Title :
Securing large applications against command injections
Author :
Jourdan, Guy-Vincent
Author_Institution :
Sch. of Inf. Technol. & Eng., Univ. of Ottawa, Ottawa, ON, Canada
fDate :
6/1/2009 12:00:00 AM
Abstract :
The ability to produce more secure software or to improve the security of existing software is a growing concern and a real challenge for the field of software engineering. Among the various existing types of software vulnerabilities, command injections are particularly common. It is a difficult problem to address, having seemingly endless variations. We present a unified, formal definition of command injections that, is not based on a particular technology and captures not only the existing variations but also the future instances of the problem. We then propose a Simple, yet effective, strategy to deal with the problem in existing large applications, focusing on the cost-effectiveness of the method. We also report on successful experiments applying our solution to large commercial applications.
Keywords :
security of data; software engineering; command injections; cost-effectiveness; software engineering; software security; software vulnerabilities; Application software; Books; Cellular neural networks; Computer crime; Information security; Information technology; Production systems; Software engineering; Software quality; Software testing;
Journal_Title :
Aerospace and Electronic Systems Magazine, IEEE
DOI :
10.1109/MAES.2009.5161718
