Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Access control vulnerability detection method and system based on state deviation analysis

A technology for access control and vulnerability detection, applied in the field of network security, can solve the problems of incapable of modeling and reducing complex data relationships, and achieve the effects of improving detection efficiency, improving detection efficiency, and reducing dependence.

Pending Publication Date: 2022-04-29
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The present invention aims at existing methods for identifying access control loopholes: it is limited by the coarse-grained access control model, the complex relationship between data entities, and the source code language and specific platform requirements. Modeling of complex data relationships spanning multiple program files, and determining the resulting access control issues, a method and system for access control vulnerability detection based on state deviation analysis is proposed, by transforming the access control vulnerability detection problem into The discrepancy between the expected behavior logic of the application extracted from the detection code and the actual behavior logic of the real access greatly reduces the limitations of the coarse-grained model and the complexity of the data relationship on vulnerability detection. Compared with the traditional black-box method, the combination of White box technology greatly improves detection efficiency

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Access control vulnerability detection method and system based on state deviation analysis
  • Access control vulnerability detection method and system based on state deviation analysis
  • Access control vulnerability detection method and system based on state deviation analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] The present invention will be further explained below in conjunction with accompanying drawing and specific embodiment:

[0049] Such as figure 1 As shown, an access control vulnerability detection method based on state deviation analysis, including:

[0050] Taking the source code of the web application as input, the site map and the expected behavior logic contained in the code are extracted through static analysis, and then the generated site map is used as a guide for dynamic analysis, and the login credentials of multi-role and multi-user are input for Obtain HTTP requests and HTTP responses under different login states;

[0051] Use the finite state machine (FSM) to model the web application, formalize the discovery of access control vulnerabilities into the difference comparison between the expected FSM behavior model and the actual FSM behavior model, identify access control vulnerabilities and generate vulnerability reports; including : Static analysis is use...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an access control vulnerability detection method and system based on state deviation analysis, and the method comprises the steps: taking a source code of a Web application program as an input, extracting a site map and expected behavior logic contained in the code through static analysis, and then taking the generated site map as the guide of dynamic analysis, inputting login credentials of multiple roles and multiple users to obtain HTTP requests and responses in different login states; a finite-state machine (FSM) is used for modeling a Web application program, discovery of the access control vulnerabilities is formalized into difference comparison between an expected FSM behavior model and an actual FSM behavior model, the access control vulnerabilities are recognized, and a vulnerability report is generated. According to the method, complex logic which is difficult to discover through static analysis can be detected, the detection efficiency can be greatly improved through directive function testing, and full-path coverage can be achieved.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to an access control loophole detection method and system based on state deviation analysis. Background technique [0002] With the economic growth of the society, the Internet continues to develop rapidly and penetrates into every field of social life, becoming an indispensable and important element of modern society. As the most important application form of the Internet, Web technology has been widely popularized and used in important fields such as science, education, transportation, and finance. Relying on the development of the Internet, Web technology has penetrated into all aspects of people's daily life. The endless web applications such as shopping websites, online banks, and social platforms are all demonstrating the pivotal role of Web technology in people's lives. [0003] While bringing convenience to people's daily life, the number of attacks aga...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57H04L9/40
CPCG06F21/577H04L63/1433
Inventor 魏强王允超武泽慧马琪灿王新蕾周国淼
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com