Research On Key Technologies Of Static Detection Of Identity Authentication Defects In Java Microservice Applications

With the development of Internet technology,the scenarios for software usage are becoming increasingly complex,and the size of application programs is also gradually increasing.Traditional monolithic applications can no longer support the huge volume of access scenarios today.In recent years,the emergence of microservice architecture has solved the shortcomings of traditional monolithic applications and vertical application architecture.Today,many microservice development technologies have been used in production environments.At the same time as the rapid development of microservices,the security issues of microservice applications have also received widespread attention from researchers.Among them,identity authentication issues caused by application program code errors and design defects are one of the main problems plaguing researchers.Static analysis,as an important technology that can detect the security and regularity of software source code,can expose problems in the code in advance and reduce the risk of crashes online.However,to detect microservice identity authentication defects,the following three problems need to be solved:(1)The runtime characteristics of microservices make static analysis inaccurate when constructing the call graph between processes,thereby affecting the accuracy of the static analysis results.(2)Due to the rapid and small-scale iterative characteristics of microservices,the originally time-consuming static analysis will produce more repeated analysis on microservices,thereby increasing the time consumption.(3)Existing identity authentication defect detection methods have high manual costs,complex detection environment building,and cannot expose defects in advance in the development phase.To solve the above problems,this paper proposes a runtime characteristic analysis algorithm,which completes the missing call edges in the call graph,and proposes an incremental update algorithm for the call graph,effectively reducing the construction time of the microservice call graph.Based on these two key technologies,this paper realizes a static analysisbased microservice identity authentication defect detection algorithm.This algorithm analyzes from the perspective of source code,does not require the setup of a test program running environment,and can accurately and efficiently complete microservice identity authentication defect detection with minimal manual configuration.It also exposes defects in the development phase,effectively maintaining the privacy data and property security of users.The specific work and innovation points of this paper are as follows:(1)Focusing on the runtime characteristics of Java microservice application programs,which lead to the problem of lost call edges when static analysis constructs the call graph between processes,this paper designs corresponding analysis algorithms for five common runtime characteristics in Java microservice applications,such as filters and interceptors,etc.It solves the problem of incomplete runtime call relationships in the call graph.Through comparative experiments with the native Soot in constructing the call graph,this paper proves that the runtime characteristic analysis algorithm can accurately capture the missing call relationships while ensuring that the construction time of the call graph does not change significantly,and initially verifies that the runtime characteristic analysis algorithm can improve the accuracy of identity authentication defect detection.(2)To solve the problem of degraded construction time of the call graph when static analysis processes frequently updated iterative microservices,this paper proposes a microservice call graph incremental update method based on the change set,which aims to reduce the cost of repeated calculation generated during the construction of the call graph and thus shorten the construction time of the call graph.This paper designs three kinds of operations:addition,deletion,and modification,to simulate the iterative updates of applications,and compares the time consumption with the native Soot in constructing the call graph.The experimental results show that the average time consumption of the incremental updating of the microservice call graph in the test project is reduced by 15.2%,and with the increase of the iteration frequency,the incremental updating brings more benefits of time consumption reduction.(3)To solve the problem of high cost of existing identity authentication defect detection technology and the inability to expose defects in advance in the code development phase,based on the two key technologies of runtime characteristic analysis and incremental update of the call graph,this paper designs a microservice identity authentication defect data flow analysis algorithm,which realizes the judgment of whether the call chain contains identity authentication by tracking the variable transmission process containing identity authentication information.In addition,this paper also designs and implements a microservice identity authentication defect detection tool called AuthStaticChecker.The experimental results show that this paper’s algorithm can effectively expose the identity authentication defects in the program in advance from the source code perspective in the microservice application development phase,and verify that the algorithm has higher accuracy and analysis efficiency than the native Soot analysis.