Online from: 1993
Subject Area: Information and Knowledge Management
Options: To add Favourites and Table of Contents Alerts please take a Emerald profile
|Title:||Countering code injection attacks: a unified approach|
|Author(s):||Dimitris Mitropoulos, (Department of Management Science and Technology, Athens University of Economics and Business, Athens, Greece), Vassilios Karakoidas, (Department of Management Science and Technology, Athens University of Economics and Business, Athens, Greece), Panagiotis Louridas, (Department of Management Science and Technology, Athens University of Economics and Business, Athens, Greece), Diomidis Spinellis, (Department of Management Science and Technology, Athens University of Economics and Business, Athens, Greece)|
|Citation:||Dimitris Mitropoulos, Vassilios Karakoidas, Panagiotis Louridas, Diomidis Spinellis, (2011) "Countering code injection attacks: a unified approach", Information Management & Computer Security, Vol. 19 Iss: 3, pp.177 - 194|
|Keywords:||Computer crime, Computer security, Data security, Information security, Internet security, Security|
|Article type:||Research paper|
|DOI:||10.1108/09685221111153555 (Permanent URL)|
|Publisher:||Emerald Group Publishing Limited|
|Acknowledgements:||The authors would like to thank Chuan Yue and Haining Wang for sharing with them details of their SpiderMonkey instrumentation efforts. The authors would also like to thank Konstantinos Stroggylos, Georgios Gousios and Titika Konstantinopoulou for their insightful comments during the writing of this paper. This research has been co-financed by the European Union (European Social Fund – ESF) and Greek national funds through the Operational Program “Education and Lifelong Learning” of the National Strategic Reference Framework – Research Funding Program: Heracleitus II. Investing in knowledge society through the ESF.|
Purpose – The purpose of this paper is to propose a generic approach that prevents a specific class of code injection attacks (CIAs) in a novel way.
Design/methodology/approach – To defend against CIAs this approach involves detecting attacks by using location-specific signatures to validate code statements. The signatures are unique identifiers that represent specific characteristics of a statement's execution. The key property that differentiates the scheme presented in this paper is that these characteristics do not depend entirely on the code statement, but also take into account elements from its execution context.
To purchase this item please login or register.
Complete and print this form to request this document from your librarian