Sciweavers

ESSOS
2009
Springer

Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations

13 years 8 months ago
Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations
Injection attacks and their defense require a lot of creativity from attackers and secure system developers. Unfortunately, as attackers rely increasingly on systematic approaches to find and exploit a vulnerability, developers rely on the traditional way of writing ad hoc checks in source code. This paper shows that security engineering to prevent injection attacks need not be ad hoc. It shows that protection can be introduced at different layers of a system by systematically applying general purpose security-oriented program transformations. These program transformations are automated so that they can be applied to new systems at design and implementation stages, and to existing ones during maintenance.
Munawar Hafiz, Paul Adamczyk, Ralph E. Johnson
Added 24 Jul 2010
Updated 24 Jul 2010
Type Conference
Year 2009
Where ESSOS
Authors Munawar Hafiz, Paul Adamczyk, Ralph E. Johnson
Comments (0)