×

Boolean formulas for the static identification of injection attacks in Java. (English) Zbl 1471.68043

Davis, Martin (ed.) et al., Logic for programming, artificial intelligence, and reasoning. 20th international conference, LPAR-20 2015, Suva, Fiji, November 24–28, 2015. Proceedings. Berlin: Springer. Lect. Notes Comput. Sci. 9450, 130-145 (2015).
Summary: The most dangerous security-related software errors, according to CWE 2011, are those leading to injection attacks – user-provided data that result in undesired database access and updates (SQL-injections), dynamic generation of web pages (cross-site scripting-injections), redirection to user-specified web pages (redirect-injections), execution of OS commands (command-injections), class loading of user-specified classes (reflection-injections), and many others. This paper describes a flow- and context-sensitive static analysis that automatically identifies if and where injections of tainted data can occur in a program. The analysis models explicit flows of tainted data. Its notion of taintedness applies also to reference (non-primitive) types dynamically allocated in the heap, and is object-sensitive and field-sensitive. The analysis works by translating the program into Boolean formulas that model all possible flows. We implemented it within the Julia analyzer for Java and Android. Julia found injection security vulnerabilities in the Internet banking service and in the customer relationship management of a large Italian bank.
For the entire collection see [Zbl 1326.68013].

MSC:

68N15 Theory of programming languages
03B70 Logic in computer science
68M25 Computer security
68P15 Database theory

Software:

julia
PDFBibTeX XMLCite
Full Text: DOI