Type-specific languages to fight injection attacks

Darya Kurilova; Benjamin Chung; Cyrus Omar; Alex Potanin; Ligia Nistor; Jonathan Aldrich

doi:10.1145/2600176.2600194

Type-specific languages to fight injection attacks

Darya Kurilova, Benjamin Chung, Cyrus Omar, Alex Potanin, Ligia Nistor, Jonathan Aldrich

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › peer-review

Abstract

Injection vulnerabilities have topped rankings of the most critical web application vulnerabilities for several years [1, 2]. They can occur anywhere where user input may be erroneously executed as code. The injected input is typically aimed at gaining unauthorized access to the system or to private information within it, corrupting the system's data, or disturbing system availability. Injection vulnerabilities are tedious and difficult to prevent.

Original language	English
Title of host publication	Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, HotSoS 2014
Place of Publication	New York
Publisher	Association for Computing Machinery (ACM)
Number of pages	2
ISBN (Print)	9781450329071
DOIs	https://doi.org/10.1145/2600176.2600194
Publication status	Published - 8 Apr 2014
Externally published	Yes
Event	2014 Symposium and Bootcamp on the Science of Security, HotSoS 2014 - Raleigh, NC, United States Duration: 8 Apr 2014 → 9 Apr 2014

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	2014 Symposium and Bootcamp on the Science of Security, HotSoS 2014
Country/Territory	United States
City	Raleigh, NC
Period	8/04/14 → 9/04/14

Access to Document

10.1145/2600176.2600194

Cite this

@inproceedings{8b95a2a64112409e845f9320471f05a3,

title = "Type-specific languages to fight injection attacks",

abstract = "Injection vulnerabilities have topped rankings of the most critical web application vulnerabilities for several years [1, 2]. They can occur anywhere where user input may be erroneously executed as code. The injected input is typically aimed at gaining unauthorized access to the system or to private information within it, corrupting the system's data, or disturbing system availability. Injection vulnerabilities are tedious and difficult to prevent.",

author = "Darya Kurilova and Benjamin Chung and Cyrus Omar and Alex Potanin and Ligia Nistor and Jonathan Aldrich",

year = "2014",

month = apr,

day = "8",

doi = "10.1145/2600176.2600194",

language = "English",

isbn = "9781450329071",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery (ACM)",

booktitle = "Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, HotSoS 2014",

address = "United States",

note = "2014 Symposium and Bootcamp on the Science of Security, HotSoS 2014 ; Conference date: 08-04-2014 Through 09-04-2014",

}

Kurilova, D, Chung, B, Omar, C, Potanin, A, Nistor, L & Aldrich, J 2014, Type-specific languages to fight injection attacks. in Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, HotSoS 2014., 18, ACM International Conference Proceeding Series, Association for Computing Machinery (ACM), New York, 2014 Symposium and Bootcamp on the Science of Security, HotSoS 2014, Raleigh, NC, United States, 8/04/14. https://doi.org/10.1145/2600176.2600194

Type-specific languages to fight injection attacks. / Kurilova, Darya; Chung, Benjamin; Omar, Cyrus et al.
Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, HotSoS 2014. New York: Association for Computing Machinery (ACM), 2014. 18 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › peer-review

TY - GEN

T1 - Type-specific languages to fight injection attacks

AU - Kurilova, Darya

AU - Chung, Benjamin

AU - Omar, Cyrus

AU - Potanin, Alex

AU - Nistor, Ligia

AU - Aldrich, Jonathan

PY - 2014/4/8

Y1 - 2014/4/8

N2 - Injection vulnerabilities have topped rankings of the most critical web application vulnerabilities for several years [1, 2]. They can occur anywhere where user input may be erroneously executed as code. The injected input is typically aimed at gaining unauthorized access to the system or to private information within it, corrupting the system's data, or disturbing system availability. Injection vulnerabilities are tedious and difficult to prevent.

AB - Injection vulnerabilities have topped rankings of the most critical web application vulnerabilities for several years [1, 2]. They can occur anywhere where user input may be erroneously executed as code. The injected input is typically aimed at gaining unauthorized access to the system or to private information within it, corrupting the system's data, or disturbing system availability. Injection vulnerabilities are tedious and difficult to prevent.

UR - https://www.scopus.com/pages/publications/84906811811

U2 - 10.1145/2600176.2600194

DO - 10.1145/2600176.2600194

M3 - Conference Paper

AN - SCOPUS:84906811811

SN - 9781450329071

T3 - ACM International Conference Proceeding Series

BT - Proceedings of the 2014 Symposium and Bootcamp on the Science of Security, HotSoS 2014

PB - Association for Computing Machinery (ACM)

CY - New York

T2 - 2014 Symposium and Bootcamp on the Science of Security, HotSoS 2014

Y2 - 8 April 2014 through 9 April 2014

ER -

Type-specific languages to fight injection attacks

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this