Follow us:
  • Follow us on Facebook
  • Follow us on Twitter
  • Follow us on Linked In
Student Login

  New Student Signup  |  Lost Password

Sem2 + Sem1 S'ware / Comp Syst Eng: Improve Java Security Vulnerability Detection

Oracle Labs #4

Return to List

Open Posted: 02 Jun 20. Closes: 16 Aug 20 Available: Semester 2 (Jul - Nov)

UPDATE 5/8: this project has re-opened for applications. Apply now.


EXTENDED PROJECT DURATION: Semester 2 2020 + Semester 1 2021. 

** only apply if can enrol in a whole year thesis - Sem2 2020 + Sem1 2021 (2 units per semester) **


This thesis project is for a UQ final year Software or Computer Systems Engineering (thesis ENGG4802) student.

Oracle Labs are looking for applicants with strong programming skills only. See full list of skills / background below.

The successful applicant will receive a $6,000 scholarship + academic credit SPREAD OVER Semester 2 2020 + Semester 1 2021 for enrolment/assessment (total of 4units spread across two semesters - UQ).  You must be available to work on the project onsite for 2 days/week during semester 2 2020 + Semester 1 2021 (around lecture timetable). 

APPLICANTS NOTE: upload your resume with unofficial academic transcript/s (undergrad + Masters if applicable - combined into 1 doc/pdf). Also include your student ID number. Upload resume before OR after applying for project/s.  

UQ ELIGIBILITY REQUIREMENT: all CEED applicants must get a written study plan approved (by a UQ academic advisor) which shows ENGG4802 enrolment is possible across Semester 2 2020 + Semester 1 2021.

We cannot progress your application until you provide this info to CEED (please email to CEED before the project's application close date).

Location: Brisbane City QLD
Category: Electrical Engineering

Project Background / Description

Runtime verification approaches can prevent security vulnerabilities by monitoring events and the flow of data in a running application and rejecting objects originating from unknown or untrusted sources. A runtime verification engine such as JavaMOP can automatically synthesise implementation-level monitors from formal monitoring specifications that describe events and data that need to be tracked and properties that should hold at runtime. While detection of different vulnerabilities typically requires monitoring of different events and use of different monitoring specifications this project focuses on a specific problem of tracking insecure deserialisation -- a vulnerability that can lead to severe consequences including remote code execution, denial-of-service, injection and privilege escalation attacks.

The aim of the project will be to determine whether runtime verification is a suitable technology for prevention of attacks exploiting insecure deserialisation in Java.


About Oracle

Oracle offers a comprehensive and fully integrated stack of cloud applications, platform services, and engineered systems.  With more than 400,000 customers—including 100 of the Fortune 100—in more than 145 countries, Oracle provides a complete technology stack both in the cloud and in the data centre.


Oracle’s industry-leading cloud-based and on-premises solutions give customers complete deployment flexibility and unmatched benefits including application integration, advanced security, high availability, scalability, energy efficiency, powerful performance, and low total cost of ownership.


For more information about Oracle, visit


Oracle Labs

Oracle Labs is the research division of Oracle.  It focuses on applied research to produce new technologies of interest to the company.

Oracle Labs Australia (, based in Brisbane, specialises in Program Analysis in a variety of domains, including bug-checking, productivity tools, security analysis, testing, and more.

How Oracle helps CEED students

We link you up with an experienced supervisor on the Brisbane team. They will work closely with you, helping you grow your skills—really practical skills you can put to work in real-world situations. 

Objectives / Tasks / Project Outcomes

  • Scope the project based on the intern’s interests/strengths and the requirements of Oracle Labs;
  • A literature review of the state-of-the-art in the area of runtime verification for security vulnerability detection
  • Familiarise yourself with relevant concepts and tools, such as JavaMOP (monitoring oriented programming for Java) and AspectJ (aspect-oriented programming for Java)
  • Analyse relevant examples to identify code-level event that potentially lead to insecure deserialisation attacks
  • Create formal JavaMOP specifications describing these events
  • Conduct experimentation to dynamically identify potentially vulnerable deserialisation sources in example Java applications using JavaMOP engine and record the results
  • A report describing the outcomes and recommendations
  • Give a presentation to the group on work undertaken

The student will gain expertise and skills in runtime verification, in particular tools such as JavaMOP.  They will also get exposure to the process necessary to move a research tool into to a practical implementation.

Skills / Experience Required

  • Excellent academic results
  • Solid software engineering skills
  • Strong Java programming skills and good knowledge of Java infrastructure
  • Ability to work both independently and collaboratively
  • Familiarity with formal methods is a plus

Return to List

Subscribe to e-newsletter