Corpus ID: 15907882

Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications

@inproceedings{Dalton2009NemesisPA,
  title={Nemesis: Preventing Authentication \& Access Control Vulnerabilities in Web Applications},
  author={Michael Dalton and Christoforos E. Kozyrakis and Nickolai Zeldovich},
  booktitle={USENIX Security Symposium},
  year={2009}
}
This paper presents Nemesis, a novel methodology for mitigating authentication bypass and access control vulnerabilities in existing web applications. Authentication attacks occur when a web application authenticates users unsafely, granting access to web clients that lack the appropriate credentials. Access control attacks occur when an access control check in the web application is incorrect or missing, allowing users unauthorized access to privileged resources such as databases and files… Expand
MACE: Detecting Privilege Escalation Vulnerabilities in Web Applications
TLDR
MACE is the first tool reported in the literature to identify a new class of web application vulnerabilities called Horizontal Privilege Escalation (HPE) vulnerabilities, and works on large codebases, and discovers serious, previously unknown, vulnerabilities in 5 out of 7 web applications tested. Expand
Static Detection of Access Control Vulnerabilities in Web Applications
TLDR
This paper describes the first static analysis that automatically detects access control vulnerabilities in web applications and describes the core of the analysis is a technique that statically infers and enforces implicit access control assumptions. Expand
Securing Web Applications with Predicate Access Control
TLDR
A fine-grained access control mechanism for controlling access to user data is proposed and implemented using row-level access predicates, which allow an application’s access control policy to be extended to the database. Expand
Automated black-box detection of access control vulnerabilities in web applications
TLDR
This paper presents an automated black-box technique for identifying a broad range of access control vulnerabilities, which can be applied to applications that are developed using different languages and platforms. Expand
Toward Exploiting Access Control Vulnerabilities within MongoDB Backend Web Applications
  • Shuo Wen, Yuan Xue, +4 authors Guannan Si
  • Computer Science
  • 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC)
  • 2016
TLDR
The prototype of Scout is shown to be able to identify comprehensive access control vulnerabilities in MongoDB backend web applications, and generate detailed report as the facilitator to manually fix the identified vulnerabilities. Expand
AUTHSCOPE: Towards Automatic Discovery of Vulnerable Authorizations in Online Services
TLDR
This paper introduces AuthScope, a tool that is able to automatically execute a mobile app and pinpoint the vulnerable access control implementations, particularly the vulnerable authorizations, in the corresponding online service. Expand
Web-based Secure Application Control
TLDR
This thesis identifies the actual security requirements of modern web applications and shows that HTTP does not fit them: user and application authentication, message integrity and confidentiality, control-flow integrity, and application-to-application authorization. Expand
Fast Detection of Access Control Vulnerabilities in PHP Applications
TLDR
Results show that ACMA is fast, precise and scalable making it a practical tool for the detection of access control vulnerabilities in real-world applications, and contrary to the state of the art, ACMA scales up to medium-large applications with large access control models. Expand
Fix Me Up: Repairing Access-Control Bugs in Web Applications
TLDR
The design and implementation of FIXMEUP is presented, a static analysis and transformation tool that finds access-control errors of omission and produces candidate repairs and is capable of finding subtle accesscontrol bugs and performing semantically correct repairs. Expand
FlowWatcher: Defending against Data Disclosure Vulnerabilities in Web Applications
TLDR
FlowWatcher is described, an HTTP proxy that mitigates data disclosure vulnerabilities in unmodified web applications and it is shown that, with short UDA policies, it can mitigate CVE bugs in six~popular web applications. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 31 REFERENCES
SIF: Enforcing Confidentiality and Integrity in Web Applications
TLDR
New language features are developed that make it possible to write realistic web applications and move trust out of the web application, and into the framework and compiler, and provides application deployers with stronger security assurance. Expand
Dynamic multi-process information flow tracking for web application security
TLDR
This paper presents the design, implementation and evaluation of a dynamic checking compiler called WASC, which automatically adds checks into web applications used in three-tier internet services to protect them from the most common two types of web application attacks: SQL- and script-injection attack. Expand
The essence of command injection attacks in web applications
TLDR
This paper presents the first formal definition of command injection attacks in the context of web applications, and gives a sound and complete algorithm for preventing them based on context-free grammars and compiler parsing techniques. Expand
Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense
TLDR
A new approach that combines randomization of web application code and runtime tracking of untrusted data both on the server and the browser to combat XSS attacks is developed, and a client-server architecture that enforces document structure integrity is proposed that can be implemented in current browsers with a minimal impact to compatibility and that requires minimal effort from the web developer. Expand
Information flow control for standard OS abstractions
TLDR
Flume is presented, a new DIFC model that applies at the granularity of operating system processes and standard OS abstractions (e.g., pipes and file descriptors), designed for simplicity of mechanism, to ease DIFC's use in existing applications, and to allow safe interaction between conventional and DIFC-aware processes. Expand
CLAMP: Practical Prevention of Large-Scale Data Leaks
TLDR
This work proposes CLAMP, an architecture for preventing data leaks even in the presence of web server compromises or SQL injection attacks, and arrives at an architecture that allows developers to use familiar operating systems, servers, and scripting languages, while making relatively few changes to application code. Expand
Automatically Hardening Web Applications Using Precise Tainting
TLDR
This paper presents a fully automated approach to securely hardening web applications based on precisely tracking taintedness of data and checking specifically for dangerous content only in parts of commands and output that came from untrustworthy sources. Expand
Real-World Buffer Overflow Protection for Userspace and Kernelspace
TLDR
This paper presents a practical security environment for buffer overflow detection in userspace and kernelspace code and builds upon dynamic information flow tracking (DIFT) and provides robust detection of buffer overflows and user/kernel pointer dereferences. Expand
Extending query rewriting techniques for fine-grained access control
TLDR
A novel fine-grained access control model based on authorization views that allows "authorization-transparent" querying is presented, that is, user queries can be phrased in terms of the database relations, and are valid if they can be answered using only the information contained in these authorization views. Expand
Dynamic taint propagation for Java
TLDR
This work proposes a dynamic solution that tags and tracks user input at runtime and prevents its improper use to maliciously affect the execution of the program. Expand
...
1
2
3
4
...