國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
characteristic of Java language and keep the semantics clarify. The simulation is implemented in AspectJ and has been verified by using Securibench-micro benchmark.
An prototype online analysis architecture
Although vulnerabilities detected by TAINT TRACKER aspect is always true positive, we consider that developer may still need the potential vulnerabilities information if our executing the program cannot reach that vulnerable statement.
Thus we adopt the online analysis concept for discovering more potential vulnerabilities in the program. We use Worklist algorithm and define the rules mentioned above for implementing taint dataflow analysis. We also use the instrumentation techniques provided by AspectJ to perform the online analysis architecture.
An effective technique for testing Java Web application
Running the program as completely as possible is a major factor of dynamic analysis. We use the weaving information to narrow down the numbers of parsing files for retrieving Html form fields. We make it more flexible to let developers define the field’s value. This way, we can cover more paths in the program and examine more code.
6.2 Future Work
Currently out tool is still under intensive experiments and continuous enhancements. There are there immediate goals for future work:
Support more application frameworks in Java Web application
Java is a very popular language. There are plenty of proposed frameworks for
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
developing the java web application fast and easy, e.g., Struts, Spring, and Hibernate, etc. So far, our tool does not support to these frameworks yet. We will extend our tool to support these frameworks in the future.
Perform more precise online analysis
So far we have developed the prototype of online taint dataflow analysis and deal with most of major built-in functions we encountered, but not complete. There are numerous built-in functions in Java. Our online analysis can’t support all of them by now. We will complete the rest of the built-in functions to perform the analysis more precisely in the future.
Generate test case automatically
A limitation of Dynamic analysis is it cannot analyze the code which is not been executed. The quality of analysis result depends on the completeness of program execution. So far our tool cannot automatic generate the user input for test cases but only let developer to decide the input content. We will focus on automatic generating test input to cover all paths in the program.
‧
1. OWASP. Common types of software vulnerabilities. 2010; Available from:
http://www.owasp.org/index.php/Category:Vulnerability.
2. OWASP.
OWASP Top 10 for 2010. 2010; Available from:
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project.
3. Software., T. TIOBE Programming Community Index for April 2010. 2010; Available from: http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html.
4. Einarsson, A. and J.D. Nielsen. Soot: a Java Optimization Framework. 2010; Available from: http://www.sable.mcgill.ca/soot/#introduction.
5. Chung, C.-I., A Static Analyzer for PHP Web Applications, in Information management.
2009, National Taiwan University: Taipei. p. 1-69.
6. Hirzel, M., et al., Fast Online Pointer Analysis. ACM Transactions on Programming Languages and Systems, 2007. 29(2): p. 1-55.
7. Masuhara, H. and K. Kawauchi, Dataflow Pointcut in Aspect-Oriented Programming.
LNCS, 2003. 2895: p. 105-121.
8. Halfond, W.G.J., A. Orso, and P. Manolios, WASP: Protectiong Web Applications Using
Positive Tainting and Syntax - Aware Evaluation. IEEE Transactions on Software
Engineering, 2008. 34(1): p. 65-81.9. Livshits, V.B. and M.S. Lam, Finding Security Vulnerabilities in Java Applications with
Static Analysis, in Computer Science 2005, Stanford University.
10. PQL.
PQL: Program Query Language. 2005; Available from:
http://pql.sourceforge.net/.
11. Alhadidi, D., et al. The Dataflow Pointcut - A Formal and Practical Framework. in
Proceedings of the 8th ACM International Conference on Aspect-Oriented Software Development. 2009. Charlottesville, Virginia, USA.
12. Pebble. Pebble, A lightweight, open source, Java EE blogging tool. 2010; Available from: http://pebble.sourceforge.net/.
13. Scott, D. and R. Sharp., Abstracting appplication-level web security, in Proceedings of
the 11th International Conference on World Wide Web. 2002. p. 396-407.
14. Scott, D. and R. sharp., Developing secure web applications. IEEE Transactions on Software Engineering, 2002. 6(6): p. 38-45.
15. Sridharan, M., S.J. Fink, and R. Bodik. Thin Slicing. in Proceedings of the 2007 ACM
SIGPLAN Conference on Programming Language Design and Implementation. 2007. San
Diego, California, USA.16. Stanford, U. Stanford SecuriBench Micro. 2006; Available from:
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
http://suif.stanford.edu/~livshits/work/securibench-micro/.
17. Tripp, O., et al. TAJ: Effective Taint Analysis of Web Applications. in Proceedings of the
2009 ACM SIGPLAN Conference on Programming Language Design and Implementation.
2009. Dublin, Ireland.
‧
Precompilation of JSP pages as an Ant task
<?xml version="1.0" encoding="ISO-8859-1"?>
<project name="Webapp Precompilation" default="all" basedir=".">
<target name="jspc">
<taskdef classname="org.apache.jasper.JspC" name="jasper2" >
<classpath id="jspc.classpath">
<pathelement location="${java.home}/../lib/tools.jar"/>
<fileset dir="${tomcat.home}/bin">
<include name="*.jar"/>
</fileset>
<!--<fileset dir="${tomcat.home}/server/lib"> -->
<fileset dir="${tomcat.home}/lib">
<include name="*.jar"/>
</fileset>
<!--<fileset dir="${tomcat.home}/common/lib">-->
<fileset dir="${tomcat.home}/lib">
<target name="compile">
<mkdir dir="${webapp.path}/WEB-INF/classes"/>
<mkdir dir="${webapp.path}/WEB-INF/lib"/>
<javac destdir="${webapp.path}/WEB-INF/classes"
optimize="off"
‧
excludes="**/*.smap">
<classpath>
<pathelement location="${webapp.path}/WEB-INF/classes"/>
<fileset dir="${webapp.path}/WEB-INF/lib">
<include name="*.jar"/>
</fileset>
<!--<pathelement location="${tomcat.home}/common/classes"/>-->
<!--<fileset dir="${tomcat.home}/common/lib">-->
<fileset dir="${tomcat.home}/lib">
<include name="*.jar"/>
</fileset>
<!--<pathelement location="${tomcat.home}/shared/classes"/>-->
<!--<fileset dir="${tomcat.home}/shared/lib">-->
<fileset dir="${tomcat.home}/lib">
<target name="all" depends="jspc,compile">
</target>
<target name="cleanup">
<delete>
<fileset dir="${webapp.path}/WEB-INF/src"/>
<fileset dir="${webapp.path}/WEB-INF/classes/org/apache/jsp"/>
</delete>
</target>
</project>