Java網頁程式安全弱點驗證之測試案例產生工具 / Test Case Generation for Verifying Security Vulnerabilities in Java Web Applications

黃于育, Huang, Yu Yu

Unknown Date

近年來隨著網路的發達，網頁應用程式也跟著快速且普遍化地發展。網頁應用程式快速盛行卻忽略程式設計時的安全性考量，進而成為網路駭客的攻擊目標。因此，網頁應用程式的安全議題日益重要。目前已有許多網頁應用程式安全弱點的相關研究，以程式分析的技術找出弱點，主要分成靜態分析與動態分析兩大類。但無論是使用靜態或是動態的分析方法，仍有其不完美的地方。其中靜態分析結果完備但會產生過多弱點誤報；動態分析結果準確率高但會因為測試案例的不完備而造成弱點的漏報。因此，本論文研究結合了動靜態分析，利用靜態分析方法發展一套測試案例產生工具；再結合動態分析方法隨著測試案例的執行來追蹤測試資料並作弱點的驗證，以達到沒有弱點漏報的產生以及改善弱點誤報的目標。 本論文研究的重點集中在以靜態分析技術產生涵蓋目標程式中所有可執行路徑的測試案例。我們應用測試案例產生常見的符號化執行技巧，利用程式的路徑限制蒐集與解決來達成測試案例產生。實作上我們利用跨程序性路徑分析找出目標程式中所有潛在弱點的路徑，再以反向路徑限制蒐集將限制資訊完整蒐集；最後交給限制分析器解限制並產生測試案例。接著利用剖面導向程式語言AspectJ的程式插碼技術實現動態的汙染資料流分析，配合產生的測試案執行程式觸發動態的汙染資料流分析並產生可信賴的弱點分析結果。 / Due to the rapid development of the internet in recent years, web applications have become very popular and ubiquitous. However, developers may neglect the issues of security while designing a program so that web applications become the targets of attackers. Hence, the issue of web application vulnerabilities has become very crucial. There have been many research results of web application security vulnerabilities and many of them exploit the technique of program analysis to detect vulnerabilities. These analysis approaches can be can basically be categorized into dynamic analysis and static analysis. However, both of them still have their own problems to be improved. Specifically static analysis supports high coverage of vulnerabilities, but causes too many false positives. As for the dynamic analysis, although it produces high confident results, yet it may cause false negatives without complete test cases. In this thesis, we integrate both static analysis and dynamic analysis to achieve the objectives that no false negatives are produced and reduce false positives. We develop a test case generation tool by the static analysis approach and a program execution tool that dynamically track the execution of the target program with those test data to detect its vulnerabilities. Our test case generation tool first employs both intra- and inter-procedural analysis to cover all vulnerable paths in a program, and then apply the symbolic execution technique to collect all path constraints. With these collected constraints, we use a constraint solver to solve them and finally generate the test cases. As to the execution tool, it utilizes the instrumentation mechanism provided by the aspect-oriented programming language AspectJ to implement a dynamic taint analysis that tracks the flow of tainted data derived from those generated test cases. As a result, all vulnerable program paths will be detected by our tools.

測試案例產生

符號化執行

網頁應用程式

靜態分析

動態分析

汙染資料流分析

Test case generation

Symbolic execution

Web application

Static analysis

Dynamic analysis

Taint analysis

Automated Performance Test Generation and Comparison for Complex Data Structures - Exemplified on High-Dimensional Spatio-Temporal Indices

Menninghaus, Mathias

23 August 2018

There exist numerous approaches to index either spatio-temporal or high-dimensional data. None of them is able to efficiently index hybrid data types, thus spatio-temporal and high-dimensional data. As the best high-dimensional indexing techniques are only able to index point-data and not now-relative data and the best spatio-temporal indexing techniques suffer from the curse of dimensionality, this thesis introduces the Spatio-Temporal Pyramid Adapter (STPA). The STPA maps spatio-temporal data on points, now-values on the median of the data set and indexes them with the pyramid technique. For high-dimensional and spatio-temporal index structures no generally accepted benchmark exists. Most index structures are only evaluated by custom benchmarks and compared to a tiny set of competitors. Benchmarks may be biased as a structure may be created to perform well in a certain benchmark or a benchmark does not cover a certain speciality of the investigated structures. In this thesis, the Interface Based Performance Comparison (IBPC) technique is introduced. It automatically generates test sets with a high code coverage on the system under test (SUT) on the basis of all functions defined by a certain interface which all competitors support. Every test set is performed on every SUT and the performance results are weighted by the achieved coverage and summed up. These weighted performance results are then used to compare the structures. An implementation of the IBPC, the Performance Test Automation Framework (PTAF) is compared to a classic custom benchmark, a workload generator whose parameters are optimized by a genetic algorithm and a specific PTAF alternative which incorporates the specific behavior of the systems under test. This is done for a set of two high-dimensional spatio-temporal indices and twelve variants of the R-tree. The evaluation indicates that PTAF performs at least as good as the other approaches in terms of minimal test cases with a maximized coverage. Several case studies on PTAF demonstrate its widespread abilities.

performance tests

test case generation

benchmark generation

workload generation

indexing

access methods

high-dimensional

spatio-temporal

subway-track planning

performance comparison

algorithm engineering

performance measurement

java

software engineering

54.62 - Datenstrukturen

54.52 - Software engineering

D.2.5 - Testing and Debugging

D.2.8 - Metrics

E.1 - DATA STRUCTURES

D.2.2 - Design Tools and Techniques

ddc:004