Defining Injection Attacks
نویسندگان
چکیده
This paper defines and analyzes injection attacks. The definition is based on the NIE property, which states that an application’s untrusted inputs must only produce Noncode Insertions or Expansions in output programs (e.g., SQL queries). That is, when applications generate output programs based on untrusted inputs, the NIE property requires that inputs only affect output programs by inserting or expanding noncode tokens (e.g., string and float literals, lambda values, pointers, etc). This paper calls attacks based on violating the NIE property BroNIEs (i.e., Broken NIEs) and shows that all code-injection attacks are BroNIEs. In addition, BroNIEs contain many malicious injections that do not involve injections of code; we call such attacks noncode-injection attacks. In order to mitigate both codeand noncode-injection attacks, this paper presents an algorithm for detecting and preventing BroNIEs.
منابع مشابه
Resilient Configuration of Distribution System versus False Data Injection Attacks Against State Estimation
State estimation is used in power systems to estimate grid variables based on meter measurements. Unfortunately, power grids are vulnerable to cyber-attacks. Reducing cyber-attacks against state estimation is necessary to ensure power system safe and reliable operation. False data injection (FDI) is a type of cyber-attack that tampers with measurements. This paper proposes network reconfigurati...
متن کاملSide channel parameter characteristics of code injection attacks
Embedded systems are suggestive targets for code injection attacks in the recent years. Software protection mechanisms, and in general computers, are not usually applicable in embedded systems since they have limited resources like memory and process power. In this paper we investigate side channel characteristics of embedded systems and their applicability in code injection attack detection. T...
متن کاملSql Injection Attacks And Defense Pdf
If you want to get SQL, Second Edition pdf eBook copy write by good author Fehily, Chris, SQL Injection Attacks and Defense, Second Edition / BackTrack. Confirming and Recovering from SQL Injection Attacks Introduction an SQL injection flaw (ftc.gov/os/caselist/0523148/0523148complaint.pdf), a hacker. One of the most easiest and hazardous security attacks confronted by these systems is SQL inje...
متن کاملDetecting, Determining and Localizing Multiple Attacks in Wireless Sensor Network - Malicious Node Detection and Fault Node Recovery System
In wireless and sensor network are deployed, they will increase malicious attacks. Faking approaches are represent in the form identify compromise and can provide a variety of traffic injection approach a reducing the performance of network. To avoid faking approach to detect the presents of various type of attacks and eliminate them from the network. To handle these attack to apply cryptograph...
متن کاملDetection of Lightweight Directory Access Protocol Query Injection Attacks in Web Applications
The Lightweight Directory Access Protocol (LDAP) is a common protocol used in organizations for Directory Service. LDAP is popular because of its features such as representation of data objects in hierarchical form, being open source and relying on TCP/IP, which is necessary for Internet access. However, with LDAP being used in a large number of web applications, different types of LDAP injecti...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2014