{"id":"https://openalex.org/W3122488687","doi":"https://doi.org/10.1145/3324884.3418931","title":"A hybrid analysis to detect Java serialisation vulnerabilities","display_name":"A hybrid analysis to detect Java serialisation vulnerabilities","publication_year":2020,"publication_date":"2020-12-21","ids":{"openalex":"https://openalex.org/W3122488687","doi":"https://doi.org/10.1145/3324884.3418931","mag":"3122488687"},"language":"en","primary_location":{"id":"doi:10.1145/3324884.3418931","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3324884.3418931","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5028189101","display_name":"Shawn Rasheed","orcid":"https://orcid.org/0000-0001-7683-4296"},"institutions":[{"id":"https://openalex.org/I51158804","display_name":"Massey University","ror":"https://ror.org/052czxv31","country_code":"NZ","type":"education","lineage":["https://openalex.org/I51158804"]}],"countries":["NZ"],"is_corresponding":true,"raw_author_name":"Shawn Rasheed","raw_affiliation_strings":["Massey University, Palmerston North, New Zealand"],"affiliations":[{"raw_affiliation_string":"Massey University, Palmerston North, New Zealand","institution_ids":["https://openalex.org/I51158804"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5075091948","display_name":"Jens Dietrich","orcid":"https://orcid.org/0000-0001-9019-6550"},"institutions":[{"id":"https://openalex.org/I41156924","display_name":"Victoria University of Wellington","ror":"https://ror.org/0040r6f76","country_code":"NZ","type":"education","lineage":["https://openalex.org/I41156924"]}],"countries":["NZ"],"is_corresponding":false,"raw_author_name":"Jens Dietrich","raw_affiliation_strings":["Victoria University of Wellington, Wellington, New Zealand"],"affiliations":[{"raw_affiliation_string":"Victoria University of Wellington, Wellington, New Zealand","institution_ids":["https://openalex.org/I41156924"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5028189101"],"corresponding_institution_ids":["https://openalex.org/I51158804"],"apc_list":null,"apc_paid":null,"fwci":2.5035,"has_fulltext":false,"cited_by_count":18,"citation_normalized_percentile":{"value":0.91972061,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1209","last_page":"1213"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.8977103233337402},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8525826334953308},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.7008237838745117},{"id":"https://openalex.org/keywords/heap","display_name":"Heap (data structure)","score":0.6445889472961426},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.5635207891464233},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.5060059428215027},{"id":"https://openalex.org/keywords/soundness","display_name":"Soundness","score":0.41478079557418823},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.35848531126976013},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.26882314682006836},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.20525917410850525},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.17059513926506042},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.11735701560974121}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.8977103233337402},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8525826334953308},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.7008237838745117},{"id":"https://openalex.org/C134757568","wikidata":"https://www.wikidata.org/wiki/Q274089","display_name":"Heap (data structure)","level":2,"score":0.6445889472961426},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.5635207891464233},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.5060059428215027},{"id":"https://openalex.org/C39920170","wikidata":"https://www.wikidata.org/wiki/Q693083","display_name":"Soundness","level":2,"score":0.41478079557418823},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.35848531126976013},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.26882314682006836},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.20525917410850525},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.17059513926506042},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.11735701560974121},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3324884.3418931","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3324884.3418931","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.550000011920929,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W77208212","https://openalex.org/W196342399","https://openalex.org/W1517071433","https://openalex.org/W1525731446","https://openalex.org/W1965194038","https://openalex.org/W2002934700","https://openalex.org/W2119717320","https://openalex.org/W2125940008","https://openalex.org/W2135032959","https://openalex.org/W2140021378","https://openalex.org/W2146641295","https://openalex.org/W2151152024","https://openalex.org/W2151562310","https://openalex.org/W2158591033","https://openalex.org/W2162120832","https://openalex.org/W2172260321","https://openalex.org/W2174442795","https://openalex.org/W2534728012","https://openalex.org/W2730150466","https://openalex.org/W2765944901","https://openalex.org/W2766540688","https://openalex.org/W2897025578","https://openalex.org/W2902065464","https://openalex.org/W2961870034","https://openalex.org/W2997088857","https://openalex.org/W3089825636","https://openalex.org/W3102086861","https://openalex.org/W4247889999","https://openalex.org/W4253813365"],"related_works":["https://openalex.org/W2867457158","https://openalex.org/W2047479118","https://openalex.org/W2159846532","https://openalex.org/W2120675930","https://openalex.org/W3089408602","https://openalex.org/W2789873982","https://openalex.org/W2062583373","https://openalex.org/W2914996832","https://openalex.org/W2979331965","https://openalex.org/W1486481742"],"abstract_inverted_index":{"Serialisation":[0],"related":[1],"security":[2],"vulnerabilities":[3,33,74,104],"have":[4],"recently":[5],"been":[6],"reported":[7],"for":[8,20,27,73],"numerous":[9],"Java":[10,36,76],"applications.":[11],"Since":[12],"serialisation":[13,32,55,103],"presents":[14],"both":[15],"soundness":[16],"and":[17,85,87],"precision":[18],"challenges":[19],"static":[21,49,90],"analysis,":[22],"it":[23,88,99],"can":[24,100],"be":[25],"difficult":[26],"analyses":[28],"to":[29,53,70,81],"precisely":[30],"pinpoint":[31],"in":[34,63,75,105],"a":[35,43,48,67],"library.":[37,110],"In":[38],"this":[39],"paper,":[40],"we":[41],"propose":[42],"hybrid":[44],"approach":[45,61,95],"that":[46],"extends":[47],"analysis":[50,91],"with":[51],"fuzzing":[52,72,80],"detect":[54,101],"vulnerabilities.":[56],"The":[57],"novelty":[58],"of":[59,66],"our":[60],"is":[62],"its":[64],"use":[65],"heap":[68],"abstraction":[69],"direct":[71],"libraries.":[77],"This":[78],"guides":[79],"produce":[82],"results":[83],"quickly":[84],"effectively,":[86],"validates":[89],"reports":[92],"automatically.":[93],"Our":[94],"shows":[96],"potential":[97],"as":[98],"known":[102],"the":[106],"Apache":[107],"Commons":[108],"Collections":[109]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":4}],"updated_date":"2026-04-06T07:47:59.780226","created_date":"2025-10-10T00:00:00"}