Proceedings of the 2nd International Symposium on Computer, Communication, Control and Automation (ISCCCA 2013)

Research on Vulnerability Detection for Software Based on Taint Analysis

Authors
Beihai Liang, Binbin Qu, Sheng Jiang, Chutian Ye
Corresponding Author
Beihai Liang
Available Online February 2013.
DOI
10.2991/isccca.2013.107How to use a DOI?
Keywords
XSS vulnerability, taint dependency graph, web security
Abstract

At present, Cross Site Scripting (XSS) vulnerability exists in most web sites. The main reason is the lack of effective validation and filtering mechanisms for user input data from web request. This paper explores vulnerability detection method which based on taint dependence analysis and implements a prototype system for Java Web program. We treat all user input as tainted data, and track the flow of Web applications, then we judge whether it will trigger an attack or not. The taint dependent analysis algorithm mentioned in this paper is used to construct the taint dependency graph. Next the value representation method of the string tainted object based on finite state automata is discussed. Finally, we propose the vulnerability detection method for the program. The experiment result shows that the prototype system can detect reflection cross-site scripting vulnerability well in those programs which don’t have effective treatment for the user input data.

Copyright
© 2013, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

Volume Title
Proceedings of the 2nd International Symposium on Computer, Communication, Control and Automation (ISCCCA 2013)
Series
Advances in Intelligent Systems Research
Publication Date
February 2013
ISBN
978-90-78677-63-5
ISSN
1951-6851
DOI
10.2991/isccca.2013.107How to use a DOI?
Copyright
© 2013, the Authors. Published by Atlantis Press.
Open Access
This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

TY  - CONF
AU  - Beihai Liang
AU  - Binbin Qu
AU  - Sheng Jiang
AU  - Chutian Ye
PY  - 2013/02
DA  - 2013/02
TI  - Research on Vulnerability Detection for Software Based on Taint Analysis
BT  - Proceedings of the 2nd International Symposium on Computer, Communication, Control and Automation (ISCCCA 2013)
PB  - Atlantis Press
SP  - 434
EP  - 437
SN  - 1951-6851
UR  - https://doi.org/10.2991/isccca.2013.107
DO  - 10.2991/isccca.2013.107
ID  - Liang2013/02
ER  -