Pickles: DoS Attacks Based on Object-Graph Engineering
In recent years, multiple vulnerabilities exploiting the serialisation APIs of various programming languages, including Java, have been discovered. These vulnerabilities can be used to devise in- jection attacks, exploiting the presence of dynamic programming language features like reflection or dynamic proxies. In this paper, we investigate a new type of serialisation-related vulnerabilit- ies for Java that exploit the topology of object graphs constructed from classes of the standard library in a way that deserialisation leads to resource exhaustion, facilitating denial of service attacks. We analyse three such vulnerabilities that can be exploited to exhaust stack memory, heap memory and CPU time. We discuss the language and library design features that enable these vulnerabilities, and investigate whether these vulnerabilities can be ported to C#, Java- Script and Ruby. We present two case studies that demonstrate how the vulnerabilities can be used in attacks on two widely used servers, Jenkins deployed on Tomcat and JBoss. Finally, we propose a mitigation strategy based on contract injection