电子学习系统的SQL注入攻击和会话劫持

2014 International Conference on Computer, Communications, and Control Technology (I4CT) Pub Date : 2014-10-02 DOI:10.1109/I4CT.2014.6914201

Sum Keng Chung, O. C. Yee, M. Singh, Rohail Hassan

{"title":"电子学习系统的SQL注入攻击和会话劫持","authors":"Sum Keng Chung, O. C. Yee, M. Singh, Rohail Hassan","doi":"10.1109/I4CT.2014.6914201","DOIUrl":null,"url":null,"abstract":"E-learning enables acquisition of knowledge and information through technologies such as computers, smartphones, tablets and wide area networks. The existence of e-learning does contribute in the field of education field such as in the university because its improve the education quality and distributing and sharing of teaching material efficiently. However, due to the open-network in which e-learning tools resides, it is prone to various security attacks. In this paper, we will classify e-learning technology security based attacks into classification via active and passive attacks. Next, two major attacks which is the SQL injection attack and session hijacking is explored in-depth. Case study for each attack to investigate the vulnerabilities in e-learning system and mechanism of solutions to tackle this attack is also presented. An evaluation of the proposed solutions against the X.800 security architecture is done at the end of the study.","PeriodicalId":356190,"journal":{"name":"2014 International Conference on Computer, Communications, and Control Technology (I4CT)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"SQL injections attack and session hijacking on e-learning systems\",\"authors\":\"Sum Keng Chung, O. C. Yee, M. Singh, Rohail Hassan\",\"doi\":\"10.1109/I4CT.2014.6914201\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"E-learning enables acquisition of knowledge and information through technologies such as computers, smartphones, tablets and wide area networks. The existence of e-learning does contribute in the field of education field such as in the university because its improve the education quality and distributing and sharing of teaching material efficiently. However, due to the open-network in which e-learning tools resides, it is prone to various security attacks. In this paper, we will classify e-learning technology security based attacks into classification via active and passive attacks. Next, two major attacks which is the SQL injection attack and session hijacking is explored in-depth. Case study for each attack to investigate the vulnerabilities in e-learning system and mechanism of solutions to tackle this attack is also presented. An evaluation of the proposed solutions against the X.800 security architecture is done at the end of the study.\",\"PeriodicalId\":356190,\"journal\":{\"name\":\"2014 International Conference on Computer, Communications, and Control Technology (I4CT)\",\"volume\":\"45 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-10-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 International Conference on Computer, Communications, and Control Technology (I4CT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/I4CT.2014.6914201\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 International Conference on Computer, Communications, and Control Technology (I4CT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/I4CT.2014.6914201","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

摘要

电子学习可以通过计算机、智能手机、平板电脑和广域网等技术获取知识和信息。e-learning的存在在高校等教育领域做出了贡献，因为它提高了教学质量，有效地实现了教材的分发和共享。然而，由于电子学习工具所处的网络环境是开放的，很容易受到各种安全攻击。本文将基于电子学习技术安全的攻击分为主动攻击和被动攻击。其次，对SQL注入攻击和会话劫持这两种主要的攻击方式进行了深入的探讨。针对每种攻击进行了案例分析，探讨了电子学习系统的漏洞，并提出了解决这种攻击的机制。在研究的最后，针对X.800安全体系结构对提出的解决方案进行了评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

SQL injections attack and session hijacking on e-learning systems

E-learning enables acquisition of knowledge and information through technologies such as computers, smartphones, tablets and wide area networks. The existence of e-learning does contribute in the field of education field such as in the university because its improve the education quality and distributing and sharing of teaching material efficiently. However, due to the open-network in which e-learning tools resides, it is prone to various security attacks. In this paper, we will classify e-learning technology security based attacks into classification via active and passive attacks. Next, two major attacks which is the SQL injection attack and session hijacking is explored in-depth. Case study for each attack to investigate the vulnerabilities in e-learning system and mechanism of solutions to tackle this attack is also presented. An evaluation of the proposed solutions against the X.800 security architecture is done at the end of the study.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 International Conference on Computer, Communications, and Control Technology (I4CT)

自引率

0.00%

发文量