{"title":"针对云环境的一种新颖的三层SQLi检测和缓解方案","authors":"Wahid Rajeh, Alshreef Abed","doi":"10.1109/ICECOS.2017.8167160","DOIUrl":null,"url":null,"abstract":"Cloud computing is undoubtedly considered one of the most discussed topics in recent times, both in the research and business sectors. Various schools of thought have attempted to provide a fitting definition from many aspects. This computing paradigm can be defined as a web-based computing model designed to allow both off-site storage and easy data and digital file sharing. The SQL injection, which is certainly one of the top ranking vulnerabilities in cloud systems, is addressed in this paper. Also, a novel three-tier system for detection and mitigation of SQLi attacks is proposed. The methodology is involved over dynamic, static and runtime prevention and detection mechanisms. Moreover, it removes malicious queries and ensures the system is prepared for an environment that is secure despite being focused on the database server only. For the three-tier architecture, the first approach involves detection and prevention that follows the client logic access and data server (three-tier) organization to access, process and exchange queries. Furthermore, it makes sure no vulnerable code is executed that might affect the hosted operating system either partially or entirely. Experimental evaluation schemes demonstrate the efficiency and superiority of the scheme compared with existing approaches.","PeriodicalId":6528,"journal":{"name":"2017 International Conference on Electrical Engineering and Computer Science (ICECOS)","volume":"17 1","pages":"33-37"},"PeriodicalIF":0.0000,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"A novel three-tier SQLi detection and mitigation scheme for cloud environments\",\"authors\":\"Wahid Rajeh, Alshreef Abed\",\"doi\":\"10.1109/ICECOS.2017.8167160\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cloud computing is undoubtedly considered one of the most discussed topics in recent times, both in the research and business sectors. Various schools of thought have attempted to provide a fitting definition from many aspects. This computing paradigm can be defined as a web-based computing model designed to allow both off-site storage and easy data and digital file sharing. The SQL injection, which is certainly one of the top ranking vulnerabilities in cloud systems, is addressed in this paper. Also, a novel three-tier system for detection and mitigation of SQLi attacks is proposed. The methodology is involved over dynamic, static and runtime prevention and detection mechanisms. Moreover, it removes malicious queries and ensures the system is prepared for an environment that is secure despite being focused on the database server only. For the three-tier architecture, the first approach involves detection and prevention that follows the client logic access and data server (three-tier) organization to access, process and exchange queries. Furthermore, it makes sure no vulnerable code is executed that might affect the hosted operating system either partially or entirely. Experimental evaluation schemes demonstrate the efficiency and superiority of the scheme compared with existing approaches.\",\"PeriodicalId\":6528,\"journal\":{\"name\":\"2017 International Conference on Electrical Engineering and Computer Science (ICECOS)\",\"volume\":\"17 1\",\"pages\":\"33-37\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference on Electrical Engineering and Computer Science (ICECOS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICECOS.2017.8167160\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on Electrical Engineering and Computer Science (ICECOS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICECOS.2017.8167160","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A novel three-tier SQLi detection and mitigation scheme for cloud environments
Cloud computing is undoubtedly considered one of the most discussed topics in recent times, both in the research and business sectors. Various schools of thought have attempted to provide a fitting definition from many aspects. This computing paradigm can be defined as a web-based computing model designed to allow both off-site storage and easy data and digital file sharing. The SQL injection, which is certainly one of the top ranking vulnerabilities in cloud systems, is addressed in this paper. Also, a novel three-tier system for detection and mitigation of SQLi attacks is proposed. The methodology is involved over dynamic, static and runtime prevention and detection mechanisms. Moreover, it removes malicious queries and ensures the system is prepared for an environment that is secure despite being focused on the database server only. For the three-tier architecture, the first approach involves detection and prevention that follows the client logic access and data server (three-tier) organization to access, process and exchange queries. Furthermore, it makes sure no vulnerable code is executed that might affect the hosted operating system either partially or entirely. Experimental evaluation schemes demonstrate the efficiency and superiority of the scheme compared with existing approaches.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
