Security slicing for auditing XML, XPath, and SQL injection vulnerabilities

Author

Julian THOME
Lwin Khin SHAR, Singapore Management UniversityFollow
Lionel BRIAND

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

11-2015

Abstract

XML, XPath, and SQL injection vulnerabilities are among the most common and serious security issues for Web applications and Web services. Thus, it is important for security auditors to ensure that the implemented code is, to the extent possible, free from these vulnerabilities before deployment. Although existing taint analysis approaches could automatically detect potential vulnerabilities in source code, they tend to generate many false warnings. Furthermore, the produced traces, i.e. dataflow paths from input sources to security-sensitive operations, tend to be incomplete or to contain a great deal of irrelevant information. Therefore, it is difficult to identify real vulnerabilities and determine their causes. One suitable approach to support security auditing is to compute a program slice for each security-sensitive operation, since it would contain all the information required for performing security audits (Soundness). A limitation, however, is that such slices may also contain information that is irrelevant to security (Precision), thus raising scalability issues for security audits. In this paper, we propose an approach to assist security auditors by defining and experimenting with pruning techniques to reduce original program slices to what we refer to as security slices, which contain sound and precise information. To evaluate the proposed pruning mechanism by using a number of open source benchmarks, we compared our security slices with the slices generated by a state-of-the-art program slicing tool. On average, our security slices are 80% smaller than the original slices, thus suggesting significant reduction in auditing costs.

Keywords

Security auditing, static analysis, vulnerability

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Proceedings of the 26th International Symposium on Software Reliability Engineering (ISSRE), Gaithersbury, USA, 2015 November 2-5

First Page

553

Last Page

564

Identifier

10.1109/ISSRE.2015.7381847

Publisher

IEEE

City or Country

Gaithersbury, USA

Citation

THOME, Julian; SHAR, Lwin Khin; and BRIAND, Lionel. Security slicing for auditing XML, XPath, and SQL injection vulnerabilities. (2015). Proceedings of the 26th International Symposium on Software Reliability Engineering (ISSRE), Gaithersbury, USA, 2015 November 2-5. 553-564.
Available at: https://ink.library.smu.edu.sg/sis_research/4778

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/ISSRE.2015.7381847