在 Node.js 函式庫中動態偵測原型鏈污染漏洞

Yuan-Chun Chu; 朱元均

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/84947

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	吳家麟(Ja-Ling Wu)
dc.contributor.author	Yuan-Chun Chu	en
dc.contributor.author	朱元均	zh_TW
dc.date.accessioned	2023-03-19T22:34:17Z	-
dc.date.copyright	2022-08-24
dc.date.issued	2022
dc.date.submitted	2022-08-23
dc.identifier.citation	[1] jsfuzz. https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/jsfuzz. Accessed: 2022-06-01. [2] Arteau. prototype-pollution-nsec18. https://github.com/HoLyVieR/prototype-pollution-nsec18. Accessed: 2022-06-01. [3] BlackFan. client-side-prototype-pollution. https://github.com/BlackFan/client-side-prototype-pollution. Accessed: 2022-06-01. [4] M. Boehme, C. Cadar, and A. Roychoudhury. Fuzzing: Challenges and reflections. IEEE Software, 38(03):79–86, may 2021. [5] E. Ecma. 262: Ecmascript language specification. ECMA (European Association for Standardizing Information and Communication Systems), pub-ECMA: adr,, 2022. [6] H. Y. Kim, J. H. Kim, H. K. Oh, B. J. Lee, S. W. Mun, J. H. Shin, and K. Kim. Dapp: automatic detection and analysis of prototype pollution vulnerability in Node.js modules. International Journal of Information Security, 21(1):1–23, 2022. [7] S. Li, M. Kang, J. Hou, and Y. Cao. Detecting Node. js prototype pollution vulnerabilities via object lookup analysis. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pages 268–279, 2021. [8] M. Zalewski. american fuzzy lop. https://lcamtuf.coredump.cx/afl/. Accessed: 2022-06-01.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/84947	-
dc.description.abstract	本論文提出了一套框架能夠自動地在 Node.js 的函式庫中偵測原型鏈污染漏洞，並自動產生相對應的漏洞利用以驗證漏洞的存在。此框架包含了可以分開獨立實作與優化的六個步驟，依序從尋找目標、分割程式碼、植入程式碼、模糊測試、產生漏洞利用到驗證漏洞利用，結合靜態分析與動態分析的優勢，並分析利用原型鏈污染漏洞的特性，盡可能地找出所有原型鏈污染漏洞。最後，依照每一步驟的定義，本論文實作了一套概念性驗證的工具，來驗證並分析此架構的可行性與效能。	zh_TW
dc.description.abstract	This thesis proposes a framework that automatically detects Prototype Pollution Vul- nerabilities in the Node.js library and automatically generates the corresponding exploits to verify the existence of vulnerabilities. The proposed framework comprises six phases that can be implemented and optimized independently. The six phases include: finding targets, segmenting code, injecting code, fuzzing, generating exploits, and verifying ex- ploits, which combines the advantages of static and dynamic analysis and makes analyzing the concept of Prototype Pollution to find all vulnerabilities as much as possible. By ade- quately defining each phase, we implemented proof-of-concept tools to verify and analyze the feasibility and effectiveness of the framework.	en
dc.description.provenance	Made available in DSpace on 2023-03-19T22:34:17Z (GMT). No. of bitstreams: 1 U0001-0707202216093800.pdf: 3718682 bytes, checksum: f5cc97a6d47430a1fb7d99ef26ee9461 (MD5) Previous issue date: 2022	en
dc.description.tableofcontents	Verification Letter from the Oral Examination Committee i 摘要 ii Abstract iii Contents iv List of Figures vi List of Tables vii Chapter 1 Introduction 1 Chapter 2 Prototype Pollution 2 2.1 Prototype Chain ............................ 2 2.2 Prototype Pollution........................... 3 2.3 Vulnerable Pattern ........................... 5 2.4 Possible Impact............................. 6 Chapter 3 Related Work 9 3.1 PPFuzzer................................ 9 3.2 DAPP.................................. 10 3.3 ObjLupAnsys.............................. 10 Chapter 4 Proposed Method 12 4.1 Overview................................ 12 4.2 Finding Target ............................. 13 4.3 Splitting Code Segment ........................ 16 4.4 InjectingCode ............................. 18 4.5 Greybox Fuzzing............................ 21 4.6 Generating Exploit ........................... 24 4.7 VerifyingExploit............................ 25 Chapter 5 Result 27 5.1 Comparison............................... 27 5.2 ObjectMutator ............................. 28 Chapter 6 Conclusion 30 6.1 Conclusion ............................... 30 6.2 FutureWork .............................. 30 References 32
dc.language.iso	en
dc.subject	Node.js	zh_TW
dc.subject	原型鏈污染	zh_TW
dc.subject	模糊測試	zh_TW
dc.subject	Fuzzing	en
dc.subject	Node.js	en
dc.subject	PrototypePollution	en
dc.title	在 Node.js 函式庫中動態偵測原型鏈污染漏洞	zh_TW
dc.title	Dynamic Detection of Prototype Pollution Vulnerability in Node.js Library	en
dc.type	Thesis
dc.date.schoolyear	110-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	許超雲(Chau-Yun Hsu),陳駿承(Jun-Cheng Chen)
dc.subject.keyword	Node.js,原型鏈污染,模糊測試,	zh_TW
dc.subject.keyword	Node.js,PrototypePollution,Fuzzing,	en
dc.relation.page	33
dc.identifier.doi	10.6342/NTU202201333
dc.rights.note	同意授權(限校園內公開)
dc.date.accepted	2022-08-23
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	資訊網路與多媒體研究所	zh_TW
dc.date.embargo-lift	2022-08-24	-
顯示於系所單位：	資訊網路與多媒體研究所

文件中的檔案：

檔案	大小	格式
U0001-0707202216093800.pdf 授權僅限NTU校內IP使用（校園外請利用VPN校外連線服務）	3.63 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。