Sciweavers

ACSAC
2001
IEEE

Practical Automated Filter Generation to Explicitly Enforce Implicit Input Assumptions

14 years 4 months ago
Practical Automated Filter Generation to Explicitly Enforce Implicit Input Assumptions
Vulnerabilities in distributed applications are being uncovered and exploited faster than software engineers can patch the security holes. All too often these weaknesses result from implicit assumptions made by an application about its inputs. One approach to defending against their exploitation is to interpose a filter between the input source and the application that verifies that the application's assumptions about its inputs actually hold. However, ad hoc design of such filters is nearly as tedious and error-prone as patching the original application itself. We have automated the filter generation process based on a simple formal description of a broad class of assumptions about the inputs to an application. Focusing on the back-end server application case, we have prototyped an easy-to-use tool that generates server-side filtering scripts. These can then be quickly installed on a front-end web server (either in concert with the application or when a vulnerability is uncovere...
Valentin Razmov, Daniel R. Simon
Added 23 Aug 2010
Updated 23 Aug 2010
Type Conference
Year 2001
Where ACSAC
Authors Valentin Razmov, Daniel R. Simon
Comments (0)