Securing RFID systems from SQLIA

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7017 LNCS, Issue PART 2, 2011, Pages 245-254

  Fernando, Harinda ^a   Abawajy, Jemal ^a  

^a DEAKIN UNIVERSITY   (Australia)

Author keywords

[No Author keywords available]

Indexed keywords

DATA CLEANING; DETECTION TECHNIQUE; FALSE POSITIVE; HIGH DETECTION RATE; QUERY MATCHING; QUERY STRUCTURES; RFID SYSTEMS; SECOND ORDERS; SECURE RFID; SQL INJECTION; TAG-BASED; WEB APPLICATION; WEB SYSTEM;

ALGORITHMS; CRYPTOGRAPHY; PARALLEL PROCESSING SYSTEMS; USER INTERFACES; WORLD WIDE WEB;

SEARCH ENGINES;

EID: 80455140300     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-24669-2_24     Document Type: Conference Paper

References (14)

1. Glover, B., Bhatt, H.: RFID Essentials. Theory in Practice. O'Reilly Media, Sebastopol (2006)
2. Rieback, M., Simpson, P., Crispo, B., Tanenbaum, A.: RFID malware: Design principles and examples. Pervasive and Mobile Computing 2(4), 405-426 (2006)
3. Amirtahmasebi, K., Jalalinia, S.R., Khadem, S.: A survey of SQL injection defense mechanisms. In: 6th International Conference for Internet Technology and Secured Transactions. IEEE, London (2009)
4. Tajpour, A., Zade Shooshtari, M.J.J.: Evaluation of SQL Injection Detection and Prevention Techniques. In: 2nd International Conference on Computational Intelligence, Communication Systems and Networks, pp. 216-221. IEEE, Liverpool (2010)
5. Halfond, W., Viegas, J., Orso, A.: A classification of SQL-injection attacks and countermeasures. In: International Symposium on Secure Software Engineering. Citeseer (2006)
6. Huang, Y.W., Huang, S.K., Lin, T.P., Tsai, C.H.: Web application security assessment by fault injection and behavior monitoring. In: 11th International World Wide Web Conference. ACM, Honolulu (2003)
7. McClure, R.A., Krüger, I.H.: SQL DOM: compile time checking of dynamic SQL statements. In: 27th International Conference on Software Engineering. ACM, Missouri (2005)
8. Boyd, S.W., Keromytis, A.D.: SQLrand: Preventing SQL injection attacks. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 292-302. Springer, Heidelberg (2004)
9. Wassermann, G., Su, Z.: An analysis framework for security in Web applications. In: First FSE Workshop on Specification and Verification of Component-Based Systems (2004)
10. Halfond, W.G.J., Orso, A.: AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks. In: 3rd International ICSE Workshop on Dynamic Analysis. ACM, MO (2005)
11. Su, Z., Wassermann, G.: The essence of command injection attacks in web applications. In: 33rd Annual Symposium on Principles of Programming Languages. ACM, New York (2006)
12. Suliman, A., Shankarapani, M., Mukkamala, S., Sung, A.: RFID malware fragmentation attacks. IEEE, Los Alamitos (2008)
13. Das, D., Sharma, U., Bhattacharyya, D.: An Approach to Detection of SQL Injection Vulnerabilities Based on Dynamic Query Matching. International Journal of Computer Applications IJCA 1(25), 39-45 (2010)
14. Buehrer, G., Weide, B.W., Sivilotti, P.A.G.: Using parse tree validation to prevent SQL injection attacks. In: International Conference on Software Engineering and Middleware. ACM, New York (2005)