Abstract
Injection attacks and their defense require a lot of creativity from attackers and secure system developers. Unfortunately, as attackers rely increasingly on systematic approaches to find and exploit a vulnerability, developers follow the traditional way of writing ad hoc checks in source code. This paper shows that security engineering to prevent injection attacks need not be ad hoc. It shows that protection can be introduced at different layers of a system by systematically applying general purpose security-oriented program transformations. These program transformations are automated so that they can be applied to new systems at design and implementation stages, and to existing ones during maintenance. © 2009 Springer Berlin Heidelberg.
Cite
CITATION STYLE
Hafiz, M., Adamczyk, P., & Johnson, R. (2009). Systematically eradicating data injection attacks using security-oriented program transformations. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5429 LNCS, pp. 75–90). https://doi.org/10.1007/978-3-642-00199-4_7
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
