{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T07:15:18Z","timestamp":1763968518083,"version":"3.40.3"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783031295034"},{"type":"electronic","value":"9783031295041"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-29504-1_8","type":"book-chapter","created":{"date-parts":[[2023,4,3]],"date-time":"2023-04-03T10:23:50Z","timestamp":1680517430000},"page":"136-155","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["JChainz: Automatic Detection of\u00a0Deserialization Vulnerabilities for\u00a0the\u00a0Java Language"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7590-6964","authenticated-orcid":false,"given":"Luca","family":"Buccioli","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0124-4467","authenticated-orcid":false,"given":"Stefano","family":"Cristalli","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8447-9527","authenticated-orcid":false,"given":"Edoardo","family":"Vignati","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4782-3728","authenticated-orcid":false,"given":"Lorenzo","family":"Nava","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1337-7451","authenticated-orcid":false,"given":"Daniele","family":"Badagliacca","sequence":"additional","affiliation":[]},{"given":"Danilo","family":"Bruschi","sequence":"additional","affiliation":[]},{"given":"Long","family":"Lu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1544-3758","authenticated-orcid":false,"given":"Andrea","family":"Lanzi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,4,4]]},"reference":[{"key":"8_CR1","unstructured":"Java Pathfinder. https:\/\/github.com\/javapathfinder"},{"key":"8_CR2","unstructured":"Java Symbolic Execution. https:\/\/docs.angr.io\/advanced-topics\/java_support (2019)"},{"key":"8_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"445","DOI":"10.1007\/978-3-030-00470-5_21","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"S Cristalli","year":"2018","unstructured":"Cristalli, S., Vignati, E., Bruschi, D., Lanzi, A.: Trusted execution path for protecting java applications against deserialization of untrusted data. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 445\u2013464. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-00470-5_21"},{"key":"8_CR4","doi-asserted-by":"crossref","unstructured":"Dahse, J., Krein, N., Holz, T.: Code reuse attacks in PHP: automated pop chain generation. In: Proceedings of the ACM Conference on Computer and Communications Security, vol. 11, pp. 42\u201353 (2014)","DOI":"10.1145\/2660267.2660363"},{"key":"8_CR5","unstructured":"Dietrich, J., Jezek, K., Rasheed, S., Tahir, A., Potanin, A.: Evil pickles: dos attacks based on object-graph engineering. In: 31st European Conference on Object-Oriented Programming (ECOOP 2017). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik (2017)"},{"key":"8_CR6","doi-asserted-by":"publisher","first-page":"102392","DOI":"10.1016\/j.scico.2020.102392","volume":"191","author":"P Ferrara","year":"2020","unstructured":"Ferrara, P., Cortesi, A., Spoto, F.: From CIL to java bytecode: semantics-based translation for static analysis leveraging. Sci. Comput. Program. 191, 102392 (2020)","journal-title":"Sci. Comput. Program."},{"key":"8_CR7","unstructured":"The Apache Software Foundation. Java collections framework. https:\/\/commons.apache.org\/proper\/commons-collections\/"},{"key":"8_CR8","doi-asserted-by":"crossref","unstructured":"Fourtounis, G., Kastrinis, G., Smaragdakis, Y.: Static analysis of java dynamic proxies. In: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2018, pp. 209\u2013220, New York, NY, USA. Association for Computing Machinery (2018)","DOI":"10.1145\/3213846.3213864"},{"key":"8_CR9","unstructured":"Frohoff, C.: ysoserial repository. https:\/\/github.com\/frohoff\/ysoserial (2015)"},{"key":"8_CR10","doi-asserted-by":"crossref","unstructured":"Hawkins, B., Demsky, B.: Zenids: introspective intrusion detection for PHP applications. In: 2017 IEEE\/ACM 39th International Conference on Software Engineering (ICSE), pp. 232\u2013243. IEEE (2017)","DOI":"10.1109\/ICSE.2017.29"},{"key":"8_CR11","doi-asserted-by":"crossref","unstructured":"Holzinger, P., Triller, S., Bartel, A., Bodden, E.: An in-depth study of more than ten years of java exploitation, pp. 779\u2013790 (2016)","DOI":"10.1145\/2976749.2978361"},{"key":"8_CR12","doi-asserted-by":"crossref","unstructured":"Koutroumpouchos, N., Lavdanis, G., Veroni, E., Ntantogian, C., Xenakis, C.: Objectmap: detecting insecure object deserialization. In: Proceedings of the 23rd Pan-Hellenic Conference on Informatics, pp. 67\u201372 (2019)","DOI":"10.1145\/3368640.3368680"},{"key":"8_CR13","doi-asserted-by":"crossref","unstructured":"Landman, D., Serebrenik, A., Vinju, J.J.: Challenges for static analysis of java reflection - literature review and empirical study. In: 2017 IEEE\/ACM 39th International Conference on Software Engineering (ICSE), pp. 507\u2013518 (2017)","DOI":"10.1109\/ICSE.2017.53"},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"Lekies, S., Kotowicz, K., Gro\u00df, S., Nava, E.V., Johns, M.: Breaking cross-site scripting mitigations via script gadgets, Code-reuse attacks for the web (2017)","DOI":"10.1145\/3133956.3134091"},{"key":"8_CR15","volume-title":"Principles of Program Analysis","author":"F Nielson","year":"2010","unstructured":"Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer Publishing Company, Incorporated, Cham (2010)"},{"key":"8_CR16","unstructured":"Authors names obfuscated. Commonscollections8 (2019). https:\/\/github.com\/frohoff\/ysoserial\/pull\/116"},{"key":"8_CR17","unstructured":"Authors names obfuscated. CommonsCollections7 (2019). https:\/\/github.com\/frohoff\/ysoserial\/blob\/master\/src\/main\/java\/ysoserial\/payloads\/CommonsCollections7.java"},{"key":"8_CR18","unstructured":"Bechler, M.: Serianalyzer (2017). https:\/\/github.com\/mbechler\/serianalyzer"},{"key":"8_CR19","unstructured":"Oracle Corporation. The serializable interface (2017). https:\/\/docs.oracle.com\/javase\/8\/docs\/platform\/serialization\/spec\/serial-arch.html#a4539"},{"key":"8_CR20","doi-asserted-by":"crossref","unstructured":"Santos, J.C., Jones, R.A., Ashiogwu, C., Mirakhorli, M.: Serialization-aware call graph construction. In: Proceedings of the 10th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis, SOAP 2021, pp. 37\u201342. Association for Computing Machinery, New York (2021)","DOI":"10.1145\/3460946.3464319"},{"key":"8_CR21","doi-asserted-by":"crossref","unstructured":"Shcherbakov, M., Balliu, M.: Serialdetector: principled and practical exploration of object injection vulnerabilities for the web. In: Network and Distributed Systems Security (NDSS) Symposium 202121\u201324 February 2021 (2021)","DOI":"10.14722\/ndss.2021.24550"},{"key":"8_CR22","unstructured":"Vall\u00e9e-Rai, R., Co, P., Gagnon, E., Hendren, L., Lam, P., Sundaresan, V.: Soot - a java bytecode optimization framework. In: Proceedings of the 1999 Conference of the Centre for Advanced Studies on Collaborative Research, CASCON \u201999, p. 13. IBM Press (1999)"}],"container-title":["Lecture Notes in Computer Science","Security and Trust Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-29504-1_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,4,3]],"date-time":"2023-04-03T10:26:14Z","timestamp":1680517574000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-29504-1_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031295034","9783031295041"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-29504-1_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"4 April 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"STM","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Security and Trust Management","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Copenhagen","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Denmark","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 September 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 September 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"stm2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sptage.compute.dtu.dk\/STM2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"18","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"39% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}