Dynamic Controllability Analysis for Preventing Injection Attacks

Injection attacks are some of the most serious security threats, and various techniques have been studied to prevent such attacks through program analysis. One of the typical dynamic analysis methods is Dynamic Taint Analysis (DTA), which adds a flag called taint to externally input data and detects...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Proceedings (IEEE Pacific Rim International Symposium on Dependable Computing) s. 131 - 142
Hlavní autori: Ogawa, Eri, Yamazaki, Tetsuro, Shioya, Ryota
Médium: Konferenčný príspevok..
Jazyk:English
Vydavateľské údaje: IEEE 13.11.2024
Predmet:
Accuracy
Controllability
Information Flow Analysis
Injection Attacks
Manipulator dynamics
Runtime
Security
Taint Analysis
ISSN:2473-3105
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:Injection attacks are some of the most serious security threats, and various techniques have been studied to prevent such attacks through program analysis. One of the typical dynamic analysis methods is Dynamic Taint Analysis (DTA), which adds a flag called taint to externally input data and detects an injection attack when these data reach a sink point where the system can be manipulated. However, DTA- based attack detection may produce many false positives and false negatives, especially in complex data flows. We consider that the high rate of false positives and negatives arises because the taint in DTA indicates whether data was controlled, not how much data was controlled. We propose Dynamic Controllability Analysis (DCA), an approach that approximates controllability by generalizing binary taint into natural numbers, indicating the extent of data control. We implemented DCA on a JavaScript runtime and evaluated the controllability computed by DCA. The evaluation results show that the controllability computed by DCA is sensitive to the presence or absence of an injection attack, yielding very low values when the system is safe and very high values when an attack is present.
ISSN:2473-3105
DOI:10.1109/PRDC63035.2024.00026