SDriver: Location-specific signatures prevent SQL injection attacks

SQL injection attacks involve the construction of application input data that will result in the execution of malicious SQL statements. Many web applications are prone to SQL injection attacks. This paper proposes a novel methodology of preventing this kind of attacks by placing a secure database driver between the application and its underlying relational database management system. To detect an attack, the driver uses stripped-down SQL queries and stack traces to create SQL statement signatures that are then used to distinguish between injected and legitimate queries. The driver depends neither on the application nor on the RDBMS and can be easily retrofitted to any system. We have developed a tool, SDriver, that implements our technique and used it on several web applications with positive results.     

基于指令集随机化的SQL注入防御技术研究

WEB应用程序广泛受到SQL注入攻击的威胁,SQL攻击易于实施且危害严重。分析了现有的各种防范技术,在此基础上提出了一种基于指令集随机化技术的SQL注入防范原型系统。该系统首先对SQL关键字经过特殊的随机化处理,然后与用户输入组装成完整的SQL语句,再使用随机化的SQL语法分析程序对语句是否存在注入进行判定。系统的实现不依赖于现有WEB应用程序和服务器平台。实验表明,此系统具有较好的防范SQL注入的效果和较低的运行开销。     

基于序列比对的SQL注入攻击检测方法*

SQL注入攻击已经严重影响了网络应用的安全,因为它可以使攻击者不受限制地访问数据库中的敏感信息。为此,提出了一种新的基于序列比对的方法进行SQL注入攻击检测,并给出了序列比对算法的实施过程和基于该算法的检测方法;最后对该方法的正确性和性能进行了分析和测试。实验结果表明,本方法是简单有效的。     

An XML-Based Approach to Publishing and Querying the History of Databases

There is much current interest in publishing and viewing databases as XML documents. The general benefits of this approach follow from the popularity of XML and the tool set available for visualizing and processing information encoded in this universal standard. In this paper, we explore the additional and unique benefits achieved by this approach on temporal database applications. We show that XML with XQuery can provide surprisingly effective solutions to the problem of supporting historical queries on past content of database relations and their evolution. Indeed, using XML, the histories of database relations can be naturally represented by temporally grouped data models. Thus, we identify mappings from relations to XML that are most conducive to modeling and querying database histories, and show that temporal queries that would be difficult to express in SQL can be easily expressed in standard XQuery. This approach is very general, insofar as it can be used to store the version history of arbitrary documents and, for relational databases, it also supports queries on the evolution of their schema. Then, we turn to the problem of supporting efficiently the storage and the querying of relational table histories. We present an experimental study of the pros and cons of using native XML databases, versus using traditional databases, where the XML-represented histories are supported as views on the historical tables.     

基于SVG搜索技术的研究与实现

在将SVG文档存入对象关系型数据库后，探讨了如何利用扩展SQL语句(SQL3/SQL99)进行搜索的方法；同时，讨论了将SVG文档存入本源数据库后，利用XQuery语句搜索的方法。研究表明，基于这两种数据库的SVG搜索，均可在客户端执行时大大提高搜索速度，且不需占用过多的系统资源。     

二阶SQL注入攻击防御模型

随着互联网技术的快速发展,Web应用程序的使用也日趋广泛,其中基于数据库的Web应用程序己经广泛用于企业的各种业务系统中。然而由于开发人员水平和经验参差不齐,使得Web应用程序存在大量安全隐患。影响Web应用程序安全的因素有很多,其中SQL注入攻击是最常见且最易于实施的攻击,且SQL注入攻击被认为是危害最广的。因此,做好SQL注入攻击的防范工作对于保证Web应用程序的安全十分关键,如何更有效地防御SQL注入攻击成为重要的研究课题。SQL注入攻击利用结构化查询语言的语法进行攻击。传统的SQL注入攻击防御模型是从用户输入过滤和SQL语句语法比较的角度进行防御,当数据库中的恶意数据被拼接到动态SQL语句时,就会导致二阶SQL注入攻击。文章在前人研究的基础上提出了一种基于改进参数化的二阶SQL注入攻击防御模型。该模型主要包括输入过滤模块、索引替换模块、语法比较模块和参数化替换模块。实验表明,该模型对于二阶SQL注入攻击具有很好的防御能力。     

基于Simhash的SQL注入漏洞检测技术研究

针对传统SQL注入漏洞检测方法准确率和效率无法达到很好平衡的问题,提出了一种基于Simhash文本相似性检测的SQL注入漏洞检测技术。使用特征值来进行网页间的比较,提高了检测的精度与效率,据此设计并实现了一个SQL注入漏洞检测原型系统。实验结果表明,该系统在检测SQL注入漏洞时兼具了准确性与高效性。     

A survey and classification of XML based attacks on web applications

ABSTRACT

XML based attacks are executed in web applications through crafted XML document that forces XML parser to process un-validated documents. This leads to disclosure of sensitive information, malicious code execution and disruption of services. OWASP has included XML based attacks at number four in its top 10 list of vulnerabilities published in 2017. Most of the vulnerabilities reported using the XML document range from high to critical and require to be addressed immediately. As per the National Vulnerability Database, 152 vulnerabilities have already been reported in the first five months of the year 2019. A varied number of XML vulnerabilities and their classification exist but are limited to a specific vulnerability. In this paper, the authors have proposed a classification of XML based vulnerabilities based on exhaustive literature survey. The approach/strategies to mitigate these vulnerabilities are also presented. The work will help the web developers for proposing secure parsers that will thwart such attacks.     

基于Chopping的Web应用SQL注入漏洞检测方法

随着Web应用的不断普及,其安全问题越来越显突出,特别是SQL注入漏洞攻击,给用户的安全体验造成了巨大的威胁. 针对二阶SQL注入漏洞,本文提出了一种基于chopping技术的二阶SQL注入漏洞检测方法. 首先通过对待测应用程序进行chopping,获取到一阶SQL注入疑似路径;然后对一阶SQL注入疑似路径中的SQL语句进行分析,确定二阶SQL注入操作对,进而得到二阶SQL注入疑似路径;最后通过构造攻击向量并运行,确认二阶SQL注入疑似路径中漏洞是否实际存在. 实验结果表明,本方法能够有效地检测出二阶SQL注入漏洞.     

基于SQL注入的Web数据安全防范与优化

SQL注入利用数据库系统的安全漏洞,以及程序中的验证漏洞,构造合适的SQL语句,并通过正常的URL访问进行代码提交,获取数据库中的相关信息,从而实现网站攻击的目的。加强用户提交数据的合法性验证,是防止SQL注入的基本方法。而改善ASP中的Request函数,使其具有对一切用户数据进行合法验证的能力,是SQL注入威胁下,Web数据安全防范方法的最佳优化。     

SQL注入攻击与防范研究

由于多数程序员不了解SQL注入漏洞,目前互联网上网站经常遭受SQL注入攻击。对PHP＋MySQL型及ASP＋SQL Server型Web程序的SQL注入攻击办法进行了详细的描述,并给出了预防SQL注入漏洞的方法,有助于提高Web应用程序员的安全意识及Web程序的安全性。     

Automatic property‐based testing and path validation of XQuery programs

Property‐based testing has gained popularity in recent years in many areas of software development. The specification of assertions/properties helps to understand the semantics of pieces of code, and in modern programming environments, it can serve to test the program behavior. In this paper an XQuery property‐based testing tool is presented, which enables to automatically test XQuery programs. The tool is able to systematically generate XML instances (i.e., test cases) from a given XML schema, and to filter XML instances with input properties specified by the programmer. Additionally, the tool automatically checks output (respectively, input‐output) properties in each output instance (respectively, each pair of input‐output instances). The tool is able to report whether the XQuery program passes the test, that is, if all the test cases satisfy the (input‐)output property, as well as the number of test cases used for testing. In addition, if the XQuery program fails the test, the tool shows counterexamples found in the test cases. Properties are specified with XQuery Boolean functions, and the testing tool has been implemented in XQuery. Additionally, an XQuery path validation tool is presented. This tool is able to detect wrong paths in XQuery expressions. The path validation tool takes as input an XML schema, and it reports those paths on the XQuery program that do not match the XML schema. The path validation tool is a complement to the testing tool rejecting XQuery programs that do not conform to the XML schema. The path validation tool has been also implemented in XQuery. Finally, a web tool has been developed enabling to test and validate XQuery programs.     

KMBox:基于Linux内核改造的进程异构冗余执行系统

随机化技术防御进程控制流劫持攻击,是建立在攻击者无法了解当前内存地址空间布局的基础之上,但是,攻击者可以利用内存信息泄露绕过随机化防御获得gadget地址,向程序注入由gadget地址构造的payload,继续实施控制流劫持攻击,窃取敏感数据并夺取或破坏执行软件的系统。目前,异构冗余执行系统是解决该问题的方法之一,基本思想是同一程序运行多个多样化进程,同时处理等效的程序输入。随机化技术使冗余的进程对恶意输入做出不同的输出,同时正常功能不受影响。近年来,一些符合上述描述的系统已经被提出,分析进程异构冗余执行系统的表决设计可以发现,基于ptrace的实现方法会引入大量的上下文切换,影响系统的执行效率。率先直接修改内核设计出一种进程异构冗余执行系统,表决过程完全在内核中完成,冗余的进程独立地采用内存地址空间随机化技术,构建相互异构的内存地址空间布局,在与内存信息泄露相关的系统调用处进行表决,发现泄露信息不一致,阻断进程控制流劫持攻击。即使攻击者跳过内存信息泄露进行漏洞利用,异构内存空间布局也使得注入由gadget地址构造的payload无法同时在冗余的进程中有效,阻断进程控制流劫持攻击。实现...     

WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation

Many software systems have evolved to include a Web-based component that makes them available to the public via the Internet and can expose them to a variety of Web-based attacks. One of these attacks is SQL injection, which can give attackers unrestricted access to the databases that underlie Web applications and has become increasingly frequent and serious. This paper presents a new highly automated approach for protecting Web applications against SQL injection that has both conceptual and practical advantages over most existing techniques. From a conceptual standpoint, the approach is based on the novel idea of positive tainting and on the concept of syntax-aware evaluation. From a practical standpoint, our technique is precise and efficient, has minimal deployment requirements, and incurs a negligible performance overhead in most cases. We have implemented our techniques in the Web application SQL-injection preventer (WASP) tool, which we used to perform an empirical evaluation on a wide range of Web applications that we subjected to a large and varied set of attacks and legitimate accesses. WASP was able to stop all of the otherwise successful attacks and did not generate any false positives.     

浅议SQL注入攻击原理及其防范措施

由于编程者对用户输入不作检查验证再加上Web应用程序存在漏洞,是导致SQL注入攻击的主要原因。文章着重讨论了SQL注入攻击的原理、特点和攻击方法,并结合ASP．NET特性从多个角度探讨了防止SQL注入攻击的安全措施。从而更好地维护网站数据的安全。     

XQBE: A Graphical Environment to Query XML Data

XQuery, the standard query language for XML, is increasingly popular among computer scientists with SQL background, since XQuery and SQL require comparable skills. However, these experts are limited in number, and the availability of easier XQuery “dialects” could be extremely valuable. With this motivation in mind, we designed XQBE, a visual dialect of XQuery inspired by the QBE language (Query by Example). Coherent with the hierarchical nature of XML, XQBE uses one or more hierarchical structures to denote the input documents and one structure to denote the document produced in output. These structures are annotated to express selection predicates; explicit binding edges connecting the nodes of these structures visualize the input/output mappings. This paper presents XQBE through several examples and describes the main features of our implementation of the language, a visual editor coupled with an XQBE-to-XQuery translator. Indeed, the XQBE front-end is a general purpose user-friendly visual query interface, capable of providing access to any data storage system that exposes XQuery APIs. Available schema information can be exploited to guide users in querying data sets they are not familiar with. Also, switching between the visual and textual versions of the same query could be helpful for XQuery learners.     

带Order子句的XQuery在XML流上的查询实现

随着XML的广泛应用,使得作为XML文档查询语言的XQuery成为人们研究的热点问题.将复杂XQuery在XML数据流上的查询应用于服务器/客户端模式来满足高效、实时查询的要求,所实现的XQuery查询原型系统XSIEQ支持嵌套、order子句的多关键字排序等.一次典型的XQuery查询过程可分为XPath查询、查询后处理两个阶段,本文着重描述查询后处理过程,最后给出了XSIEQ和Qizx在查询后处理时间性能上的对比及分析.