SQLrand: Preventing SQL Injection Attacks (2004)  (Make Corrections)  (4 citations)
Stephen W. Boyd, Angelos D. Keromytis

  Home/Search   Context   Related

 
View or download:
columbia.edu/~angelos/Pap...sqlrand.pdf
Cached:  PS.gz  PS  PDF   Image  Update  Help

From:  columbia.edu/~angelos/cv (more)
(Enter author homepages)

Rate this article: (best)
  Comment on this article  
(Enter summary)

Abstract: We present a practical protection mechanism against SQL injection attacks. Such attacks target databases that are accessible through a web frontend, and take advantage of flaws in the input validation logic of Web components such as CGI scripts. We apply the concept of instruction-set randomization to SQL, creating instances of the language that are unpredictable to the attacker. (Update)

Cited by:   More
Bridging the Gap Between Web Application Firewalls and - Web Applications Lieven   (Correct)
Enforcing Privacy in Web Applications - Ariel Futoransky Corelabs (2005)   (Correct)
A Unified Approach for Preventing Attacks Exploiting a.. - Xu, Bhatkar, Sekar   (Correct)

Active bibliography (related documents):   More   All
0.8:   Countering Network Worms through Automatic Patch Generation - Sidiroglou, Keromytis (2003)   (Correct)
0.6:   Using Execution Transactions To Recover From Buffer.. - Stelios Sidiroglou.. (2004)   (Correct)
0.6:   Recursive Sandboxes: Extending Systrace to Empower Applications - Kurchuk, Keromytis   (Correct)

Similar documents based on text:   More   All
0.4:   The Price of Safety in an Active Network - Alexander, Anagnostakis.. (1999)   (Correct)
0.3:   gore: Routing-Assisted Defense against DDoS Attacks - Chou, Stavrou, Ioannidis..   (Correct)
0.3:   Designing an Embedded Firewall/VPN Gateway - Vassilis Prevelakis And   (Correct)

Related documents from co-citation:   More   All
2:   Detecting format string vulnerabilities with type qualifiers - Shankar, Talwar et al. - 2001
2:   Language-Based Information-Flow Security - Sabelfeld, Myers - 2003
2:   Securing web application code by static analysis and runtime protection (context) - Huang, Yu et al. - 2004

BibTeX entry:   (Update)

Boyd, S., Keromytis, A.: SQLrand: Preventing SQL injection attacks. In Jakobsson, M., Yung, M., Zhou, J., eds.: Proceedings of the 2nd Applied Cryptography and Network Security (ACNS) Conference. Volume 3089 of Lecture Notes in Computer Science., Springer-Verlag (2004) 292--304. http://citeseer.ist.psu.edu/boyd04sqlrand.html   More

@misc{ boyd04sqlrand,
  author = "S. Boyd and A. Keromytis",
  title = "SQLrand: Preventing SQL injection attacks",
  text = "Boyd, S., Keromytis, A.: SQLrand: Preventing SQL injection attacks. In
    Jakobsson, M., Yung, M., Zhou, J., eds.: Proceedings of the 2nd Applied
    Cryptography and Network Security (ACNS) Conference. Volume 3089 of Lecture
    Notes in Computer Science., Springer-Verlag (2004) 292--304.",
  year = "2004",
  url = "citeseer.ist.psu.edu/boyd04sqlrand.html" }
Citations (may not include all citations):
174   A Secure Environment for Untrusted Helper Applications - Goldberg, Wagner et al. - 1996
140   Stackguard: Automatic adaptive detection and prevention of b.. - Cowan, Pu et al. - 1998
69   A First Step towards Automated Detection of Buffer Overrun V.. - Wagner, Foster et al. - 2000
66   Smashing the stack for fun and profit (context) - One - 1996
64   Detecting Format String Vulnerabilities with Type Qualifiers - Shankar, Talwar et al. - 2001
62   Hardening COTS Software with Generic Software Wrappers - Fraser, Badger et al. - 1999
54   SLIC: An Extensibility System for Commodity Operating System.. - Ghormley, Petrou et al. - 1998
45   Building Diverse Computer Systems - Forrest, Somayaji et al. - 1997
35   Statically Detecting Likely Buffer Overflow Vulnerabilities - Larochelle, Evans - 2001
33   A theory of type qualifiers - Foster, hndrich et al. - 1999
28   Mapbox: Using parameterized behavior classes to confine appl.. - Acharya, Raje - 2000
25   Improving Host Security with System Call Policies - Provos - 2003
21   Countering Code-Injection Attacks With Instruction-Set Rando.. (context) - Kc, Keromytis et al. - 2003
21   Using Kernel Hypervisors to Secure Applications (context) - Mitchem, Lu et al. - 1997
20   Address Obfuscation: an Efficient Approach to Combat a Broad.. (context) - Bhatkar, DuVarney et al. - 2003
19   Traps and Pitfalls: Practical Problems in System Call Interp.. - Garfinkel - 2003
18   Confining root programs with domain and type enforcement (context) - Walker, Stern et al. - 1996
16   Integrating Flexible Support for Security Policies into the .. (context) - Loscocco, Smalley - 2001
16   PointGuard: Protecting Pointers From Buffer Overflow Vulnera.. (context) - Cowan, Beattie et al. - 2003
16   Randomized Instruction Set Emulation to Disrupt Binary Code .. - Barrantes, Ackley et al. - 2003
15   ww heap overflow (context) - Security, heap et al. - 1999
14   Consh: A confined execution environment for internet computa.. - Alexandrov, Kmiec et al. - 1998
14   Type-assisted dynamic buffer overflow detection - Lhee, Chapin - 2002
12   CSSV: Towards a realistic tool for statically detecting all .. - Dor, Rodeh et al. - 2003
11   Obfuscation of Executable Code to Improve Resistance to Stat.. - Linn, Debray - 2003
10   A Flexible Containment Mechanism for Executing Untrusted Cod.. (context) - Peterson, Bishop et al. - 2002
10   TRON: Process-Specific File Protection for the UNIX Operatin.. - Berman, Bourassa et al. - 1995
10   SubDomain: Parsimonious Security for Server Appliances (context) - Cowan, Beattie et al. - 2000
9   Security of Web Browser Scripting Languages: Vulnerabilities - Anupam, Mayer - 1998
8   Mediating connectors: A non-bypassable process wrapping tech.. - Balzer, Goldman - 1999
8   Sandboxing Applications - Prevelakis, Spinellis - 2001
8   High Coverage Detection of Input-Related Security Faults (context) - Larson, Austin - 2003
7   Advanced SQL Injection In SQL Server Applications (context) - Anley - 2002
5   The Cracker Patch Choice: An Analysis of Post Hoc Security T.. - Cowan, Hinton et al. - 2000
4   TrustedBSD: Adding Trusted Operating System Features to Free.. (context) - Watson - 2001

Documents on the same site (http://www1.cs.columbia.edu/~angelos/cv.html):   More
Just Fast Keying: Key Agreement in a Hostile Internet - Aiello, Bellovin, Blaze.. (2004)   (Correct)
Automated Recovery in a Secure Bootstrap Process - Arbaugh, Keromytis, Farber.. (1998)   (Correct)
Requirements for Scalable Access Control and Security.. - Keromytis, Smith (2002)   (Correct)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC