[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/3593434.3593483acmotherconferencesArticle/Chapter ViewAbstractPublication PageseaseConference Proceedingsconference-collections
poster

Code Privacy in Detection of Web Vulnerabilities

Published: 14 June 2023 Publication History

Abstract

We propose a solution combining source code static analysis with searchable symmetric encryption to detect input validation vulnerabilities of web applications in encrypted PHP code, allowing developers to protect their codebase from malicious third parties while simultaneously discovering vulnerabilities in it. Results show that our solution is capable of identifying vulnerabilities with precision similar to traditional static code, non-privacy-preserving analysers and exhibits a maximum overhead increase of around 16,55%.

References

[1]
2021. Usage statistics of server-side programming languages for websites. https://tinyurl.com/2p94fynw.
[2]
David Beazley. 2021. PLY (Python Lex-Yacc). https://www.dabeaz.com/ply/.
[3]
Reza Curtmola, Juan A. Garay, Seny Kamara, and Rafail Ostrovsky. 2011. Searchable symmetric encryption: Improved definitions and efficient constructions. J. Comput. Secur. 19, 5 (2011), 895–934.
[4]
Xiaoning Du, Bihuan Chen, Yuekang Li, Jianmin Guo, Yaqin Zhou, Yang Liu, and Yu Jiang. 2019. Leopard: identifying vulnerable code for vulnerability assessment through program metrics. In ICSE’19.
[5]
Nenad Jovanovic, Christopher Kruegel, and Engin Kirda. 2006. Precise alias analysis for static detection of web application vulnerabilities. In PLAS’06. ACM, 27–36. https://doi.org/10.1145/1134744.1134751
[6]
Ibéria Medeiros, Nuno Ferreira Neves, and Miguel Correia. 2016. Detecting and Removing Web Application Vulnerabilities with Static Analysis and Data Mining. IEEE Transactions on Reliability 65, 1 (2016).
[7]
Dawn Xiaodong Song, David A. Wagner, and Adrian Perrig. 2000. Practical Techniques for Searches on Encrypted Data. In IEEE S&P’00. 44–55.
[8]
Andrew van der Stock, Brian Glas, Neil Smithline, and Torsten Gigler. 2021. OWASP Top 10. https://owasp.org/Top10/.
[9]
Dario Weißer, Johannes Dahse, and Thorsten Holz. 2015. Security Analysis of PHP Bytecode Protection Mechanisms. In RAID’15. Springer.

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences
EASE '23: Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering
June 2023
544 pages
ISBN:9798400700446
DOI:10.1145/3593434
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 June 2023

Check for updates

Qualifiers

  • Poster
  • Research
  • Refereed limited

Funding Sources

Conference

EASE '23

Acceptance Rates

Overall Acceptance Rate 71 of 232 submissions, 31%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 61
    Total Downloads
  • Downloads (Last 12 months)39
  • Downloads (Last 6 weeks)3
Reflects downloads up to 19 Dec 2024

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media