NDLI: PaRaM: Path-Sensitive Monitoring of Web Applications against SQL Injection Attacks.

Please wait, while we are loading the content...

PaRaM: Path-Sensitive Monitoring of Web Applications against SQL Injection Attacks.

Content Provider	Semantic Scholar
Author	Marri, Madhuri
Copyright Year	2010
Abstract	MARRI, MADHURI REDDY. PaRaM: Path-Sensitive Monitoring of Web Applications against SQL Injection Attacks. (Under the direction of Dr. Tao Xie.) Web applications are ubiquitous and are accessed by a large number of users, making these applications susceptible to various types of attacks. Among these attacks, SQL Injection attacks belong to one of the most popular attack types, since a web application's vulnerability to SQL injection attacks poses serious threat to information security. The primary reason for these attacks is dynamic construction of SQL queries using string concatenation. In this thesis, we present a novel runtime-monitoring approach, called PaRaM, that guards a web application against SQL injection attacks. The key insight of our approach is that two executions that dictate the same program path result in SQL queries with the same structure, i.e., queries with the same sequence of SQL keywords. Therefore, the structure of the queries can be predetermined and mapped to the execution paths of the application. In general, runtime monitoring requires instrumentation of the web application and can cause high runtime overhead on the performance of the application. To address this challenge, PaRaM includes a minimization algorithm that reduces the number of program points to be monitored without sacrificing the effectiveness of monitoring against attacks. To evaluate the effectiveness of PaRaM, we apply PaRaM on five web applications. Our results show that our execution-path-sensitive approach is more effective than a related path-insensitive approach, and also causes low performance overhead. c ⃝ Copyright 2010 by Madhuri Reddy Marri
File Format	PDF HTM / HTML
Alternate Webpage(s)	https://repository.lib.ncsu.edu/bitstream/handle/1840.16/6043/etd.pdf?isAllowed=y&sequence=1
Language	English
Access Restriction	Open
Content Type	Text
Resource Type	Article

Central Library (ISO-9001:2015 Certified)
Indian Institute of Technology Kharagpur
Kharagpur, West Bengal, India | PIN - 721302

See location in the Map
03222 282435
Mail: support@ndl.gov.in

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in