Paper Abstract and Keywords |
Presentation |
2017-03-10 11:20
Detectiong Zero-day attacks by SWIFT Nobuo Shimada, Hiroki Taniai, Mizuki Miyanaga, Hidetsugu Irie, Shuichi Sakai (UTokyo) CPSY2016-149 DC2016-95 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
In recent years, malicious users attack injection vulnerability injection in web application. DTP has been established to detect injection attacks. But it is difficult to detect all attacks. In order to improve the propagation accuracy of tainting, SWIFT propagates taint information under string operations. SWIFT implemented on PHP has been studied, and taint information is correctly in simple character string operations and some injection attacks. In this paper we evaluated whether SWIFT implemented on PHP can detect all attacks with vulnerable program on WordPress. As a result, some attacks are detected successfully, while attacks that could not be prevented by SWIFT were found. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
SWIFT / Dynamic taint propagation / SQL injection / security / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 116, no. 510, CPSY2016-149, pp. 321-326, March 2017. |
Paper # |
CPSY2016-149 |
Date of Issue |
2017-03-02 (CPSY, DC) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
CPSY2016-149 DC2016-95 |
Conference Information |
Committee |
CPSY DC IPSJ-SLDM IPSJ-EMB IPSJ-ARC |
Conference Date |
2017-03-09 - 2017-03-10 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Kumejima Island |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
ETNET20167 |
Paper Information |
Registration To |
CPSY |
Conference Code |
2017-03-CPSY-DC-SLDM-EMB-ARC |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
Detectiong Zero-day attacks by SWIFT |
Sub Title (in English) |
|
Keyword(1) |
SWIFT |
Keyword(2) |
Dynamic taint propagation |
Keyword(3) |
SQL injection |
Keyword(4) |
security |
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Nobuo Shimada |
1st Author's Affiliation |
The University of Tokyo (UTokyo) |
2nd Author's Name |
Hiroki Taniai |
2nd Author's Affiliation |
The University of Tokyo (UTokyo) |
3rd Author's Name |
Mizuki Miyanaga |
3rd Author's Affiliation |
The University of Tokyo (UTokyo) |
4th Author's Name |
Hidetsugu Irie |
4th Author's Affiliation |
The University of Tokyo (UTokyo) |
5th Author's Name |
Shuichi Sakai |
5th Author's Affiliation |
The University of Tokyo (UTokyo) |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2017-03-10 11:20:00 |
Presentation Time |
20 minutes |
Registration for |
CPSY |
Paper # |
CPSY2016-149, DC2016-95 |
Volume (vol) |
vol.116 |
Number (no) |
no.510(CPSY), no.511(DC) |
Page |
pp.321-326 |
#Pages |
6 |
Date of Issue |
2017-03-02 (CPSY, DC) |
|