Security-by-construction in web applications development via database annotations

详细信息    查看全文

• 作者：Wassim El-Hajj^a ; ^{we07@aub.edu.lb" class="auth_mail" title="E-mail the corresponding author}Author Vitae ; Ghassen Ben Brahim^b ; ^{gbrahim@pmu.edu.sa" class="auth_mail" title="E-mail the corresponding author}Author Vitae ; Hazem Hajj^c ; ^{hh63@aub.edu.lb" class="auth_mail" title="E-mail the corresponding author}Author Vitae ; Haidar Safa^a ; ^{hs33@aub.edu.lb" class="auth_mail" title="E-mail the corresponding author}Author Vitae ; Ralph Adaimy^a ; ^{rea21@mail.aub.edu" class="auth_mail" title="E-mail the corresponding author}Author Vitae
• 关键词：Web applications security ; Secure information flow ; Program dependence graph ; Database annotation ; Security by construction
• 刊名：Computers & Security
• 出版年：2016
• 出版时间：June 2016
• 年：2016
• 卷：59
• 期：Complete
• 页码：151-165
• 全文大小：3277 K

文摘

Huge amounts of data and personal information are being sent to and retrieved from web applications on daily basis. Every application has its own confidentiality and integrity policies. Violating these policies can have broad negative impact on the involved company's financial status, while enforcing them is very hard even for the developers with good security background. In this paper, we propose a framework that enforces security-by-construction in web applications. Minimal developer effort is required, in a sense that the developer only needs to annotate database attributes by a security class. The web application code is then converted into an intermediary representation, called Extended Program Dependence Graph (EPDG). Using the EPDG, the provided annotations are propagated to the application code and run against generic security enforcement rules that were carefully designed to detect insecure information flows as early as they occur. As a result, any violation in the data's confidentiality or integrity policies is reported. As a proof of concept, two PHP web applications, Hotel Reservation and Auction, were used for testing and validation. The proposed system was able to catch all the existing insecure information flows at their source. Apart from the proof of concept and to comprehensively test the performance of our system, we compared it to JLift, a state-of-the-art type-based system approach to detect information leaks. Both approaches were run against custom made PHP web applications and publicly available applications downloaded from SourceForge and GitHub. The results show that our approach outperforms JLift in terms of accuracy and the number of false alarms, and is able to catch the insecure flows at their source when they first occurred.