会议专题

Research on Vulnerability Detection for Software Based on Taint Analysis

  At present,Cross Site Scripting (XSS) vulnerability exists in most web sites.The main reason is the lack of effective validation and filtering mechanisms for user input data from web request.This paper explores vulnerability detection method which based on taint dependence analysis and implements a prototype system for Java Web program.We treat all user input as tainted data,and track the flow of Web applications,then we judge whether it will trigger an attack or not.The taint dependent analysis algorithm mentioned in this paper is used to construct the taint dependency graph.Next the value representation method of the string tainted object based on finite state automata is discussed.Finally,we propose the vulnerability detection method for the program.The experiment result shows that the prototype system can detect reflection cross-site scripting vulnerability well in those programs which dont have effective treatment for the user input data.

XSS vulnerability taint dependency graph web security

Beihai Liang Binbin Qu Sheng Jiang Chutian Ye

School.of Compute Science, Huazhong University of Science & Technology, Wuhan, 430074,China ; Shenzhen Key Laboratory of High Performance Data Mining, Shenzhen, 518055, China

国际会议

2013 2nd International Symposium on Computer,Communication,Control and Automation(ISCCCA-13)(2013年第二届计算机、通信与自动化国际会议)

太原

英文

434-437

2013-04-06(万方平台首次上网日期,不代表论文的发表时间)