Security slicing for auditing XML, XPath, and SQL injection vulnerabilities

Julian Thomé, Lwin Khin Shar, Lionel Briand

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

XML, XPath, and SQL injection vulnerabilities are among the most common and serious security issues for Web applications and Web services. Thus, it is important for security auditors to ensure that the implemented code is, to the extent possible, free from these vulnerabilities before deployment. Although existing taint analysis approaches could automatically detect potential vulnerabilities in source code, they tend to generate many false warnings. Furthermore, the produced traces, i.e. dataflow paths from input sources to security-sensitive operations, tend to be incomplete or to contain a great deal of irrelevant information. Therefore, it is difficult to identify real vulnerabilities and determine their causes. One suitable approach to support security auditing is to compute a program slice for each security-sensitive operation, since it would contain all the information required for performing security audits (Soundness). A limitation, however, is that such slices may also contain information that is irrelevant to security (Precision), thus raising scalability issues for security audits. In this paper, we propose an approach to assist security auditors by defining and experimenting with pruning techniques to reduce original program slices to what we refer to as security slices, which contain sound and precise information. To evaluate the proposed pruning mechanism by using a number of open source benchmarks, we compared our security slices with the slices generated by a state-of-the-art program slicing tool. On average, our security slices are 80% smaller than the original slices, thus suggesting significant reduction in auditing costs.

Original languageEnglish
Title of host publication2015 IEEE 26th International Symposium on Software Reliability Engineering, ISSRE 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages553-564
Number of pages12
ISBN (Electronic)9781509004065
DOIs
Publication statusPublished - 13 Jan 2016
Externally publishedYes
Event26th IEEE International Symposium on Software Reliability Engineering, ISSRE 2015 - Gaithersbury, United States
Duration: 2 Nov 20155 Nov 2015

Publication series

Name2015 IEEE 26th International Symposium on Software Reliability Engineering, ISSRE 2015

Conference

Conference26th IEEE International Symposium on Software Reliability Engineering, ISSRE 2015
Country/TerritoryUnited States
CityGaithersbury
Period2/11/155/11/15

Keywords

  • Security auditing
  • static analysis
  • vulnerability

Fingerprint

Dive into the research topics of 'Security slicing for auditing XML, XPath, and SQL injection vulnerabilities'. Together they form a unique fingerprint.

Cite this