請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/60855
標題: | 網站應用程式安全分析工具CANTU功能模組之整合與改進 CANTU Improved for Integrated Analysis of Web Application Security |
作者: | Wei-Hsien Chang 張暐獻 |
指導教授: | 蔡益坤(Yih-Kuen Tsay) |
關鍵字: | 資料流分析,動態分析,靜態分析,驗證,網路應用程式安全, Data flow Analysis,Dynamic Analysis,Static Analysis,Verfication,Web Applications,Web Applications Security, |
出版年 : | 2013 |
學位: | 碩士 |
摘要: | 這幾年來,眾多網路應用程式蓬勃發展並服務網際網路的使用者。而網路應用程式上的安全問題也隨著網路應用程式的普及越來越重要。如今已有許多相關研究如何偵測出一個網路應用程式是否含有安全弱點,雖然這些分析研究已可以找出很多種不同的安全弱點,其準確性上仍有進步空間。
我們實驗室多年來一直在研發一個網路應用程式分析工具CANTU,CANTU嘗試合併靜態分析與動態分析的方法來增加準確性。在靜態分析部分,CANTU轉換目標語言並盡量維持程式其完整的資料流並對其進行資料流分析;在動態分析部分,CANTU試著動態尋找攻擊情境來確認靜態分析所找出來的安全弱點為真。 然而這些功能是被分別研究與開發,並沒有完整的被整合在CANTU平台上。在這篇論文中,我們會試圖將這些功能在CANTU上實際整合起來。在靜態分析部分,我們使用PHP程式碼的分析工具來進行函數內以及函數間的資料流分析,包含同名(alias)問題的處理,從中偵測SQL資料隱碼攻擊(SQL Injection)和跨網站腳本攻擊(XSS)的安全弱點;除此之外,我們透過原有的PHP分析工具建構出JavaScript程式碼分析工具,試圖找出同個檔案中可能屬於DOM的跨網站腳本攻擊。在動態分析部分,我們將簡單的動態分析確認與靜態分析結合。同時為了讓PHP程式碼和JavaScript程式碼的分析工具能夠被CANTU立即使用,我們採用一個過渡時期的分析結構對受測程式進行分析,讓CANTU可以分析PHP應用程式中嵌入JavaScript程式碼的情況。 Numerous Web applications have emerged in recent years to serve the Internet users. As the number of users of Web applications dramatically grows, security of Web applications becomes more and more important as well. There have been many researches about detecting vulnerabilities of Web applications. Although the proposed approaches could detect a lot of vulnerabilities, there is still room for improvement in terms of precision. Aiming at an analysis tool that can detect vulnerabilities of Web applications as precisely as possible, our laboratory has been developing a tool called CANTU for several years. CANTU tries to combine static analysis and dynamic analysis. In the static analysis phase, CANTU tries to compute the complete dataflow of a program and perform analysis upon it. In the dynamic analysis phase, CANTU tries to generate and execute the corresponding attack scenarios of the program under analysis so that it can confirm the true positives reported by static analysis. However, the various components of CANTU were implemented separately and not integrated fully. In this thesis, we put some of these functionalities together. In the static analysis phase, we use a PHP analyzer that performs intra-procedural and inter-procedural dataflow analysis and alias analysis for SQL injection and cross-site scripting vulnerabilities. And we construct a JavaScript analyzer based on the same structure of the PHP analyzer to perform the same analysis procedure for DOM-based cross-site scripting vulnerabilities. In the dynamic analysis phase, we integrate the generation of test cases with the static analysis. To put both PHP and JavaScript analyzers into immediate use, we design an interim analysis architecture so that CANTU can analyze PHP Web applications embedded with JavaScript code. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/60855 |
全文授權: | 有償授權 |
顯示於系所單位: | 資訊管理學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-102-1.pdf 目前未授權公開取用 | 2.24 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。