Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Web service security analysis method based on program slicing technique

A technology of program slicing and web services, which is applied in the field of web service security, can solve problems such as validity limitations, and achieve the effect of improving comprehensiveness and reducing the probability of missed detection and false detection

Inactive Publication Date: 2012-08-01
NANJING UNIV OF POSTS & TELECOMM
View PDF1 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Program slicing can also be divided into static slicing and dynamic slicing methods: static slicing is only used in static programs, and dynamic slicing considers the impact of input values, making it easier to analyze slices, but there are limitations in effectiveness

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web service security analysis method based on program slicing technique
  • Web service security analysis method based on program slicing technique
  • Web service security analysis method based on program slicing technique

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] The Web service safety analysis method in the present invention includes a vulnerability classification module, a code analysis module, a slicing module, a vulnerability repair module, a service publishing module and a service testing module. figure 1 An overall flow framework of the platform of the present invention is given, and the work flow of each module is described. The following content is a detailed description of the implementation of each module in the present invention.

[0048] 1. Vulnerability classification module

[0049] In the source code of the Web service, there are more or less private variables related to the storage service. If these variables are modified maliciously, some serious consequences may be caused. Therefore, in addition to the developer or manager of the Web service, Other personnel are not authorized to modify these variables. In the present invention, we refer to these variables as key information. There may be many methods in the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a web service security analysis method based on a program slicing technique. Starting from key information in a Java source code, the method mainly researches on web services developed based on Java, and vulnerabilities in the Java source code include explicit vulnerabilities and implicit vulnerabilities. For the explicit vulnerabilities, the source code can be analyzed and extracted through traditional statement-level slices to obtain an explicit vulnerability analysis result. For the implicit vulnerabilities, dependency of methods in the source code is analyzed first to generate a method dependency graph, and method-level slices are used to slice the method dependency graph to obtain an implicit vulnerability analysis result. According to analysis on the explicit and implicit vulnerabilities, a vulnerability fixing module is used to fix the vulnerabilities and a service issuing module is used to issue fixed web services.

Description

technical field [0001] The invention provides a web service security analysis scheme based on program slicing technology, which mainly analyzes possible security loopholes in the source code of the web service developed by Java language, and repairs the loopholes, belonging to the field of web service security. Background technique [0002] With the rapid development of the Internet, a large number of network application architectures have emerged, which can be mainly divided into pure Web application of B / S (Browser / Server) structure and distributed application of traditional desktop programs. These systems have been widely used at present, and have achieved greater success. Web services make application integration faster, easier, and cheaper than ever before. Web services are integrated at higher layers in the protocol stack, which can realize loose integration of business functions. Businesses can be connected through the Web between many enterprises and within enterpr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/22G06F21/57
Inventor 张迎周符炜张卫丰周国强朱宪庭郑梁须刘玲玲顾帅帅许晓曼邹德国
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products