Networking and Communication Engineering

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

A General Approach for Defending Code-Injection Attacks


Affiliations
1 Computer and Communication Engineering from Karunya University, Coimbatore, India
2 Karunya University, Coimbatore, India
     

   Subscribe/Renew Journal


To provide a general approach for safeguarding systems against code-injection attack by providing a randomized instruction sets. An attacker who does not know the key to the randomization algorithm will inject code, the invalid format of instruction set for that randomized environment thus it will cause a runtime exception. This approach is applicable to machine-level programs, scripting languages. Hereby providing two prototypes (protection for Intel x86 executable and SQL queries) based on a proxy based approach. The SQL prototype consists of an SQL query-randomizing proxy that protects against SQL injection attacks with no changes to database servers, minor changes to CGI scripts, and with negligible performance overhead. Where the performance impact of our proposed approach is acceptable, it can serve as a broad protection mechanism and complement other security mechanisms.

Keywords

Proxy, Security, Instruction-Set, Randomization.
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 194

PDF Views: 3




  • A General Approach for Defending Code-Injection Attacks

Abstract Views: 194  |  PDF Views: 3

Authors

J. Sajeev
Computer and Communication Engineering from Karunya University, Coimbatore, India
Rose Rani John
Karunya University, Coimbatore, India
I. Bildass Santhosham
Karunya University, Coimbatore, India

Abstract


To provide a general approach for safeguarding systems against code-injection attack by providing a randomized instruction sets. An attacker who does not know the key to the randomization algorithm will inject code, the invalid format of instruction set for that randomized environment thus it will cause a runtime exception. This approach is applicable to machine-level programs, scripting languages. Hereby providing two prototypes (protection for Intel x86 executable and SQL queries) based on a proxy based approach. The SQL prototype consists of an SQL query-randomizing proxy that protects against SQL injection attacks with no changes to database servers, minor changes to CGI scripts, and with negligible performance overhead. Where the performance impact of our proposed approach is acceptable, it can serve as a broad protection mechanism and complement other security mechanisms.

Keywords


Proxy, Security, Instruction-Set, Randomization.