A team of scientists led by Eric Bodden, Professor of Computer Science at Darmstadt University of Technology and Head of Secure Software Engineering at the Fraunhofer Institute for Secure Information Technology (SIT), and Mira Mezini, Professor of Software Engineering at Darmstadt University of Technology, have received Oracle’s Research Collaboration Award, endowed with almost €73,000, commending its project on the automatic detection of security gaps in Java Runtime.
The project involves further development of the FlowTwist framework, which was used by the researchers to analyse the causes of known vulnerabilities in the Java Runtime library and was already backed by Oracle in 2014. FlowTwist automatically detects security gaps in the Runtime code, without being dependent on the help of a developer.
The new, now award-winning project aims to improve the analysis software in order to detect further types of vulnerability and to develop a secure alternative to the current type of access control in Java’s standard library that will verify the origin of the program code being executed before security-critical operations are permitted for it. Because corners are in fact often cut with these checks, a vulnerability sometimes exploited by hackers to mount attacks on the Java platform.
(Source: Darmstadt University of Technology/rf)