Mitigating remote code execution vulnerabilities: A study on tomcat and android security updates

Stephen Bier, Brian Fajardo, Obinna Ezeadum, German Guzman, Kazi Zakia Sultana, Vaibhav Anu

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The security of web-applications has become increasingly important in recent years as their popularity has grown exponentially. More and more web-based enterprise applications deal with sensitive personal and private information, which, if compromised, can not only lead to system downtime, but can also cause mean millions of dollars in damages to the organization. It is critical to protect web-applications from the constant onslaught of hacker attacks. Remote Code Execution (RCE) attacks are one of the most prominent security threats for software systems, especially Java-based systems. In the current study, we have studied the security update reports for RCE vulnerabilities published by two Java-based projects: Apache Tomcat and Android. We analyzed and categorized the code-fixes (i.e., patches/updates) that were applied to mitigate/fix fifty-one (51) RCE vulnerabilities in the two above-mentioned Java projects. Our analysis showed that a significant majority of the RCE vulnerabilities found in Java projects can be mitigated with just five (5) types/categories of code-fixes. Overall, our goal was to study RCE vulnerabilities in an effort to provide programmers with a handy list of code-fixes, thus making it easier for them to effectively mitigate known RCE vulnerabilities in their own Java-based applications.

Original languageEnglish
Title of host publication2021 IEEE International IOT, Electronics and Mechatronics Conference, IEMTRONICS 2021 - Proceedings
EditorsSatyajit Chakrabarti, Rajashree Paul, Bob Gill, Malay Gangopadhyay, Sanghamitra Poddar
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781665440677
DOIs
StatePublished - 21 Apr 2021
Event2021 IEEE International IOT, Electronics and Mechatronics Conference, IEMTRONICS 2021 - Toronto, Canada
Duration: 21 Apr 202124 Apr 2021

Publication series

Name2021 IEEE International IOT, Electronics and Mechatronics Conference, IEMTRONICS 2021 - Proceedings

Conference

Conference2021 IEEE International IOT, Electronics and Mechatronics Conference, IEMTRONICS 2021
Country/TerritoryCanada
CityToronto
Period21/04/2124/04/21

Keywords

  • Open source software
  • Remote code execution
  • Software engineering
  • Software security
  • Vulnerabilities

Fingerprint

Dive into the research topics of 'Mitigating remote code execution vulnerabilities: A study on tomcat and android security updates'. Together they form a unique fingerprint.

Cite this