Balzarotti, Cova, Felmetsger, Vigna

Multi-Module Vulnerability Analysis of Web-based Applications

Goal: Vulnerability analysis capable of inter-module analysis. Potentially detect multi-step attacks.  Characterizes both "extended state" (distributed collection of session-related information) and "intended workflow" (how the user should navigate the app)

Prototype: MiMoSA (Multi-Module State Analyzer)

Two ways to secure web apps:
1.) app-level firewalls
2.) vuln analysis (static + dynamic) to identify flaws before deployment

Multi-Module attacks:
1.) Data-flow attacks exploit insecure handling of user-provided info stored and passed from one mod to another. (SQL injection or XSS)
2.) Workflow attacks leverage errors in how state is handled by the application's modules. (Skip authorization mechanisms (access restricted website content) or subvert business logic (skip step in check-out)).


Idea/comments:
--------------
Combine this with behavior-based IDS.  Monitor which paths become "intended workflow"
statistically, block off un-used paths.  Concentrate on used but "not dominate" paths?

They didn't make much of the fact that they re-use inter-module analysis.

static v dynamic: compile-time vs. run-time