SQL in a Nutshell
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
CCured: type-safe retrofitting of legacy software
ACM Transactions on Programming Languages and Systems (TOPLAS)
Using parse tree validation to prevent SQL injection attacks
SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Dytan: a generic dynamic taint analysis framework
Proceedings of the 2007 international symposium on Software testing and analysis
CANDID: preventing sql injection attacks using dynamic candidate evaluations
Proceedings of the 14th ACM conference on Computer and communications security
WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation
IEEE Transactions on Software Engineering
TAJ: effective taint analysis of web applications
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Automatic creation of SQL Injection and cross-site scripting attacks
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Filter-resistant code injection on ARM
Proceedings of the 16th ACM conference on Computer and communications security
CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks
ACM Transactions on Information and System Security (TISSEC)
Preventing injection attacks with syntax embeddings
Science of Computer Programming
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Defending against injection attacks through context-sensitive string evaluation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Automated code injection prevention for web applications
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Let's parse to prevent pwnage invited position paper
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Diglossia: detecting code injection attacks with precision and efficiency
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.00 |
This paper shows that existing definitions of code-injection attacks (e.g., SQL-injection attacks) are flawed. The flaws make it possible for attackers to circumvent existing mechanisms, by supplying code-injecting inputs that are not recognized as such. The flaws also make it possible for benign inputs to be treated as attacks. After describing these flaws in conventional definitions of code-injection attacks, this paper proposes a new definition, which is based on whether the symbols input to an application get used as (normal-form) values in the application's output. Because values are already fully evaluated, they cannot be considered "code" when injected. This simple new definition of code-injection attacks avoids the problems of existing definitions, improves our understanding of how and when such attacks occur, and enables us to evaluate the effectiveness of mechanisms for mitigating such attacks.