Improving Precision of Detecting Deserialization Vulnerabilities with Bytecode Analysis.

Traditional static taint analysis based on bytecode analysis such as GadgetInspector to detect deserialization vulnerabilities always faced precision problems. For example, missing the fact that taints flowing to members in called methods, type confusion, and chaotic inheritance relationships when detecting deserialization vulnerabilities, which would lead to many error results. To alleviate these problems, this paper considers three measures of improving precision of detecting deserialization vulnerabilities, including cross-function members data flow tracking, local variables and arguments types inference, and call chain subject inference based on inheritance relationships.