Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations

14 years 4 months ago

Download netfiles.uiuc.edu

Injection attacks and their defense require a lot of creativity from attackers and secure system developers. Unfortunately, as attackers rely increasingly on systematic approaches to ﬁnd and exploit a vulnerability, developers rely on the traditional way of writing ad hoc checks in source code. This paper shows that security engineering to prevent injection attacks need not be ad hoc. It shows that protection can be introduced at diﬀerent layers of a system by systematically applying general purpose security-oriented program transformations. These program transformations are automated so that they can be applied to new systems at design and implementation stages, and to existing ones during maintenance.

Munawar Hafiz, Paul Adamczyk, Ralph E. Johnson

Real-time Traffic

Ad Hoc | ESSOS 2009 | Injection Attacks | Program Transformations |

claim paper

Post Info
More Details (n/a)

Added	24 Jul 2010
Updated	24 Jul 2010
Type	Conference
Year	2009
Where	ESSOS
Authors	Munawar Hafiz, Paul Adamczyk, Ralph E. Johnson

Comments (0)

Sciweavers

Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations

Ad Hoc | ESSOS 2009 | Injection Attacks | Program Transformations |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers