Cristalli, S., Vignati, E., Bruschi, D., & Lanzi, A. (2018, September). Trusted Execution Path for Protecting Java Applications Against Deserialization of Untrusted Data. In International Symposium on Research in Attacks, Intrusions, and Defenses (pp. 445-464). Springer, Cham. Open paper website
Luca Buccioli, Stefano Cristalli, Edoardo Vignati, Lorenzo Nava, Daniele Badagliacca, Danilo Bruschi, Long Lu, and Andrea Lanzi. JChainz: Automatic Detection of Deserialization Vulnerabilities for the Java Language. In: Lenzini, G., Meng, W. (eds) Security and Trust Management. STM 2022. Lecture Notes in Computer Science, vol 13867. Springer, Cham. Open paper website