| 基于指令集随机化的SQL注入防御技术研究 |
| |
| 引用本文: | 李原,蒋华伟.基于指令集随机化的SQL注入防御技术研究[J].计算机与数字工程,2009,37(1):96-99. |
| |
| 作者姓名: | 李原 蒋华伟 |
| |
| 作者单位: | 河南工业大学信息科学与工程学院,郑州,450001 |
| |
| 基金项目: | 河南省教育厅科技攻关项目 |
| |
| 摘 要: | WEB应用程序广泛受到SQL注入攻击的威胁,SQL攻击易于实施且危害严重。分析了现有的各种防范技术,在此基础上提出了一种基于指令集随机化技术的SQL注入防范原型系统。该系统首先对SQL关键字经过特殊的随机化处理,然后与用户输入组装成完整的SQL语句,再使用随机化的SQL语法分析程序对语句是否存在注入进行判定。系统的实现不依赖于现有WEB应用程序和服务器平台。实验表明,此系统具有较好的防范SQL注入的效果和较低的运行开销。
|
| 关 键 词: | SQL注入 指令集随机化 应用层安全 网络攻击 |
Research on Preventing SQL Injection Attacks Based on ISR |
| |
| Li Yuan,Jiang Huawei.Research on Preventing SQL Injection Attacks Based on ISR[J].Computer and Digital Engineering,2009,37(1):96-99. |
| |
| Authors: | Li Yuan Jiang Huawei |
| |
| Affiliation: | School of Information and Science;Henan University of Technology;Zhengzhou 450001 |
| |
| Abstract: | SQL injection poses a major thread to web application security.The paper analyzes the existing solutions to prevent it and the problem of those solutions.Then it presents a method of countering SQL injection attacks with ISR(Instruction Set Randomization).Based on the method,a prototype system of prevention SQL injection attacks is introduced.First,SQL key words are randomized.Then,the user input is picked up and embedded into randomized SQL sentences.Finally,these randomized SQL sentences are checked with ... |
| |
| Keywords: | SQL injection ISR application level security attack of network |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
