Enlisting Hardware Architecture to Thwart Malicious Code Injection

2004 ◽  
pp. 237-252 ◽  
Author(s):  
Ruby B. Lee ◽  
David K. Karig ◽  
John P. McGregor ◽  
Zhijie Shi
Keyword(s):  
Malicious Code ◽  
Hardware Architecture ◽  
Code Injection

VirISA: Recruiting Virtualization and Reconfigurable Processor ISA for Malicious Code Injection Protection

2016 ◽  
pp. 117-130
Author(s):  
Apostolos P. Fournaris ◽  
Georgios Keramidas ◽  
Kyriakos Ispoglou ◽  
Nikolaos Voros
Keyword(s):  
Malicious Code ◽  
Reconfigurable Processor ◽  
Code Injection

scholarly journals Fatal injection: a survey of modern code injection attack countermeasures

2017 ◽  
Vol 3 ◽  
pp. e136 ◽  
Author(s):  
Dimitris Mitropoulos ◽  
Diomidis Spinellis
Keyword(s):  
Computer Program ◽  
Program Analysis ◽  
False Positives ◽  
Malicious Code ◽  
False Negatives ◽  
Static Program Analysis ◽  
Production Mode ◽  
Injection Attacks ◽  
Code Injection ◽  
Novel Approaches

With a code injection attack (CIA) an attacker can introduce malicious code into a computer program or system that fails to properly encode data that comes from an untrusted source. A CIA can have different forms depending on the execution context of the application and the location of the programming flaw that leads to the attack. Currently, CIAs are considered one of the most damaging classes of application attacks since they can severely affect an organisation’s infrastructure and cause financial and reputational damage to it. In this paper we examine and categorize the countermeasures developed to detect the various attack forms. In particular, we identify two distinct categories. The first incorporates static program analysis tools used to eliminate flaws that can lead to such attacks during the development of the system. The second involves the use of dynamic detection safeguards that prevent code injection attacks while the system is in production mode. Our analysis is based on nonfunctional characteristics that are considered critical when creating security mechanisms. Such characteristics involve usability, overhead, implementation dependencies, false positives and false negatives. Our categorization and analysis can help both researchers and practitioners either to develop novel approaches, or use the appropriate mechanisms according to their needs.

scholarly journals Deep Dive into Directory Traversal and File Inclusion Attacks leads to Privilege Escalation

2021 ◽  
pp. 115-120
Author(s):  
Mrunalsinh Chawda ◽  
Dr. Priyanka Sharma ◽  
Mr. Jatin Patel
Keyword(s):  
Web Application ◽  
Web Server ◽  
Malicious Code ◽  
Web Servers ◽  
Deep Dive ◽  
User Input ◽  
Code Injection ◽  
Attack Path ◽  
Local File ◽  
The Web

In Modern Web application directory traversal vulnerability that can potentially allow an attacker to view arbitrary files and some sensitive files. They can exploit identified vulnerabilities or misconfigurations to obtain root privileges. When building the web application, ensure that some arbitrary file is not publicly available via the production server. when an attacker can include. Traversal vulnerabilities this vulnerability exploits the dynamic file include a mechanism that exists in programming frameworks a local file inclusion happens when uncontrolled user input such as form values or headers for example are used to construct a file include paths. By exploiting directory traversal attacks in web servers, they can do anything and with chaining with code injection they can upload a shell into a web server and perform a website defacement attack. Path-traversal attacks take advantage of vulnerable Website parameters by including a URL reference to remotely hosted malicious code, allowing remote code execution and leads to privilege escalation attack.

A New Hardware Architecture for Fuzzy Logic System Acceleration

2016 ◽  
Vol 12 (2) ◽  
pp. 188-197
Author(s):  
A yahoo.com ◽  
Aumalhuda Gani Abood aumalhuda ◽  
A comp ◽  
Dr. Mohammed A. Jodha ◽  
Dr. Majid A. Alwan
Keyword(s):  
Fuzzy Logic ◽  
Fuzzy Logic System ◽  
Hardware Architecture ◽  
Logic System

A Study on Detection of Small Size Malicious Code using Data Mining Method

2019 ◽  
Vol 19 (1) ◽  
pp. 11-17
Author(s):  
Taek-Hyun Lee ◽  
◽  
Ho Kook Kwang
Keyword(s):  
Data Mining ◽  
Malicious Code ◽  
Mining Method ◽  
Data Mining Method ◽  
Using Data
Sign in / Sign up

Export Citation Format

Share Document