计算机工程与应用2018,Vol.54Issue(12):63-68,6.DOI:10.3778/j.issn.1002-8331.1702-0164
基于权限验证图的Web应用访问控制漏洞检测
Detection of access control vulnerabilities in Web applications based on privilege verification graph
摘要
Abstract
Concerning the problem that it is lack of effective ways to detect access control vulnerabilities in Web applica-tions, a new detection algorithm based on privilege verification graph is proposed. Firstly, identify privilege verification nodes and source nodes, then connect nodes to a privilege verification graph by T or F edges based on the program Con-trol Flaw Graph(CFG). Then, traverse all privilege verification routes corresponding to a source node to count the route verification privilege and compare it with the source node access privilege to detect whether existed a access control vul-nerability. The experiment has detected eight known and unknown vulnerabilities in seven Web applications. Compared with the existing access control detection algorithms, the algorithm can effectively detect four kinds of access control vulnerabilities and expand the scope of vulnerability detection.关键词
Web应用/权限控制/权限验证图/漏洞检测Key words
Web application/access control/privilege verification graph/vulnerability detection分类
信息技术与安全科学引用本文复制引用
夏志坚,彭国军,胡鸿富..基于权限验证图的Web应用访问控制漏洞检测[J].计算机工程与应用,2018,54(12):63-68,6.基金项目
国家自然科学基金(No.U1636107,No.61202387,No.61373168). (No.U1636107,No.61202387,No.61373168)
