| Presentation | 2017-03-10 Detectiong Zero-day attacks by SWIFT Nobuo Shimada, Hiroki Taniai, Mizuki Miyanaga, Hidetsugu Irie, Shuichi Sakai, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | In recent years, malicious users attack injection vulnerability injection in web application. DTP has been established to detect injection attacks. But it is difficult to detect all attacks. In order to improve the propagation accuracy of tainting, SWIFT propagates taint information under string operations. SWIFT implemented on PHP has been studied, and taint information is correctly in simple character string operations and some injection attacks. In this paper we evaluated whether SWIFT implemented on PHP can detect all attacks with vulnerable program on WordPress. As a result, some attacks are detected successfully, while attacks that could not be prevented by SWIFT were found. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | SWIFT / Dynamic taint propagation / SQL injection / security |
| Paper # | CPSY2016-149,DC2016-95 |
| Date of Issue | 2017-03-02 (CPSY, DC) |
| Conference Information | |
| Committee | CPSY / DC / IPSJ-SLDM / IPSJ-EMB / IPSJ-ARC |
|---|---|
| Conference Date | 2017/3/9(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Kumejima Island |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | ETNET20167 |
| Chair | Yasuhiko Nakashima(NAIST) / Michiko Inoue(NAIST) / Kiyoharu Hamaguchi(Shimane Univ.) |
| Vice Chair | Koji Nakano(Hiroshima Univ.) / Hidetsugu Irie(Univ. of Tokyo) / Satoshi Fukumoto(Tokyo Metropolitan Univ.) |
| Secretary | Koji Nakano(Fujitsu Labs.) / Hidetsugu Irie(NII) / Satoshi Fukumoto(Kyoto Sangyo Univ.) / (Tokyo Inst. of Tech.) / (Toshiba) / (Univ. of Kitakyushu) |
| Assistant | Takeshi Ohkawa(Utsunomiya Univ.) / Shinya Takameda(Hokkaido Univ.) |
| Paper Information | |
| Registration To | Technical Committee on Computer Systems / Technical Committee on Dependable Computing / Special Interest Group on System and LSI Design Methodology / Special Interest Group on Embedded Systems / Special Interest Group on System Architecture |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Detectiong Zero-day attacks by SWIFT |
| Sub Title (in English) | |
| Keyword(1) | SWIFT |
| Keyword(2) | Dynamic taint propagation |
| Keyword(3) | SQL injection |
| Keyword(4) | security |
| 1st Author's Name | Nobuo Shimada |
| 1st Author's Affiliation | The University of Tokyo(UTokyo) |
| 2nd Author's Name | Hiroki Taniai |
| 2nd Author's Affiliation | The University of Tokyo(UTokyo) |
| 3rd Author's Name | Mizuki Miyanaga |
| 3rd Author's Affiliation | The University of Tokyo(UTokyo) |
| 4th Author's Name | Hidetsugu Irie |
| 4th Author's Affiliation | The University of Tokyo(UTokyo) |
| 5th Author's Name | Shuichi Sakai |
| 5th Author's Affiliation | The University of Tokyo(UTokyo) |
| Date | 2017-03-10 |
| Paper # | CPSY2016-149,DC2016-95 |
| Volume (vol) | vol.116 |
| Number (no) | CPSY-510,DC-511 |
| Page | pp.pp.321-326(CPSY), pp.321-326(DC), |
| #Pages | 6 |
| Date of Issue | 2017-03-02 (CPSY, DC) |