高级检索

    基于前后端联合分析的 Java Web 漏洞挖掘研究

    Research on Java Web Vulnerability Mining Based on Frontend-Backend Joint Analysis

    • 摘要: 精准高效地挖掘 Web 应用当中存在的安全漏洞具有极高的研究价值。Java Web 应用因其复杂性、多样性和动态性,使漏洞挖掘面临诸多挑战。 首先, Java Web 多组件和框架的结合增加了潜在漏洞的复杂性;其次Java Web 的多态、反射、 动态对象加载等动态性使静态分析工具难以捕捉漏洞; 最后, 仅动态或静态的漏洞检测方法难以应对海量代码增长的高效批量处理需求。 为解决上述问题,本文提出了一种前后端联合分析的 JavaWeb 漏洞挖掘方法,利用前端解析提取污点源信息帮助后端分析进行剪枝,提高漏洞覆盖率和检测性能;同时在漏洞挖掘时利用程序的动静态信息进行代码建模,结合数据分析、污点分析、符号执行以及轻量动态求解技术完成漏洞的挖掘和验证,在引入较少开销前提下带来较大的效果提升。本文选取了 CVE 漏洞、开源 CMS以及开源社区应用中共 105 个 Java Web 漏洞对本文提出的方法进行了实验,证明了各模块具有较好的分析效果,整体具有较强的漏洞挖掘能力。

       

      Abstract: Precise and efficient detection of security vulnerabilities in Web applications holds significant research value. Java Web applications, due to their complexity, diversity, and dynamic nature, present key challenges for vulnerability detection. First, the combination of multiple components and frameworks in Java Web applications increases the complexity of potential vulnerabilities. Second, the dynamic features of Java Web, such as polymorphism, reflection, and dynamic object loading, make it difficult for static analysis tools to capture vulnerabilities. Lastly, methods that rely solely on dynamic or static detection struggle to meet the demands for efficient batch processing given the rapid growth of codebases. To address these issues, this paper proposes a unified frontend and backend analysis method for web vulnerability mining. It leverages frontend parsing to extract tainted source information to aid backend analysis for pruning, thereby enhancing vulnerability coverage and detection performance. Simultaneously, during vulnerability mining, the method utilizes both static and dynamic program information for code modeling. It integrates data flow analysis, tainted analysis, symbolic execution, and lightweight dynamic solving techniques to complete vulnerability mining and validation, leading to significant improvements in effectiveness with minimal overhead. The proposed method is experimentally evaluated on 105 Java web vulnerabilities, including CVE vulnerabilities, open-source CMS, and community applications, demonstrating the effectiveness of each module and the overall capability in discovering vulnerabilities effectively.

       

    /

    返回文章
    返回