The Rising Threat of Vulnerabilities Due to Integer Errors
IEEE Security and Privacy
A Portable Implementation Framework for Intrusion-Resilient Database Management Systems
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A General Dynamic Information Flow Tracking Framework for Security Applications
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Defending against injection attacks through context-sensitive string evaluation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Nemesis: preventing authentication & access control vulnerabilities in web applications
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
DBTaint: cross-application information flow tracking via databases
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
xJS: practical XSS prevention for web application development
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
An architecture for enforcing javascript randomization in web2.0 applications
ISC'10 Proceedings of the 13th international conference on Information security
GuardRails: a data-centric web application security framework
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
A survey on automated dynamic malware-analysis techniques and tools
ACM Computing Surveys (CSUR)
SafeWeb: a middleware for securing ruby-based web applications
Middleware'11 Proceedings of the 12th ACM/IFIP/USENIX international conference on Middleware
SafeWeb: a middleware for securing ruby-based web applications
Proceedings of the 12th International Middleware Conference
Practical information flow for legacy web applications
Proceedings of the 8th Workshop on Implementation, Compilation, Optimization of Object-Oriented Languages, Programs and Systems
Information flow tracking meets just-in-time compilation
ACM Transactions on Architecture and Code Optimization (TACO)
Hi-index | 0.00 |
Although there is a large body of research on detection and prevention of such memory corruption attacks as buffer overflow, integer overflow, and format string attacks, the web application security problem receives relatively less attention from the research community by comparison. The majority of web application security problems originate from the fact that web applications fail to perform sanity checks on inputs from the network that are eventually used as operands of security-sensitive operations. Therefore, a promising approach to this problem is to apply proper checks on tainted portions of the operands used in security-sensitive operations, where a byte is tainted if it is data/control dependent on some network packet(s). This paper presents the design, implementation and evaluation of a dynamic checking compiler called WASC, which automatically adds checks into web applications used in three-tier internet services to protect them from the most common two types of web application attacks: SQL- and script-injection attack. In addition to including a taint analysis infrastructure for multi-process and multi-language applications, WASC features the use of SQL and HTML parsers to defeat evasion techniques that exploit interpretation differences between attack detection engines and target applications. Experiments with a fully operational WASC prototype show that it can indeed stop all SQL/script injection attacks that we have tested. Moreover, the end-to-end latency penalty associated with the checks inserted by WASC is less than 30% for the test web applications used in our performance study.