Game-based detection method of broken access control vulnerabilities in Web application
To solve the problem that the access control strategy of the program in the industrial Internet was difficult to extract from the source code, and that the user’s access operation was difficult to trigger all access paths, which led to the difficulty of universal detection of logical vulnerabilities...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2024-06-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2024078/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539231491555328 |
|---|---|
| author | HE Haitao XU Ke YANG Shuailin ZHANG Bing ZHAO Yuxuan LI Jiazheng |
| author_facet | HE Haitao XU Ke YANG Shuailin ZHANG Bing ZHAO Yuxuan LI Jiazheng |
| author_sort | HE Haitao |
| collection | DOAJ |
| description | To solve the problem that the access control strategy of the program in the industrial Internet was difficult to extract from the source code, and that the user’s access operation was difficult to trigger all access paths, which led to the difficulty of universal detection of logical vulnerabilities, game theory was applied to the access control logic vulnerability detection for the first time. The vulnerabilities were identified by analyzing the game results of different participants on resource pages in the Web application, so that the access logic of different users could be targeted to obtain. Experimental results demonstrate that the proposed method successfully detect 31 vulnerabilities, including 8 unreported ones, out of 11 open-source applications, with a detection range exceeding 90%. |
| format | Article |
| id | doaj-art-c76eedcad4da492f84916df5e606645b |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2024-06-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-c76eedcad4da492f84916df5e606645b2025-01-14T07:24:30ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2024-06-014511713063977209Game-based detection method of broken access control vulnerabilities in Web applicationHE HaitaoXU KeYANG ShuailinZHANG BingZHAO YuxuanLI JiazhengTo solve the problem that the access control strategy of the program in the industrial Internet was difficult to extract from the source code, and that the user’s access operation was difficult to trigger all access paths, which led to the difficulty of universal detection of logical vulnerabilities, game theory was applied to the access control logic vulnerability detection for the first time. The vulnerabilities were identified by analyzing the game results of different participants on resource pages in the Web application, so that the access logic of different users could be targeted to obtain. Experimental results demonstrate that the proposed method successfully detect 31 vulnerabilities, including 8 unreported ones, out of 11 open-source applications, with a detection range exceeding 90%.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2024078/Web application securityvulnerability detectionaccess control vulnerabilityaccess control rulegame |
| spellingShingle | HE Haitao XU Ke YANG Shuailin ZHANG Bing ZHAO Yuxuan LI Jiazheng Game-based detection method of broken access control vulnerabilities in Web application Tongxin xuebao Web application security vulnerability detection access control vulnerability access control rule game |
| title | Game-based detection method of broken access control vulnerabilities in Web application |
| title_full | Game-based detection method of broken access control vulnerabilities in Web application |
| title_fullStr | Game-based detection method of broken access control vulnerabilities in Web application |
| title_full_unstemmed | Game-based detection method of broken access control vulnerabilities in Web application |
| title_short | Game-based detection method of broken access control vulnerabilities in Web application |
| title_sort | game based detection method of broken access control vulnerabilities in web application |
| topic | Web application security vulnerability detection access control vulnerability access control rule game |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2024078/ |
| work_keys_str_mv | AT hehaitao gamebaseddetectionmethodofbrokenaccesscontrolvulnerabilitiesinwebapplication AT xuke gamebaseddetectionmethodofbrokenaccesscontrolvulnerabilitiesinwebapplication AT yangshuailin gamebaseddetectionmethodofbrokenaccesscontrolvulnerabilitiesinwebapplication AT zhangbing gamebaseddetectionmethodofbrokenaccesscontrolvulnerabilitiesinwebapplication AT zhaoyuxuan gamebaseddetectionmethodofbrokenaccesscontrolvulnerabilitiesinwebapplication AT lijiazheng gamebaseddetectionmethodofbrokenaccesscontrolvulnerabilitiesinwebapplication |