a hybrid analysis framework for detecting web application
play

A hybrid analysis framework for detecting web application - PowerPoint PPT Presentation

Jan 11, 2023 •159 likes •450 views

Universit` a degli Studi di Milano Facolt` a di Scienze Matematiche, Fisiche e Naturali Dipartimento di Informatica e Comunicazione A hybrid analysis framework for detecting web application vulnerabilities Mattia Monga Roberto Paleari

  1. Universit` a degli Studi di Milano Facolt` a di Scienze Matematiche, Fisiche e Naturali Dipartimento di Informatica e Comunicazione A hybrid analysis framework for detecting web application vulnerabilities Mattia Monga Roberto Paleari Emanuele Passerini SESS 2009 M. Monga, R. Paleari, E. Passerini A hybrid analysis framework for detecting . . . 1 / 15 SESS 2009

  2. Introduction Web applications many applications adopt the web paradigm: client-server model + HTTP protocol web servers are augmented with modules for the execution of server-side code Security issues web applications are known to be subject to different attacks ( e.g. , SQLI and XSS) ∼ 60% of software vulnerabilities are specific to web applications Root cause insufficient sanitization of user-supplied input M. Monga, R. Paleari, E. Passerini A hybrid analysis framework for detecting . . . 2 / 15 SESS 2009

  3. Introduction Web applications many applications adopt the web paradigm: client-server model + HTTP protocol web servers are augmented with modules for the execution of server-side code Security issues web applications are known to be subject to different attacks ( e.g. , SQLI and XSS) ∼ 60% of software vulnerabilities are specific to web applications Root cause insufficient sanitization of user-supplied input M. Monga, R. Paleari, E. Passerini A hybrid analysis framework for detecting . . . 2 / 15 SESS 2009

  4. Taint analysis of web applications How it works? 1 data from untrusted sources are marked as tainted 2 propagation of the “taint” attribute 3 alert if tainted data with malicious characters reach a sink 4 sanitization: tainted → untainted Static analysis Dynamic analysis complete accurate results no run-time overhead incomplete overly conservative: high overhead ( ∼ 30%) results can be imprecise M. Monga, R. Paleari, E. Passerini A hybrid analysis framework for detecting . . . 3 / 15 SESS 2009

  5. Taint analysis of web applications How it works? 1 data from untrusted sources are marked as tainted 2 propagation of the “taint” attribute 3 alert if tainted data with malicious characters reach a sink 4 sanitization: tainted → untainted Static analysis Dynamic analysis complete accurate results no run-time overhead incomplete overly conservative: high overhead ( ∼ 30%) results can be imprecise M. Monga, R. Paleari, E. Passerini A hybrid analysis framework for detecting . . . 3 / 15 SESS 2009

  6. A hybrid approach Goal design and develop a hybrid analysis framework in order to obtain: accurate results low run-time overhead Our idea 1 off-line analysis build a static model of the whole application identify dangerous code statements 2 on-line analysis dynamic taint-analysis over dangerous statements M. Monga, R. Paleari, E. Passerini A hybrid analysis framework for detecting . . . 4 / 15 SESS 2009

  7. A hybrid approach Goal design and develop a hybrid analysis framework in order to obtain: accurate results low run-time overhead Our idea 1 off-line analysis build a static model of the whole application identify dangerous code statements 2 on-line analysis dynamic taint-analysis over dangerous statements M. Monga, R. Paleari, E. Passerini A hybrid analysis framework for detecting . . . 4 / 15 SESS 2009

  8. Motivating example function get_product($id) { 1 $q = "SELECT ... WHERE id=$id"; 2 mysql_connect(...); 3 $res = mysql_query($q); 4 } 5 if(isset($_GET[’product_id’])) { 6 $a = $_GET[’product_id’]; 7 get_product($a); 8 } else { 9 $msg = ’Invalid request’; 10 11 echo $msg; 12 } M. Monga, R. Paleari, E. Passerini A hybrid analysis framework for detecting . . . 5 / 15 SESS 2009

  9. Motivating example function get_product($id) { 1 $q = "SELECT ... WHERE id=$id"; 2 mysql_connect(...); 3 $res = mysql_query($q); 4 } 5 if(isset($_GET[’product_id’])) { 6 $a = $_GET[’product_id’]; 7 get_product($a); 8 } else { 9 $msg = ’Invalid request’; 10 11 echo $msg; 12 } Vulnerability SQL injection control-dependent on condition at line 6 M. Monga, R. Paleari, E. Passerini A hybrid analysis framework for detecting . . . 5 / 15 SESS 2009

  10. Motivating example function get_product($id) { 1 $q = "SELECT ... WHERE id=$id"; 2 mysql_connect(...); 3 $res = mysql_query($q); 4 } 5 if(isset($_GET[’product_id’])) { 6 $a = $_GET[’product_id’]; 7 get_product($a); 8 } else { 9 $msg = ’Invalid request’; 10 11 echo $msg; 12 } Off-line analysis identify dangerous statements M. Monga, R. Paleari, E. Passerini A hybrid analysis framework for detecting . . . 5 / 15 SESS 2009

  11. Motivating example function get_product($id) { 1 $q = "SELECT ... WHERE id=$id"; 2 mysql_connect(...); 3 $res = mysql_query($q); 4 } 5 if(isset($_GET[’product_id’])) { 6 $a = $_GET[’product_id’]; 7 get_product($a); 8 } else { 9 $msg = ’Invalid request’; 10 11 echo $msg; 12 } On-line analysis taint-propagation only over dangerous statements M. Monga, R. Paleari, E. Passerini A hybrid analysis framework for detecting . . . 5 / 15 SESS 2009

  12. Phan: P HP H ybrid An alyzer off-line analysis translate into IR construct dangerous CFG/iCFG statements identify propagate sources taint info detect attack execution loop M. Monga, R. Paleari, E. Passerini A hybrid analysis framework for detecting . . . 6 / 15 SESS 2009

  13. Off-line analysis Translation into IR V0 := T0__GET 6 P0 := V0[c("product_id")] 6 P1 := c(1) 6 T1 := CALL c("isset") 6 if(isset($_GET[’product_id’])) { 6 JUMP ((T1 == c(0))) c(10) 6 V2 := T0__GET 7 $a = $_GET[’product_id’]; 7 V3 := V2[c("product_id")] 7 get_product($a); 8 C0_a := V3 7 9 } else { V4 := C0_a 7 P1 := C0_a $msg = ’Invalid request’; 8 10 8 V5 := CALL c("get_product") 11 echo $msg; 9 JUMP c(12) } 12 10 C1_msg := c("Invalid...") 10 V6 := C1_msg 11 P0 := C1_msg 11 CALL c("echo") 12 RET c(1) Intermediate language RISC-like instructions 5 instruction types, 4 expression types M. Monga, R. Paleari, E. Passerini A hybrid analysis framework for detecting . . . 7 / 15 SESS 2009

  14. Off-line analysis CFG construction 00 C0_id := P1 01 T0 := c("") 02 T0 := (T0 . c("SELECT ... WHERE id=")) 03 T0 := (T0 . C0_id) 04 C1_q := T0 04 V1 := C1_q 05 D0 := c("mysql_query") 06 P1 := C1_q 07 V2 := CALL D0 1 function get_product($id) { 08 C2_res := V2 $q = "SELECT ... WHERE id=$id"; 08 V3 := C2_res 2 09 RET c(None) mysql_connect(...); 3 $res = mysql_query($q); 4 } 5 if(isset($_GET[’product_id’])) { 6 00 NOP $a = $_GET[’product_id’]; 01 V0 := T0__GET 7 02 P0 := V0[c("product_id")] 02 P1 := c(1) get_product($a); 02 T1 := CALL c("###isset###") 8 } else { 9 $msg = ’Invalid request’; 10 03 JUMP ((T1 == c(0))) c(10) echo $msg; 11 } 12 04 V2 := T0__GET 05 V3 := V2[c("product_id")] 06 C0_a := V3 06 V4 := C0_a 07 P1 := C0_a 08 V5 := CALL c("get_product") 10 C1_msg := c("Invalid request") 10 V6 := C1_msg 09 JUMP c(12) 11 P0 := C1_msg 11 CALL c("echo") 12 RET c(1) M. Monga, R. Paleari, E. Passerini A hybrid analysis framework for detecting . . . 8 / 15 SESS 2009

  15. Off-line analysis iCFG construction 00 NOP 01 V0 := T0__GET 02 P0 := V0[c("product_id")] 02 P1 := c(1) 02 T1 := CALL c("###isset###") 1 function get_product($id) { 03 JUMP ((T1 == c(0))) c(10) 2 $q = "SELECT ... WHERE id=$id"; 3 mysql_connect(...); 04 V2 := T0__GET 05 V3 := V2[c("product_id")] 4 $res = mysql_query($q); 06 C0_a := V3 06 V4 := C0_a 07 P1 := C0_a 5 } 08 CALL c("get_product") if(isset($_GET[’product_id’])) { 6 00 C0_id := P1 01 T0 := c("") 02 T0 := (T0 . c("SELECT ... WHERE id=")) $a = $_GET[’product_id’]; 10 C1_msg := c("Invalid request") 7 03 T0 := (T0 . C0_id) 10 V6 := C1_msg 04 C1_q := T0 11 P0 := C1_msg get_product($a); 04 V1 := C1_q 8 11 CALL c("echo") 05 D0 := c("mysql_query") 06 P1 := C1_q } else { 07 V2 := CALL D0 9 $msg = ’Invalid request’; 10 08 C2_res := V2 echo $msg; 11 08 V3 := C2_res 09 V5 := c(None) } 12 09 JUMP c(12) 12 RET c(1) constant propagation to handle iCTI handling of inclusion statements M. Monga, R. Paleari, E. Passerini A hybrid analysis framework for detecting . . . 9 / 15 SESS 2009

  16. Off-line analysis Identification of dangerous statements function get_product($id) { 1 $q = "SELECT ... WHERE id=$id"; 2 3 mysql_connect(...); $res = mysql_query($q); 4 identify sources and sinks 5 } find paths from sources to sinks 6 if(isset($_GET[’product_id’])) { compute backward slice over sinks $a = $_GET[’product_id’]; 7 arguments 8 get_product($a); } else { 9 flag only dangerous statements 10 $msg = ’Invalid request’; echo $msg; 11 12 } M. Monga, R. Paleari, E. Passerini A hybrid analysis framework for detecting . . . 10 / 15 SESS 2009

Recommend

in the Medical Field with Thoughts on the Applicability of CnC as a Framework for Hybrid

in the Medical Field with Thoughts on the Applicability of CnC as a Framework for Hybrid

Archive # A Sketch of Data (graph) Analytic Applications in the Medical Field with Thoughts on the Applicability of CnC as a Framework for Hybrid Platforms in These Application Spaces Gary S. Delp, PhD Just a simple engineer Mayo Clinic S

678 views • 35 slides
Detecting Topics and their Transitions Victor Mireles , Artem Revenko Hybrid Statistical Semantic

Detecting Topics and their Transitions Victor Mireles , Artem Revenko Hybrid Statistical Semantic

Detecting Topics and their Transitions Detecting Topics and their Transitions Victor Mireles , Artem Revenko Hybrid Statistical Semantic Understanding and Emerging Semantics Workshop @ ISWC 2017, Vienna 1 / 31 Detecting Topics and their

683 views • 37 slides
12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic

12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic

12/6/2013 Detecting Fakes Image Forensics: Detecting Forged Photos 1.Detecting photorealistic graphics 2.Detecting manipulated images Photo manipulation is the application of image editing techniques to photographs in order to create an

306 views • 13 slides
Plug-In Hybrid Modeling and Application: Cost / Benefit Analysis Presented at the 3 rd AVL Summer

Plug-In Hybrid Modeling and Application: Cost / Benefit Analysis Presented at the 3 rd AVL Summer

Plug-In Hybrid Modeling and Application: Cost / Benefit Analysis Presented at the 3 rd AVL Summer Conference on Automotive Simulation Technology: Modeling of Advanced Powertrain Systems Andrew Simpson National Renewable Energy Laboratory

367 views • 25 slides
Development of Hybrid Mobile Application EEE 27 Li Jiaqi Raffles Institution Koh Rei Min

Development of Hybrid Mobile Application EEE 27 Li Jiaqi Raffles Institution Koh Rei Min

Development of Hybrid Mobile Application EEE 27 Li Jiaqi Raffles Institution Koh Rei Min Ashley Victoria Junior College Prof. Perry Ping Shum Nanyang Technological University Introduction What are hybrid mobile applications? Hybrid

705 views • 41 slides
Robust analysis in a quadratic separation framework and application to Demeter satellite attitude

Robust analysis in a quadratic separation framework and application to Demeter satellite attitude

Robust analysis in a quadratic separation framework and application to Demeter satellite attitude control system Denis Arzelier, Alberto Bortott, Fr ed eric Gouaisbaut, Dimitri Peaucelle Christelle Pittet, Catherine Charbonnel CCT SCA

487 views • 44 slides
Deep Hybrid Models: Bridging Discriminative and Generative Approaches Volodymyr Kuleshov and

Deep Hybrid Models: Bridging Discriminative and Generative Approaches Volodymyr Kuleshov and

A New Framework For Hybrid Models An Application: Deep Hybrid Models Supervised and Semi-Supervised Experiments Deep Hybrid Models: Bridging Discriminative and Generative Approaches Volodymyr Kuleshov and Stefano Ermon Department of Computer

523 views • 29 slides
Analysis of hybrid hydraulic vehicles and com parison w ith hybrid electric vehicles using

Analysis of hybrid hydraulic vehicles and com parison w ith hybrid electric vehicles using

Analysis of hybrid hydraulic vehicles and com parison w ith hybrid electric vehicles using batteries or super capacitors Yannick Louvigny, Jonathan Nzisabira and Pierre Duysinx LTAS Autom otive Engineering University of Lige EET-2008

414 views • 20 slides
Soft Computing Approach to What Is Continuity? Detecting Discontinuities: So How Can We . . .

Soft Computing Approach to What Is Continuity? Detecting Discontinuities: So How Can We . . .

Formulation of the . . . It Is Important to . . . Detecting . . . Need for Soft Computing Soft Computing Approach to What Is Continuity? Detecting Discontinuities: So How Can We . . . Application to Seismic . . . Seismic Analysis and Beyond

530 views • 19 slides
NetFlow Analysis: Detecting covert channels on the network Detecting malicious traffic by using

NetFlow Analysis: Detecting covert channels on the network Detecting malicious traffic by using

NetFlow Analysis: Detecting covert channels on the network Detecting malicious traffic by using NetFlow data By: Joey Dreijer, Student OS3 5-07-14 1 NetFlow Analysis: Detecting covert channels on the network Gathering NetFlow data

346 views • 16 slides
The algorithmic analysis of hybrid system Authors: R.Alur, C. Courcoubetis etc. Course teacher:

The algorithmic analysis of hybrid system Authors: R.Alur, C. Courcoubetis etc. Course teacher:

The algorithmic analysis of hybrid system Authors: R.Alur, C. Courcoubetis etc. Course teacher: Prof. Ugo Buy Xin Li, Huiyong Xiao Nov. 13, 2002 Summary Whats a hybrid system? Definition of Hybrid Automaton Subclasses

448 views • 15 slides
1 EVALUATING AN INVESTMENT: Benefit Cost Analysis DECISION RULE: Invest if total benefits

1 EVALUATING AN INVESTMENT: Benefit Cost Analysis DECISION RULE: Invest if total benefits

LABOR AS A QUASI-FIXED COST: Human Capital Investment LIR 809 Points that will be covered Introduction to the investment framework Application of investment framework to individual decision to invest in oneself Application of

814 views • 11 slides
SeizSmart A mobile application for detecting, tracking, and reporting seizures in real time.

SeizSmart A mobile application for detecting, tracking, and reporting seizures in real time.

SeizSmart A mobile application for detecting, tracking, and reporting seizures in real time. Feasibility Presentation CS 410 Spring 2019 Team Silver Abel Weldergay, Kevin Sokol Alpha Din Gabisi, Jeffrey McAteer Danielle Luckraft, Peter

479 views • 27 slides
Program Analysis in Software Development Summary of Papers Program Analysis Application Areas

Program Analysis in Software Development Summary of Papers Program Analysis Application Areas

Program Analysis in Software Development Summary of Papers Program Analysis Application Areas Compilation and Optimization LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation Obfuscation Generation and

1.64k views • 6 slides
April 2009 Wes J. Lloyd 1 Framework Invasiveness Coupling between application code and

April 2009 Wes J. Lloyd 1 Framework Invasiveness Coupling between application code and

April 2009 Wes J. Lloyd 1 Framework Invasiveness Coupling between application code and framework code Use of framework functions/methods Use of framework specific data types Implementation of framework interfaces Extension of

605 views • 39 slides
Algorithmic Analysis of Polygonal Hybrid Systems G ERARDO S CHNEIDER V ERIMAG G RENOBLE

Algorithmic Analysis of Polygonal Hybrid Systems G ERARDO S CHNEIDER V ERIMAG G RENOBLE

Algorithmic Analysis of Polygonal Hybrid Systems G ERARDO S CHNEIDER V ERIMAG G RENOBLE Algorithmic Analysis of Polygonal Hybrid Systems p.1/66 Hybrid Systems Hybrid Systems: interaction between discrete and continuous behaviors

1.72k views • 147 slides
Rostra: A Framework for Detecting Redundant Object-Oriented Unit Tests 1 2 Tao Xie

Rostra: A Framework for Detecting Redundant Object-Oriented Unit Tests 1 2 Tao Xie

Rostra: A Framework for Detecting Redundant Object-Oriented Unit Tests 1 2 Tao Xie Darko Marinov David Notkin 1 1 Dept. of Computer Science & Engineering, University of Washington, 2 MIT Computer Science and Artificial

642 views • 35 slides
Detecting Application Load Imbalance on Cray Systems Heidi Poxon Technical Lead, Performance

Detecting Application Load Imbalance on Cray Systems Heidi Poxon Technical Lead, Performance

Detecting Application Load Imbalance on Cray Systems Heidi Poxon Technical Lead, Performance Tools Cray Inc. Outline Cray Performance Tools Overview Motivation for Load Imbalance Analysis Metrics Offered by Cray Performance Tools Examples

477 views • 21 slides
Modeling and Analysis of Hybrid Systems Introduction Prof. Dr. Erika brahm Informatik 2 -

Modeling and Analysis of Hybrid Systems Introduction Prof. Dr. Erika brahm Informatik 2 -

Modeling and Analysis of Hybrid Systems Introduction Prof. Dr. Erika brahm Informatik 2 - Theory of Hybrid Systems RWTH Aachen University SS 2013 brahm - Hybrid Systems 1 / 28 Organizational Lecture: Tuesday 13:15-14:15 in 5056

1.36k views • 68 slides
-Abhijit Mahajan Django web Framework is an open source Web 2.0 application framework

-Abhijit Mahajan Django web Framework is an open source Web 2.0 application framework

-Abhijit Mahajan Django web Framework is an open source Web 2.0 application framework written in Python which follows the model-view-controller architectural pattern. It was originally developed to manage several news-oriented

462 views • 35 slides
UNAF: A Special Set of Additive Differences with Application to the Differential Analysis of ARX

UNAF: A Special Set of Additive Differences with Application to the Differential Analysis of ARX

Introduction The UNAF Framework Salsa20 Applications Conclusions UNAF: A Special Set of Additive Differences with Application to the Differential Analysis of ARX V. Velichkov N. Mouha C. De Cannire B. Preneel COSIC, KU Leuven; IBBT FSE

444 views • 42 slides
Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP

Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP

Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP University VP University WHEN DO YOU USE HYBRI D CONSTRUCTI ON? Hybrid Construction is an economical alternative to conventional steel structures

431 views • 15 slides
Modeling Analysis and Design of Hybrid Control Systems Part I Zeno/Chatter-free Systems

Modeling Analysis and Design of Hybrid Control Systems Part I Zeno/Chatter-free Systems

Modeling Analysis and Design of Hybrid Control Systems Part I Zeno/Chatter-free Systems Joo P. Hespanha University of California at Santa Barbara Outline 1. Deterministic hybrid systems 2. Stochastic hybrid systems 3. Switched

617 views • 43 slides
Scalable Critical Path Analysis for Hybrid MPI-CUDA Applications The Fourth International

Scalable Critical Path Analysis for Hybrid MPI-CUDA Applications The Fourth International

Center for Information Services and High Performance Computing (ZIH) Scalable Critical Path Analysis for Hybrid MPI-CUDA Applications The Fourth International Workshop on Accelerators and Hybrid Exascale Systems, May 19th 2014 Felix Schmitt,

395 views • 24 slides

More recommend