Taint Analysis for Graph APIs Focusing on Broken Access ControlICGT Best Applications Paper
Graph APIs are capable of flexibly retrieving or manipulating graph-structured data over the web. This rather novel type of APIs presents new challenges when it comes to properly securing the APIs against the usual web application security risks, e.g., broken access control. A prominent security testing approach is taint analysis, which traces tainted, i.e., security-relevant, data from sources (where tainted data is inserted) to sinks (where the use of tainted data may lead to a security risk), over the information flow in an application.
We present a first systematic approach to static and dynamic taint analysis for Graph APIs focusing on broken access control. The approach comprises the following. We taint nodes in the Graph API if they represent data requiring specific privileges in order to be retrieved or manipulated, and identify API calls which are related to sources and sinks. Then, we statically analyze whether tainted information flow between API source and sink calls occurs. To this end, we model the API calls using graph transformation rules. We subsequently use critical pair analysis to automatically analyze potential dependencies between rules representing source calls and rules representing sink calls. The static taint analysis (i) identifies flows that need to be further reviewed, since tainted nodes may be created by an API call and used or manipulated by another API call later without having the necessary privileges, and (ii) can be used to systematically design dynamic security tests for broken access control. The dynamic taint analysis checks if potential broken access control risks detected during the static taint analysis really occur. We apply the approach to a part of the GitHub GraphQL API.
Wed 10 JulDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
15:30 - 17:00 | ICGT Session 3ICGT Research Papers at Waaier 2 Chair(s): Fernando Orejas Universitat Politècnica de Catalunya | ||
15:30 30mTalk | Checking Transaction Isolation Violations with Graph Queries ICGT Research Papers Stefania Dumbrava ENSIIE & Institut Polytechnique de Paris, Zhao Jin ENSIIE, Burcu Kulahcioglu Ozkan Delft University of Technology, P: Jingxuan Qiu Delft University of Technology | ||
16:00 30mTalk | Modular language product lines: concept, tool and analysisJournal-first paper ICGT Research Papers Juan de Lara Autonomous University of Madrid, Esther Guerra Universidad Autónoma de Madrid, P: Paolo Bottoni Sapienza University of Rome Link to publication DOI | ||
16:30 30mTalk | Taint Analysis for Graph APIs Focusing on Broken Access ControlICGT Best Applications Paper ICGT Research Papers Leen Lambers BTU Cottbus Senftenberg, P: Lucas Sakizloglou Brandenburgische Technische Universität Cottbus-Senftenberg, Osama Al-Wardi Brandenburgische Technische Universität Cottbus-Senftenberg, Taisiya Khakharova Brandenburgische Technische Universität Cottbus-Senftenberg DOI |