Abstract:
I will discuss recent vulnerabilities in the Java runtime library, and will highlight how many of them are caused by purely implementations of access control. I will demo and explain an exploit for a now fixed vulnerability, and discuss challenges when it comes to detecting those vulnerabilities through static code analysis.