A team of programming language researchers from Massey and Victoria won the prestigious Distinguished Artifact Award at the European Conference on Object-Oriented Programming (ECOOP’17) for their work on “Evil Pickles: DoS Attacks Based on Object-Graph Engineering”. The paper describes a new type of Denial-of-Service attack that affects multiple programming languages, including Java, C# and Ruby. The artifact for this paper is a virtual machine with a sophisticated setup that demonstrates the how attacks on two servers (Tomcat-Jenkins, JBoss) can be engineered using the new vulnerabilities discovered.
The research team consisted of Jens Dietrich, Shawn Rasheed and Amjed Tahir (all Massey), Alex Potanin (Victoria) and Kamil Jezek (University of Western Bohemia). The results of this paper already have had an impact on several languages, including Java and C#/.NET. The research was partially funded by a gift by Oracle Labs. The paper is available online, and the artifact can be downloaded from here.