TY - GEN
T1 - Mitigating remote code execution vulnerabilities
T2 - 2021 IEEE International IOT, Electronics and Mechatronics Conference, IEMTRONICS 2021
AU - Bier, Stephen
AU - Fajardo, Brian
AU - Ezeadum, Obinna
AU - Guzman, German
AU - Sultana, Kazi Zakia
AU - Anu, Vaibhav
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021/4/21
Y1 - 2021/4/21
N2 - The security of web-applications has become increasingly important in recent years as their popularity has grown exponentially. More and more web-based enterprise applications deal with sensitive personal and private information, which, if compromised, can not only lead to system downtime, but can also cause mean millions of dollars in damages to the organization. It is critical to protect web-applications from the constant onslaught of hacker attacks. Remote Code Execution (RCE) attacks are one of the most prominent security threats for software systems, especially Java-based systems. In the current study, we have studied the security update reports for RCE vulnerabilities published by two Java-based projects: Apache Tomcat and Android. We analyzed and categorized the code-fixes (i.e., patches/updates) that were applied to mitigate/fix fifty-one (51) RCE vulnerabilities in the two above-mentioned Java projects. Our analysis showed that a significant majority of the RCE vulnerabilities found in Java projects can be mitigated with just five (5) types/categories of code-fixes. Overall, our goal was to study RCE vulnerabilities in an effort to provide programmers with a handy list of code-fixes, thus making it easier for them to effectively mitigate known RCE vulnerabilities in their own Java-based applications.
AB - The security of web-applications has become increasingly important in recent years as their popularity has grown exponentially. More and more web-based enterprise applications deal with sensitive personal and private information, which, if compromised, can not only lead to system downtime, but can also cause mean millions of dollars in damages to the organization. It is critical to protect web-applications from the constant onslaught of hacker attacks. Remote Code Execution (RCE) attacks are one of the most prominent security threats for software systems, especially Java-based systems. In the current study, we have studied the security update reports for RCE vulnerabilities published by two Java-based projects: Apache Tomcat and Android. We analyzed and categorized the code-fixes (i.e., patches/updates) that were applied to mitigate/fix fifty-one (51) RCE vulnerabilities in the two above-mentioned Java projects. Our analysis showed that a significant majority of the RCE vulnerabilities found in Java projects can be mitigated with just five (5) types/categories of code-fixes. Overall, our goal was to study RCE vulnerabilities in an effort to provide programmers with a handy list of code-fixes, thus making it easier for them to effectively mitigate known RCE vulnerabilities in their own Java-based applications.
KW - Open source software
KW - Remote code execution
KW - Software engineering
KW - Software security
KW - Vulnerabilities
UR - http://www.scopus.com/inward/record.url?scp=85106716037&partnerID=8YFLogxK
U2 - 10.1109/IEMTRONICS52119.2021.9422666
DO - 10.1109/IEMTRONICS52119.2021.9422666
M3 - Conference contribution
AN - SCOPUS:85106716037
T3 - 2021 IEEE International IOT, Electronics and Mechatronics Conference, IEMTRONICS 2021 - Proceedings
BT - 2021 IEEE International IOT, Electronics and Mechatronics Conference, IEMTRONICS 2021 - Proceedings
A2 - Chakrabarti, Satyajit
A2 - Paul, Rajashree
A2 - Gill, Bob
A2 - Gangopadhyay, Malay
A2 - Poddar, Sanghamitra
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 21 April 2021 through 24 April 2021
ER -