ANOVUL: Detection of logic vulnerabilities in annotated programs via data and control flow analysis

Abstract

Logic vulnerabilities are largely dependent on the expected functions of web applications. Their appearance depends on both application logic and related security policy which may change based on modifications in business requirements. Accordingly, there are no specific and common patterns for logic vulnerabilities moreover, a security policy is required for their detection. In this study, a vulnerability detection method is proposed to detect logic vulnerabilities via analysing the program source code. Security checks enforce some constraints in the application so that the application behaves according to the logic intended by the programmer. The main goal is to find the vulnerabilities caused by bypassing some security checks. In this method, known as annotation-based vulnerability detection approach (ANOVUL), control and data flows are analysed to detect the application logic vulnerabilities. To analyse the flows of the program, access control and authenticity labelling are used. To evaluate ANOVUL, the authors have collected a data set. This comprises of PHP applications with reported logic vulnerabilities that have common vulnerabilities and exposures (CVE) identifiers. Based on the results, a 73% detection rate was achieved in the data set. The proposed method can detect logic vulnerabilities that are not detectable using conventional methods.