Open Access
Subscription Access
Open Access
Subscription Access
A General Approach for Defending Code-Injection Attacks
Subscribe/Renew Journal
To provide a general approach for safeguarding systems against code-injection attack by providing a randomized instruction sets. An attacker who does not know the key to the randomization algorithm will inject code, the invalid format of instruction set for that randomized environment thus it will cause a runtime exception. This approach is applicable to machine-level programs, scripting languages. Hereby providing two prototypes (protection for Intel x86 executable and SQL queries) based on a proxy based approach. The SQL prototype consists of an SQL query-randomizing proxy that protects against SQL injection attacks with no changes to database servers, minor changes to CGI scripts, and with negligible performance overhead. Where the performance impact of our proposed approach is acceptable, it can serve as a broad protection mechanism and complement other security mechanisms.
Keywords
Proxy, Security, Instruction-Set, Randomization.
User
Subscription
Login to verify subscription
Font Size
Information
Abstract Views: 261
PDF Views: 3