Title :
Securing Large Applications Against Command Injections
Author :
Jourdan, Guy-Vincent
Author_Institution :
Univ. of Ottawa, Ottawa
Abstract :
The ability to produce more secure software or to improve the security of existing software is a growing concern and a real challenge for the field of software engineering. Among the various existing types of software vulnerabilities, command injections are particularly common. It is a difficult problem to address, having seemingly endless variations. We present here a unified, formal definition of command injections that, is not based on a particular technology and captures not only the existing variations but also the future instances of the problem. We then propose a simple, yet effective strategy to deal with the problem in existing large applications, focusing on the cost effectiveness of the method. We also report on successful experiments applying our solution to large commercial applications.
Keywords :
security of data; software engineering; command injections; software engineering; software security; Application software; Books; Computer crime; Costs; Production systems; Programming; Roads; Security; Software engineering; Software quality;
Conference_Titel :
Security Technology, 2007 41st Annual IEEE International Carnahan Conference on
Conference_Location :
Ottawa, Ont.
Print_ISBN :
978-1-4244-1129-0
DOI :
10.1109/CCST.2007.4373470
