Learn More
This paper shows that existing definitions of code-injection attacks (e.g., SQL-injection attacks) are flawed. The flaws make it possible for attackers to circumvent existing mechanisms, by supplying code-injecting inputs that are not recognized as such. The flaws also make it possible for benign inputs to be treated as attacks. After describing these flaws(More)
  • Michael Whiteside, Michael Cameron Whiteside, Donald Ray
  • 2016
The following work has two chapters; the first is a short story entitled " Night's End, " and the second is a short essay entitled " The Dilemma of Evil in Donald Ray Pollock's " Dynamite Hole.' " " Night's End " is loosely based on a true story. To respect the parties involved, I will not mention their names. The events are fictional, and deal with(More)
This paper defines and analyzes injection attacks. The definition is based on the NIE property, which states that an application's untrusted inputs must only produce Noncode Insertions or Expansions in output programs (e.g., SQL queries). That is, when applications generate output programs based on untrusted inputs, the NIE property requires that inputs(More)
  • 1