Web Access Control Vulnerability Detection Method Based on Permission Verification Graph
When observing the access control situation of the web(webpage),vulnerability detection mainly relies on the appli-cation protection state,ignoring the improper logic of permission verification processing,resulting in a lower F1 score(the harmonic average of accuracy and recall)of vulnerability detection results.A web access control vulnerability detection method based on per-mission verification graph is proposed.The static analysis tool is used to recursively analyze the Web access permission verification mode,and the Web access Control-flow graph is obtained,and the Control-flow graph is simplified by projection.In the simplified Control-flow graph,effective resource nodes,permission verification nodes,start nodes and end nodes are identified.Considering the permission verification pass of each side,the filtered nodes are connected to generate an access control permission verification dia-gram.Finally,construct a vulnerability detection model that includes deep graph convolutional networks and attention mechanisms,traverse and learn all permission verification paths of resource nodes in the permission verification graph,compare path verification permissions with node access permissions,and obtain vulnerability detection results.The experimental results show that the F1 score of the proposed method for detecting web access control vulnerabilities is always greater than 0.92,ensuring the effectiveness of the detection results.
万方数据
维普
