SQLMVED:基于多变体执行的SQL注入运行时防御系统

SQL解析过程中利用随机化进行SQL注入攻击(SQLIA)防御的有效性是建立在攻击者不了解当前系统采用的具体随机化方法的基础上,因此,攻击者一旦掌握了当前系统的随机化形式,便能够实施有效的SQLIA.为了解决该问题,基于多变体执行设计出一种SQL注入运行时防御系统,多变体间采用互不相同的随机化方法,攻击者注入的非法SQ...

SQLMVED:SQL injection runtime prevention system based on multi-variant execution

The effectiveness of combining SQL statement parsing with randomization to defend against SQL injection attack(SQLIA)was based on the fact that attackers did not know about the current method of randomization adopted by system.Therefore,once attackers had mastered the current method of randomization who can launch effective SQLIA.In order to solve this problem,a SQL injection runtime prevention system based on multi-variant execution was designed,the multi-variant apply randomization methods from any other,so that illegal SQL statements could not be parsed successfully by all variants.Even if attackers had mastered the method of randomization,illegal SQL statements could only be parsed successfully by a certain variant at most,meanwhile the parsing results of multiple variants were voted to find the abnormality in time and block attack path.The prototype system SQLMVED is implemented for Web services and experiments show that the prototype can effectively defeat SQLIA.