电子学报 ›› 2019, Vol. 47 ›› Issue (11): 2413-2419.DOI: 10.3969/j.issn.0372-2112.2019.11.025

• 学术论文 • 上一篇    下一篇

基于AOP和动态污点分析的SQL注入行为检测方法

何成万, 叶志鹏   

  1. 武汉工程大学计算机科学与工程学院, 湖北武汉 430205
  • 收稿日期:2018-12-04 修回日期:2019-03-20 出版日期:2019-11-25 发布日期:2019-11-25
  • 作者简介:何成万 男,1967年生于湖北荆门.现为武汉工程大学教授.主要研究方向为基于复用的软件工程.E-mail:hechengwan@hotmail.com;叶志鹏 男,1993年生于湖北武汉.现为武汉工程大学计算机科学与工程学院硕士研究生.主要研究方向为数据安全、网络安全.E-mail:googuo69@gmail.com
  • 基金资助:
    国家自然科学基金(No.61272115)

SQL Injection Behavior Detection Method Based on AOP and Dynamic Taint Analysis

HE Cheng-wan, YE Zhi-peng   

  1. School of Computer Science and Engineering, Wuhan Institute of Technology, Wuhan, Hubei 430205, China
  • Received:2018-12-04 Revised:2019-03-20 Online:2019-11-25 Published:2019-11-25

摘要: Web应用程序时刻面临着来自网络空间中诸如SQL注入等代码注入式攻击的安全威胁.大多数针对SQL注入攻击的检测方法执行效率较低,检测精度也不够高,特别是实现方法不易被重用.根据注入型脆弱性特征提出了一种基于AOP(Aspect-Oriented Programming)和动态污点分析的SQL注入行为检测方法,并通过方面(aspect)模块化单元对污点分析过程进行了封装,使得安全这类典型的程序横切关注点从基层子系统中分离,提高了检测代码的可重用性.在污点汇聚点结合通知(advice)机制动态加载各类检测组件实现在运行时执行检测代码,从而应对SQL注入这类典型的针对Web应用程序的代码注入攻击方式.实验表明,该方法能够在不修改应用程序执行引擎及源码的前提下实现自保护过程,有效防御重言式(tautologies)、逻辑错误查询(logically incorrect queries)、联合查询(union query)、堆叠查询(piggy-backed queries)、存储过程(stored procedures)、推理查询(inference query)、编码转换(alternate encodings)等7种典型的SQL注入攻击类型.

关键词: Web安全, SQL注入, 污点分析, 面向方面编程, 漏洞检测

Abstract: Web applications are constantly exposed to security threats from code injection attacks such as SQL injection in cyberspace.At present,most detection methods against SQL injection attacks have low execution efficiency and low detection accuracy,and are not easy to be reused.According to the characteristics of injection vulnerability,a SQL injection behavior detection method based on aspect-oriented programming and dynamic taint analysis is proposed,the taint analysis process is encapsulated by the aspect unit,so that the typical program crosscutting-concerns are separated from the base system,which improves the reusability of detection code.The Advice mechanism is used to dynamically load the various detection component implementations to execute the detection code at runtime to counter typical code injection attacks such as SQL injection against Web applications.Experiments show that this method can realize the self-protection process without modifying the application execution engine and source code,so as to effectively defend against seven typical types of SQL injection attacks such as tautologies,logically incorrect queries,union query,piggy-backed queries,stored procedures,inference query,alternate encodings,and so on.

Key words: Web security, SQL injection, taint analysis, aspect-oriented programming, vulnerability detection

中图分类号: