Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
WebTaint: Dynamic Taint Tracking for Java-based Web Applications
KTH, School of Electrical Engineering and Computer Science (EECS).
2018 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesisAlternative title
WebTaint: Dynamic Taint Tracking för Java-baserade webbapplikationer (Swedish)
Abstract [en]

The internet is a source of information and it connects the world through a single platform. Many businesses have taken advantage of this to share information, to communicate with customers, and to create new business opportunities. However, this does not come without drawbacks as there exists an elevated risk to become targeted in attacks.

The thesis implemented a dynamic taint tracker, named WebTaint, to detect and prevent confidentiality and integrity vulnerabilities in Java-based web applications. We evaluated to what extent WebTaint can combat integrity vulnerabilities. The possible advantages and disadvantages of using the application is introduced as well as an explication whether the application was capable of being integrated into production services.

The results show that WebTaint helps to combat SQL Injection and Cross-Site Scripting attacks. However, there are drawbacks in the form of additional time and memory overhead. The implemented solution is therefore not suitable for time or memory sensitive domains. WebTaint could be recommended for use in test environments where security experts utilize the taint tracker to find TaintExceptions through manual and automatic attacks.

Abstract [sv]

Internet är en informationskälla och förbinder världen genom en enda plattform. Många företag har utnyttjat detta för att dela information, kommunicera med kunder och skapa nya affärsmöjligheter. Detta kommer emellertid inte utan nackdelar, eftersom det finns en förhöjd risk att bli måltavlor i attacker.

I avhandlingen implementerades en dynamic taint tracker, namngett WebTaint, med uppgift att förhindra sekretess och integritetsproblem i Java-baserade webbapplikationer. Vi utvärderade i vilken utsträckning WebTaint kan bekämpa integritets sårbarheter. De möjliga fördelarna och nackdelarna med användning av applikationen introduceras såväl som en förklaring ifall applikationen är möjlig att integrera i produktionstjänster.

Resultaten visar att WebTaint hjälper till att bekämpa SQL Injection och Cross-Site Scripting-attacker. Det finns dock nackdelar i form av extra åtgång av tid och minne. Den implementerade lösningen är därför inte lämplig för tids- eller minneskänsliga domäner. Ett användningsfall för WebTaint är i testmiljöer där säkerhetsexperter använder taint trackern för att hitta TaintExceptions genom manuella och automatiska attacker.

Place, publisher, year, edition, pages
2018.
Series
TRITA-EECS-EX ; 2018:379
Keywords [en]
WebTaint, Taint Tracking, Dynamic Taint Tracking, Web Applications, Java
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:kth:diva-231825OAI: oai:DiVA.org:kth-231825DiVA, id: diva2:1230123
External cooperation
Omegapoint
Educational program
Master of Science in Engineering - Information and Communication Technology
Supervisors
Examiners
Available from: 2018-08-31 Created: 2018-07-02 Last updated: 2018-08-31Bibliographically approved

Open Access in DiVA

fulltext(614 kB)83 downloads
File information
File name FULLTEXT01.pdfFile size 614 kBChecksum SHA-512
a1c22f2084193f22ee14d51406ec910374d249f8d7f86e2eac6dbd76551b8fdc5121059ac4944938eb0bb8f39dd0dfdc8a8603bf80bcdc32e502e54de6749bcd
Type fulltextMimetype application/pdf

By organisation
School of Electrical Engineering and Computer Science (EECS)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 83 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 480 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf