| dc.contributor.advisor | 陳恭 | zh_TW |
| dc.contributor.author (Authors) | 江尚倫 | zh_TW |
| dc.creator (作者) | 江尚倫 | zh_TW |
| dc.date (日期) | 2009 | en_US |
| dc.date.accessioned | 8-Dec-2010 12:08:54 (UTC+8) | - |
| dc.date.available | 8-Dec-2010 12:08:54 (UTC+8) | - |
| dc.date.issued (上傳時間) | 8-Dec-2010 12:08:54 (UTC+8) | - |
| dc.identifier (Other Identifiers) | G0097753023 | en_US |
| dc.identifier.uri (URI) | http://nccur.lib.nccu.edu.tw/handle/140.119/49474 | - |
| dc.description (描述) | 碩士 | zh_TW |
| dc.description (描述) | 國立政治大學 | zh_TW |
| dc.description (描述) | 資訊科學學系 | zh_TW |
| dc.description (描述) | 97753023 | zh_TW |
| dc.description (描述) | 98 | zh_TW |
| dc.description.abstract (摘要) | 近年來網路應用蓬勃的發展,經由網頁應用程式提供服務或從事商業行為已經成為趨勢,因此網頁應用程式自然而然成為網路攻擊者的目標,攻擊手法也隨著時間不斷的翻新。已經有許多的方法被提出用來防範這些攻擊,增加網頁應用程式的安全性,如防火牆的機制以及加密連線,但是這些方法所帶來的效果有限,最根本的方法應為回歸原始的網頁應用程式設計,確實的找出應用程式本身的弱點,才能杜絕不斷變化的攻擊手法。以程式分析的技術來發現這些弱點是常見的方法之一,程式分析又分為靜態分析和動態分析,兩種分析技術都能有效的找出這些弱點。我們整理了近幾年的網頁應用程式分析技術,多採用靜態分析,然而比較後發現靜態分析的技術對於Java的網頁應用程式的分析,無法達到精確的分析結果,原因在於Java語言所具有的特性,如:變數的多型、反射機制的應用等。靜態分析在處理這些問題具有先天上的缺陷,由於並沒有實際的去執行程式,所以無法獲得這些執行時期才有的資訊。本研究的重點將放在動態的程式分析技術上,也就是於程式執行期間所進行的分析,來解決分析Java網頁應用程式的上述問題。為了在程式執行期間得到可利用的分析資訊,我們運用了AspectJ的插碼技術。我們的工具會先將負責收集資訊的模組插入應用程式的源碼,並以單元測試的方式執行程式,於程式執行的過程中將分析資訊傳遞給分析模組,利用Java 語言的特性進行汙染資料的追蹤 。另外,我們考慮到以動態分析的方式偵測弱點會因為執行的路徑,導致一些潛在的弱點無法被發現,所以我們利用了線上分析的概念,設計出了線上的污染資料流分析模組,我們的工具結合了上述兩個分析模組所產生的分析結果,提供開網頁應用程式弱點資訊。 | zh_TW |
| dc.description.abstract (摘要) | In recent years, development of web application is flourishing and the increasing population of using internet, providing customer service and making business through network has been a prevalent trend. Consequently, the web applications have become the targets of the web hackers. With the progress of information technology, the technique of web attack becomes timeless and widespread. Some approaches have been taken to prevent from web attacks, such as firewall and encrypted connection. But these approaches have a limited effect against these attack techniques. The basic method should be taken is to eliminate the vulnerabilities inside the web application. Program analysis is common technique for detecting these vulnerabilities. There are two major program analysis approaches: static analysis and dynamic analysis. Both these approaches can detect vulnerabilities effectively. We reviewed several program analysis tools. Most of them are static analysis tool. However, we noticed that it is insufficient to analysis Java program in a static way due to the characteristic of Java language, e.g., polymorphism, reflection and more. Static has its congenital defects in examining these features, because static analysis happens when the program is not executing and lacks of runtime information. In this thesis, we focus on dynamic analysis of programs, where the analysis occurs when the program is executing, to solve the problems mentioned above in Java web application. In order to retrieving the runtime analysis information, we utilize the instrumentation mechanism provided by AspectJ. We instrument designed module in to the program and gather the needed information and execute the program in a unit testing approach. Our dynamic analysis module retrieves the information from instrumented executing program and utilizes the characteristic of Java to perform the tainted data tracking. We considered the dynamic tracking mechanism will leave some vulnerabilities undiscovered when the program is not completely executed. Hence we adopt the online analysis concept and design an online analysis module to find out the potential vulnerabilities which cannot be detected by dynamically tracking the tainted data. Our analysis tool finally integrates these two analysis results and provides the most soundness analysis result for developers. | en_US |
| dc.description.tableofcontents | 1 INTRODUCTION 11.1 BACKGROUND 11.2 MOTIVATION AND OBJECTIVES 11.3 THESIS OUTLINE 42 RELATED WORK 52.1 STATIC ANALYSIS IN JAVA APPLICATION WITH STATIC ANALYSIS 62.1.1 System Overview 62.1.2 Points-to analysis 62.1.3 Specifying Taint Problems in PQL 72.1.4 Discussion 72.2 STATIC ANALYSIS TOOL FOR PHP WEB APPLICATION 82.2.1 System overview 92.2.2 Taint dataflow analysis 102.2.3 Discussion 102.3 DATAFLOW POINTCUT IN ASPECT-ORIENTED PROGRAMMING 112.3.1dataflow pointcut 122.3.2 Excluding condition 132.3.3 Discussion 132.4 POSITIVE TAINTING IN WASP SYSTEM 142.4.1 Positive Tainting 152.4.2 Syntax-Aware Evaluation 152.4.4 Discussion 162.5 FAST ONLINE POINTER ANALYSIS 172.5.1 Online analysis architecture 172.5.2 Discussion 182.6 SUMMARY 183 PRELIMINARIES 203.1 VULNERABILITES IN WEB APPLICATIONS 203.1.2 Injection flaw vulnerabilities 213.1.3 Cross-Site Scripting vulnerabilities 223.2 ASPECT-ORIENTED PROGRAMMING 244 SYSTEM ARCHITECTURE 254.1 TAINT TRACKER ASPECT 264.2 ONLINE TAINT DATAFLOW ANALYSIS 334.2.1 Collect the information from instrumentation 344.2.2 Online Taint Dataflow Analysis 364.3 PROGRAM EXECUTOR 374.3.1Gather the information of HTML form 384.3.2Parsing Web Configuration XML File 395 EVALUATION 405.1 SECURIBENCH-MICRO BENCHMARK 405.2 PRECOMPILATION OF JAVA SERVER PAGES 415.3 A REAL WORLD CASE: PEBBLE BLOG 426 CONCLUSION 436.1 CONTRIBUTIONS 436.2 FUTURE WORK 44REFERENCE: 46APPENDIX 48 | zh_TW |
| dc.format.extent | 752928 bytes | - |
| dc.format.mimetype | application/pdf | - |
| dc.language.iso | en_US | - |
| dc.source.uri (資料來源) | http://thesis.lib.nccu.edu.tw/record/#G0097753023 | en_US |
| dc.subject (關鍵詞) | 動態分析 | zh_TW |
| dc.subject (關鍵詞) | 線上分析 | zh_TW |
| dc.subject (關鍵詞) | 資料流分析 | zh_TW |
| dc.subject (關鍵詞) | 網頁應用程式 | zh_TW |
| dc.subject (關鍵詞) | 安全性弱點 | zh_TW |
| dc.subject (關鍵詞) | Dynamic Analysis | en_US |
| dc.subject (關鍵詞) | Online Analysis | en_US |
| dc.subject (關鍵詞) | Dataflow Analysis | en_US |
| dc.subject (關鍵詞) | Web Application | en_US |
| dc.subject (關鍵詞) | Security Vulnerabilities | en_US |
| dc.title (題名) | 混合式的Java網頁應用程式分析工具 | zh_TW |
| dc.title (題名) | A hybrid security analyzer for Java web applications | en_US |
| dc.type (資料類型) | thesis | en |
| dc.relation.reference (參考文獻) | 1. OWASP. Common types of software vulnerabilities. 2010; Available from: http://www.owasp.org/index.php/Category:Vulnerability. | zh_TW |
| dc.relation.reference (參考文獻) | 2. OWASP. OWASP Top 10 for 2010. 2010; Available from: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project. | zh_TW |
| dc.relation.reference (參考文獻) | 3. Software., T. TIOBE Programming Community Index for April 2010. 2010; Available from: http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html. | zh_TW |
| dc.relation.reference (參考文獻) | 4. Einarsson, A. and J.D. Nielsen. Soot: a Java Optimization Framework. 2010; Available from: http://www.sable.mcgill.ca/soot/#introduction. | zh_TW |
| dc.relation.reference (參考文獻) | 5. Chung, C.-I., A Static Analyzer for PHP Web Applications, in Information management. 2009, National Taiwan University: Taipei. p. 1-69. | zh_TW |
| dc.relation.reference (參考文獻) | 6. Hirzel, M., et al., Fast Online Pointer Analysis. ACM Transactions on Programming Languages and Systems, 2007. 29(2): p. 1-55. | zh_TW |
| dc.relation.reference (參考文獻) | 7. Masuhara, H. and K. Kawauchi, Dataflow Pointcut in Aspect-Oriented Programming. LNCS, 2003. 2895: p. 105-121. | zh_TW |
| dc.relation.reference (參考文獻) | 8. Halfond, W.G.J., A. Orso, and P. Manolios, WASP: Protectiong Web Applications Using Positive Tainting and Syntax - Aware Evaluation. IEEE Transactions on Software Engineering, 2008. 34(1): p. 65-81. | zh_TW |
| dc.relation.reference (參考文獻) | 9. Livshits, V.B. and M.S. Lam, Finding Security Vulnerabilities in Java Applications with Static Analysis, in Computer Science 2005, Stanford University. | zh_TW |
| dc.relation.reference (參考文獻) | 10. PQL. PQL: Program Query Language. 2005; Available from: http://pql.sourceforge.net/. | zh_TW |
| dc.relation.reference (參考文獻) | 11. Alhadidi, D., et al. The Dataflow Pointcut - A Formal and Practical Framework. in Proceedings of the 8th ACM International Conference on Aspect-Oriented Software Development. 2009. Charlottesville, Virginia, USA. | zh_TW |
| dc.relation.reference (參考文獻) | 12. Pebble. Pebble, A lightweight, open source, Java EE blogging tool. 2010; Available from: http://pebble.sourceforge.net/. | zh_TW |
| dc.relation.reference (參考文獻) | 13. Scott, D. and R. Sharp., Abstracting appplication-level web security, in Proceedings of the 11th International Conference on World Wide Web. 2002. p. 396-407. | zh_TW |
| dc.relation.reference (參考文獻) | 14. Scott, D. and R. sharp., Developing secure web applications. IEEE Transactions on Software Engineering, 2002. 6(6): p. 38-45. | zh_TW |
| dc.relation.reference (參考文獻) | 15. Sridharan, M., S.J. Fink, and R. Bodik. Thin Slicing. in Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation. 2007. San Diego, California, USA. | zh_TW |
| dc.relation.reference (參考文獻) | 16. Stanford, U. Stanford SecuriBench Micro. 2006; Available from: http://suif.stanford.edu/~livshits/work/securibench-micro/. | zh_TW |
| dc.relation.reference (參考文獻) | 17. Tripp, O., et al. TAJ: Effective Taint Analysis of Web Applications. in Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation. 2009. Dublin, Ireland. | zh_TW |
