计算机应用 ›› 2016, Vol. 36 ›› Issue (5): 1246-1249.DOI: 10.11772/j.issn.1001-9081.2016.05.1246

• 网络空间安全 • 上一篇    下一篇

基于动态污点分析的DOM XSS漏洞检测算法

李洁, 俞研, 吴家顺   

  1. 南京理工大学 计算机科学与工程学院, 南京 210094
  • 收稿日期:2015-11-30 修回日期:2016-01-25 出版日期:2016-05-10 发布日期:2016-05-09
  • 通讯作者: 俞研
  • 作者简介:李洁(1991-),女,安徽宿州人,硕士研究生,主要研究方向:网络安全;俞研(1972-),男,吉林长春人,副教授,博士,CCF会员,主要研究方向:软件分析、信息安全;吴家顺(1984-),男,江苏扬州人,助理工程师,硕士,主要研究方向:网络协议。
  • 基金资助:
    国家自然科学基金资助项目(61202352);江苏省自然科学基金资助项目(BK20140797)。

Vulnerability detection algorithm of DOM XSS based on dynamic taint analysis

LI Jie, YU Yan, WU Jiashun   

  1. School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing Jiangsu 210094, China
  • Received:2015-11-30 Revised:2016-01-25 Online:2016-05-10 Published:2016-05-09
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61202352), the Natural Science Foundation of Jiangsu Province (BK20140797).

摘要: 针对Web客户端中基于文档对象模型的跨站脚本攻击(DOM XSS)漏洞检测问题,提出一种基于动态污点分析的DOM XSS漏洞检测算法。通过构造DOM模型和修改Firefox SpiderMonkey脚本引擎,利用动态的、基于bytecode的污点分析方法实现了DOM XSS漏洞的检测。对DOM对象类属性的扩展和SpiderMonkey字符串编码格式的修改可以完成污点数据标记;遍历JavaScript指令代码bytecode的执行路径,获得污点传播路径,实现污点数据集的生成;监控所有可能会触发DOM XSS攻击的输出点,实现DOM XSS漏洞的判定。在此基础上,利用爬虫程序设计并实现了一个互联网DOM XSS漏洞检测系统。实验结果表明,所提算法能有效检测网页存在的DOM XSS漏洞,其检测率可达92%。

关键词: 动态污点分析, 注入点, 输出点, 执行路径

Abstract: Concerning DOM XSS (Document Object Model (DOM)-based Cross Site Scripting (XSS)) vulnerability detection in Web client, a detection algorithm for DOM XSS vulnerability based on dynamic taint analysis was proposed. By constructing DOM model and modifying Firefox SpiderMonkey script engine, a dynamic taint analysis method based on the bytecode was used to detect DOM XSS vulnerabilities. First, taint data was marked by extending the attribute of the DOM object class and modifying the string encoding format of SpiderMonkey. Then, the execution route of the bytecode was traversed to generate the tainted data set. After that, all the output points which might trigger DOM XSS attacks were monitored to determine whether the application contained the DOM XSS vulnerabilities. In the experiment, a DOM XSS vulnerability detection system containing a crawler was designed and implemented. The experimental results show that the proposed algorithm can effectively detect the DOM XSS vulnerabilities, and the detection rate is about 92%.

Key words: dynamic taint analysis, source, sink, execution route

中图分类号: