CN113220525A - Cross-application dynamic taint tracking method - Google Patents
Cross-application dynamic taint tracking method Download PDFInfo
- Publication number
- CN113220525A CN113220525A CN202110468520.5A CN202110468520A CN113220525A CN 113220525 A CN113220525 A CN 113220525A CN 202110468520 A CN202110468520 A CN 202110468520A CN 113220525 A CN113220525 A CN 113220525A
- Authority
- CN
- China
- Prior art keywords
- application
- data
- coordinate information
- pollution
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000006399 behavior Effects 0.000 claims abstract description 27
- 239000000284 extract Substances 0.000 claims abstract description 7
- 238000005516 engineering process Methods 0.000 description 9
- 238000004458 analytical method Methods 0.000 description 3
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001902 propagating effect Effects 0.000 description 1
- 238000009781 safety test method Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3051—Monitoring arrangements for monitoring the configuration of the computing system or of the computing system component, e.g. monitoring the presence of processing resources, peripherals, I/O links, software programs
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a cross-application dynamic taint tracking method, which comprises the following steps: the method comprises the following steps: performing instrumentation on the application behaviors in the detected application, and acquiring application behavior data by an instrumentation program when the application behaviors are used by the detected application; step two: judging whether the application behavior data contains pollution data or not, if so, extracting the coordinate information of the pollution data and marking; step three: after receiving the application behaviors, the other application judges whether the application behaviors have mark information of the pollution data coordinate information or not, and if the mark information exists, the other application extracts and obtains the pollution data coordinate information; step four: and tracking the coordinate information of the pollution data. In the invention, a taint tracking information domain is added in an http message header between applications, and a single application analyzes the taint tracking information domain after receiving a request, extracts the mark and tracking information of the pollution data from the taint tracking information domain, thereby continuously tracking the spread of the pollution data in the application.
Description
Technical Field
The invention relates to the technical field of interactive safety testing, in particular to a cross-application dynamic stain tracking method.
Background
The dynamic taint analysis technique is an effective and practical information flow analysis technique. By utilizing the dynamic taint analysis technology, the information flow of the application program in the running process can be monitored more accurately, for example, whether sensitive data are transmitted to a preset safety sensitive operation point from a preset taint source or not is tracked. The dynamic taint analysis technique generally consists of three key technical links: stain introduction, stain spread, and stain inspection. The taint introduction means that when data is read from a preset taint source, a corresponding taint value needs to be set for the read data. Taint propagation refers to propagating taint values according to a set strategy in the process of processing taint data by an application program. The taint check is to check whether the operated data is taint data at a preset safety-sensitive operation point.
Nowadays, dynamic taint tracking technology is widely used for interactive application security testing and sensitive information tracking. With the development of the internet, computer services have deepened into the lives of people, the traffic of the services is increasing day by day, more and more Web services need to use technologies such as micro-services and distributed technologies to load huge computing pressure, and the traditional dynamic taint tracking technology cannot be used in the face of new scenes and new technologies.
Disclosure of Invention
The invention aims to solve the technical problems and provides a cross-application dynamic taint tracking method.
The technical scheme adopted by the invention for solving the technical problems is as follows: a cross-application dynamic taint tracking method, comprising the steps of:
the method comprises the following steps: performing instrumentation on the application behaviors in the detected application, and acquiring application behavior data by an instrumentation program when the application behaviors are used by the detected application;
step two: judging whether the application behavior data contains pollution data or not, if so, extracting the coordinate information of the pollution data and marking;
step three: after receiving the application behaviors, the other application judges whether the application behaviors have mark information of the pollution data coordinate information or not, and if the mark information exists, the other application extracts and obtains the pollution data coordinate information;
step four: and tracking the coordinate information of the pollution data.
Preferably, the application behavior includes a method for sending an http request to the outside, and the first step includes the following steps: and performing instrumentation on the method for sending the http request to the outside in the detected application, wherein when the detected application sends the http request to the outside by using the method, the instrumentation program obtains data for sending the http request to the outside.
Preferably, step two includes the following: and judging whether the data which sends the http request to the outside has polluted data or not in the first step, if so, extracting coordinates of the data to generate polluted data coordinate information, and adding the polluted data coordinate information into a header which sends the http request to the outside by a fixed key value.
Preferably, step three includes the following: and after receiving the request sent in the first step, the other application judges whether a fixed key in the header of the request exists, if so, the value of the fixed key is extracted, and the coordinate information of the pollution data is obtained.
Preferably, step four includes the following: and C, putting the coordinate information of the pollution data obtained in the step three into a cache and tracking the coordinate information, and in the subsequent program execution flow, if the requested data is extracted and the data extracted from the cache in which the coordinate information of the pollution data is stored is pointed by the coordinate of the data, setting the data as a pollution source.
The invention has the beneficial effects that:
1. in the invention, a taint tracking information domain is added in an Http message header between applications, and a single application analyzes the taint tracking information domain after receiving a request and extracts a mark and tracking information of pollution data from the taint tracking information domain, thereby continuously tracking the spread of the pollution data in the application;
2. the invention expands the capability of the taint tracking technology on the basis of the taint tracking technology, so that the taint tracking technology can be compatible with scenes in which pollution data are spread among applications using an http protocol.
Drawings
FIG. 1 is a schematic overview of the process of the present invention.
Detailed Description
The present invention will be further described with reference to the accompanying drawings and embodiments.
As shown in FIG. 1, the invention relates to a cross-application dynamic taint tracking method, which comprises the following steps:
the method comprises the following steps: performing instrumentation on the application behaviors in the detected application, and acquiring application behavior data by an instrumentation program when the application behaviors are used by the detected application;
step two: judging whether the application behavior data contains pollution data or not, if so, extracting the coordinate information of the pollution data and marking;
step three: after receiving the application behaviors, the other application judges whether the application behaviors have mark information of the pollution data coordinate information or not, and if the mark information exists, the other application extracts and obtains the pollution data coordinate information;
step four: and tracking the coordinate information of the pollution data.
The application behavior comprises a method for sending an http request to the outside, and the first step comprises the following steps: and performing instrumentation on the method for sending the http request to the outside in the detected application, wherein when the detected application sends the http request to the outside by using the method, the instrumentation program obtains data for sending the http request to the outside.
The second step comprises the following contents: and judging whether the data which sends the http request to the outside has polluted data or not in the first step, if so, extracting coordinates of the data to generate polluted data coordinate information, and adding the polluted data coordinate information into a header which sends the http request to the outside by a fixed key value.
The third step comprises the following steps: and after receiving the request sent in the first step, the other application judges whether a fixed key in the header of the request exists, if so, the value of the fixed key is extracted, and the coordinate information of the pollution data is obtained.
The fourth step comprises the following steps: and C, putting the coordinate information of the pollution data obtained in the step three into a cache and tracking the coordinate information, and in the subsequent program execution flow, if the requested data is extracted and the data extracted from the cache in which the coordinate information of the pollution data is stored is pointed by the coordinate of the data, setting the data as a pollution source.
In this embodiment, there are various implementation methods for the detected application to send the http request to the outside, and in this embodiment, the http policy of apache is used.
In this embodiment, the instrumentation program in step two may obtain the parameter request of the execute method, and extract the requested data from the parameter request through the java reflection characteristic, such as a header, a bob, a querystring, a cookie, and the like, and if the 5 th to 10 th characters of the header whose key is the value of the name are the pollution data, generate the pollution data coordinate information: header, name, value, 5, 5. That is, the value part of the header with the key of the name in the request contains the dirty data, which starts from the 5 th character and has the length of 5.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (5)
1. A cross-application dynamic taint tracking method, characterized by:
the method comprises the following steps:
the method comprises the following steps: performing instrumentation on the application behaviors in the detected application, and acquiring application behavior data by an instrumentation program when the application behaviors are used by the detected application;
step two: judging whether the application behavior data contains pollution data or not, if so, extracting the coordinate information of the pollution data and marking;
step three: after receiving the application behaviors, the other application judges whether the application behaviors have mark information of the pollution data coordinate information or not, and if the mark information exists, the other application extracts and obtains the pollution data coordinate information;
step four: and tracking the coordinate information of the pollution data.
2. The cross-application dynamic taint tracking method according to claim 1, characterized in that: the application behavior comprises a method for sending an http request to the outside, and the first step comprises the following steps: and performing instrumentation on the method for sending the http request to the outside in the detected application, wherein when the detected application sends the http request to the outside by using the method, the instrumentation program obtains data for sending the http request to the outside.
3. The cross-application dynamic taint tracking method according to claim 2, characterized in that: the second step comprises the following contents: and judging whether the data which sends the http request to the outside has polluted data or not in the first step, if so, extracting coordinates of the data to generate polluted data coordinate information, and adding the polluted data coordinate information into a header which sends the http request to the outside by a fixed key value.
4. The cross-application dynamic taint tracking method according to claim 3, characterized in that: the third step comprises the following steps: and after receiving the request sent in the first step, the other application judges whether a fixed key in the header of the request exists, if so, the value of the fixed key is extracted, and the coordinate information of the pollution data is obtained.
5. The cross-application dynamic taint tracking method according to claim 4, characterized in that: the fourth step comprises the following steps: and C, putting the coordinate information of the pollution data obtained in the step three into a cache and tracking the coordinate information, and in the subsequent program execution flow, if the requested data is extracted and the data extracted from the cache in which the coordinate information of the pollution data is stored is pointed by the coordinate of the data, setting the data as a pollution source.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110468520.5A CN113220525A (en) | 2021-04-28 | 2021-04-28 | Cross-application dynamic taint tracking method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110468520.5A CN113220525A (en) | 2021-04-28 | 2021-04-28 | Cross-application dynamic taint tracking method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113220525A true CN113220525A (en) | 2021-08-06 |
Family
ID=77089876
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110468520.5A Pending CN113220525A (en) | 2021-04-28 | 2021-04-28 | Cross-application dynamic taint tracking method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113220525A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114138681A (en) * | 2022-01-29 | 2022-03-04 | 深圳开源互联网安全技术有限公司 | Taint data tracking method and device and computer readable storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110145918A1 (en) * | 2009-12-15 | 2011-06-16 | Jaeyeon Jung | Sensitive data tracking using dynamic taint analysis |
| CN102306098A (en) * | 2011-08-18 | 2012-01-04 | 电子科技大学 | Implicit taint propagation system and scheme thereof |
| CN103995782A (en) * | 2014-06-17 | 2014-08-20 | 电子科技大学 | Taint analyzing method based on taint invariable set |
| CN104765687A (en) * | 2015-04-10 | 2015-07-08 | 江西师范大学 | J2EE (Java 2 Enterprise Edition) program bug detection method based on object tracking and taint analysis |
| CN104778419A (en) * | 2015-04-15 | 2015-07-15 | 华中科技大学 | User privacy data protection method based on dynamic data flow tracking under cloud environment |
| CN104995630A (en) * | 2012-08-29 | 2015-10-21 | 惠普发展公司,有限责任合伙企业 | Security scan based on dynamic taint |
| CN108875366A (en) * | 2018-05-23 | 2018-11-23 | 四川大学 | A kind of SQL injection behavioral value system towards PHP program |
| CN111212029A (en) * | 2019-12-11 | 2020-05-29 | 杭州孝道科技有限公司 | Sensitive data monitoring and tracking method |
-
2021
- 2021-04-28 CN CN202110468520.5A patent/CN113220525A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110145918A1 (en) * | 2009-12-15 | 2011-06-16 | Jaeyeon Jung | Sensitive data tracking using dynamic taint analysis |
| CN102306098A (en) * | 2011-08-18 | 2012-01-04 | 电子科技大学 | Implicit taint propagation system and scheme thereof |
| CN104995630A (en) * | 2012-08-29 | 2015-10-21 | 惠普发展公司,有限责任合伙企业 | Security scan based on dynamic taint |
| CN103995782A (en) * | 2014-06-17 | 2014-08-20 | 电子科技大学 | Taint analyzing method based on taint invariable set |
| CN104765687A (en) * | 2015-04-10 | 2015-07-08 | 江西师范大学 | J2EE (Java 2 Enterprise Edition) program bug detection method based on object tracking and taint analysis |
| CN104778419A (en) * | 2015-04-15 | 2015-07-15 | 华中科技大学 | User privacy data protection method based on dynamic data flow tracking under cloud environment |
| CN108875366A (en) * | 2018-05-23 | 2018-11-23 | 四川大学 | A kind of SQL injection behavioral value system towards PHP program |
| CN111212029A (en) * | 2019-12-11 | 2020-05-29 | 杭州孝道科技有限公司 | Sensitive data monitoring and tracking method |
Non-Patent Citations (2)
| Title |
|---|
| 李伟明等: "基于动态污点跟踪的敏感文件泄露检测方法", 《华中科技大学学报(自然科学版)》 * |
| 颜艺林: "基于动态污点跟踪的敏感信息泄露检测方法", 《中国优秀博硕士学位论文全文数据库(硕士)》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114138681A (en) * | 2022-01-29 | 2022-03-04 | 深圳开源互联网安全技术有限公司 | Taint data tracking method and device and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110431828B (en) | DNS tunnel detection based on domain name system DNS log and network data | |
| US8949990B1 (en) | Script-based XSS vulnerability detection | |
| CN105871850B (en) | Crawler detection method and system | |
| KR100723867B1 (en) | Apparatus and method for blocking access to phishing web page | |
| US8433785B2 (en) | System and method for detecting internet bots | |
| CN103888490B (en) | A kind of man-machine knowledge method for distinguishing of full automatic WEB client side | |
| CN104348803B (en) | Link kidnaps detection method, device, user equipment, Analysis server and system | |
| US20150156214A1 (en) | Detection and prevention of online user interface manipulation via remote control | |
| CN103139138B (en) | A kind of application layer denial of service means of defence based on client detection and system | |
| EP3058472A2 (en) | System and method for reporting on automated browser agents | |
| US20090187442A1 (en) | Feedback augmented object reputation service | |
| CN101964025A (en) | XSS (Cross Site Scripting) detection method and device | |
| CN111885007B (en) | Information tracing method, device, system and storage medium | |
| US9251367B2 (en) | Device, method and program for preventing information leakage | |
| CN113518077A (en) | Malicious web crawler detection method, device, equipment and storage medium | |
| CN104901962B (en) | A kind of detection method and device of web page attacks data | |
| CN103297394A (en) | Website security detection method and device | |
| Feiertag et al. | Intrusion detection inter-component adaptive negotiation | |
| CN112565226A (en) | Request processing method, device, equipment and system and user portrait generation method | |
| CN109040128B (en) | WAF reverse proxy detection method based on offline pcap flow packet | |
| CN108600145B (en) | Method and device for determining DDoS attack equipment | |
| Gupta et al. | Prevention of cross-site scripting vulnerabilities using dynamic hash generation technique on the server side | |
| CN113220525A (en) | Cross-application dynamic taint tracking method | |
| KR101259910B1 (en) | Apparatus and method for detecting modified uniform resource locator | |
| KR102159399B1 (en) | Device for monitoring web server and analysing malicious code |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210806 |