Policy-based SQLIA detection and prevention approach for RFID systems

Abawajy, Jemal and Fernando, Harinda 2015, Policy-based SQLIA detection and prevention approach for RFID systems, Computer standards and interfaces, vol. 38, pp. 64-71, doi: 10.1016/j.csi.2014.08.005.

Attached Files
Name Description MIMEType Size Downloads

Title Policy-based SQLIA detection and prevention approach for RFID systems
Author(s) Abawajy, JemalORCID iD for Abawajy, Jemal orcid.org/0000-0001-8962-1222
Fernando, Harinda
Journal name Computer standards and interfaces
Volume number 38
Start page 64
End page 71
Total pages 8
Publisher Elsevier
Place of publication Amsterdam, The Netherlands
Publication date 2015-02
ISSN 0920-5489
Keyword(s) Science & Technology
Technology
Computer Science, Hardware & Architecture
Computer Science, Software Engineering
Computer Science
RFID
SQLIA
Data validation
Data sanitization
Policy
INJECTION ATTACKS
MALWARE
Summary While SQL injection attacks have been plaguing web application systems for years, the possibility of them affecting RFID systems was only identified very recently. However, very little work exists to mitigate this serious security threat to RFID-enabled enterprise systems. In this paper, we propose a policy-based SQLIA detection and prevention method for RFID systems. The proposed technique creates data validation and sanitization policies during content analysis and enforces those policies during runtime monitoring. We tested all possible types of dynamic queries that may be generated in RFID systems with all possible types of attacks that can be mounted on those systems. We present an analysis and evaluation of the proposed approach to demonstrate the effectiveness of the proposed approach in mitigating SQLIA.
Language eng
DOI 10.1016/j.csi.2014.08.005
Field of Research 080501 Distributed and Grid Systems
0803 Computer Software
0804 Data Format
080501 Distributed and Grid Systems
Socio Economic Objective 890299 Computer Software and Services not elsewhere classified
HERDC Research category C1 Refereed article in a scholarly journal
ERA Research output type C Journal article
Copyright notice ©2015, Elsevier
Persistent URL http://hdl.handle.net/10536/DRO/DU:30070782

Document type: Journal Article
Collection: School of Information Technology
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 2 times in TR Web of Science
Scopus Citation Count Cited 3 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 206 Abstract Views, 4 File Downloads  -  Detailed Statistics
Created: Tue, 15 Mar 2016, 14:17:36 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.