Title | ||
---|---|---|
Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations |
Abstract | ||
---|---|---|
Injection attacks and their defense require a lot of creativity from attackers and secure system developers. Unfortunately, as attackers rely increasingly on systematic approaches to find and exploit a vulnerability, developers follow the traditional way of writing ad hoc checks in source code. This paper shows that security engineering to prevent injection attacks need not be ad hoc. It shows that protection can be introduced at different layers of a system by systematically applying general purpose security-oriented program transformations. These program transformations are automated so that they can be applied to new systems at design and implementation stages, and to existing ones during maintenance. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1007/978-3-642-00199-4_7 | ESSoS |
Keywords | Field | DocType |
secure system developer,general purpose,injection attack,security engineering,implementation stage,source code,program transformation,systematically eradicating data injection,security-oriented program transformation,different layer,new system,security-oriented program transformations | Data validation,Program transformation,Security engineering,Computer security,Computer science,Source code,Transformation language,Exploit,Creativity,Vulnerability | Conference |
Volume | ISSN | Citations |
5429 | 0302-9743 | 10 |
PageRank | References | Authors |
0.86 | 22 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Munawar Hafiz | 1 | 224 | 15.40 |
Paul Adamczyk | 2 | 36 | 4.61 |
Ralph Johnson | 3 | 492 | 29.52 |