| Summary: | 碩士 === 國立臺灣大學 === 資訊管理學研究所 === 104 === Because of its importance,Web application security has been researched for over twenty years. Code analysis is one of the approaches to enhance Web application security. Among all the code analysis methods, there is a very valuable part to be improved: the techniques to effectively compose known analysis results of code segments into an informative analysis summary for a larger code segment. In this thesis, we refer to such concern as the analysis modularity issue. The knowledge of analysis modularity plays an important role when one wants the outputs of his analysis routines to be reusable or wants to build a smarter code analyzer with better performance. Since most of the code analysis approaches targeting Web application security do not address the analysis modularity issue, we investigate how to redesign the approaches to improve their level of analysis modularity. We aim at a framework to make the investigations systematic and the outcomes of them sustainable and extendable. To match the goal, the framework itself should also be generic and extendable.
In this thesis, we propose a design of a multi-language, hybrid approach framework that can be used to organize the implementations of both static and dynamic analysis techniques, supporting the analyses that cross different dynamic languages. We believe that it fulfills our requirements. We have implemented a prototype that demonstrates some advantages of our design. By taking the latest summary-based security taint analysis approach for PHP Web applications as an example, we show that after being included into our framework and properly adapted, the approach provides better precision and analysis modularity on handling the unknown call site problem. Implementing other kinds of analyses and experimenting on them to find ways to improve analysis modularity and performance can be made easier based on our framework.
|
|---|
