SaTC: CORE: Small: Studying and Measuring the Consequence of Prototype Pollution Vulnerabilities Automatically via Joint Taintflow Analysis

SaTC：核心：小型：通过联合污染流分析自动研究和测量原型污染漏洞的后果

• 批准号: 2154404
• 负责人: Yinzhi Cao
• 金额: $ 50万
• 依托单位: Johns Hopkins University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-10-01 至 2025-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2154404&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Studying; Measuring

Prototype pollution is a relatively new type of vulnerability that was discovered in 2018. State-of-the-art works all focus on prototype pollution itself but not the follow-up influence, which we call further consequences in this project. Although people understand that prototype pollution may lead to some consequences such as overwriting critical variables, it remains unclear what a list of possible consequences could be and more importantly how prevalent they are in the real world. This greatly limits people’s understanding of prototype pollution: They often do not take prototype pollution seriously because they think it is a "theoretical" vulnerability, which may not have a severe consequence as other web vulnerabilities.In this project, an automated framework on a novel joint taint-flow analysis is designed to systematically study and measure further consequences of prototype pollution vulnerabilities in the real world. Specifically, such an analysis connects different taint-flows based on object lookup and assignment statements. The project will answer three fundamental questions in prototype pollution, i.e., (i) where to inject/alter a property, (ii) what property to pollute, and (iii) what value to inject. For example, a Cross-site Scripting (XSS) consequence depends on the answer to the question (iii) and the corresponding joint taint-flow: The taint goes into the value of a polluted property belonging to a polluted object as an en-route stop, and then finally to a traditional XSS sink like eval.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

原型污染是2018年发现的一种相对新型的脆弱性。最先进的工作都集中在原型污染本身上，而不是后续影响，我们称这在该项目中的进一步后果。尽管人们了解原型污染可能会导致一些后果，例如覆盖批判变量，但尚不清楚可能后果的清单可能是什么，更重要的是它们在现实世界中的流行程度。这种巨大的限制了人们对原型污染的理解：他们通常不会认真对待原型污染，因为他们认为这是一个“理论”脆弱性，由于其他网络漏洞，这可能不会产生严重的后果。在这个项目中，一种对新型关节污染分析的自动化框架旨在系统地研究并衡量原型污染性的实际污染性，在现实中的污染性实现了现实的影响。具体而言，这种分析基于对象查找和分配语句连接不同的污染流。该项目将回答原型污染中的三个基本问题，即（i）在哪里注射/更改财产，（ii）要污染的财产以及（iii）注射的价值。例如，跨站点脚本（XS）的结果取决于问题的答案（iii）和相应的关节污点：污点涉及污染的污染特性的价值，属于被污染的物体作为封闭式停止，然后最终通过评估的传统XS奖励，以评估NSF的规定，并最终符合XSS的基础。审查标准。