Dynamic Controllability Analysis for Preventing Injection Attacks

Injection attacks are some of the most serious security threats, and various techniques have been studied to prevent such attacks through program analysis. One of the typical dynamic analysis methods is Dynamic Taint Analysis (DTA), which adds a flag called taint to externally input data and detects...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Proceedings (IEEE Pacific Rim International Symposium on Dependable Computing) S. 131 - 142
Hauptverfasser: Ogawa, Eri, Yamazaki, Tetsuro, Shioya, Ryota
Format: Tagungsbericht
Sprache:Englisch
Veröffentlicht: IEEE 13.11.2024
Schlagworte:
Accuracy
Controllability
Information Flow Analysis
Injection Attacks
Manipulator dynamics
Runtime
Security
Taint Analysis
ISSN:2473-3105
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Injection attacks are some of the most serious security threats, and various techniques have been studied to prevent such attacks through program analysis. One of the typical dynamic analysis methods is Dynamic Taint Analysis (DTA), which adds a flag called taint to externally input data and detects an injection attack when these data reach a sink point where the system can be manipulated. However, DTA- based attack detection may produce many false positives and false negatives, especially in complex data flows. We consider that the high rate of false positives and negatives arises because the taint in DTA indicates whether data was controlled, not how much data was controlled. We propose Dynamic Controllability Analysis (DCA), an approach that approximates controllability by generalizing binary taint into natural numbers, indicating the extent of data control. We implemented DCA on a JavaScript runtime and evaluated the controllability computed by DCA. The evaluation results show that the controllability computed by DCA is sensitive to the presence or absence of an injection attack, yielding very low values when the system is safe and very high values when an attack is present.
ISSN:2473-3105
DOI:10.1109/PRDC63035.2024.00026