Font Size: a A A

Detecting Deserialization Vulnerabilities With Reverse Taint Analysis

Posted on:2024-01-19Degree:MasterType:Thesis
Country:ChinaCandidate:W C LiFull Text:PDF
GTID:2558307067972209Subject:Cyberspace security
Abstract/Summary:
Deserialization vulnerabilities have wide influence and great danger in all web vulnerabilities,and taint analysis is widely used in detecting deserialization vulnerabilities,dynamic taint analysis is supposed to detect potential deserialization gadget chains firstly,and then build serialized objects dynamically to find whether the taints can be transferred correctly.Static taint analysis focuses on data flows and method call flows to analyse the taint flows.Dynamic taint analysis not only have a strict demand on prepositive data flows analysis,but also require a meticulous testing object.It make dynamic analysis hard to have a low false negative rate of detection.Static analysis mainly base on outside-in taints transferring,which may let it face the problem of the imbalance between the number of sources and sinks.Although traditional pruning measures based on methods can deal with the loopback issue,it also cause other problems such as incorrectly pruning.In conclusion,existing measures to detect deserialization vulnerabilities have many disadvantage.This paper proposes the inside-out taint analysis,the pruning measure based on methods and taints,and the context-sensitive members data flows analysis as well as type presumption.This paper presents the following contributions.(1)As to the imbalance between sources and sinks,this paper proposes the detecting method based on inside-out analysis.This measure can reduce the cost of detection.(2)As to the incorrect pruning issue,this paper proposes the pruning measure based on methods and taints.This measure can avoid incorrectly pruning a node of a deseralization gadget chain with the same method but different taints.It can also reduce the false negative rate of detection.(3)As to the taint flows issue about members in different methods and the unknown type issue,this paper proposes the measure of context-sensitive members data flows analysis,type presumption and scope of the call chain presumption.This measure can reduce the false positive rate.Based on the above key techniques,this paper uses Java deserializtion vulnerabilities as an example and implements a Java application Gadget Getter to detect such vulnerabilities.Following evaluation shows that this application can reduce the time cost of taint analysis,as well as detect deserializtion vulnerabilities efficiently.
Keywords/Search Tags:Taint Analysis, Java Application, Deserialization Vulnerabilities, Vulnerabilities Detection
Related items