Browse wiki

From Navigators

Jump to: navigation, search
Publication:SEPTIC TR
Abstract Databases continue to be the most commonly Databases continue to be the most commonly used backend storage in enterprises, but they are often integrated with vulnerable applications, such as web frontends, that allow injection attacks to be performed. The effectiveness of such attacks stems from a semantic mismatch between how SQL queries are believed to be executed and the actual way in which databases process them. This leads to subtle vulnerabilities in the way input validation is done in applications. We propose SEPTIC, a mechanism for DBMS attack prevention, which can also assist on the identification of the vulnerabilities in the applications. The mechanism was implemented in MySQL and evaluated experimentally with various applications and alternative protection approaches. Our results show no false negatives and no false positives with SEPTIC, on the contrary to other solutions. They also show that SEPTIC introduces a low performance overhead, in the order of 2.2% performance overhead, in the order of 2.2%
Author Ibéria Medeiros + , Miguel Beatriz + , Nuno Ferreira Neves + , Miguel Correia +
Journal IEEE Transactions on Reliability  +
Key SEPTIC TR  +
Note accepted for publication  +
NumPubDate 2,019  +
Project Project:SEAL +
ResearchLine Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
Title SEPTIC: Detecting Injection Attacks and Vulnerabilities Inside the DBMS  +
Type article  +
Year 2019  +
Has improper value forThis property is a special property in this wiki. Month  + , Url  +
Categories Publication  +
Modification dateThis property is a special property in this wiki. 10 February 2019 02:45:22  +
hide properties that link here 
  No properties link to this page.
 

 

Enter the name of the page to start browsing from.
Views
Personal tools
Toolbox
Navigators toolbox