Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2001
IEEE
2001
IEEE
Practical Automated Filter Generation to Explicitly Enforce Implicit Input Assumptions
Vulnerabilities in distributed applications are being uncovered and exploited faster than software engineers can patch the security holes. All too often these weaknesses result from implicit assumptions made by an application about its inputs. One approach to defending against their exploitation is to interpose a filter between the input source and the application that verifies that the application's assumptions about its inputs actually hold. However, ad hoc design of such filters is nearly as tedious and error-prone as patching the original application itself. We have automated the filter generation process based on a simple formal description of a broad class of assumptions about the inputs to an application. Focusing on the back-end server application case, we have prototyped an easy-to-use tool that generates server-side filtering scripts. These can then be quickly installed on a front-end web server (either in concert with the application or when a vulnerability is uncovere...
Real-time TrafficACSAC 2001 | Application's Assumptions | Filter Generation | Security Privacy | Server Application |
| Added | 23 Aug 2010 |
| Updated | 23 Aug 2010 |
| Type | Conference |
| Year | 2001 |
| Where | ACSAC |
| Authors | Valentin Razmov, Daniel R. Simon |
Comments (0)
Researcher Info
|
