Simulation of Built-in PHP Features for Precise Static Code Analysis
作者: Johannes Dahse , Thorsten Holz
关键词:
摘要: The World Wide Web grew rapidly during the last decades and is used by millions of people every day for online shopping, banking, networking, other activities. Many these websites are developed with PHP, most popular scripting language on Web. However, PHP code prone to different types critical security vulnerabilities that can lead data leakage, server compromise, or attacks against an application's users. This problem be addressed analyzing source application before deployed a web server. In this paper, we present novel approach precise static analysis detect in applications. As dismissed previous work area, comprehensive configuration simulation over 900 built-in features allows us precisely model highly dynamic language. By performing intra- inter-procedural flow creating block function summaries, able efficiently perform backward-directed taint 20 vulnerabilities. Furthermore, string enables validate sanitization context-sensitive manner. Our method first fine-grained interaction between sanitization, encoding, sources, sinks, markup contexts, settings. We implemented prototype our tool called RIPS. evaluation shows RIPS capable finding severe real-world applications: reported 73 previously unknown five well-known applications such as phpBB, osCommerce, conference management software HotCRP.
core.ac.uk
ndss-symposium.org
internetsociety.org 参考文章(32)
William G.J. Halfond, Alessandro Orso, Jeremy Viegas, A Classification of SQL-Injection Attacks and Countermeasures Proceedings of the International Symposium on Secure Software Engineering. ,(2006)
Amit Klein, Cross Site Scripting Explained ,(2002)
Alex Aiken, Yichen Xie, Static detection of security vulnerabilities in scripting languages usenix security symposium. pp. 13- ,(2006)
Paul Biggar, David Gregg, Static analysis of dynamic scripting languages ,(2009)
V. Benjamin Livshits, Monica S. Lam, Finding security vulnerabilities in java applications with static analysis usenix security symposium. pp. 18- 18 ,(2005)
Aske Simon Christensen, Michael I. Schwartzbach, Anders Møller, Precise analysis of string expressions static analysis symposium. pp. 1- 18 ,(2003) , 10.5555/1760267.1760269
Pieter Hooimeijer, Margus Veanes, David Molnar, Prateek Saxena, Benjamin Livshits, Fast and precise sanitizer analysis with BEK usenix security symposium. pp. 1- 1 ,(2011)
Fang Yu, Muath Alkhalaf, Tevfik Bultan, STRANGER: an automata-based string analysis tool for PHP tools and algorithms for construction and analysis of systems. pp. 154- 157 ,(2010) , 10.1007/978-3-642-12002-2_13
Jeffrey S. Foster, Manuel Fähndrich, Alexander Aiken, A theory of type qualifiers Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation - PLDI '99. ,vol. 34, pp. 192- 203 ,(1999) , 10.1145/301618.301665
Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai Lee, Sy-Yen Kuo, Securing web application code by static analysis and runtime protection Proceedings of the 13th conference on World Wide Web - WWW '04. pp. 40- 52 ,(2004) , 10.1145/988672.988679