DETECTION OF BROKEN ACCESS CONTROL VULNERABILITY USING GRAPH REPRESENTATION
With the advancement of information technology, various forms of security vulnerability emerge. One of the most common vulnerabilities is broken access control. This vulnerability ranks first in 2021 OWASP Top 10 list. This vulnerability can lead to unauthorized information access, data modificat...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/82427 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:82427 |
|---|---|
| spelling |
id-itb.:824272024-07-08T11:33:16ZDETECTION OF BROKEN ACCESS CONTROL VULNERABILITY USING GRAPH REPRESENTATION Anugrah Wiradhika D, Fawwaz Indonesia Final Project broken access control,static code analysis,control flow graph INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/82427 With the advancement of information technology, various forms of security vulnerability emerge. One of the most common vulnerabilities is broken access control. This vulnerability ranks first in 2021 OWASP Top 10 list. This vulnerability can lead to unauthorized information access, data modification, data deletion, and allow users to perform business processes outside the user’s limits. One of the methods to detect broken access control vulnerability is static code analysis using graph representation. There are several tools that can do static code analysis using graph representation, such as VGDetector and IVDetect. These tools generate graph from the source code for static code analysis. One of the graphs that has the potential to be used in the analysis is control flow graph because this graph can represent access control mechanism in the code better than other graphs. Static code analysis tool have fairly good performance with a recall value of 72.00% for VGDetector and 84.60% for IVDetect. Techniques used by these tools are various, some example including graph analysis to find vulnerability pattern, calculating graph similarity, graph embedding, and deep learning using graph convolutional network. However, there are some problems with existing tools such as tool’s coverage that is limited to a language or framework and tool’s knowledge base that still rely on the tool’s developer. In this final project, a static code analysis tool using graph representation has been developed. This tool uses graph analysis and exploration techniques to detect broken access control vulnerability. This tool allow user can enter their own knowledge base so that it can be adjusted to project needs, which is an advantage compared to various tool that still rely on the tool’s developer for the knowledge base. Since user can fill the knowledge base on their own, this tool can detect vulnerabilities across framework. In theory, this tool is also able to detect cross-language vulnerabilities. However, due to the limited time of the final project, this tool can only detect vulnerabilities in Python code. From the testing results on 16 projects, the tool has a recall value of 100% and a precision value of 63.24%. The recall value that reach 100% and the significant number of false positives occurred because the tool assumes that all detected code has a broken access control vulnerability by default until access control check is found. text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| description |
With the advancement of information technology, various forms of security
vulnerability emerge. One of the most common vulnerabilities is broken access
control. This vulnerability ranks first in 2021 OWASP Top 10 list. This vulnerability
can lead to unauthorized information access, data modification, data deletion, and
allow users to perform business processes outside the user’s limits.
One of the methods to detect broken access control vulnerability is static code
analysis using graph representation. There are several tools that can do static code
analysis using graph representation, such as VGDetector and IVDetect. These tools
generate graph from the source code for static code analysis. One of the graphs that
has the potential to be used in the analysis is control flow graph because this graph
can represent access control mechanism in the code better than other graphs. Static
code analysis tool have fairly good performance with a recall value of 72.00% for
VGDetector and 84.60% for IVDetect. Techniques used by these tools are various,
some example including graph analysis to find vulnerability pattern, calculating
graph similarity, graph embedding, and deep learning using graph convolutional
network. However, there are some problems with existing tools such as tool’s
coverage that is limited to a language or framework and tool’s knowledge base that
still rely on the tool’s developer.
In this final project, a static code analysis tool using graph representation has
been developed. This tool uses graph analysis and exploration techniques to
detect broken access control vulnerability. This tool allow user can enter their
own knowledge base so that it can be adjusted to project needs, which is an
advantage compared to various tool that still rely on the tool’s developer for the
knowledge base. Since user can fill the knowledge base on their own, this tool
can detect vulnerabilities across framework. In theory, this tool is also able to
detect cross-language vulnerabilities. However, due to the limited time of the final
project, this tool can only detect vulnerabilities in Python code. From the testing
results on 16 projects, the tool has a recall value of 100% and a precision value
of 63.24%. The recall value that reach 100% and the significant number of false
positives occurred because the tool assumes that all detected code has a broken
access control vulnerability by default until access control check is found. |
| format |
Final Project |
| author |
Anugrah Wiradhika D, Fawwaz |
| spellingShingle |
Anugrah Wiradhika D, Fawwaz DETECTION OF BROKEN ACCESS CONTROL VULNERABILITY USING GRAPH REPRESENTATION |
| author_facet |
Anugrah Wiradhika D, Fawwaz |
| author_sort |
Anugrah Wiradhika D, Fawwaz |
| title |
DETECTION OF BROKEN ACCESS CONTROL VULNERABILITY USING GRAPH REPRESENTATION |
| title_short |
DETECTION OF BROKEN ACCESS CONTROL VULNERABILITY USING GRAPH REPRESENTATION |
| title_full |
DETECTION OF BROKEN ACCESS CONTROL VULNERABILITY USING GRAPH REPRESENTATION |
| title_fullStr |
DETECTION OF BROKEN ACCESS CONTROL VULNERABILITY USING GRAPH REPRESENTATION |
| title_full_unstemmed |
DETECTION OF BROKEN ACCESS CONTROL VULNERABILITY USING GRAPH REPRESENTATION |
| title_sort |
detection of broken access control vulnerability using graph representation |
| url |
https://digilib.itb.ac.id/gdl/view/82427 |
| _version_ |
1822282225604886528 |