Object-based dynamic taint analysis for J2EE program

doi:10.11772/j.issn.1001-9081.2015.08.2386

Journal of Computer Applications ›› 2015, Vol. 35 ›› Issue (8): 2386-2391.DOI: 10.11772/j.issn.1001-9081.2015.08.2386

Previous Articles Next Articles

Object-based dynamic taint analysis for J2EE program

ZENG Xiangfei¹, GUO Fan¹, TU Fengtao²

1. College of Computer Information Engineering, Jiangxi Normal University, Nanchang Jiangxi 330022, China;
2. Department of Information Science, Nanchang Teachers College, Nanchang Jiangxi 330103, China

Received:2015-03-26 Revised:2015-05-27 Online:2015-08-10 Published:2015-08-14

基于对象跟踪的J2EE程序动态污点分析方法

曾祥飞¹, 郭帆¹, 涂风涛²

1. 江西师范大学计算机信息工程学院, 南昌 330022;
2. 江西师范高等专科学校信息科学系, 南昌 330103

通讯作者: 曾祥飞(1989-),男,江西赣州人,硕士研究生,主要研究方向:网络安全,jxzengxf@163.com
作者简介:郭帆(1977-),男,江西南昌人,副教授,博士,主要研究方向:网络安全; 涂风涛(1976-),男,江西南昌人,讲师,硕士,主要研究方向:网络安全。
基金资助:
江西省自然科学基金资助项目(2012zbbe50003);江西省教育厅科技项目(GJJ14247)。

Abstract

Abstract:

The injection vulnerabilities of Web applications such as SQL injections and Cross Site Scripting (XSS) are mainly caused by external inputs which are not verified, while taint analysis can effectively locate these vulnerabilities. A dynamic analysis approach was presented by tracking all potentially tainted Java objects, which is different from existing approaches that only track characters or string objects. The approach used the hash code to represent the tainted object, defined the method node and method coordinates to record the location of the taint propagation, supported tracing the taint propagation path. The approach put forward a specific taint propagation analysis for stream-family objects according to the decorative pattern of Java stream objects. A language specification was also given to model Java libraries and user-defined methods related to taint propagation. The approach designed and formalized the taint propagation semantics of the methods according to the classification by taint introduction, taint propagation, taint sanitization and taint usage. The prototype system which implemented on SOOT used static analysis to collect reachable methods and instruments Java byte-code of the real Web sites, and the experimental results demonstrated the effect on detecting injection vulnerabilities.

Key words: dynamic taint analysis, taint propagation, instrument, SOOT, vulnerability analysis

摘要：

Web程序的安全威胁主要是由外部输入未验证引发的安全漏洞,如数据库注入漏洞和跨站脚本漏洞,动态污点分析可有效定位此类漏洞。提出一种基于对象跟踪的动态分析方法,与现有动态方法跟踪字符和字符串对象不同,追踪所有可能被污染的Java对象。方法应用对象哈希值表示污点对象,定义方法节点和方法坐标记录污点传播时的程序位置,支持污点传播路径追踪,针对Java流对象装饰模式提出流家族污点传播分析。方法设计一种语言规范对Java类库中污点传播相关的方法集合以及用户自定义方法建模,按照污点引入、传播、验证和使用,对方法集分类后设计和形式化定义各类方法的污点传播语义。在SOOT平台实现对J2EE源码或字节码插桩框架,使用静态分析计算可达方法集以减少插桩规模,应用原型系统对真实网站的测试结果表明该方法可有效发现注入漏洞。

关键词: 动态污点分析, 污点传播, 插桩, SOOT, 漏洞分析

CLC Number:

TP311.522

ZENG Xiangfei, GUO Fan, TU Fengtao. Object-based dynamic taint analysis for J2EE program[J]. Journal of Computer Applications, 2015, 35(8): 2386-2391.

曾祥飞, 郭帆, 涂风涛. 基于对象跟踪的J2EE程序动态污点分析方法[J]. 计算机应用, 2015, 35(8): 2386-2391.

References

[1] Open Web Application Security Project. The ten most critical Web application security vulnerabilities [R/OL]. [2014-12-20]. http://www.owasp.org.cn/owasp-project/download/OWASPTop102013V1.2.pdf.
[2] LAM M S, MARTIN M, LIVSHITS B, et al. Securing Web applications with static and dynamic information flow tracking [C]//PEPM'08: Proceedings of the 2008 ACM SIGPLAN Symposium on Partial Evaluation and Semantics-based Program Manipulation. New York: ACM, 2008: 3-12.
[3] CHANG W, STERIFF B, LIN C. Efficient and extensible security enforcement using dynamic data flow analysis [C]//CCS'08: Proceedings of the 15th ACM Conference on Computer and Communications Security. New York: ACM, 2008: 39-50.
[4] HALDAR V, CHANDRA D, FRANZ M. Dynamic taint propagation for Java [C]//Proceedings of the 21st Annual Computer Security Applications Conference. Piscataway: IEEE, 2005: 274-282.
[5] CHIN E, WAGNER D. Efficient character-level taint tracking for Java [C]//SWS 2009: Proceedings of the 6th ACM Workshop on Secure Web Services. New York: ACM, 2009: 2-12.
[6] XU W, BHATKAR S, SEKAR R. Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks [C]//USENIX-SS'06: Proceedings of the 15th USENIX Security Symposium. Berkeley: USENIX Association, 2006, 15: Article No. 9.
[7] NEWSOME J, SONG D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software [C]//NDSS Symposium 2005: Proceedings of the 2005 Symposium on Network and Distributed System Security. [S.l.]: Internet Society, 2005:116-128.
[8] NGUYEN-TUONG A, GUARNIERI S, GREENE D, et al. Automatically hardening Web applications using precise tainting [C]//IFIP TC11: Proceedings of the 20th International Information Security Conference. Berlin: Springer, 2005: 372-382.
[9] HALFOND W,ORSO A, MANOLIOS P. WASP: protecting Web applications using positive tainting and syntax-aware evaluation [J]. IEEE Transactions on Software Engineering, 2008, 34(1): 65-81.
[10] SON S, McKINLEY K S, SHMATIKOV V. Diglossia: detecting code injection attacks with precision and efficiency [C]//CCS'13: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2013: 1181-1191.
[11] PIETRASZEK T, BERGHE C V. Defending against injection attacks through context-sensitive string evaluation [C]//RAID 2005: Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection, LNCS 3858. Berlin: Springer, 2005: 124-145.
[12] WANG Y,LI Z,GUO T. Literal tainting method for preventing code injection attack in Web application [J]. Journal of Computer Research and Development, 2012, 49(11): 2414-2423. (王溢,李舟军,郭涛.防御代码注入式攻击的字面值污染方法[J].计算机研究与发展,2012,49(11):2414-2423.)
[13] HUANG Y-W,YU F,HANG C, et al. Securing Web application code by static analysis and runtime protection [C]//WWW'04: Proceedings of the 13th International Conference on World Wide Web.New York: ACM, 2004: 40-52.
[14] VOGT P, NENTWICH F, JOVANOVIC N, et al. Cross-site scripting prevention with dynamic data tainting and static analysis [C]//NDSS 2007: Proceeding of the 2007 Network and Distributed System Security Symposium. London: dblp Computer Science Bibliography, 2007: 189-197.
[15] RAY D, LIGATTI J. Defining code-injection attacks [C]//POPL '12: Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. New York: ACM, 2012: 179-190.
[16] BISHT P,VENKATAKRISHNAN V N. XSS-GUARD: precise dynamic prevention of cross-site scripting attacks [C]//DIMVA '08: Proceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. New York: ACM, 2008: 23-43.
[17] SCHWARTZ E J, AVGERINOS T, BRUMLEY D. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask) [C]//SP'10: Proceedings of the 2010 IEEE Symposium on Security and Privacy. Washington, DC: IEEE Computer Society, 2010: 317-331.

Object-based dynamic taint analysis for J2EE program

基于对象跟踪的J2EE程序动态污点分析方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

[1]	LI Huihui, YAN Kun, ZHANG Lixuan, LIU Wei, LI Zhi. Circular pointer instrument recognition system based on MobileNetV2 [J]. Journal of Computer Applications, 2021, 41(4): 1214-1220.
[2]	ZHAO Wei, ZHANG Wenyin, WANG Jiuru, WANG Haifeng, WU Chuankun. Smart contract vulnerability detection scheme based on symbol execution [J]. Journal of Computer Applications, 2020, 40(4): 947-953.
[3]	REN Yuzhu, ZHANG Youwei, AI Chengwei. Survey on taint analysis technology [J]. Journal of Computer Applications, 2019, 39(8): 2302-2309.
[4]	ZHANG Hanfang, ZHOU Anmin, JIA Peng, LIU Luping, LIU Liang. Directed fuzzing method for binary programs [J]. Journal of Computer Applications, 2019, 39(5): 1389-1393.
[5]	WANG Fei, YU Fengqing. Musical instrument identification based on multiscale time-frequency modulation and multilinear principal component analysis [J]. Journal of Computer Applications, 2018, 38(3): 891-894.
[6]	FENG Xiang, ZHANG Bin. Transmission channel calibration algorithm for digital instrument landing system [J]. Journal of Computer Applications, 2017, 37(3): 741-745.
[7]	MAO Limin, ZHU Peiyi, LU Zhenli, PENG Weiwei. Gobang game algorithm based on LabVIEW [J]. Journal of Computer Applications, 2016, 36(6): 1630-1633.
[8]	LI Jie, YU Yan, WU Jiashun. Vulnerability detection algorithm of DOM XSS based on dynamic taint analysis [J]. Journal of Computer Applications, 2016, 36(5): 1246-1249.
[9]	DAI Wei, LIU Zhi, LIU Yihe. Function pointer attack detection with address integrity checking [J]. Journal of Computer Applications, 2015, 35(2): 424-429.
[10]	XIE Yu, HU Xintong, MENG Xiyun, LIU Yunjie. Passenger counting system based on intelligent detection of polyvinylidene fluoride human gait [J]. Journal of Computer Applications, 2015, 35(12): 3602-3606.
[11]	ZHANG Tianjiong WANG Zheng. Runtime error site analysis tool based on variable tracking [J]. Journal of Computer Applications, 2014, 34(3): 857-860.
[12]	CAI Jianzhang WEI Qiang ZHU Yuefei. Identification of encrypted function in malicious software [J]. Journal of Computer Applications, 2013, 33(11): 3239-3243.
[13]	HU Jichen HUANG Guoyong SHAO Zongkai WANG Xiaodong ZOU Jinhui. Small fault detection method of instruments based on independent component subspace algorithm and ensemble strategy [J]. Journal of Computer Applications, 2013, 33(07): 2063-2066.
[14]	DAI Li SHU Hui HUANG Hejie. Network protocol reverse parsing technique based on dataflow analysis [J]. Journal of Computer Applications, 2013, 33(05): 1217-1221.
[15]	WU Yi-lun ZHANG Bo-feng LAI Zhi-quan SU Jin-shu. Software network behavior analysis based on message semantics analysis [J]. Journal of Computer Applications, 2012, 32(01): 25-29.