{"title":"将静态污点分析仪应用于软件市场:大规模漏洞检测的杠杆点?","authors":"Daniel Krohmer, Kunal Sharma, Shih-Kung Chen","doi":"10.1145/3560835.3564553","DOIUrl":null,"url":null,"abstract":"Improper input validation is still one of the most severe problem classes in web application security, although there are concepts with a good problem-solution fit, such as static taint analysis. In practice, however, existing static taint analyzers suffer from both high false positive and false negative rates, making them impractical for effective detection of new vulnerabilities. In this work, we present an approach that aims to systematically specialize existing taint analyzers toward software marketplaces to improve both recall and precision of their analyses. To validate whether our approach is suitable for finding new vulnerabilities in web applications, we applied a specialized taint-analyzer to a random sample of 1,000 plugins from the WordPress plugin store. As a result, we were able to disclose ten CVE entries, including two vulnerabilities with a high or even critical CVSS score. Our preliminary results indicate the principle feasibility of our approach and show that it may be suitable for mass vulnerability detection in software marketplaces, providing a promising foundation for future works in this domain.","PeriodicalId":208151,"journal":{"name":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Adapting Static Taint Analyzers to Software Marketplaces: A Leverage Point for Mass Vulnerability Detection?\",\"authors\":\"Daniel Krohmer, Kunal Sharma, Shih-Kung Chen\",\"doi\":\"10.1145/3560835.3564553\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Improper input validation is still one of the most severe problem classes in web application security, although there are concepts with a good problem-solution fit, such as static taint analysis. In practice, however, existing static taint analyzers suffer from both high false positive and false negative rates, making them impractical for effective detection of new vulnerabilities. In this work, we present an approach that aims to systematically specialize existing taint analyzers toward software marketplaces to improve both recall and precision of their analyses. To validate whether our approach is suitable for finding new vulnerabilities in web applications, we applied a specialized taint-analyzer to a random sample of 1,000 plugins from the WordPress plugin store. As a result, we were able to disclose ten CVE entries, including two vulnerabilities with a high or even critical CVSS score. Our preliminary results indicate the principle feasibility of our approach and show that it may be suitable for mass vulnerability detection in software marketplaces, providing a promising foundation for future works in this domain.\",\"PeriodicalId\":208151,\"journal\":{\"name\":\"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-11-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3560835.3564553\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3560835.3564553","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Adapting Static Taint Analyzers to Software Marketplaces: A Leverage Point for Mass Vulnerability Detection?
Improper input validation is still one of the most severe problem classes in web application security, although there are concepts with a good problem-solution fit, such as static taint analysis. In practice, however, existing static taint analyzers suffer from both high false positive and false negative rates, making them impractical for effective detection of new vulnerabilities. In this work, we present an approach that aims to systematically specialize existing taint analyzers toward software marketplaces to improve both recall and precision of their analyses. To validate whether our approach is suitable for finding new vulnerabilities in web applications, we applied a specialized taint-analyzer to a random sample of 1,000 plugins from the WordPress plugin store. As a result, we were able to disclose ten CVE entries, including two vulnerabilities with a high or even critical CVSS score. Our preliminary results indicate the principle feasibility of our approach and show that it may be suitable for mass vulnerability detection in software marketplaces, providing a promising foundation for future works in this domain.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
