A novel method for Security and data protection

z Lashkaripour; A Ghaemi bafghi

A novel method for Security and data protection

محل انتشار: دومین همایش ملی پژوهش های کاربردی در علوم کامپیوتر و فناوری اطلاعات

سال انتشار: 1393

نوع سند: مقاله کنفرانسی

زبان: انگلیسی

مشاهده: 700

فایل این مقاله در 10 صفحه با فرمت PDF قابل دریافت می باشد

دریافت فایل کامل مقاله

صدور گواهی نمایه سازی
من نویسنده این مقاله هستم

استخراج به نرم افزارهای پژوهشی:

لینک ثابت به این مقاله:

https://civilica.com/doc/455112

شناسه ملی سند علمی:

CITCONF02_240

تاریخ نمایه سازی: 19 اردیبهشت 1395

چکیده مقاله:

Data is one of the significant assets that should be protected against any unauthorized access. Securing the underlying data is one of the most important issues in any organization especially when the data is accessed via internet. For this purpose, we propose a new method in this paper which is able to secure web applications and their database against the most frequent attack for such applications called SQL Injection (SQLI). The method is combinational and consists of two phases named static and dynamic in order to gain benefit from both of the corresponding techniques. It is based on static analysis and runtime validation where user inputs in SQL queries are removed and some information is gathered in order to make the detection easier and faster at runtime. Our method minimizes the overhead of the dynamic phase by gathering as much information as possible at the static phase. In order to show our expectations in practice we have implemented a tool for Java-based web applications. The experiments show that our proposed method has no false negative or false positive and the least overhead.

کلیدواژه ها:

Web application ، security ، SQLIA ، static analysis ، runtime validation

نویسندگان

z Lashkaripour

Department of Computer, Faculty of Engineering, Velayat University, Iranshahr, Iran

A Ghaemi bafghi

Data and Communication Security Laboratory, Department of Computer, Faculty of Engineering,Ferdowsi University of Mashhad, Mashhad, Iran

مراجع و منابع این مقاله:

لیست زیر مراجع و منابع استفاده شده در این مقاله را نمایش می دهد. این مراجع به صورت کاملا ماشینی و بر اساس هوش مصنوعی استخراج شده اند و لذا ممکن است دارای اشکالاتی باشند که به مرور زمان دقت استخراج این محتوا افزایش می یابد. مراجعی که مقالات مربوط به آنها در سیویلیکا نمایه شده و پیدا شده اند، به خود مقاله لینک شده اند :

Lawton, G. (2007), ،Web 2.0 creates security challenges", Computer, 40(10), ...
Query Objects: Statically Typed Objects as Remotely Executable Safeه 12.Cook, ...
Syntactic and :Saniaه 15. Kosuga, Y., Kernel, K., Hanaoka, M, ...
detection of security vulnerabilities in scripting languages", Proc. of the ...
detailed survey on various aspects of SQL Injection: Aءه 27.Kindy, ...
Martin, B., Brown, M., Paller, A., Kirby, D., Christey, S. ...
SQL Injection In SQL Server Applications", In. Next Generation Security ...
- 5.Halfond, W. G. J., Viegas, J., Orso, A. (206), ...
Song, C. (2010), "SQL Injection Attacks and C O untermeasures ...
Lashkaripour, Z., Ghaemi Bafghi, A. (2013), _ Simple and Fast ...
Lashkaripour, Z., GGhaemi Bafghi, A. (2013), _ security analysis tool ...
novel method for SQL injection attack detection based _ A:ه ...
Tajpour, A., Ibrahim, S., Sharifi, M. (2012), _ Application Security ...
McClure, R. A., Kruger, I. H. (2005), "SQL DOM: compile ...
Bashah Mat Ali, A., Yaseen Ibrahim Shakhatreh, A., Syazwan Abdullah, ...
Jie, W., Phan, R. C. W., Whitley, J. N. Parish, ...
Vieira, F. J. M. (2011), "Realistic Vulnerability Injections in PHP ...
Thomas, S., Williams, L. (2007), "Using Automated Fix Generation o ...
Fix Generator for SQL Injection Attacks", Software Automated:ه 18.Dysart, F., ...
Buehrer, G., Weide, B. W., Sivilotti, P. A. G. (2005), ...
Jakobsson, M., Yung, M., Zhou, J., Boyd, S. W., Keromytis ...
analysis and monitoring for NEutralizing SQL-injection :AMNESIA:ه 21.Halfond, W.G., Orso, ...
Su, Z., Wassermann, G. (2006), _ _ of command injection ...
Liu, A., Yuan, Y., Wijesekera, D., Stavrou, A. (209), :SQLProb: ...
Ceara, D., Potet, M.. Mounier, L., Tapus, N. (2009), "Detecting ...
Huang, Y. W., Yu, F., Hang, C., Tsai, C. H., ...
Halfond, W. G. J., Orso, A., Manolios, P. (2008), ،WASP: ...
Vall ee-Rai, R. (2000), :Soot: A Java Bytecode Optimization Framework, ...
Aho, A. V., Lam, M. S., Sethi, R., Ullman, J. ...

نمایش کامل مراجع