PRIVILEGE-ESCALATION VULNERABILITY DETECTION IMPLEMENTATION WITH STATIC CODE ANALYSIS
Broken access control vulnerabilities are one of the most significant vulnerabilities in software security. Despite the reputation, the detection of broken access control vulnerabilities using static code analysis tools is challenging because each software developed has different specification pa...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/86183 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:86183 |
|---|---|
| spelling |
id-itb.:861832024-09-16T14:00:10ZPRIVILEGE-ESCALATION VULNERABILITY DETECTION IMPLEMENTATION WITH STATIC CODE ANALYSIS Andrew Indonesia Final Project static code analysis, privilege escalation, control flow graph INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/86183 Broken access control vulnerabilities are one of the most significant vulnerabilities in software security. Despite the reputation, the detection of broken access control vulnerabilities using static code analysis tools is challenging because each software developed has different specification patterns. Popular static code analysis tools do not thoroughly detect broken access control vulnerabilities, especially privilege escalation. Several approaches are used to detect broken access control vulnerabilities. One approach involves comparing the number of context-free grammars and redirection sets of two different roles. Another approach involves creating a control flow graph model based on vulnerable code and patched code. In this paper, a static code analysis tool is developed to detect privilege escalation vulnerabilities. The chosen method leverages the comparison of execution flows by two different roles. Given an access control policy specification for each role, the tool is expected to detect privilege escalation vulnerabilities. From 3 source codes tested by the tool, 6 sensitive endpoints were found, 2 of which were vulnerable. Given a specification for several roles in the source code, the tool can compare execution flows and detect privilege escalation vulnerabilities within the source code. It was found that the tool is not yet effective enough in detecting vulnerabilities in large and more complex source codes. Several suggestions can be applied to improve the effectiveness of the tool in detecting privilege escalation vulnerabilities. text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| description |
Broken access control vulnerabilities are one of the most significant vulnerabilities
in software security. Despite the reputation, the detection of broken access control
vulnerabilities using static code analysis tools is challenging because each software
developed has different specification patterns. Popular static code analysis tools do
not thoroughly detect broken access control vulnerabilities, especially privilege
escalation. Several approaches are used to detect broken access control
vulnerabilities. One approach involves comparing the number of context-free
grammars and redirection sets of two different roles. Another approach involves
creating a control flow graph model based on vulnerable code and patched code.
In this paper, a static code analysis tool is developed to detect privilege escalation
vulnerabilities. The chosen method leverages the comparison of execution flows by
two different roles. Given an access control policy specification for each role, the
tool is expected to detect privilege escalation vulnerabilities.
From 3 source codes tested by the tool, 6 sensitive endpoints were found, 2 of which
were vulnerable. Given a specification for several roles in the source code, the tool
can compare execution flows and detect privilege escalation vulnerabilities within
the source code. It was found that the tool is not yet effective enough in detecting
vulnerabilities in large and more complex source codes. Several suggestions can be
applied to improve the effectiveness of the tool in detecting privilege escalation
vulnerabilities. |
| format |
Final Project |
| author |
Andrew |
| spellingShingle |
Andrew PRIVILEGE-ESCALATION VULNERABILITY DETECTION IMPLEMENTATION WITH STATIC CODE ANALYSIS |
| author_facet |
Andrew |
| author_sort |
Andrew |
| title |
PRIVILEGE-ESCALATION VULNERABILITY DETECTION IMPLEMENTATION WITH STATIC CODE ANALYSIS |
| title_short |
PRIVILEGE-ESCALATION VULNERABILITY DETECTION IMPLEMENTATION WITH STATIC CODE ANALYSIS |
| title_full |
PRIVILEGE-ESCALATION VULNERABILITY DETECTION IMPLEMENTATION WITH STATIC CODE ANALYSIS |
| title_fullStr |
PRIVILEGE-ESCALATION VULNERABILITY DETECTION IMPLEMENTATION WITH STATIC CODE ANALYSIS |
| title_full_unstemmed |
PRIVILEGE-ESCALATION VULNERABILITY DETECTION IMPLEMENTATION WITH STATIC CODE ANALYSIS |
| title_sort |
privilege-escalation vulnerability detection implementation with static code analysis |
| url |
https://digilib.itb.ac.id/gdl/view/86183 |
| _version_ |
1822010970273218560 |