Browse wiki

From Navigators

Jump to: navigation, search
Publication:CODASPY 2016
Abstract After more than a decade of research, web After more than a decade of research, web application security continues to be a challenge and the backend database the most appetizing target. The paper proposes preventing injection attacks against the database management system (DBMS) behind web applications by embedding protections in the DBMS itself. The motivation is twofold. First, the approach of embedding protections in operating systems and applications running on top of them has been effective to protect these applications. Second, there is a semantic mismatch between how SQL queries are believed to be executed by the DBMS and how they are actually executed, leading to subtle vulnerabilities in protection mechanisms. The approach – SEPTIC – was implemented in MySQL and evaluated experimentally with web applications written in PHP and Java/Spring. In the evaluation SEPTIC has shown neither false negatives nor false positives, on the contrary of alternative approaches, causing also a low performance overhead in the order of 2.2%. performance overhead in the order of 2.2%.
Author Ibéria Medeiros + , Nuno Ferreira Neves + , Miguel Correia +
Booktitle Proceedings of the ACM Conference on Data and Applications Security and Privacy (CODASPY)  +
Document Document for Publication-CODASPY 2016.pdf +
Key CODASPY 2016  +
Month mar  +
NumPubDate 2,016.03  +
Project Project:SEGRID +
ResearchLine Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
Title Hacking the DBMS to Prevent Injection Attacks  +
Type inproceedings  +
Year 2016  +
Has improper value forThis property is a special property in this wiki. Url  +
Categories Publication  +
Modification dateThis property is a special property in this wiki. 5 June 2016 08:04:30  +
hide properties that link here 
  No properties link to this page.


Enter the name of the page to start browsing from.
Personal tools
Navigators toolbox