A security oriented program transformation to "add on" policies to prevent injection attacks

Authors:
Munawar Hafiz;Ralph Johnson
Affiliations:
University of Illinois at Urbana-Champaign;University of Illinois at Urbana-Champaign
Venue:
Proceedings of the 2nd Workshop on Refactoring Tools
Year:
2008

Citing 1
Cited 2

Living in the comfort zone

Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications

Code-motion for API migration: fixing SQL injection vulnerabilities in Java

Proceedings of the 4th Workshop on Refactoring Tools
Feasibility study of software reengineering towards role-based access control

International Journal of Computer Applications in Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Topping the list of the most prominent attacks on applications [6] are various types of injection attacks. Malicious inputs that cause injection attacks are numerous; programmers fail to write checks for all attack patterns. We define a program transformation that allows a programmer to think in terms of rectification policies and automatically add these policies to convert unsafe data inputs to safe inputs. The security oriented program transformation applies to all classes of injection attacks, easing the burden of programmers who would otherwise have to manually write checks.