Presentation | 2014-10-10 Verification of a comprehensive injection attack detection with dynamic information tracking Hidenori TSUJI, Fumihiko TAKAYAMA, Wataru KITADA, Ryota SHIOYA, Masahiro GOSHIMA, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | To detect injection attacks for Web applications, DTP (Dynamic Taint Propagation) has been researched. However conventional DTP approaches, had fallen into a trade-off of false positive and false negative. We have developed SWIFT can identify substring come from the external command output of the target application by identifying string manipulation with propagating the taint information string-to-string. We propose a rule that considered as an attack if there was substring come from the external command output that is not quoted. We have verified that this rule works with SWIFT on a real application WordPress-3.0.1. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | Injection Attack / SQL Injection / Dynamic Taint Propagation / Taint Mode |
Paper # | CPSY2014-49 |
Date of Issue |
Conference Information | |
Committee | CPSY |
---|---|
Conference Date | 2014/10/3(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Computer Systems (CPSY) |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Verification of a comprehensive injection attack detection with dynamic information tracking |
Sub Title (in English) | |
Keyword(1) | Injection Attack |
Keyword(2) | SQL Injection |
Keyword(3) | Dynamic Taint Propagation |
Keyword(4) | Taint Mode |
1st Author's Name | Hidenori TSUJI |
1st Author's Affiliation | Institute of Information Technology, Inc.() |
2nd Author's Name | Fumihiko TAKAYAMA |
2nd Author's Affiliation | Institute of Information Technology, Inc. |
3rd Author's Name | Wataru KITADA |
3rd Author's Affiliation | Institute of Information Technology, Inc. |
4th Author's Name | Ryota SHIOYA |
4th Author's Affiliation | Nagoya University, Graduate School of Engineering |
5th Author's Name | Masahiro GOSHIMA |
5th Author's Affiliation | National Institute of Informatics |
Date | 2014-10-10 |
Paper # | CPSY2014-49 |
Volume (vol) | vol.114 |
Number (no) | 242 |
Page | pp.pp.- |
#Pages | 6 |
Date of Issue |