ABSTRACT
Organizations often expose business processes and services as web applications. Improper enforcement of security policies in these applications leads to business logic vulnerabilities that are hard to find and may have dramatic security implications. Aegis is a tool to automatically synthesize run-time monitors to enforce control-flow and data-flow integrity, as well as authorization policies and constraints in web applications. The enforcement of these properties can mitigate attacks, e.g., authorization bypass and workflow violations, while allowing regulatory compliance in the form of, e.g., Separation of Duty. Aegis is capable of guaranteeing business continuity while enforcing the security policies. We evaluate Aegis on a set of real-world applications, assessing the enforcement of policies, mitigation of vulnerabilities, and performance overhead.
- D. Balzarotti, M. Cova, V. Felmetsger, and G. Vigna. Multi-module vulnerability analysis of web-based applications. In Proc. of CCS, 2007. Google ScholarDigital Library
- C. Bertolissi, D. R. dos Santos, and S. Ranise. Automated synthesis of run-time monitors to enforce authorization policies in business processes. In Proc. of ASIACCS, 2015. Google ScholarDigital Library
- B. Braun, P. Gemein, H.P. Reiser, and J. Posegga. Control-flow integrity in web applications. In Proc. of ESSoS, 2013. Google ScholarDigital Library
- S. Ceri, G. Gottlob, and L. Tanca. What You Always Wanted to Know About Datalog (And Never Dared to Ask). TKDE, 1(1):146--166, 1989. Google ScholarDigital Library
- M. Cova, D. Balzarotti, V. Felmetsger, and G. Vigna. Swaddler: An approach for the anomaly-based detection of state violations in web applications. In Proc. of RAID, 2007. Google ScholarDigital Library
- A. Doupé, L. Cavedon, C. Kruegel, and G. Vigna. Enemy of the state: A state-aware black-box web vulnerability scanner. In Proc. of USENIX Sec., 2012. Google ScholarDigital Library
- P. Gaubatz, W. Hummer, U. Zdun, and M. Strembeck. Enforcing entailment constraints in offline editing scenarios for real-time collaborative web documents. In Proc. of SAC, 2014. Google ScholarDigital Library
- P. Gaubatz and U. Zdun. Supporting entailment constraints in the context of collaborative web applications. In Proc. of SAC, 2013. Google ScholarDigital Library
- X. Li and Y. Xue. Block: a black-box approach for detection of state violation attacks towards web applications. In Proc. of ACSAC, 2011. Google ScholarDigital Library
- X. Li, Y. Xue, and B. Malin. Detecting anomalous user behaviors in workflow-driven web applications. In Proc. of SRDS, 2012. Google ScholarDigital Library
- T. Murata. Petri nets: properties, analysis and applications. Proc. of the IEEE, 77(4):541--580, 1989.Google ScholarCross Ref
- G. Pellegrino and D. Balzarotti. Toward black-box detection of logic flaws in web applications. In Proc. of NDSS, 2014.Google ScholarCross Ref
- M. Schur, A. Roth, and A. Zeller. Mining workflow models from web applications. TSE, 41(12):1184--1201, 2015.Google ScholarCross Ref
- A. Sudhodanan, A. Armando, L. Compagna, and R. Carbone. Attack patterns for black-box security testing of multi-party web applications. In Proc. of NDSS, 2016.Google ScholarCross Ref
- F. Sun, L. Xu, and Z. Su. Static detection of access control vulnerabilities in web applications. In Proc. of USENIX Sec., 2011. Google ScholarDigital Library
- G. Terracina, N. Leone, V. Lio, and C. Panetta. Experimenting with recursive queries in database and logic programming systems. Theory Pract. Log. Program., 8(2):129--165, 2008. Google ScholarDigital Library
- W.M.P. van der Aalst. Process Mining. Springer, 2011.Google Scholar
- Q. Wang and N. Li. Satisfiability and resiliency in workflow authorization systems. TISSEC, 13(4):40:1--40:35, 2010. Google ScholarDigital Library
- M. Weske. Business Process Management. Springer, 2007.Google Scholar
- L. Xing, Y. Chen, X. Wang, and S. Chen. Integuard: Toward automatic protection of third-party web service integrations. In Proc. of NDSS, 2013.Google Scholar
Index Terms
- Aegis: Automatic Enforcement of Security Policies in Workflow-driven Web Applications
Recommendations
A posteriori compliance control
SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologiesWhile preventative policy enforcement mechanisms can provide theoretical guarantees that policy is correctly enforced, they have limitations in practice. They are inflexible when unanticipated circumstances arise, and most are either inflexible with ...
Cross-application data provenance and policy enforcement
We present a new technique that can trace data provenance and enforce data access policies across multiple applications and machines. We have developed Garm, a tool that uses binary rewriting to implement this technique on arbitrary binaries. Users can ...
Run-Time Enforcement of Nonsafety Policies
A common mechanism for ensuring that software behaves securely is to monitor programs at run time and check that they dynamically adhere to constraints specified by a security policy. Whenever a program monitor detects that untrusted software is ...
Comments