{"title":"基于程序自动生成测试用例的SQL注入漏洞分析与检测","authors":"Michelle Ruse, Tanmoy Sarkar, Samik Basu","doi":"10.1109/SAINT.2010.60","DOIUrl":null,"url":null,"abstract":"SQL injection attacks occur due to vulnerabilities in the design of queries where a malicious user can take advantage of input opportunities to insert code in the queries that modify the query-conditions resulting in unauthorized database access. We provide a novel technique to identify the possibilities of such attacks. The central theme of our technique is based on automatically developing a model for a SQL query such that the model captures the dependencies between various components (sub-queries) of the query. We, then, analyze the model using CREST test-case generator and identify the conditions under which the query corresponding to the model is deemed vulnerable. We further analyze the obtained condition-set to identify its subset; this subset being referred to as the causal set of the vulnerability. Our technique considers the semantics of the query conditions, i.e., the relationship between the conditions, and as such complements the existing techniques which only rely on syntactic structure of the SQL query. In short, our technique can detect vulnerabilities in nested SQL queries, and can provide results with no false positives or false negatives when compared to the existing techniques.","PeriodicalId":381377,"journal":{"name":"2010 10th IEEE/IPSJ International Symposium on Applications and the Internet","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"50","resultStr":"{\"title\":\"Analysis & Detection of SQL Injection Vulnerabilities via Automatic Test Case Generation of Programs\",\"authors\":\"Michelle Ruse, Tanmoy Sarkar, Samik Basu\",\"doi\":\"10.1109/SAINT.2010.60\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"SQL injection attacks occur due to vulnerabilities in the design of queries where a malicious user can take advantage of input opportunities to insert code in the queries that modify the query-conditions resulting in unauthorized database access. We provide a novel technique to identify the possibilities of such attacks. The central theme of our technique is based on automatically developing a model for a SQL query such that the model captures the dependencies between various components (sub-queries) of the query. We, then, analyze the model using CREST test-case generator and identify the conditions under which the query corresponding to the model is deemed vulnerable. We further analyze the obtained condition-set to identify its subset; this subset being referred to as the causal set of the vulnerability. Our technique considers the semantics of the query conditions, i.e., the relationship between the conditions, and as such complements the existing techniques which only rely on syntactic structure of the SQL query. In short, our technique can detect vulnerabilities in nested SQL queries, and can provide results with no false positives or false negatives when compared to the existing techniques.\",\"PeriodicalId\":381377,\"journal\":{\"name\":\"2010 10th IEEE/IPSJ International Symposium on Applications and the Internet\",\"volume\":\"22 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-07-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"50\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 10th IEEE/IPSJ International Symposium on Applications and the Internet\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SAINT.2010.60\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 10th IEEE/IPSJ International Symposium on Applications and the Internet","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SAINT.2010.60","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Analysis & Detection of SQL Injection Vulnerabilities via Automatic Test Case Generation of Programs
SQL injection attacks occur due to vulnerabilities in the design of queries where a malicious user can take advantage of input opportunities to insert code in the queries that modify the query-conditions resulting in unauthorized database access. We provide a novel technique to identify the possibilities of such attacks. The central theme of our technique is based on automatically developing a model for a SQL query such that the model captures the dependencies between various components (sub-queries) of the query. We, then, analyze the model using CREST test-case generator and identify the conditions under which the query corresponding to the model is deemed vulnerable. We further analyze the obtained condition-set to identify its subset; this subset being referred to as the causal set of the vulnerability. Our technique considers the semantics of the query conditions, i.e., the relationship between the conditions, and as such complements the existing techniques which only rely on syntactic structure of the SQL query. In short, our technique can detect vulnerabilities in nested SQL queries, and can provide results with no false positives or false negatives when compared to the existing techniques.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
