Xiaowei Li, Yuan Xue
Citation
Xiaowei Li, Yuan Xue. "BLOCK: a black-box approach for detection of state violation attacks towards web applications". Proceedings of the 27th Annual Computer Security Applications Conference, 2011.
Abstract
State violation attacks towards web applications exploit logic flaws and allow restrictive functions and sensitive information to be accessed at inappropriate states. Since application logic flaws are specific to the intended functionality of a particular web application, it is difficult to develop a general approach that addresses state violation attacks. To date, existing approaches all require web application source code for analysis or instrumentation in order to detect state violations.
In this paper, we present BLOCK, a BLack-bOx approach for detecting state violation attaCKs. We regard the web application as a stateless system and infer the intended web application behavior model by observing the interactions between the clients and the web application. We extract a set of invariants from the web request/response sequences and their associated session variable values during its attack-free execution. The set of invariants is then used for evaluating web requests and responses at runtime. Any web request or response that violates the associated invariants is identified as a potential state violation attack. We develop a system prototype based on the WebScarab proxy and evaluate our detection system using a set of real-world web applications. The experiment results demonstrate that our approach is effective at detecting state violation attacks and incurs acceptable performance overhead. Our approach is valuable in that it is independent of the web application source code and can easily scale up.
Electronic downloads
| Citation formats |
- HTML
Xiaowei Li, Yuan Xue. <a href="http://www.truststc.org/pubs/883.html" >BLOCK: a black-box approach for detection of state violation attacks towards web applications</a>, Proceedings of the 27th Annual Computer Security Applications Conference, 2011.
- Plain text
Xiaowei Li, Yuan Xue. "BLOCK: a black-box approach for detection of state violation attacks towards web applications". Proceedings of the 27th Annual Computer Security Applications Conference, 2011.
- BibTeX
@inproceedings{LiXue11_BLOCKBlackboxApproachForDetectionOfStateViolationAttacks, author = {Xiaowei Li and Yuan Xue}, title = {BLOCK: a black-box approach for detection of state violation attacks towards web applications}, booktitle = {Proceedings of the 27th Annual Computer Security Applications Conference}, year = {2011}, abstract = {State violation attacks towards web applications exploit logic flaws and allow restrictive functions and sensitive information to be accessed at inappropriate states. Since application logic flaws are specific to the intended functionality of a particular web application, it is difficult to develop a general approach that addresses state violation attacks. To date, existing approaches all require web application source code for analysis or instrumentation in order to detect state violations. <p> In this paper, we present BLOCK, a BLack-bOx approach for detecting state violation attaCKs. We regard the web application as a stateless system and infer the intended web application behavior model by observing the interactions between the clients and the web application. We extract a set of invariants from the web request/response sequences and their associated session variable values during its attack-free execution. The set of invariants is then used for evaluating web requests and responses at runtime. Any web request or response that violates the associated invariants is identified as a potential state violation attack. We develop a system prototype based on the WebScarab proxy and evaluate our detection system using a set of real-world web applications. The experiment results demonstrate that our approach is effective at detecting state violation attacks and incurs acceptable performance overhead. Our approach is valuable in that it is independent of the web application source code and can easily scale up.}, URL = {http://www.truststc.org/pubs/883.html} }
Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.