Browse Prior Art Database

System, Method and Apparatus for the Detection of Workflow Vulnerabilities

IP.com Disclosure Number: IPCOM000215789D
Publication Date: 2012-Mar-12
Document File: 3 page(s) / 67K

Publishing Venue

The IP.com Prior Art Database

Abstract

Web applications are the target of many types of attacks. Some of these attacks are due to input validation errors, but some exploit flaws in the application's intended ?workflow?. A workflow is a specific sequence of interactions that a web application expects a user to perform to complete a transaction. Workflow vulnerabilities are beyond what present security scanners ? which typically focus exclusively on errors in the input validation process ? are able to uncover. This mandates (i) mining: identifying ? in an automated fashion ? the workflows defined by the subject application, (ii) testing: devising tests that manipulate these workflows, and (iii) validation: validating the success of each of the tests.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 40% of the total text.

Page 01 of 3

Method and Apparatus for the Detection of Workflow Vulnerabilities

Method and Apparatus for the Detection of Workflow Vulnerabilities

Web applications are the target of many types of attacks. Some of these attacks are due to input validation errors, but some exploit flaws in the application's intended "workflow". A workflow is a specific sequence of interactions that a web application

expects a user to perform to complete a transaction.

System, ,

    An example of a workflow - taken from [Swaddler] - is provided in Figure 1. The example illustrates a checkout transaction in an e-commerce shop, which consists of (i) getting the price of a product, (ii) calculating tax, (iii) calculating the shipping cost, and


(iv) charging the user's credit card. In this example, each interaction is handled by a separate server-side script. Relevant data persists across the scripts via session variables. A workflow attack attempts to bypass certain steps. In the example of Figure 1, it might be possible to go directly to the URL that charges the user's credit card

without factoring in tax.

Figure 1. Checkout workflow in an e-commerce shop (taken from [Swaddler])

    Workflow vulnerabilities are beyond what present security scanners - which typically focus exclusively on errors in the input validation process - are able to uncover. This mandates (i) mining: identifying - in an automated fashion - the

workflows defined by the subject application, (ii) testing: devising tests that manipulate these workflows, and (iii) validation: validating the success of each of the tests.

    Background art. Workflow attacks have received treatment by the academic community, as well as by the industry. There are several papers and patents on this subject, including the following:

[Guarded] suggests to use the Guarded Workflow design pattern, wherein the


1.

system designer explicitly defines preconditions and post conditions for each transition, so that the application can enforce sensitive workflows.
[Simulation] proposes a system where simulations of a workflow can be run with


2.

injected faults, such that the workflow's behavior under these conditions can be observed and studied.
[Swaddler] describes an approach where the anomaly detection system builds likely


3.

invariants using well-known techniques (based on the Daikon engine), and then - at runtime - issues an alert when observing that a likely invariant has been broken.

    Contrary to our invention, none of the above references addresses the challenge of directly testing an application for workflow vulnerabilities. Moreover, our invention includes the ability to identify candidate workflows (and their boundaries) automatically,

which - to our knowledge - is absent from the background art. We therefore believe


Page 02 of 3

that ours is the first fully automated testing solution for workflow vulnerabilities

    We propose a system, as well as a method, for carrying out steps (i) through (iii) above, such that workflow vulnerabilit...