完整後設資料紀錄
DC 欄位語言
dc.contributor.authorLin, Jin-Cherng
dc.contributor.authorChen, Jan-Min
dc.date.accessioned2009-08-23T04:44:12Z
dc.date.accessioned2020-05-25T06:51:25Z-
dc.date.available2009-08-23T04:44:12Z
dc.date.available2020-05-25T06:51:25Z-
dc.date.issued2008-11-11T06:26:43Z
dc.date.submitted2008-04-01
dc.identifier.urihttp://dspace.lib.fcu.edu.tw/handle/2377/10966-
dc.description.abstractInjection attack is a technique to bypass or modify the originally intended functionality of the program by injecting codes into a computer program or system. It is popular in system hacking or cracking to gain information, Privilege escalation or unauthorized access to a system. Many application’s security vulnerabilities result from generic injection problems. Examples of such vulnerabilities are SQL injection, Shell injection and Script injection (Cross Site Scripting). Some applications attempt to protect themselves by filtering malicious input data, but it may not be viable to modify the source of such components (either because the code was shipped in binary form or because the license agreement is prohibitive). We have tried to develop a defense mechanism that can automatically generate meta-programs on security gateway to filter malicious injection. The security gateway is allocated in front of application server to eliminate malicious injection vulnerabilities. To verify the efficiency of the mechanism, we create the web sites made up of some Web applications that often contain third-party vulnerable components shipped in binary form. According to the result of these experiments, our defense mechanism has proved itself efficiency.
dc.format.extent10p.
dc.relation.isversionofVol19
dc.relation.isversionofNo1
dc.subjectBlack box testing
dc.subjectMalicious injection
dc.subjectInput validation
dc.subjectSecurity gateway
dc.titleAnti-malicious Injection Based on Meta-programs
分類:Journal of Computers第19卷

文件中的檔案:
檔案 描述 大小格式 
JOC_19_1_3.pdf238.91 kBAdobe PDF檢視/開啟


在 DSpace 系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。