Research On Security Auditing Technology Based On CMS Framework

With the development of Internet technology,Web applications have been widely used in various kinds of fields.Simultaneously,the security issues of Web applications are getting more and more serious.Since the Web development framework is the basis for the development of Web applications,tens of thousands of Web applications will be affected significantly once security problems occur in the Web development framework.Among the existing Web development frameworks,CMS framework is the most common and widely used framework.In the CMS,Word Press accounts for more than 26% of the entire Internet,and the websites of Joomla also account for 2.6%.In recent years,the security issues of CMS framework have become increasingly serious,meanwhile,various security vulnerabilities have been reported frequently,which have greatly affected hundreds of thousands of sites.In 2016,Wordfence exposured that the auto-update mechanism of Word Press has serious vulnerabilities,and about 27% of the sites have been affected.Therefore,the security of CMS framework has become a hot topic both at home and abroad.In this thesis,the security audit of CMS is carried out based on the code layer.First,the characteristics and security status of CMS framework are introduced,and then the relevant security audit technology are presented based on PHP,the implementation language of the CMS.On the basis of PHP security audit technology,the researches on security audit technology of the CMS are investigated.The main works of this thesis are summarized as follows:(1)The security audit scheme of CMS framework based on taint-style vulnerability is proposed.The scheme is implemented by static analysis technology,and provides solutions for the key technologies in it.In the scheme,the block-based generation algorithm of control flow graph is improved.Besides,the interprocedural analysis method based on class summary as well as file summary and the auditing technique of sensitive parameter based on boundary backstepping have been used to analyse vulnerabilities,which greatly guarantees the analysis efficiency and the accuracy of the result.(2)An improved generation method of control flow graph based on block structure is provided in this thesis.In virtue of the control nodes in the abstract syntax tree,the method divides the abstract syntax tree into the basic blocks which are connected by directed edges.The method reconstructs the classification of control nodes and the decomposed approach of them,which improves the integrity and accuracy of the control flow graph.In addition,this method collects the data flow,constant,return value and other information in order to construct the basic block summary used for data flow analysis.(3)An interprocedural analysis method based on class summary and file summary information is proposed.First of all,the class summary and file summary are defined combined with the features of PHP.Then a novel method is designed to get class summary and file summary from abstract syntax trees.Subsequently,this method accurately locates the called function and gets the function body to further analyze in virtue of class summary and file summary.The method determines the position of the called function by using more specific information,which effectively improves the analysis results.(4)An auditing method of sensitive parameter based on boundary backstepping is proposed.This method defines the path boundary of the sensitive parameter,and then a boundary backstepping algorithm is proposed based on the control flow graph with the node called function as the starting point.Moreover,the boundary backstepping algorithm of sensitive parameter is combined with the taint analysis,and then the data flows within the basic block or between the basic block are analyzed based on the hazard path.This method has significant advantages in reducing the analysis path,avoiding the large amount of redundancy in the analysis process,and improving the efficiency of the analysis as well as the accuracy of the analysis results.Finally,WFVFinder system is designed and implemented as the security audit system of CMS.It consists of front-end compilation module,intermediate module,back-end analysis module,configuration module and application interface module.Experiments show that the WFVFinder system implemented in this paper can effectively detect the taint-style vulnerabilities in the framework and the comprehensive performance of the false positives and false negatives is good.