| dc.contributor.advisor | Jeff Perkins and Martin Rinard. | en_US |
| dc.contributor.author | Willenson, Daniel M | en_US |
| dc.contributor.other | Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. | en_US |
| dc.date.accessioned | 2013-03-01T15:06:33Z | |
| dc.date.available | 2013-03-01T15:06:33Z | |
| dc.date.copyright | 2012 | en_US |
| dc.date.issued | 2012 | en_US |
| dc.identifier.uri | http://hdl.handle.net/1721.1/77451 | |
| dc.description | Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012. | en_US |
| dc.description | Cataloged from PDF version of thesis. | en_US |
| dc.description | Includes bibliographical references (p. 47-48). | en_US |
| dc.description.abstract | SQL injection attacks are a major security issue for database-backed web applications, yet the most common approaches to prevention require a great deal of programmer effort and attention. Even one unchecked vulnerability can lead to the compromise of an entire application and its data. We present a fully automated system for securing applications against SQL injection which can be applied at runtime. Our system mutates SQL keywords in the program's string constants as they are loaded, and instruments the program's database accesses so that we can verify that all keywords in the final query string have been properly mutated, before passing it to the database. We instrument other method calls within the program to ensure correct program operation, despite the fact that its string constants have been mutated. Additionally, we instrument places where the program generates user-visible output to ensure that randomized keyword mutations are never revealed to an attacker. | en_US |
| dc.description.statementofresponsibility | by Daniel M. Willenson. | en_US |
| dc.format.extent | 48 p. | en_US |
| dc.language.iso | eng | en_US |
| dc.publisher | Massachusetts Institute of Technology | en_US |
| dc.rights | M.I.T. theses are protected by
copyright. They may be viewed from this source for any purpose, but
reproduction or distribution in any format is prohibited without written
permission. See provided URL for inquiries about permission. | en_US |
| dc.rights.uri | http://dspace.mit.edu/handle/1721.1/7582 | en_US |
| dc.subject | Electrical Engineering and Computer Science. | en_US |
| dc.title | Preventing injection attacks through automated randomization of keywords | en_US |
| dc.type | Thesis | en_US |
| dc.description.degree | M.Eng.and S.B. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | |
| dc.identifier.oclc | 826647079 | en_US |
