|
|
|
A method for detecting code security vulnerability
based on variables tracking with validated-tree |
| ZHANG Zhefei1, ZHENG Qinghua1, GUAN Xiaohong1, WANG Qing1, WANG Tuo1, GUAN Xiaohong2 |
| 1.MOE Key Lab for Intelligent and Network Security, Xi'an Jiaotong University; 2.Center for Intelligent and Networked Systems, Department of Automation, Tsinghua University; |
|
|
|
|
Abstract SQL injection poses a major threat to the application level security of the database and there is no systematic solution to these attacks. Different from traditional run time security strategies such as IDS and firewall, this paper focuses on the solution at the outset; it presents a method to find vulnerabilities by analyzing the source codes. The concept of validated tree is developed to track variables referenced by database operations in scripts. By checking whether these variables are influenced by outside inputs, the database operations are proved to be secure or not. This method has advantages of high accuracy and efficiency as well as low costs, and it is universal to any type of web application platforms. It is implemented by the software code vulnerabilities of SQL injection detector (CVSID). The validity and efficiency are demonstrated with an example.
|
|
Issue Date: 05 June 2008
|
|
| 1 |
Buehrer G Weide B W Sivilotti P A G Using parse tree validation to prevent SQL injection attacksIn: Proceedings of the 5th International Workshop on Software Engineeringand Middleware. New York, NYACM 2005 106113
|
| 2 |
Wassermann G Su Z An Analysis Framework for Securityin Web ApplicationsInProceedings of the Workshop on Specification and Verificationof Component-Based Systems 2004
|
| 3 |
Fosdick L D Osterweil L J Data Flow analysis in softwarereliabilityComputing Surveys 1976 8(3)305330.
doi:10.1145/356674.356676
|
| 4 |
Gustafsson J Lisper B Sandberg C et al.A tool for automatic flow analysis of C-programsfor WCET calculationIn: Proceedings of the Eighth InternationalWorkshop on Object-Oriented Real-Time Dependable Systems. IEEE Press 2003 106112
|
| 5 |
Shankar U Talwar K Foster J S et al.Detecting Format String Vulnerabilities with TypeQualifiersInProceedings of the 10th USENIX Security Symposium 2001
|
| 6 |
Walker D A typesystem for expressive security policiesIn: Proceedingsof the 27th ACM SIGPLAN-SIGACT symposium on Principles of programminglanguages. New York, NYACM 2000 254267
|
| 7 |
Huang Y W Fang Y Hang C et al.Verifying web applications using bounded model checkingIn: Proceedings of the 2004 International Conferenceon Dependable Systems and Networks 2004 199208
|
| 8 |
Pietraszek T Berge C V Defending against injectionattacks through context-sensitive string evaluationIn: Proceedings of Recent Advances in Intrusion Detection (RAID) 2005 124145
|
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
| |
Shared |
|
|
|
|
| |
Discussed |
|
|
|
|
