【作者】 李小花；

【导师】 孙建华；

【作者基本信息】 湖南大学 ， 计算机科学与技术， 2010， 硕士

【摘要】 随着计算机技术和网络技术的飞速发展,基于B/S模式的Web应用程序越来越普及。SQL注入攻击是目前Web应用程序面临的主要安全威胁之一,因此SQL注入攻击防御技术与漏洞检测技术的研究,对于加强Web应用程序的安全具有十分重要的意义。目前提出的一些防御SQL注入攻击的方法主要有输入过滤、渗透测试、异常检测和指令集随机化等。这些方法不能成功防范所有类型的SQL注入攻击、而且部署复杂。近年来,程序分析技术在防御SQL注入方面的优势日渐突出,新的研究成果不断出现。然而以往的程序分析方法在设计和实现中存在着诸如静态分析的可靠性和动态分析的精确性之间难以权衡和折衷处理的问题,而且有着较高的误报率和漏报率。针对上述问题,本文提出了一种基于程序分析技术的SQL注入防御系统SQLProbe(Preventing SQL Injection Attacks Based on Program Analysis)。SQLProbe系统的特色在于：使用数据流跟踪技术静态跟踪程序运行过程中污点数据的传播路径,指出应用程序中可能存在的注入点；通过词法分析和语法分析得到应用程序的抽象表示形式,然后在注入点根据有穷状态自动机原理生成合法查询语句的状态模型；向被测程序中插入自动机模型,动态监测程序运行过程中动态生成的SQL语句和相应污染数据入口点模型的匹配情况来发现安全漏洞；系统的实现针对Java的Web应用程序,不需要修改服务器以及数据库平台的配置,因而完全不影响应用服务器和数据库服务器的正常功能,对系统的性能影响也很小。实验表明,与类似的系统相比,本文的SQLProbe系统具有自动化程度高和检测速度快的优点,并且具有较好的防范SQL注入的效果和较低的运行开销。更多还原

【Abstract】 With the rapid development of computer technology and network technology, Web application based on B/S model is becoming increasingly popular. SQL injection attack is one of primary threat to Web application security, so the study of SQL injection attack protection technology is very meaningful to Web application security. The existing security technologies of defensing SQL injection attacks, including input filter, penetration test, anomaly detection and instruction set randomization, can not be successful against all types of SQL injection attacks and complex to deploy. Recently, program analysis technology has experienced a rebirth of popularity due to its many excellent features in the area of preventing SQL injection attacks and plenty of studies have arisen. However, previous program analysis methods in the design and implementation exit some problems, such as how to balance and compromise between the reliability of static analysis and accuracy of dynamic analysis, and have a high rate of false positive and false negative.Therefore, a system of preventing SQL injection attacks based on program Analysis (SQLProbe) is developed. The most prominent feature of this system is as follow:First, it utilizes data-flow-trace technology to track the path of taint data and point out all injection points that may exist in the application. Then, the abstract representation of the application is abtained through the lexical analysis and syntax analysis, and then genaretes automata models of legal query for the SQL statement contained injection points. Finally, automaton as probe is inserted into the Web applications for dynamic testing, then inspects the dynamically-generated queries and checks them against the statically-built model and records the implementations of the procedures. Aiming at the Java-based Web applications, the prototype needs no change to the configuration of server and database. Therefore, without sacrificing any normal functionality of server and database, it incurs little overhead to the system.Compared with similar systems, our evaluation demonstrates that SQLProbe with higher degree of automation and faster speed of detection is much more effective to prevent SQL injection attacks and imposes negligible performance overhead.更多还原