SAFERPHP: finding semantic vulnerabilities in PHP applications

Authors:
Sooel Son;Vitaly Shmatikov
Affiliations:
The University of Texas at Austin;The University of Texas at Austin
Venue:
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Year:
2011

Citing 24
Cited 4

Call graph construction in object-oriented languages

Proceedings of the 12th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Advanced compiler design and implementation

Advanced compiler design and implementation
Using types to analyze and optimize object-oriented programs

ACM Transactions on Programming Languages and Systems (TOPLAS)
Access rights analysis for Java

OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Runtime verification of authorization hook placement for the linux security modules framework

Proceedings of the 9th ACM conference on Computer and communications security
Securing web application code by static analysis and runtime protection

Proceedings of the 13th international conference on World Wide Web
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Termination proofs for systems code

Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Precise alias analysis for static detection of web application vulnerabilities

Proceedings of the 2006 workshop on Programming languages and analysis for security
EXE: automatically generating inputs of death

Proceedings of the 13th ACM conference on Computer and communications security
Sound and precise analysis of web applications for injection vulnerabilities

Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Denial of service via algorithmic complexity attacks

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Static detection of security vulnerabilities in scripting languages

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Multi-module vulnerability analysis of web-based applications

Proceedings of the 14th ACM conference on Computer and communications security
Proving non-termination

Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Robust defenses for cross-site request forgery

Proceedings of the 15th ACM conference on Computer and communications security
AutoISES: automatically inferring security specifications and detecting violations

SS'08 Proceedings of the 17th conference on Security symposium
Merlin: specification inference for explicit information flow problems

Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Inputs of Coma: Static Detection of Denial-of-Service Vulnerabilities

CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Looper: Lightweight Detection of Infinite Loops at Runtime

ASE '09 Proceedings of the 2009 IEEE/ACM International Conference on Automated Software Engineering
Efficient, context-sensitive detection of real-world semantic attacks

PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Toward automated detection of logic vulnerabilities in web applications

USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Termination of polynomial programs

VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
Interprocedural analysis for privileged code placement and tainted variable detection

ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming

RoleCast: finding missing security checks when you do not know what checks are

Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Diglossia: detecting code injection attacks with precision and efficiency

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Uncovering access control weaknesses and flaws with security-discordant software clones

Proceedings of the 29th Annual Computer Security Applications Conference
Automatic detection and correction of web application vulnerabilities using data mining to predict false positives

Proceedings of the 23rd international conference on World wide web

Quantified Score

Hi-index	0.00

Visualization

Abstract

Web applications are vulnerable to semantic attacks such as denial of service due to infinite loops caused by malicious inputs and unauthorized database operations due to missing security checks. Unlike "conventional" threats such as SQL injection and cross-site scripting, these attacks exploit bugs in the logic of the vulnerable application and cannot be discovered using data-flow analysis alone. We give the first characterization of these types of vulnerabilities in PHP applications, develop novel inter-procedural algorithms for discovering them in PHP source code, and implement these algorithms as part of SaferPHP, a framework for static security analysis of PHP applications. SaferPHP uncovered multiple, previously unreported vulnerabilities in several popular Web applications.