Netinfo Security ›› 2020, Vol. 20 ›› Issue (7): 19-29.doi: 10.3969/j.issn.1671-1122.2020.07.003

Previous Articles     Next Articles

Java Deserialization Vulnerability Gadget Chain Discovery Method Based on Bytecode Search

DU Xiaoyu, YE He, WEN Weiping()   

  1. School of Software and Microelectronics, Peking University, Beijing 100080, China
  • Received:2020-05-02 Online:2020-07-10 Published:2020-08-13
  • Contact: Weiping WEN E-mail:weipingwen@ss.pku.edu.cn

Abstract:

Deserialization vulnerability is one of the hotspots of application security research in recent years. As the functions of Java class library are constantly updated and expanded, the potential scope of deserialization vulnerability is more extensive. Discovering deserialization vulnerability through manpower requires a lot of time to screen and construct the gadget chain. This paper introduces the Java deserialization vulnerability principle, common scenarios and deserialization vulnerability gadget chain construction method, and combining with the common vulnerability discovery methods, proposes a method to discover gadget chain, which is implemented as a gadget chain discovering tool Zero Gadget. The method uses the stain analysis and symbol execution technologies to generate the gadget tree from the deserialization vulnerability entry point to the dangerous function, and uses the depth-first search algorithm to search the gadget tree and generate the relevant gadget chain. This paper selects common Java basic libraries to test the effect of gadget chain discovery. The experimental results show that this method can successfully discover the potential gadget chains and have a high accuracy rate, which has positive significance for automatic discovery of deserialization vulnerability gadget chain.

Key words: deserialization vulnerability, gadget chain, Java vulnerability discovery

CLC Number: