Vulnerability Assessment of Java Bytecode

Abstract

Security of the software applications has become a critical issue as software is now used in almost all sectors parts of our day to day life. There is always an underlying threat that a malicious user may be able to access classified information, intellectual information or secret algorithms by exploiting the software applications in many possible ways. The research described here examines the possible security threats to any stand-alone software applications developed in Java. The Java bytecode adheres to a well-defined class file format as described in the JVM specifications, and this makes the bytecode more vulnerable. The bytecode vulnerability taxonomy is developed and can be used to increase our overall understanding of the bytecode vulnerabilities. The focus of this research is to conduct a vulnerability assessment of Java bytecode in order to reveal its vulnerabilities. As part of case study, the class files are exploited to carry out intellectual penetration and component penetration attacks followed by the validations.