Basser Seminar Series

On Security Issues in the Java Serialisation API

Speaker: Associate Professor Jens Dietrich
Massey University

When: Wednesday 8 February, 2017, 4:00-5:00pm

Where: The University of Sydney, School of IT Building, SIT Lecture Theatre (Room 123), Level 1

Add seminar to my diary

Abstract

Recently, several new vulnerabilities have been discovered that take advantages of weaknesses in the serialisation APIs of Java and other languages. We analyse these vulnerabilities, and discuss strategies how they can be prevented. Our focus is on vulnerabilities that exploit the combinatorial explosion in the size of the calling context tree.

Speaker's biography

Jens has a MSc in Mathematics and a PhD in Computer Science from the University of Leipzig. After completing his PhD, he worked in industry for 7 years and returned to academia in 2003 when he joined Massey University in New Zealand. He is Associate Professor at Massey and major leader of the Software Engineering degree. His research interests are in the area of software modularisation and static analysis.