Visible to the public Object Injection Vulnerability Discovery Based on Latent Semantic Indexing

TitleObject Injection Vulnerability Discovery Based on Latent Semantic Indexing
Publication TypeConference Paper
Year of Publication2016
AuthorsShahriar, Hossain, Haddad, Hisham
Conference NameProceedings of the 31st Annual ACM Symposium on Applied Computing
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-3739-7
KeywordsAutomated Response Actions, code reuse, command injection attacks, composability, decomposition, information retrieval, injection, injection attacks, latent semantic analysis, Metrics, object injection attack, pubcrawl, Resiliency, web security

Object Injection Vulnerability (OIV) is an emerging threat for web applications. It involves accepting external inputs during deserialization operation and use the inputs for sensitive operations such as file access, modification, and deletion. The challenge is the automation of the detection process. When the application size is large, it becomes hard to perform traditional approaches such as data flow analysis. Recent approaches fall short of narrowing down the list of source files to aid developers in discovering OIV and the flexibility to check for the presence of OIV through various known APIs. In this work, we address these limitations by exploring a concept borrowed from the information retrieval domain called Latent Semantic Indexing (LSI) to discover OIV. The approach analyzes application source code and builds an initial term document matrix which is then transformed systematically using singular value decomposition to reduce the search space. The approach identifies a small set of documents (source files) that are likely responsible for OIVs. We apply the LSI concept to three open source PHP applications that have been reported to contain OIVs. Our initial evaluation results suggest that the proposed LSI-based approach can identify OIVs and identify new vulnerabilities.

Citation Keyshahriar_object_2016