Type confusion

• The Princeton team has a tool called the type confusion toolkit

  • leverage a minor confusion to a major disaster
  • not available on the Net

• Key parts of the Java security model are classes

  • confuse the VM about them

• Most Java holes involve type confusion

Previous slide

Next slide

Back to first slide

View graphic version