Language-agnostic Injection Detection

2020 IEEE Security and Privacy Workshops (SPW) Pub Date : 2020-05-01 DOI:10.1109/SPW50608.2020.00060

Lars Hermerschmidt, A. Straub, Goran Piskachev

{"title":"Language-agnostic Injection Detection","authors":"Lars Hermerschmidt, A. Straub, Goran Piskachev","doi":"10.1109/SPW50608.2020.00060","DOIUrl":null,"url":null,"abstract":"Formal languages are ubiquitous wherever software systems need to exchange or store data. Unparsing into and parsing from such languages is an error-prone process that has spawned an entire class of security vulnerabilities. There has been ample research into finding vulnerabilities on the parser side, but outside of language specific approaches, few techniques targeting unparser vulnerabilities exist. This work presents a language-agnostic approach for spotting injection vulnerabilities in unparsers. It achieves this by mining unparse trees using dynamic taint analysis to extract language keywords, which are leveraged for guided fuzzing. Vulnerabilities can thus be found without requiring prior knowledge about the formal language, and in fact, the approach is even applicable where no specification thereof exists at all. This empowers security researchers and developers alike to gain deeper understanding of unparser implementations through examination of the unparse trees generated by the approach, as well as enabling them to find new vulnerabilities in poorly-understood software. This work presents a language-agnostic approach for spotting injection vulnerabilities in unparsers. It achieves this by mining unparse trees using dynamic taint analysis to extract language keywords, which are leveraged for guided fuzzing. Vulnerabilities can thus be found without requiring prior knowledge about the formal language, and in fact, the approach is even applicable where no specification thereof exists at all. This empowers security researchers and developers alike to gain deeper understanding of unparser implementations through examination of the unparse trees generated by the approach, as well as enabling them to find new vulnerabilities in poorly-understood software.","PeriodicalId":413600,"journal":{"name":"2020 IEEE Security and Privacy Workshops (SPW)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE Security and Privacy Workshops (SPW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SPW50608.2020.00060","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Formal languages are ubiquitous wherever software systems need to exchange or store data. Unparsing into and parsing from such languages is an error-prone process that has spawned an entire class of security vulnerabilities. There has been ample research into finding vulnerabilities on the parser side, but outside of language specific approaches, few techniques targeting unparser vulnerabilities exist. This work presents a language-agnostic approach for spotting injection vulnerabilities in unparsers. It achieves this by mining unparse trees using dynamic taint analysis to extract language keywords, which are leveraged for guided fuzzing. Vulnerabilities can thus be found without requiring prior knowledge about the formal language, and in fact, the approach is even applicable where no specification thereof exists at all. This empowers security researchers and developers alike to gain deeper understanding of unparser implementations through examination of the unparse trees generated by the approach, as well as enabling them to find new vulnerabilities in poorly-understood software. This work presents a language-agnostic approach for spotting injection vulnerabilities in unparsers. It achieves this by mining unparse trees using dynamic taint analysis to extract language keywords, which are leveraged for guided fuzzing. Vulnerabilities can thus be found without requiring prior knowledge about the formal language, and in fact, the approach is even applicable where no specification thereof exists at all. This empowers security researchers and developers alike to gain deeper understanding of unparser implementations through examination of the unparse trees generated by the approach, as well as enabling them to find new vulnerabilities in poorly-understood software.

查看原文本刊更多论文

语言无关的注入检测

在软件系统需要交换或存储数据的地方，形式语言无处不在。对这些语言进行反解析和从这些语言进行解析是一个容易出错的过程，它产生了一整类安全漏洞。在寻找解析器方面的漏洞方面已经进行了大量的研究，但是除了特定于语言的方法之外，针对非解析器漏洞的技术很少。这项工作提出了一种语言无关的方法来发现解析器中的注入漏洞。它通过使用动态污点分析挖掘非解析树来提取语言关键字来实现这一点，这些关键字用于引导模糊测试。因此，可以发现漏洞，而不需要事先了解形式语言，事实上，该方法甚至适用于根本没有规范的地方。这使安全研究人员和开发人员能够通过检查由该方法生成的反解析树来更深入地了解反解析器实现，并使他们能够在不太了解的软件中发现新的漏洞。这项工作提出了一种语言无关的方法来发现解析器中的注入漏洞。它通过使用动态污点分析挖掘非解析树来提取语言关键字来实现这一点，这些关键字用于引导模糊测试。因此，可以发现漏洞，而不需要事先了解形式语言，事实上，该方法甚至适用于根本没有规范的地方。这使安全研究人员和开发人员能够通过检查由该方法生成的反解析树来更深入地了解反解析器实现，并使他们能够在不太了解的软件中发现新的漏洞。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE Security and Privacy Workshops (SPW)

自引率

0.00%

发文量