51. Research on Vulnerability Detection for Software Based on Taint Analysis
- Author
-
Chu Tian Ye, Binbin Qu, Bei Hai Liang, and Sheng Jiang
- Subjects
Reflection (computer programming) ,Java ,business.industry ,Computer science ,Cross-site scripting ,File inclusion vulnerability ,General Medicine ,computer.software_genre ,Computer security ,Internet security ,Taint checking ,Dependency graph ,Scripting language ,Web application ,Data mining ,business ,computer ,Vulnerability (computing) ,computer.programming_language - Abstract
At present, Cross Site Scripting (XSS) vulnerability exists in most web sites. The main reason is the lack of effective validation and filtering mechanisms for user input data from web request. This paper explores vulnerability detection method which based on taint dependence analysis and implements a prototype system for Java Web program. We treat all user input as tainted data, and track the flow of Web applications, then we judge whether it will trigger an attack or not. The taint dependent analysis algorithm mentioned in this paper is used to construct the taint dependency graph. Next the value representation method of the string tainted object based on finite state automata is discussed. Finally, we propose the vulnerability detection method for the program. The experiment result shows that the prototype system can detect reflection cross-site scripting vulnerability well in those programs which dont have effective treatment for the user input data.
- Published
- 2013