Sciweavers

MIDDLEWARE
2007
Springer

Dynamic multi-process information flow tracking for web application security

14 years 6 months ago
Dynamic multi-process information flow tracking for web application security
Although there is a large body of research on detection and prevention of such memory corruption attacks as buffer overflow, integer overflow, and format string attacks, the web application security problem receives relatively less attention from the research community by comparison. The majority of web application security problems originate from the fact that web applications fail to perform sanity checks on inputs from the network that are eventually used as operands of securitysensitive operations. Therefore, a promising approach to this problem is to apply proper checks on tainted portions of the operands used in security-sensitive operations, where a byte is tainted if it is data/control dependent on some network packet(s). This paper presents the design, implementation and evaluation of a dynamic checking compiler called WASC, which automatically adds checks into web applications used in three-tier internet services to protect them from the most common two types of web applic...
Susanta Nanda, Lap-Chung Lam, Tzi-cker Chiueh
Added 08 Jun 2010
Updated 08 Jun 2010
Type Conference
Year 2007
Where MIDDLEWARE
Authors Susanta Nanda, Lap-Chung Lam, Tzi-cker Chiueh
Comments (0)