<p>Traditional dynamic taint analysis in the context of web application development tends to disregard implicit and control flow propagation, which results in a tardy manner of detecting potential intrusion points. This research elaborates the control dependency modeling and path constraint analysis with the help of the paper on top of the traditional TaintFlow framework. The new TaintFlow-based implicit propagation augmentation tool extracts the predicates and branch relationships through the creation of a control dependency graph from which it identifies the control nodes that are influenced by the tainted inputs in conditional statements and utilizes symbolic execution for path constraint representation. Besides, it makes use of an SMT (Satisfiability Modulo Theories) solver and path pruning to cut down the redundant propagation. As a result, it pinpoints the explicit and implicit taint flows just before the sensitive operations; thus, it can accurately locate the potential intrusion points. Experiments demonstrate that the upgraded approach considerably raises the coverage level for various application kinds (86% to 95%). The precision and recall rates for the detection of critical vulnerabilities are 94% and 92% for SQLi, and 90% and 88% for XSS, correspondingly. Moreover, the time taken for the analysis of a 5000-loc application is 7.2&#xa0;s, the memory consumption is 450&#xa0;MB, and the coverage is still 83%; thus, the method's effectiveness in implicit propagation detection and its scalability are confirmed.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A method for locating potential intrusion points in dynamic data flows of web applications during development based on taint flow

  • Mingfei Zeng,
  • Siwei Li

摘要

Traditional dynamic taint analysis in the context of web application development tends to disregard implicit and control flow propagation, which results in a tardy manner of detecting potential intrusion points. This research elaborates the control dependency modeling and path constraint analysis with the help of the paper on top of the traditional TaintFlow framework. The new TaintFlow-based implicit propagation augmentation tool extracts the predicates and branch relationships through the creation of a control dependency graph from which it identifies the control nodes that are influenced by the tainted inputs in conditional statements and utilizes symbolic execution for path constraint representation. Besides, it makes use of an SMT (Satisfiability Modulo Theories) solver and path pruning to cut down the redundant propagation. As a result, it pinpoints the explicit and implicit taint flows just before the sensitive operations; thus, it can accurately locate the potential intrusion points. Experiments demonstrate that the upgraded approach considerably raises the coverage level for various application kinds (86% to 95%). The precision and recall rates for the detection of critical vulnerabilities are 94% and 92% for SQLi, and 90% and 88% for XSS, correspondingly. Moreover, the time taken for the analysis of a 5000-loc application is 7.2 s, the memory consumption is 450 MB, and the coverage is still 83%; thus, the method's effectiveness in implicit propagation detection and its scalability are confirmed.