Defining code-injection attacks

Conference Record of the Annual ACM Symposium on Principles of Programming Languages

Volumn , Issue , 2012, Pages 179-190

  Ray, Donald ^a   Ligatti, Jay ^a  

^a UNIVERSITY OF SOUTH FLORIDA   (United States)

Author keywords

Algorithms; Languages; Security

Indexed keywords

CODE INJECTION ATTACKS; SECURITY;

ALGORITHMS; COMPUTER PROGRAMMING LANGUAGES; QUERY LANGUAGES;

NETWORK SECURITY;

EID: 84857807425     PISSN: 07308566     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2103656.2103678     Document Type: Conference Paper

References (40)

1. C. Anley. Advanced SQL injection in SQL server applications. White paper, Next Generation Security Software, 2002.
2. S. Bandhakavi, P. Bisht, P. Madhusudan, and V. N. Venkatakrishnan. Candid: preventing SQL injection attacks using dynamic candidate evaluations. In Proceedings of the ACM Conference on Computer and Communications Security, pages 12-24, 2007.
3. P. Bisht, P. Madhusudan, and V. N. Venkatakrishnan. CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks. ACM Trans. Inf. Syst. Secur., 13(2):1-39, Feb. 2010.
4. M. Bravenboer, E. Dolstra, and E. Visser. Preventing injection attacks with syntax embeddings. Science of Computer Programming, 75(7): 473-495, July 2010.
5. G. Buehrer, B. W. Weide, and P. A. G. Sivilotti. Using parse tree validation to prevent sql injection attacks. In SEM '05: Proceedings of the 5th international workshop on software engineering and middleware, pages 106-113, 2005.
6. J. Clause,W. Li, and A. Orso. Dytan: a generic dynamic taint analysis framework. In Proceedings of the ACM International Symposium on Software Testing and Analysis, pages 196-206, 2007. (Pubitemid 47317593)
7. J. Condit, M. Harren, S. McPeak, G. C. Necula, and W. Weimer. Ccured in the real world. SIGPLAN Notices, 38:232-244, May 2003.
8. W. Halfond, A. Orso, and P. Manolios. Wasp: Protecting web applications using positive tainting and syntax-aware evaluation. IEEE Trans. Softw. Eng., 34(1):65-81, 2008. (Pubitemid 351343903)
9. W. G. Halfond, J. Viegas, and A. Orso. A Classification of SQLInjection Attacks and Countermeasures. In Proceedings of the IEEE International Symposium on Secure Software Engineering, March 2006.
10. R. Hansen and M. Patterson. Stopping Injection Attacks with Computational Theory, July 2005. In Black Hat USA.
11. T. Jim, J. G. Morrisett, D. Grossman, M. W. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of c. In Proceedings of the General Track of the USENIX Annual Technical Conference, pages 275-288, Berkeley, CA, USA, 2002. USENIX Association.
12. N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: A static analysis tool for detecting web application vulnerabilities (short paper). In Proceedings of the IEEE Symposium on Security and Privacy, pages 258-263, 2006. (Pubitemid 44753727)
13. A. Kie?zun, P. J. Guo, K. Jayaraman, and M. D. Ernst. Automatic creation of SQL injection and cross-site scripting attacks. In Proceedings of the International Conference on Software Engineering, May 2009.
14. K. Kline and D. Kline. SQL in a Nutshell, chapter 4. O'Reilly, 2001.
15. D. E. Knuth. On the translation of languages from left to right. Information and Control, 8(6):607-639, 1965.
16. P. J. Landin. The mechanical evaluation of expressions. Computer Journal, 6(4):308-320, 1963.
17. Z. Luo, T. Rezk, and M. Serrano. Automated code injection prevention for web applications. In Proceedings of the Conference on Theory of Security and Applications, 2011.
18. Microsoft. SQL Minimum Grammar, 2011. http://msdn.microsoft.com/en-us/ library/ms711725(VS.85).aspx.
19. Microsoft. CREATE FUNCTION (Transact-SQL), 2011. http://msdn.microsoft. com/en-us/library/ms186755.aspx.
20. CWE/SANS Top 25 Most Dangerous Software Errors. The MITRE Corporation, 2009. Document version 1.4, http://cwe.mitre.org/top25/archive/2009/2009-cwe- sans-top-25.pdf.
21. CWE/SANS Top 25 Most Dangerous Software Errors. The MITRE Corporation, 2010. Document version 1.08, http://cwe.mitre.org/top25/archive/2010/2010-cwe- sans-top25.pdf.
22. CWE/SANS Top 25 Most Dangerous Software Errors. The MITRE Corporation, 2011. Document version 1.0.2, http://cwe.mitre.org/top25/archive/2011/2011-cwe- sans-top25.pdf.
23. G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. Ccured: type-safe retrofitting of legacy software. ACM Trans. Program. Lang. Syst., 27:477-526, May 2005. (Pubitemid 43942510)
24. J. Newsome and D. X. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the Network and Distributed System Security Symposium, Feb. 2005.
25. A. Nguyen-tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans. Automatically hardening web applications using precise tainting. In Proceedings of the IFIP International Information Security Conference, pages 372-382, 2005.
26. G. Ollmann. Second order code injection attacks. Technical report, NGS Software, 2004.
27. Oracle. How to write injection-proof PL/SQL. An Oracle White Paper, December 2008. URL http://www.oracle.com/technetwork/database/features/plsql/ overview/how-to-write-injection-proof-plsql-1-129572.pdf. Page 11.
28. Oracle. CREATE FUNCTION Syntax for User-Defined Functions, 2011. http://dev.mysql.com/doc/refman/5.6/en/create-function-udf.html.
29. Oracle. CREATE FUNCTION, 2011. http://download.oracle.com/docs/cd/E11882- 01/server.112/e17118/statements-5011.htm.
30. php. phpMyAdmin. http://www.phpmyadmin.net.
31. T. Pietraszek and C. V. Berghe. Defending against injection attacks through context-sensitive string evaluation. In Proceedings of Recent Advances in Intrusion Detection (RAID), 2005.
32. G. D. Plotkin. Call-by-name, call-by-value and the λ-calculus. Theoretical Computer Science, 1(2):125-159, 1975.
33. E. J. Schwartz, T. Avgerinos, and D. Brumley. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Proceedings of the IEEE Symposium on Security and Privacy, May 2010.
34. Z. Su and G. Wassermann. The essence of command injection attacks in web applications. In Proceedings of the 33rd ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, pages 372-382, 2006.
35. O. Tripp, M. Pistoia, S. J. Fink, M. Sridharan, and O. Weisman. TAJ: effective taint analysis of web applications. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 87-97, 2009.
36. S. Tzu. The art of war. The Project Gutenberg eBook. Translated by Lionel Giles. http://www.gutenberg.org/cache/epub/17405/pg17405.txt.
37. G. Wassermann and Z. Su. Sound and Precise Analysis of Web Applications for Injection Vulnerabilities. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2007.
38. W. Xu, S. Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks. In Proceedings of the 15th USENIX Security Symposium, 2006.
39. Y. Younan, P. Philippaerts, F. Piessens, W. Joosen, S. Lachmund, and T. Walter. Filter-resistant code injection on ARM. In Proceedings of the ACM Conference on Computer and Communications Security, pages 11-20, 2009.
40. X. Zhang and Z. Wang. A static analysis tool for detecting web application injection vulnerabilities for ASP program. In International Conference on e-Business and Information System Security (EBISS), pages 1 -5, May 2010.