关键词: Web应用, 权限控制, 权限验证图, 漏洞检测

Abstract: Concerning the problem that it is lack of effective ways to detect access control vulnerabilities in Web applications, a new detection algorithm based on privilege verification graph is proposed. Firstly, identify privilege verification nodes and source nodes, then connect nodes to a privilege verification graph by T or F edges based on the program Control Flaw Graph（CFG）. Then, traverse all privilege verification routes corresponding to a source node to count the route verification privilege and compare it with the source node access privilege to detect whether existed a access control vulnerability. The experiment has detected eight known and unknown vulnerabilities in seven Web applications. Compared with the existing access control detection algorithms, the algorithm can effectively detect four kinds of access control vulnerabilities and expand the scope of vulnerability detection.

Key words: Web application, access control, privilege verification graph, vulnerability detection