An Object Pool Realization of Whitelist Strategies to Neutralize Injection Flaws

IOT Systems such as Smart Heath care system are implemented on small embedded system and their software framework is built on the top of interpreter based systems. Injection Flaws are serious software vulnerability, and are listed on The Open Web Application Security Project (OWASP) Top 10. Injection flaws are introduced when the input data is supplied to the interpreter without proper security validation. Using Whitelist is an efficient input data validation strategy to avoid Injection Flaws attacks. In this paper, an improved object pool management method which provides properly validated input data as an object is proposed. Since pre-validated input, as a form of objects are managed through the object pool pattern, the object pool works as a white list and it helps prevent Injection Flaw attacks. Furthermore, it is shown that any performance degradation can be compensated by reduced object construction time, since objects in the object pool don´t need construction.