{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T07:11:18Z","timestamp":1763968278720,"version":"3.37.3"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030004699"},{"type":"electronic","value":"9783030004705"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-00470-5_21","type":"book-chapter","created":{"date-parts":[[2018,9,6]],"date-time":"2018-09-06T06:43:19Z","timestamp":1536216199000},"page":"445-464","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["Trusted Execution Path for Protecting Java Applications Against Deserialization of Untrusted Data"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0124-4467","authenticated-orcid":false,"given":"Stefano","family":"Cristalli","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8447-9527","authenticated-orcid":false,"given":"Edoardo","family":"Vignati","sequence":"additional","affiliation":[]},{"given":"Danilo","family":"Bruschi","sequence":"additional","affiliation":[]},{"given":"Andrea","family":"Lanzi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,9,7]]},"reference":[{"unstructured":"Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.K.: Non-control-data attacks are realistic threats. In: USENIX Security Symposium, vol. 14 (2005)","key":"21_CR1"},{"unstructured":"Cristalli, S., Pagnozzi, M., Graziano, M., Lanzi, A., Balzarotti, D.: Micro-virtualization memory tracing to detect and prevent spraying attacks. In: Proceedings of the 25th USENIX Security Symposium (USENIX Security) (2016)","key":"21_CR2"},{"doi-asserted-by":"crossref","unstructured":"Dahse, J., Krein, N., Holz, T.: Code reuse attacks in php: automated pop chain generation. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 42\u201353. ACM (2014)","key":"21_CR3","DOI":"10.1145\/2660267.2660363"},{"key":"21_CR4","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1016\/j.cose.2015.03.007","volume":"52","author":"A Fattori","year":"2015","unstructured":"Fattori, A., Lanzi, A., Balzarotti, D., Kirda, E.: Hypervisor-based malware protection with accessminer. Comput. Secur. 52, 33\u201350 (2015). https:\/\/doi.org\/10.1016\/j.cose.2015.03.007","journal-title":"Comput. Secur."},{"doi-asserted-by":"crossref","unstructured":"Feng, H.H., Kolesnikov, O.M., Fogla, P., Lee, W., Gong, W.: Anomaly detection using call stack information. In: Proceedings of 2003 Symposium on Security and Privacy, pp. 62\u201375. IEEE (2003)","key":"21_CR5","DOI":"10.1109\/SECPRI.2003.1199328"},{"unstructured":"Frohoff, C.: ysoserial repository (2015). https:\/\/github.com\/frohoff\/ysoserial","key":"21_CR6"},{"unstructured":"Gotz Lindenmeier, V.S.: Hotspot internals: Explore and debug the VM at the OS level. In: JavaOne Conference (2013)","key":"21_CR7"},{"doi-asserted-by":"crossref","unstructured":"Karger, P.A.: Limiting the damage potential of discretionary trojan horses. In: 1987 IEEE Symposium on Security and Privacy, p. 32. IEEE (1987)","key":"21_CR8","DOI":"10.1109\/SP.1987.10011"},{"doi-asserted-by":"crossref","unstructured":"Kim, D., Kwon, B.J., Dumitras, T.: Certified malware: measuring breaches of trust in the windows code-signing PKI. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, vol. 14 (2017)","key":"21_CR9","DOI":"10.1145\/3133956.3133958"},{"doi-asserted-by":"crossref","unstructured":"Landman, D., Serebrenik, A., Vinju, J.J.: Challenges for static analysis of java reflection: literature review and empirical study. In: Proceedings of the 39th International Conference on Software Engineering. IEEE Press (2017)","key":"21_CR10","DOI":"10.1109\/ICSE.2017.53"},{"unstructured":"Livshits, V.B., Lam, M.S.: Finding security vulnerabilities in java applications with static analysis. In: USENIX Security Symposium, vol. 14, p. 18 (2005)","key":"21_CR11"},{"unstructured":"Mettler, A., Wagner, D., Close, T.: Joe-E: a security-oriented subset of java. In: NDSS, vol. 10, pp. 357\u2013374 (2010)","key":"21_CR12"},{"unstructured":"Miller, M.S., Samuel, M., Laurie, B., Awad, I., Stay, M.: Safe active content in sanitized javascript. Google Inc., Technical report (2008)","key":"21_CR13"},{"unstructured":"Oracle Corporation: Hotspot runtime overview (2017). http:\/\/openjdk.java.net\/groups\/hotspot\/docs\/RuntimeOverview.html","key":"21_CR14"},{"unstructured":"Oracle Corporation: Interface instrumentation (2017). https:\/\/docs.oracle.com\/javase\/8\/docs\/api\/java\/lang\/instrument\/Instrumentation.html#setNativeMethodPrefix-java.lang.instrument.ClassFileTransformer-java.lang.String-","key":"21_CR15"},{"unstructured":"Oracle Corporation: Java object serialization (2017). https:\/\/docs.oracle.com\/javase\/8\/docs\/technotes\/guides\/serialization\/","key":"21_CR16"},{"unstructured":"Oracle Corporation: The serializable interface (2017). https:\/\/docs.oracle.com\/javase\/8\/docs\/platform\/serialization\/spec\/serial-arch.html#a4539","key":"21_CR17"},{"doi-asserted-by":"crossref","unstructured":"Seacord, R.C.: Combating java deserialization vulnerabilities with look-ahead object input streams (laois) (2017)","key":"21_CR18","DOI":"10.1109\/SecDev.2017.13"},{"unstructured":"Svoboda, D.: Exploiting java deserialization for fun and profit (2016)","key":"21_CR19"},{"doi-asserted-by":"crossref","unstructured":"Vilanova, L., Ben-Yehuda, M., Navarro, N., Etsion, Y., Valero, M.: Codoms: protecting software with code-centric memory domains. In: ACM SIGARCH Computer Architecture News, vol. 42, pp. 469\u2013480. IEEE Press (2014)","key":"21_CR20","DOI":"10.1145\/2678373.2665741"},{"doi-asserted-by":"crossref","unstructured":"Watson, R.N., et al.: Cheri: a hybrid capability-system architecture for scalable software compartmentalization. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 20\u201337. IEEE (2015)","key":"21_CR21","DOI":"10.1109\/SP.2015.9"},{"doi-asserted-by":"crossref","unstructured":"Witchel, E., Rhee, J., Asanovi\u0107, K.: Mondrix: memory isolation for linux using mondriaan memory protection. In: ACM SIGOPS Operating Systems Review, vol. 39, pp. 31\u201344. ACM (2005)","key":"21_CR22","DOI":"10.1145\/1095809.1095814"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-00470-5_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,23]],"date-time":"2019-10-23T16:38:56Z","timestamp":1571848736000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-00470-5_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030004699","9783030004705"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-00470-5_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]}}}