Augmented attack tree modeling of SQL injection attacks

The SQL injection attacks (SQLIAs) vulnerability is extremely widespread and poses a serious security threat to web applications with built-in access to databases. The SQLIA adversary intelligently exploits the SQL statement parsing operation by web servers via specially constructed SQL statements t...

Full description

Saved in:
Bibliographic Details
Published in2010 2nd IEEE International Conference on Information Management and Engineering pp. 182 - 186
Main Authors Jie Wang, Phan, Raphael C.-W, Whitley, John N, Parish, David J
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.04.2010
Subjects
Augmented Attack Tree
Authentication
Communication channels
Computer crime
Computer hacking
Data mining
Data security
Deductive databases
High-speed networks
Information analysis
Modelling
SQL Injection Attack
Web server
Online AccessGet full text
ISBN9781424452637
1424452635
DOI10.1109/ICIME.2010.5478321

Cover

More Information
Summary:The SQL injection attacks (SQLIAs) vulnerability is extremely widespread and poses a serious security threat to web applications with built-in access to databases. The SQLIA adversary intelligently exploits the SQL statement parsing operation by web servers via specially constructed SQL statements that subtly lead to non-explicit executions or modifications of corresponding database tables. In this paper, we present a formal and methodical way of modeling SQLIAs by way of augmented attack trees. This modeling explicitly captures the particular subtle incidents triggered by SQLIA adversaries and corresponding state transitions. To the best of our knowledge, this is the first known attack tree modelling of SQL injection attacks.
ISBN:9781424452637
1424452635
DOI:10.1109/ICIME.2010.5478321