CN102622556A - Web service security analysis method based on program slicing technique - Google Patents
Web service security analysis method based on program slicing technique Download PDFInfo
- Publication number
- CN102622556A CN102622556A CN2011104354340A CN201110435434A CN102622556A CN 102622556 A CN102622556 A CN 102622556A CN 2011104354340 A CN2011104354340 A CN 2011104354340A CN 201110435434 A CN201110435434 A CN 201110435434A CN 102622556 A CN102622556 A CN 102622556A
- Authority
- CN
- China
- Prior art keywords
- web service
- leak
- source code
- service
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention provides a web service security analysis method based on a program slicing technique. Starting from key information in a Java source code, the method mainly researches on web services developed based on Java, and vulnerabilities in the Java source code include explicit vulnerabilities and implicit vulnerabilities. For the explicit vulnerabilities, the source code can be analyzed and extracted through traditional statement-level slices to obtain an explicit vulnerability analysis result. For the implicit vulnerabilities, dependency of methods in the source code is analyzed first to generate a method dependency graph, and method-level slices are used to slice the method dependency graph to obtain an implicit vulnerability analysis result. According to analysis on the explicit and implicit vulnerabilities, a vulnerability fixing module is used to fix the vulnerabilities and a service issuing module is used to issue fixed web services.
Description
Technical field
The present invention has provided a kind of Web service safety analysis scheme based on program slicing technique, mainly analyzes the security breaches that possibly exist in the Web service source code of Java language exploitation, and leak is repaired, and belongs to the field of Web service safety.
Background technology
Along with developing rapidly of Internet, a large amount of network application architectures are arisen at the historic moment, and mainly can be divided into the pure Web application mode of B/S (Browser/Server) structure and the Distributed Application of conventional table program.These systems have all obtained number of applications current, and have obtained bigger success.It is integrated than in the past sooner, more easily and more cheap that Web service makes application program.Web service is integrated in higher level in the protocol stack, can realize the loose integrated of business function.Can be connected business through Web with enterprises between a lot of enterprises.Can use the method for unification programming model inside and outside the enterprise, through infrastructure and to carry out application program with a kind of method in common integrated.Under the situation of utilizing existing language and platform and old application program, can come integrated and the application Web service with a kind of mode of increment.Lead many companies of industry, for example IBM, Microsoft and Sun Microsystems etc. are all supported Web service, and they not only promote Web service on market, but also develop and issued the Web service product of oneself separately.In addition, the product of existing many practical applications classes all is integrated into the function of Web service in their feature set, and this just means that we have a large amount of Web service platforms and the Web service developing instrument that can supply utilize now.
Along with the extensive use of Web service, its safety problem but highlights day by day.Since Morris viral attack application program in 1988; The safety problem that exists in the application program just increases by geometric progression, particularly in recent years, and along with popularizing of Web 2.0; Safety problem in the internet, applications is also more and more, and the loss that causes is also huge day by day.Therefore no matter be to consider from economic angle or security standpoint, how eliminating the safety problem that exists in the application program has become the important topic that industry is paid close attention to.Generally speaking, can comprise the stages such as demand analysis, design, coding, test, maintenance, add safety practice respectively and reduce the safety problem in the software that this process helps software to resist malicious external attack to the different phase of software development process.
Web service is structured on XML (Extensible Markup Language, the extend markup language) basis as a kind of network application software, and a kind of Enterprise SOA (Services Oriented Architecture is called for short SOA) is provided.In a distributed computing environment, Web server is dynamically described, is issued, discovery and called Web service.Along with the Web service popularity is increasingly high, increasing assailant has been put into the attack to Web service and server with notice.Attacking purpose mainly is to attempt malice visit data or service.The Web service safety problem has caused the attention of enterprise, and how enterprises pay attention makes up the secure data transmission that safety approach ensures the Web service between enterprise; How research had both improved data interaction efficient, can improve security performance again.Aspect the security of protection Web service; Can utilize some ripe safety techniques to realize; As based on the protection of fire wall, use SSL (Secure Sockets Layer, security socket layer), use VPN (Virtual Private Network, virtual private networks) etc.For the Web service of having issued, consider the attack of external user, can design intruding detection system outside user identity is verified; For the not Web service of issue as yet, can consider to analyze the source code of Web service, analyze security breaches and its propagation and spread condition, and take corresponding solution, reach the purpose that strengthens security.
Web service is dimensioned to a kind of application through fire wall, and this just causes Web service to expose the more function interface.Web service allows to connect different application programs; Make Web service face a lot of threats and attack; And usually the many interfaces in the source code of a Web service have the auxiliary function that some are some other important interface, also possibly be some some important interface that can only be called by the Web service keeper.So to the interface of auxiliary function,, can not cause serious consequence if it is released, if but some can only be issued out by the important interface that the keeper calls, be exactly serious Web service security breaches so.If this interface victim malice is used, will cause serious consequence so.In the process of reality issue; The publisher often uses some instruments directly the Web service source code to be issued; Lack the necessary process that Web service source code to be released is carried out check and analysis; If the interface of stating on just existing in these service code that security breaches are arranged is issued these interfaces and will be produced security breaches, will the victim utilization.Such safety problem often is difficult to discovered, and therefore for a Web service that reaches functional requirement, often his reliability of possibility does not reach deviser's requirement.
Although the Web service development is very rapid, some traditional Web service safety techniques can not guarantee the security of Web service effectively, and this has hindered Web service development further.Traditional technology is just carried out some safeguard measures after the Web service issue; And the leak that in fact causes Web service safety is not thoroughly solved; Exist the interface of security breaches still to be exposed to the user; Just make the user temporarily can not visit through additive method, if the assailant through some other method indirect call have the interface of security breaches, can destroy Web service equally.Therefore, need on root, carry out safety analysis to Web service detects.
Because the safety problem of Web service highlights day by day; Therefore a lot of researchers have also got into deep research to Web service safety; Many diverse ways have been proposed; Safety to Web service is at all levels is all studied, and comprises the protocol layer of Web service, the realization layer of Web service and application layer of Web service or the like.There is the scholar that existing Web service safe technology has been carried out detailed research like XML signature, XML encryption and ws-Security standard, on this basis the business of Online Store carried out Safety Design.The security model that has the scholar to realize having certain versatility can provide a kind of security solution end to end, like encryption mechanism, signature mechanism, safety management, access control or the like.The safety practice that has the scholar to propose both utilized a series of up-to-date, based on the Web service safety technique of XML message, comprised inartful measures such as laws and regulations, management system, educational training again.The scholar who also has analyzed and researched emphatically XML encrypting and decrypting, XML signature verification and XML key management standard; Ultimate principle and treatment scheme have been introduced; Proposed the Web service security model, this Web service security model based on message layer has not only guaranteed the confidentiality and integrity of SOAP (Simple Object Access Protocol, Simple Object Access Protocol) message; Security end to end and extensibility also are provided, comprehensive safety guarantee are provided Web service.
In the present invention, used to our novelty program slicing technique.The thought of program slice was established in Mark Weiser PhD dissertation in 1979 first, and program slice has a wide range of applications at the aspects such as test, tolerance and maintenance of program comprehension, analysis, debugging and software.Tangential section and back tangential section before program slice can be divided into: preceding tangential section comprises all statements that receive this variables and asserts; Back tangential section comprises all statements that influence this variable and asserts.Program slice also can be divided into static the section and the Dynamic Slicing method: static section only is used in static routine, and Dynamic Slicing is considered the influence that input value is brought, and more convenient analysis section still exists the restriction of validity.Say on directly perceived that program slicing technique can find to serve other services that relied on according to the dependence between service.In Web service, service and language independent, in theory, this service can be to use written in any language, can be C, Java, a series of language of Haskell or the like.Wherein Haskell is modern, that describe formula, high price, pure functional program design language; Have code succinct, safe and reliable, have no side effect, be prone to expansion, be prone to characteristics such as understanding, high associativity; It also has the strong grammer of expressiveness; And abundant built-in data type, comprise the integer and the rational number of arbitrary accuracy.Existing increasing program design fan uses this language both at home and abroad, and also more and more with the software systems that this language is realized, scale is also increasing.Consider the security and the ease for use of this Web service analytical approach, adopt the Haskell language to realize the safety analytical method among the present invention.
List of references:
[1]Web-Service?website,2009.http://en.wikipedia.org/wiki/Web_service.
[2] Zhang Yingzhou, Xu Baowen. a kind of novel formalization program slice method. Chinese science E collects: information science, 2008,38 (2): 161-176.
Summary of the invention
Technical matters: the present invention proposes a kind of Web service safety analytical method based on program slicing technique, and fundamental purpose provides a kind of practical and effective analytical approach the safety of Web service is detected and analyzes.
Technical scheme: this analytical plan is started with from the source code of the Web service of Java exploitation, and the Java source code is analyzed, and makes up the Web service safety analytical method based on program slicing technique.General safety analytical method only carries out safety analysis to the Web service after the issue; But sometimes the source of a lot of leaks is present in the source code; And often such leak is again a danger close; Therefore we have proposed the safety analytical method to the Web service source code, to the Web service source code analysis and obtain its method dependency graph, according to the method dependency graph; The service routine microtomy is analyzed the Web service security breaches, and hope can fundamentally go to find security breaches and leak is repaired.Finally use service distribution and service test function that the Web service of the safety analytical method analysis among the present invention is issued and tested, whether the security breaches of the Web service that this method reparation of checking use is crossed and issued exist.
The present invention proposes a kind of Web service safety analytical method, the security breaches that exist in the Web service source code are detected and repair, be intended to raising Web service security performance based on program slicing technique.Safety analytical method among the present invention comprises vulnerability classification module, code analysis module, section module, leak reparation module, service distribution module and service testing module.The present invention classifies to leak through the vulnerability classification module earlier, uses code analysis module that code is analyzed then, obtains the dependence between the method in the Java code (being the call relation between the method), generation method dependency graph.Use the section module to analysiss of cutting into slices of source code and method dependency graph afterwards, each leak in the detection resources code, and use leak reparation module repairs leak, makes Web service have higher security.And then the Web service source code that uses the service distribution module to repair is issued.Can use the service testing module that security verification is carried out in the Web service of repairing at last, prove the correctness and the validity of safety analytical method of the present invention.
The concrete function of each module is following:
(1) vulnerability classification module: this module is classified to the security breaches in the Web service.We think the variable that is certain to exist some storage private informations in the Web service source code, and we are referred to as key message with these variablees.If these key messages are modified, so just might produce security breaches.Java method can the direct modification key message value (directly the statement of key message is revised in definition in definition; Direct modification key message value); Also can revise the value (in definition, called the additive method of revising key message, revised the key message value indirectly) of key message indirectly.The mode that this module is modified according to key message is divided into explicit leak (direct modification) and implicit expression leak (revising indirectly) with security breaches.This shows that through the call relation between the method, explicit leak can cause the implicit expression leak.
(2) code analysis module: this module is analyzed the source code of Web service, generation method dependency graph.The method dependency graph is a digraph of dependence between each method in the record Web service source code.When a method by another method call, these two methods will be recorded in the method dependency graph, and connect them with an oriented straight line, direction is to point to the method for calling from invoked method.This module has been introduced the type (directly rely on, rely on indirectly) of the dependence that exists in notion and the method dependency graph of method dependency graph in detail.The method that gives in this module relies on map generalization method and detailed generation step.
(3) section module: in this module, according to dissimilar security breaches, we are divided into statement level other section and other section of method level with dicing method.For explicit leak, we use other section of statement level that each statement in the source code is analyzed, and extract the statement of those direct modification key message values, detect the method that has explicit leak with this.For the implicit expression leak, we analyze the method dependency graph that obtains in the code analysis module in other section of method of application level, analyze propagation and the spread condition of explicit leak between method, detect the method that has the implicit expression leak with this.
(4) leak is repaired module: in this module; Carry out the leak reparation to having of detecting in the module of section is explicit with the method implicit expression leak; Guarantee that these unsafe methods are hidden during the Web service issue; Be not published into service interface, the user also just can't call the method and key message is carried out malice distort, and further improves the security of Web service.
(5) service distribution module: the Web service source code after this module uses Axis2 to the leak reparation is issued.Axis2 is a present popular Web service engine, uses Axis2 can realize the Web service issue.The step that the Axis2 issue flow process of acquiescence comprises is many and process is more loaded down with trivial details, and this module has been simplified issuing process by the information of source code analysis module analysis gained and the essential information that the user provided, and has realized the fast automatic issue of service.
(6) service testing module: this module is mainly used in tests and verifies whether success of leak reparation to the Web service of having issued.Wsdl document (Web Services Description Language to the Web service after the issue; WSDL) analyzes; Automatically generate test data, test case and SOAP request message; Send to Web server to the SOAP request message then, obtain the SOAP feedback message, analyze the visit situation of the service operations that has security breaches according to the result of feedback.If exist the service operations of security breaches not visited, the repair function that safety analytical method of the present invention then is described is feasible.
Concrete grammar is following: this method is classified to security breaches, is divided into explicit leak and implicit expression leak, and to explicit leak, the service routine microtomy is carried out syntax parsing to the statement in the Java source code of Web service, detects explicit leak with this; To the implicit expression leak, be theoretical foundation with graph theory knowledge, with the program slice technological means, according to the dependence between the method in the Java source code of Web service, generation method dependency graph and to its section detects the implicit expression leak with this; This security flaw detection method comprises vulnerability classification module, code analysis module, section module, leak reparation module, service distribution module and service testing module; This method is set about from the Web service of Java language exploitation; According to syntactic structure in the Web service Java source code and the dependence between the Java method; In conjunction with microtomy wherein security breaches are detected and repair, and realize the Web service after repairing is issued and test function; This method specifically comprises following steps:
Step 1: the Java source code of the Web service that the user is provided is as input;
Step 2: with code analysis module the Java source code of Web service is carried out syntax parsing, obtain the tabulation of a Method type of dependence between an intermediate form structure and the record Java method;
Step 3:, use the dependency graph generating algorithm to generate the dependence S set according to the call relation between the method for the record of the intermediate form structure in the step 2
1
Step 4: the dependence between the method that writes down in the tabulation according to the Method type in the step 2, use dependency graph generating algorithm generation method dependence S set
2
Step 5: to two S set in the step 3 and 4
1And S
2The operation of use union obtains a new dependence set, generates the method dependency graph of Web service source code according to this set;
Step 6: detect explicit leak, the service routine microtomy is carried out syntax parsing to the statement of having revised key message in the Java source code, obtains a tabulation that comprises the dangerous method of explicit leak;
Step 7: detect the implicit expression leak; The service routine microtomy; The tabulation of the dangerous method that comprises explicit leak that obtains in the step 6 as the section node, is cut into slices to the method dependency graph that generates in the step 5, and the net result that obtains is a dangerous method list that comprises the implicit expression leak;
Step 8: combining step 6 gets a new dangerous method list with dangerous method list in the step 7, and this tabulation is exactly the tabulation of the final dangerous method that obtains of safety detection;
Step 9: according to the dangerous method list in the step 8; Using leak to repair module makes amendment to the keyword of the dangerous method in the source code; If the keyword of dangerous method is public, then change private into, if the keyword of dangerous method is the keyword except public; Then remain unchanged, the most amended code is as the new source code of Web service;
Step 10: the user provides the path at Axis2 platform place, the title and the corresponding descriptor of Web service;
Step 11: according to the information that the user provides in step 10, use Axis2 platform and service release module, realize automatic issue to Web service;
Step 12: the Web service to after the issue is tested, and the function of use service testing module generates test case and the operation of issuing in the Web service is tested automatically, and whether the leak that checking was repaired also exists.
Beneficial effect: the Web service safety analytical method among the present invention is set about from the source code of Web service; Method in the analysis source code is to the modification situation of key message and the dependence between the method; The service routine microtomy detects security breaches, and reparation, issue and test function are provided.The present invention has some following characteristics and innovation part:
● the difference according to the alter mode of key message is carried out the classification of security breaches: the present invention to the difference of the alter mode of key message, is divided into explicit leak and implicit expression leak with security breaches according to method in the Web service Java source code.The method that comprises explicit or implicit expression leak all is dangerous method.Safety analytical method among the present invention carries out multianalysis to this leak of two types to code, can effectively improve the comprehensive of leak analysis result, reduces the probability that omission and false retrieval take place in the Hole Detection process.
● based on the dependency graph generating algorithm of method call relation: the present invention analyzes the call relation between the method emphatically, regards this call relation as a kind of dependence, and proposition method of application dependency graph carries out record to the dependence between the method.Introduced the notion and the character of method dependency graph among the present invention in detail, and dependence is divided into direct dependence and relies on indirectly.In addition, also at length introduced the generating algorithm of dependency graph, promptly how generated the method dependency graph of this source code from source code.Earlier source code is analyzed, wherein method call statement is extracted, rely on the set of doublet then according to these sentence generation methods, rely on the record generation method dependency graph in doublet set according to this method at last.Method dependency graph calling and invoked relation between can well reaction method can better help our safety analytical method source program is analyzed and to be understood.
● be the dissimilar different dicing methods of security breaches design: among the present invention,, designed dissimilar dicing methods to dissimilar security breaches.For the method that has explicit leak, it is a direct modification when revising key message, therefore when detecting these type of security breaches; Only need the statement in the legal adopted body of the other side to detect; See whether it has revised the value of key message, so when detecting explicit leak, what the present invention used is other section of syntactic level; Traditional exactly dicing method that statement is analyzed and extracted, the result judges whether to exist explicit leak according to section.For the method that has the implicit expression leak; It is to revise indirectly when revising key message, promptly revises indirectly through the call relation between the method, therefore when detecting these type of security breaches; Need analyze the call relation between the method; What use among the present invention is other section of method level, cuts into slices to analyzing the method dependency graph that obtains behind the source code, judges whether to exist the implicit expression leak according to the dependence subgraph after the section.
● based on the reparation of the security breaches of code rewriting method: in the present invention, use Axis2 to carry out the issue of Web service.Axis2 is simple, a convenient Web service engine that uses with the Java language exploitation, is used for accomplishing the issue and the deployment of Web service.And our safety analytical method also is the Web service that is primarily aimed at the Java language exploitation, therefore considers from the factors such as compatible and degree easy to use of language, selects Axis2 as the Web service distribution platform among the present invention.Before issue, we at first will repair detected security breaches.Only issue the characteristics of " public " method according to the Axis2 platform; Use the code rewriting method that the keyword of the method that has security breaches in the Web service source code is revised as " private " by " public ", reach the purpose that shields dangerous method at the Web service launch phase.
● issuing process and autorun easily: when using the Axis2 issue, need some files of manual configuration, step is more loaded down with trivial details, even also needs certain XML technical foundation, for example in layoutprocedure, need write the XML file.The present invention has realized the automatic issue of Web service, and the user for example only need provide these simple information such as Service name just can realize the Web service issue.After service distribution, the present invention gives the Web service automatic test approach, can verify the service after repairing, and the checking leak is repaired success or not.
Description of drawings
Fig. 1 is the flow process frame diagram of an integral body of the safety analytical method among the present invention.
Fig. 2 has described the algorithm flow chart of analyzing the Method list of types.
Fig. 3 has described the algorithm flow chart of other section algorithm of statement level.
Fig. 4 has described the algorithm flow chart of other section algorithm of method level.
Fig. 5 has described leak and has repaired the process flow diagram of module.
Fig. 6 has provided the process flow diagram of service distribution module.
Embodiment
Web service safety analytical method among the present invention comprises vulnerability classification module, code analysis module, section module, leak reparation module, service distribution module and service testing module.Fig. 1 has provided the flow process framework of an integral body of platform of the present invention, has described the workflow of each module.Following content is to each module detailed description in realization among the present invention.
1, the vulnerability classification module
In the source code of Web service; More or less can have some storages and the relevant private variable of service, if these variablees by malicious modification after, possiblely will cause some serious consequences; Therefore except the developer or the supvr of Web service, other staff are no these variablees of weight update.In the present invention, we are called key message with these variablees.Possibly exist a lot of methods can call or revise these key variables in the Java source code; For the method for only just calling these variablees; Can not cause serious consequence after the issue,, but revise the method for key variables for those because the user can't revise the value of key message through this method; The user will cause serious consequence after the issue, because can reach the purpose that malice is distorted key message through calling this method.Therefore, these methods of having revised key message are exactly the method that has security breaches.These unsafe methods will be detected and repair when carrying out safety analysis.In the present invention, we are divided into explicit leak and implicit expression leak according to the alter mode of method to key message with the security breaches in the Web service source code.
Definition 1: explicit leak (direct modification key message)
When directly comprising the statement of revising key message in the definition body of the method in the Web service source code, will cause explicit leak, this method is exactly a dangerous method that comprises explicit leak.So in fact security breaches are still found than being easier to, because the statement of direct modification key message can find in the definition the inside of method, but when size of code is huge, still need service routine to analyze automatically.
Definition 2: implicit expression leak (revising key message indirectly)
The statement that in the definition body of the method in the Web service source code, does not comprise the direct modification key message; But but comprise the statement that calls additive method in the definition of this method; And invoked method is when being the method that can revise key message; Will cause the implicit expression leak, this method is exactly a dangerous method that comprises the implicit expression leak.It is thus clear that except the direct modification key message, the method in the Web service source code also can be revised key message indirectly.This indirect modification often is difficult to come to light, because of it revises key message through calling additive method.
Can make testing process more purposive so that our safety analytical method can customize diverse ways when detecting security breaches detect different leaks through security breaches are classified, reduce the probability of false retrieval and omission.
2, code analysis module
The main effect of code analysis module is exactly the method dependency graph that generates the Web service source code.At first introduce the notion and the related definition of method dependency graph.
Definition 1: the method dependency graph (method dependence graph, MDG)
The method dependency graph is the digraph of a method for expressing dependence doublet set.A dependence doublet (a; B) that expression is method b call method a, can be said to method b dependence method a or a and is depended on b, uses a directed line method of attachment a and method b in the drawings; And rectilinear direction is to point to its method of calling by the method that is called, and just points to b by a.The method dependency graph has shown calling and the relation of being called between the method in the Java source code.
In the method dependency graph, the relation between the method can be divided into two kinds of basic dependences: directly dependence and dependence indirectly.
Definition 2: direct dependence (direct dependence relation, DDR)
If directly called method a in the definition of method b, the dependence between method a, the b just is called direct dependence so, with doublet (a; B) expression; Connect a, b with a solid line that has arrow in the drawings, the direction of arrow is that a points to b, and expression b relies on a.
Definition 3: indirect dependence (indirect dependence relation, IDR)
The relation that produces between two methods of dependence because of direct dependence is called indirect dependence.For example method c directly calls b, the direct call method a of method b, and method c will pass through method b indirect call method a so, and the relation between method a and the c is exactly indirect dependence.
Dependence is exactly the transmission between the direct dependence in fact indirectly.For example, (a is b) with (b, c), the relation that can draw between a and the c is indirect dependence by direct dependence.
The present invention uses the language of Haskell that the Java source code is carried out pre-service, obtains the dependence doublet set between the method, generates final method dependency graph through mapping software at last.
We have defined a processMethods function and have gone to handle the method in the Java code, and obtain dependence doublet set [(BeCalled, Calling)].The definition of this function is following:
processMethods::[MethodInvocation]->[(BeCalled,Calling)]
Use this function can generate the set of dependence doublet, but accurate as far as possible for the result who generates, we have also used another kind of method that it is generated.In the method, through analyzing source code file, generated the tabulation of a recurrence type Method, the definition of Method type is following:
data?Method={Name,Paras,Return,Location,Method}
Write down the title of method in this Method type, the parameter of method, the return type of method, the additive method that calls in position and this method definition of method in code.We analyze the tabulation of Method type, just can obtain the set of dependence doublet.
The Method type is a recurrence type, designs a recursive algorithm Method type is analyzed.The concrete steps of this recursive algorithm are following:
Step 1: set up a S set (initial value is for empty) earlier and store the dependence doublet set that obtains; Set up a variable n, the number of record Method type, Method type pointer refers to first element in the Method tabulation;
Step 2: if the value of n is 0, represent that then all Method types have analyzed end, return S set, otherwise execution in step 3;
Step 3: the element of inspection Method type pointer indication, see whether the Method definition in this element is empty, if be empty; The value of n subtracts 1 so, and Method type pointer moves one backward, continues execution in step 2 then; If be not empty, then one of record generation according to Method concerns doublet, and it is joined in the S set in the step 1; The value of n subtracts 1 then, and Method type pointer moves one backward, continues execution in step 2.
Fig. 2 has provided the algorithm flow chart of this algorithm.In Fig. 2, M is a pointer that points to first Method element of Method tabulation.
Generally speaking; Use dependency graph set that the processMethods function obtains should with use the resulting dependence set equality of method that tabulation is analyzed to Method; But for the correctness that guarantees to rely on set and comprehensive, we carry out the union operation to two set.
After the relation of obtaining relies on the doublet set, need generate the method dependency graph according to it.Used third party software Graphviz to carry out the drafting of method dependency graph in the literary composition.Graphviz is the visualized graphs software of increasing income, and has realized layout and the generation of figure.Main use is the dot instrument among the Graphviz in the literary composition.Dot is an instrument that generates digraph according to text message.As long as the user follows the script file that certain rule is write a dot form, just can use the dot instrument to draw then.Since select to use dot to come the method for drafting dependency graph, so just need to concern to rely on the doublet set record in the dot script file.In order better to represent the dependence doublet to have defined a relationship type, define as follows:
type?Rel?a?b=Set(a,b)
Defined a Rel type.A Rel type is just represented a set.What write down in the dependence doublet is method name, therefore can with Rel String String represent dependence doublet S set et (String, String).What obtain after the Java source code analyzed is the tabulation [(BeCalled, Calling)] of a dependence doublet, therefore must earlier this tabulation be converted into above-mentioned relationship type.At this, used the listToSet function, the statement of this function is following:
listToSet::[a]->Set?a
A representes any type, when handling the set of dependence doublet, the type of listToSet be exactly [(BeCalled, Calling)]->Set (BeCalled, Calling).Defined createEadges again, with the relevant information that generates limit in the dot file, it defines as follows:
createEdge::(String,String)->String
createEdges::[(String,String)]->String
createEdges?edges=map?createEdge?edges
In the createEdges function; Used the setToList function that the Rel conversion in type is gathered as the dependence doublet; Use in the map function pair set each to concern that doublet carries out the createEdge operation then; All character strings that will obtain afterwards all are written in the file, generate the script file of dot form, use dot order the carrying out drafting of figure at last.Method relies on map generalization and sums up following several steps:
Step 1: at first obtain source file, it is carried out pre-service, obtain intermediate structure type and Method list of types;
Step 2: middle type is analyzed, obtained dependence doublet S set
1
Step 3: the Method list of types is analyzed, obtained dependence doublet S set
2
Step 4: to S
1And S
2The operation of execution union obtains final dependence doublet S set;
Step 5: according to dependence doublet S set, the dot script file of generation method dependence graph;
Step 6: according to the dot script file, use the dot instrument, generate final method dependence graph.
3, the section module
The present invention has proposed corresponding section algorithm to each leak in the vulnerability classification module in the section module, can improve the verification and measurement ratio of leak.To explicit leak; We adopt other dicing method of statement level; The statement of direct modification key message extracts and analyzes in the definition of the other side's method; To the implicit expression leak, we extract and analyze the dependence between the method other section of employing method level, find to revise indirectly the method for key message with this.
3.1 other dicing method of statement level
To explicit leak, mainly be the statement of in the code analysis key message directly being made amendment, use other dicing method of statement level that these statement extraction are come out, these statements are exactly explicit leak, and the method with these statements then is dangerous method.This dicing method with Java source code and key message as input, output be exactly the dangerous method that has explicit leak, concrete slicing step is following:
Step 1: analyze the definition of each method in the Java source code, and their definition is existed in the S set;
Step 2: analyze the definition of the method in the S set, the definition that will not use the method for key message is removed from S set;
Step 3: analyze S set again, the method that does not have the direct modification key message with wherein just having quoted key message is removed from S set;
Step 4: the definition among the pair set S is handled, and the title of preserving method in the S set is returned the net result of M as this section algorithm in a new set M.
Fig. 3 has provided the process flow diagram of this grammer rank section algorithm.
3.2 other section of method level
To the implicit expression leak, can not use other section of traditional statement level that it has been analyzed merely, because other section of statement level can only be analyzed grammer; Dependence between can not analytical approach; So other section of our method of application level expands the research object of section algorithm on the method to, through the dependence of calling between the analytical approach; Method dependency graph to generating is cut into slices, and then accomplishes the detection of implicit expression leak.In the step of this section algorithm, input is original dependence set, and output is the set of section dependence, and the element of record is exactly the dangerous method that has the implicit expression leak in this set, and the concrete steps of algorithm are following:
Step 1: create the dependence doublet set that a S set (initial value is for empty) storage section obtains, the direct dependence node of a set D (initial value of D is the section starting point) memory node;
Step 2:, then return the result of S set as section if set D is empty.If set D is not empty; Then for their the direct dependence of all node searchings among the set D (supposing to be stored among the set R); And the direct dependence node of all nodes (is supposed to be stored among the set N; If arrived the leaf node of the bottom, then set shows that for empty no longer there is direct dependence in bottom leaf node and directly relies on node);
Step 3: the direct dependence doublet set R that obtains in the step 2 is joined in the S set.Give D with the direct dependence node set N assignment that obtains in the step 2, execution in step 2 once more.
The algorithm flow chart of this section algorithm is as shown in Figure 4.
4, leak is repaired module
The main application of this module is to utilizing the detected dangerous leak of section module to repair.The distribution platform of using among the present invention is the Axis2 platform.Axis2 is present popular Web service engine.Use Axis2, can the Java source code be issued as Web service.The Axis2 default publications be the publicly-owned method in publicly-owned type; The method acquiescence of being modified by public that promptly is defined within the public class is published; Be not published and given tacit consent to, so we can adopt the method for code rewriting, the keyword of the method that has security breaches is rewritten by the method that other keywords are modified; Change public into private, can accomplish the reparation of leak.In order to realize such function, defined following function:
modifyJFile::[MethodName]->FilePath->String
Parameter [MethodName] is the tabulation that has the dangerous method of security breaches, and parameter F ilepath is the Java source code file, and return type is the character string of amended Java code.This function is at first analyzed the Java source file when carrying out, obtain the definition of all methods, revises the definition of the method that has security breaches then, is private with their keyword modifier.Concrete steps are following, and wherein input is Java source code and unsafe method, and output is the code after repairing through leak.The process flow diagram of this module is as shown in Figure 5.
Step 1: use the section module that source code is analyzed, detect dangerous method wherein, be recorded in the S set;
Step 2: analyze the definition of method in the S set,, then be revised as private if its keyword is public;
Step 3: analyze the definition of method in the S set,, then remain unchanged if its keyword is other;
Step 4: replace original definition with amended definition, and with amended code as output.
5, the service distribution module
This module uses the Axis2 platform to carry out service distribution.The step of issuing about use Axis2 in the Axis2 official manual is too loaded down with trivial details; Wherein need the artificial work of participating in also a lot; And much work is to need the people of certain XML technical foundation could accomplish, and for example build.xml and services.xml file writes.Therefore, in this module, we have designed a method for automatically releasing, make domestic consumer can easily issue Web service efficiently.The path that this method only needs the user to provide the Java source file of Web service to belong to, path and the description of service and the title of service at Axis2 platform place.Concrete issuing steps is following:
Step 1: analyze the java source program, obtain the package definition (must there be the package definition in the java source program that uses services.xml to issue) of this Java file;
Step 2: the information that provides according to the user generates the configuration information of a build.xml.These information comprise the source file catalogue, Axis2 catalogue and the Java method that will issue;
Step 3: use based on the safety analytical method of section Web service source code to be released is analyzed, obtain the tabulation of dangerous method, and use the code rewriting technology that source code is made amendment, shield dangerous method;
Step 4: analyze the build.xml file, generate the ServiceInfo type, obtain the catalogue of Java source code directory and Axis2;
Step 5: generate services.xml according to the ServiceInfo information recorded, and newly-built META-INF catalogue, and services.xml is saved under this catalogue;
Step 6: compiling Java source code (source code that the code rewriting method was revised) is kept under the classes catalogue;
Step 7: classes and META-INF catalogue are packed, generate the file of suffix .arr by name, and this file movement is arrived under the catalogue of Axis2, realize the issue of Web service.
Wherein step 3 is that the Web service source code is carried out safety detection, makes Web service under the prerequisite that is published automatically, can reach the requirement of security performance.Fig. 6 has provided the process flow diagram of service distribution module.
6, the service testing module
This module has mainly realized function that the Web service of having issued is tested.Whether this test module can be tested the leak of having been repaired in the present invention and also exist, and verifies the correctness of safety analytical method of the present invention with this.This module comprises WSDL analyzer, test data generating, test case generator and Web service automatic tester.
automatic tester: automatically the test case that generates is sent to the Web server end; And the parsing feedback message, return test result.
Claims (1)
1. Web service security flaw detection method based on program slicing technique is characterized in that this method classifies to security breaches, is divided into explicit leak and implicit expression leak; To explicit leak, the service routine microtomy is carried out syntax parsing to the statement in the Java source code of Web service, detects explicit leak with this; To the implicit expression leak, be theoretical foundation with graph theory knowledge, with the program slice technological means, according to the dependence between the method in the Java source code of Web service, generation method dependency graph and to its section detects the implicit expression leak with this; This security flaw detection method comprises vulnerability classification module, code analysis module, section module, leak reparation module, service distribution module and service testing module; This method is set about from the Web service of Java language exploitation; According to syntactic structure in the Web service Java source code and the dependence between the Java method; In conjunction with microtomy wherein security breaches are detected and repair, and realize the Web service after repairing is issued and test function; This method specifically comprises following steps:
Step 1: the Java source code of the Web service that the user is provided is as input;
Step 2: with code analysis module the Java source code of Web service is carried out syntax parsing, obtain the tabulation of a Method type of dependence between an intermediate form structure and the record Java method;
Step 3: according to the call relation between the method for the record of the intermediate form structure in the step 2, use the dependency graph generating algorithm to generate the dependence S set
1
Step 4: the dependence between the method that writes down in the tabulation according to the Method type in the step 2, use dependency graph generating algorithm generation method dependence S set
2
Step 5: to two S set in the step 3 and 4
1And S
2The operation of use union obtains a new dependence set, generates the method dependency graph of Web service source code according to this set;
Step 6: detect explicit leak, the service routine microtomy is carried out syntax parsing to the statement of having revised key message in the Java source code, obtains a tabulation that comprises the dangerous method of explicit leak;
Step 7: detect the implicit expression leak; The service routine microtomy; The tabulation of the dangerous method that comprises explicit leak that obtains in the step 6 as the section node, is cut into slices to the method dependency graph that generates in the step 5, and the net result that obtains is a dangerous method list that comprises the implicit expression leak;
Step 8: combining step 6 gets a new dangerous method list with dangerous method list in the step 7, and this tabulation is exactly the tabulation of the final dangerous method that obtains of safety detection;
Step 9: according to the dangerous method list in the step 8; Using leak to repair module makes amendment to the keyword of the dangerous method in the source code; If the keyword of dangerous method is public, then change private into, if the keyword of dangerous method is the keyword except public; Then remain unchanged, the most amended code is as the new source code of Web service;
Step 10: the user provides the path at Axis2 platform place, the title and the corresponding descriptor of Web service;
Step 11: according to the information that the user provides in step 10, use Axis2 platform and service release module, realize automatic issue Web service;
Step 12: the Web service to after the issue is tested, and the function of use service testing module generates test case and the operation of issuing in the Web service is tested automatically, and whether the leak that checking was repaired also exists.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104354340A CN102622556A (en) | 2011-12-22 | 2011-12-22 | Web service security analysis method based on program slicing technique |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104354340A CN102622556A (en) | 2011-12-22 | 2011-12-22 | Web service security analysis method based on program slicing technique |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102622556A true CN102622556A (en) | 2012-08-01 |
Family
ID=46562470
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011104354340A Pending CN102622556A (en) | 2011-12-22 | 2011-12-22 | Web service security analysis method based on program slicing technique |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102622556A (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685258A (en) * | 2013-12-06 | 2014-03-26 | 北京奇虎科技有限公司 | Method and device for fast scanning website loopholes |
| CN103699480A (en) * | 2013-11-29 | 2014-04-02 | 杭州安恒信息技术有限公司 | WEB dynamic security flaw detection method based on JAVA |
| CN103971055A (en) * | 2014-04-28 | 2014-08-06 | 南京邮电大学 | Android malicious software detection method based on program slicing technology |
| CN104598227A (en) * | 2014-12-31 | 2015-05-06 | 国家电网公司 | Method for modifying content of system presentation page |
| CN106295334A (en) * | 2015-06-05 | 2017-01-04 | 阿里巴巴集团控股有限公司 | Ile repair method and device |
| CN106980495A (en) * | 2016-11-18 | 2017-07-25 | 东南大学 | A kind of function reusability metrics method based on program slice |
| CN108089893A (en) * | 2017-12-14 | 2018-05-29 | 网易(杭州)网络有限公司 | Definite method, apparatus, terminal device and the storage medium of redundant resource |
| CN108268773A (en) * | 2016-12-30 | 2018-07-10 | 南京理工大学 | Safety detecting method is locally stored in Android application upgrade packets |
| CN109635567A (en) * | 2019-01-29 | 2019-04-16 | 腾讯科技(深圳)有限公司 | For the method for calibration of applications client, device and server platform |
| CN110309656A (en) * | 2019-05-27 | 2019-10-08 | 南京航空航天大学 | A kind of implicit type conversion safety detecting method |
| CN111767044A (en) * | 2020-07-04 | 2020-10-13 | 武汉空心科技有限公司 | Software development working platform interface visualization method |
| CN112134761A (en) * | 2020-09-23 | 2020-12-25 | 国网四川省电力公司电力科学研究院 | Electric power Internet of things terminal vulnerability detection method and system based on firmware analysis |
| CN112148602A (en) * | 2020-09-17 | 2020-12-29 | 云南电网有限责任公司信息中心 | Source code security analysis method based on history optimization feature intelligent learning |
| CN113722721A (en) * | 2021-11-03 | 2021-11-30 | 北京鸿渐科技有限公司 | Value dependency graph-based source library mode Java security vulnerability detection method |
| CN116467717A (en) * | 2023-04-12 | 2023-07-21 | 广东南华工商职业学院 | Cloud service application program vulnerability analysis method and system based on attack big data |
| CN117349187A (en) * | 2023-12-05 | 2024-01-05 | 北京北大软件工程股份有限公司 | Model persistence-based interactive vulnerability analysis method and system |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101873323A (en) * | 2010-06-21 | 2010-10-27 | 南京邮电大学 | Web service platform based on program slicing technique |
-
2011
- 2011-12-22 CN CN2011104354340A patent/CN102622556A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101873323A (en) * | 2010-06-21 | 2010-10-27 | 南京邮电大学 | Web service platform based on program slicing technique |
Non-Patent Citations (2)
| Title |
|---|
| 刘然: "基于程序切片的Web服务安全分析工具设计及实现", 《中国优秀硕士学位论文全文数据库》, no. 14, 15 December 2011 (2011-12-15), pages 139 - 320 * |
| 符炜等: "一种基于函数依赖图的构件抽取方法", 《南京邮电大学学报:自然科学版》, vol. 30, no. 6, 31 December 2010 (2010-12-31), pages 79 - 81 * |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103699480B (en) * | 2013-11-29 | 2016-03-23 | 杭州安恒信息技术有限公司 | A kind of WEB dynamic security leak detection method based on JAVA |
| CN103699480A (en) * | 2013-11-29 | 2014-04-02 | 杭州安恒信息技术有限公司 | WEB dynamic security flaw detection method based on JAVA |
| CN103685258A (en) * | 2013-12-06 | 2014-03-26 | 北京奇虎科技有限公司 | Method and device for fast scanning website loopholes |
| CN103971055A (en) * | 2014-04-28 | 2014-08-06 | 南京邮电大学 | Android malicious software detection method based on program slicing technology |
| CN103971055B (en) * | 2014-04-28 | 2016-09-14 | 南京邮电大学 | A kind of Android malware detection method based on program slicing technique |
| CN104598227A (en) * | 2014-12-31 | 2015-05-06 | 国家电网公司 | Method for modifying content of system presentation page |
| CN106295334B (en) * | 2015-06-05 | 2019-07-26 | 阿里巴巴集团控股有限公司 | Ile repair method and device |
| CN106295334A (en) * | 2015-06-05 | 2017-01-04 | 阿里巴巴集团控股有限公司 | Ile repair method and device |
| CN106980495A (en) * | 2016-11-18 | 2017-07-25 | 东南大学 | A kind of function reusability metrics method based on program slice |
| CN106980495B (en) * | 2016-11-18 | 2020-04-14 | 东南大学 | Function reusability measurement method based on program slice |
| CN108268773A (en) * | 2016-12-30 | 2018-07-10 | 南京理工大学 | Safety detecting method is locally stored in Android application upgrade packets |
| CN108268773B (en) * | 2016-12-30 | 2021-12-28 | 南京理工大学 | Android application upgrade package local storage security detection method |
| CN108089893B (en) * | 2017-12-14 | 2021-03-16 | 网易(杭州)网络有限公司 | Method and device for determining redundant resources, terminal equipment and storage medium |
| CN108089893A (en) * | 2017-12-14 | 2018-05-29 | 网易(杭州)网络有限公司 | Definite method, apparatus, terminal device and the storage medium of redundant resource |
| CN109635567A (en) * | 2019-01-29 | 2019-04-16 | 腾讯科技(深圳)有限公司 | For the method for calibration of applications client, device and server platform |
| CN109635567B (en) * | 2019-01-29 | 2022-12-16 | 腾讯科技(深圳)有限公司 | Verification method and device for application client and server platform |
| CN110309656A (en) * | 2019-05-27 | 2019-10-08 | 南京航空航天大学 | A kind of implicit type conversion safety detecting method |
| CN110309656B (en) * | 2019-05-27 | 2023-05-12 | 南京航空航天大学 | Implicit type conversion security detection method |
| CN111767044A (en) * | 2020-07-04 | 2020-10-13 | 武汉空心科技有限公司 | Software development working platform interface visualization method |
| CN112148602A (en) * | 2020-09-17 | 2020-12-29 | 云南电网有限责任公司信息中心 | Source code security analysis method based on history optimization feature intelligent learning |
| CN112148602B (en) * | 2020-09-17 | 2023-03-28 | 云南电网有限责任公司信息中心 | Source code security analysis method based on history optimization feature intelligent learning |
| CN112134761A (en) * | 2020-09-23 | 2020-12-25 | 国网四川省电力公司电力科学研究院 | Electric power Internet of things terminal vulnerability detection method and system based on firmware analysis |
| CN113722721A (en) * | 2021-11-03 | 2021-11-30 | 北京鸿渐科技有限公司 | Value dependency graph-based source library mode Java security vulnerability detection method |
| CN116467717A (en) * | 2023-04-12 | 2023-07-21 | 广东南华工商职业学院 | Cloud service application program vulnerability analysis method and system based on attack big data |
| CN117349187A (en) * | 2023-12-05 | 2024-01-05 | 北京北大软件工程股份有限公司 | Model persistence-based interactive vulnerability analysis method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102622556A (en) | Web service security analysis method based on program slicing technique | |
| Di Angelo et al. | A survey of tools for analyzing ethereum smart contracts | |
| Liu et al. | A survey on security verification of blockchain smart contracts | |
| Feist et al. | Slither: a static analysis framework for smart contracts | |
| Guha et al. | Verified security for browser extensions | |
| Salis et al. | Pycg: Practical call graph generation in python | |
| Maffeis et al. | Language-based isolation of untrusted Javascript | |
| US8402547B2 (en) | Apparatus and method for detecting, prioritizing and fixing security defects and compliance violations in SAP® ABAP™ code | |
| US8452754B2 (en) | Static analysis framework for database applications | |
| Nguyen et al. | Cross-language program slicing for dynamic web applications | |
| CN105184152B (en) | A kind of mobile terminal data processing method | |
| Huang et al. | Detecting sensitive data disclosure via bi-directional text correlation analysis | |
| Kneuss et al. | Phantm: PHP analyzer for type mismatch | |
| Pérez et al. | Lapse+ static analysis security software: Vulnerabilities detection in java ee applications | |
| Chen et al. | DroidCIA: A novel detection method of code injection attacks on HTML5-based mobile apps | |
| Mitropoulos et al. | Time present and time past: analyzing the evolution of JavaScript code in the wild | |
| Bello et al. | Towards a taint mode for cloud computing web applications | |
| CN102141959A (en) | Test case generation method restrained by context-free grammar | |
| Zafar et al. | Sol2js: translating solidity contracts into javascript for hyperledger fabric | |
| Wang et al. | An empirical study on real bug fixes from solidity smart contract projects | |
| Sayed et al. | If-transpiler: Inlining of hybrid flow-sensitive security monitor for JavaScript | |
| Zhang et al. | Checking conformance of applications against GUI policies | |
| Steinhauser et al. | DjangoChecker: Applying extended taint tracking and server side parsing for detection of context‐sensitive XSS flaws | |
| Silva et al. | Identifying classes in legacy JavaScript code | |
| Wang et al. | An empirical study of solidity language features |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120801 |