Loughborough University
Leicestershire, UK
LE11 3TU
+44 (0)1509 263171
Loughborough University

Loughborough University Institutional Repository

Please use this identifier to cite or link to this item: https://dspace.lboro.ac.uk/2134/6550

Title: Augmented attack tree modeling of SQL injection attacks
Authors: Wang, Jie
Phan, Raphael C.-W.
Whitley, John N.
Parish, David J.
Keywords: Augmented attack tree
Modelling
SQL injection attack
Issue Date: 2010
Publisher: © IEEE
Citation: WANG, J....et al., 2010. Augmented attack tree modeling of SQL injection attacks. IN: 2nd IEEE International Conference on Information Management and Engineering (ICIME), Chengdu, China, 16-18 April, 182-186pp.
Abstract: The SQL injection attacks (SQLIAs) vulnerability is extremely widespread and poses a serious security threat to web applications with built-in access to databases. The SQLIA adversary intelligently exploits the SQL statement parsing operation by web servers via specially constructed SQL statements that subtly lead to non-explicit executions or modifications of corresponding database tables. In this paper, we present a formal and methodical way of modeling SQLIAs by way of augmented attack trees. This modeling explicitly captures the particular subtle incidents triggered by SQLIA adversaries and corresponding state transitions. To the best of our knowledge, this is the first known attack tree modelling of SQL injection attacks.
Description: This is a conference paper [© IEEE]. It is also available from: http://ieeexplore.ieee.org/ Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Version: Published
DOI: 10.1109/ICIME.2010.5478321
URI: https://dspace.lboro.ac.uk/2134/6550
ISBN: 9781424452637
Appears in Collections:Conference Papers and Contributions (Mechanical, Electrical and Manufacturing Engineering)

Files associated with this item:

File Description SizeFormat
wang2.pdf568.11 kBAdobe PDFView/Open

 

SFX Query

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.