Loughborough University
Browse
wang2.pdf (568.11 kB)

Augmented attack tree modeling of SQL injection attacks

Download (568.11 kB)
conference contribution
posted on 2010-08-05, 14:13 authored by Jie Wang, Raphael C.-W. Phan, John N. Whitley, David Parish
The SQL injection attacks (SQLIAs) vulnerability is extremely widespread and poses a serious security threat to web applications with built-in access to databases. The SQLIA adversary intelligently exploits the SQL statement parsing operation by web servers via specially constructed SQL statements that subtly lead to non-explicit executions or modifications of corresponding database tables. In this paper, we present a formal and methodical way of modeling SQLIAs by way of augmented attack trees. This modeling explicitly captures the particular subtle incidents triggered by SQLIA adversaries and corresponding state transitions. To the best of our knowledge, this is the first known attack tree modelling of SQL injection attacks.

History

School

  • Mechanical, Electrical and Manufacturing Engineering

Citation

WANG, J....et al., 2010. Augmented attack tree modeling of SQL injection attacks. IN: 2nd IEEE International Conference on Information Management and Engineering (ICIME), Chengdu, China, 16-18 April, 182-186pp.

Publisher

© IEEE

Version

  • VoR (Version of Record)

Publication date

2010

Notes

This is a conference paper [© IEEE]. It is also available from: http://ieeexplore.ieee.org/ Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

ISBN

9781424452637

Language

  • en

Usage metrics

    Loughborough Publications

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC