Code injection attacks have been the most critical security risks for almost a decade. These attacks are due to an interference between an untrusted input (potentially controlled by an attacker) and the execution of a string-to-code statement, interpreting as code its parameter. In this paper, we provide a semantic-based model for code injection parametric on what the programmer considers safe behaviors. In particular, we provide a general (abstract) non-interference-based framework for abstract code injection policies, i.e., policies characterizing safety against code injection w.r.t. a given specification of safe behaviors. We expect the new semantic perspective on code injection to provide a deeper knowledge on the nature itself of this security threat. Moreover, we devise a mechanism for enforcing (abstract) code injection policies, soundly detecting attacks, i.e., avoiding false negatives.
CITATION STYLE
Buro, S., & Mastroeni, I. (2018). Abstract code injection: A semantic approach based on abstract non-interference. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10747 LNCS, pp. 116–137). Springer Verlag. https://doi.org/10.1007/978-3-319-73721-8_6
Mendeley helps you to discover research relevant for your work.