| With the popularity of Internet, more and more companies use Web programs to deal with critical applications, and Web security is becoming more and more important. But most Web programs have potential vulnerabilities, there are serious security risks. In all vulnerabilities identified in Web programs, most of them are due to unchecked external input data, such as SQL injection attacks(SQL Injection Attack, SQLIA), Cross Site Script(XSS), and so on.Taint analysis can be used to analyze the relation between the external input data(tainted data) and the output of the Web program to find and fix vulnerabilities.The analysis mainly includes static taint analysis and dynamic taint analysis. The thesis presents a field-sensitive, dependence-based static taint analysis method combined with pointer analysis.Firstly, the seed statements and the dependent relation among Jimple variables are formally defined. Then, a intra-procedure and inter-procedure method is proposed to construct the data dependence graph for the whole program to find out the statements relate to seed statements. Afte that, a reachability-matrix algorithm is used to mine the taint propogation path from the graph. At last, the path can be patched by adding a sanitizer procedure manually. The analysis is partitioned into multiple phases, each of which runs the same procedure except that the set of analyzed statments iteratively increase to analyze large scale programsThe method is implemented on top of Soot,and the experiment uses Bodgeit and Web Goat to evaluate the performance and to compare with an existing approach. The results show our approach has significant improvements on time and space efficiency, but without loss of precision. |
PDF Full Text Request