We present QUACK, a framework for automatically protecting applications by fixing calls to deserialization APIs. This “binding” limits the classes allowed for ...
[PDF] Quack: Hindering Deserialization Attacks via Static Duck Typing
cs.brown.edu › quack.ndss24.pdf
By manipulating serialized objects, attackers can trigger a chained execution of existing code segments, using them as gadgets to form an exploit. Protecting ...
Duration: 20:36
Posted: Apr 1, 2024
Posted: Apr 1, 2024
Q UACK is a framework for automatically protecting applications by fixing calls to deseri-alization APIs by statically collecting all statements in the ...
QUACK: Hindering Deserialization Attacks via Static Duck Typing. Published in NDSS, 2024. [Paper] [Code] [Slides-Soon] ...
People also ask
What is the difference between duck typing and static typing?
Is duck typing bad?
What are the advantages of duck typing?
What is the difference between duck typing and nominal typing?
Nov 16, 2023 · This is the artifact for our NDSS '24 paper "QUACK: Hindering Deserialization Attacks via Static Duck Typing".
Request PDF | On Jan 1, 2024, Yaniv David and others published QUACK: Hindering Deserialization Attacks via Static Duck Typing | Find, read and cite all the ...
Oct 26, 2023 · QUACKSHIELD: Hindering Deserialization Attacks via Static Duck Typing. Download all (3.81 GB) This item is shared privately. modified on 2023 ...
Missing: QUACK: | Show results with:QUACK:
QUACK: Hindering Deserialization Attacks via Static Duck Typing. NDSS Symposium 2024. Managed languages facilitate convenient ways for serializing objects ...
Publications. QUACK: Hindering Deserialization Attacks via Static Duck Typing Yaniv David, Neophytos Christou, Andreas D. Kellas, Vasileios P. Kemerlis ...