© 2005 Tadeusz Pietraszek
Context-Sensitive String Evaluation (CSSE)
Injection vulnerabilities pose a major threat to application-level security. Some of the more common types are SQL injection, cross-site scripting and shell injection vulnerabilities. Existing methods for defending against injection attacks, that is, attacks exploiting these vulnerabilities, rely heavily on the application developers and are therefore error-prone.
Context-Sensitive String Evaluation (CSSE) is a method to detect and prevent injection attacks. CSSE works by addressing the root cause why such attacks can succeed, namely the ad-hoc serialization of user-provided input. It provides a platform-enforced separation of channels, using a combination of assignment of metadata to user-provided input, metadata-preserving string operations and context-sensitive string evaluation.
CSSE uses an instrumented execution environment (such as PHP or Java) to keep track of variables during program execution, and through the assignment of metadata, be able to detect and prevent injection attacks.
CSSE requires neither application developer interaction nor application source code modifications. Since only changes to the underlying platform are needed, it effectively shifts the burden of implementing countermeasures against injection attacks from the many application developers to the small team of security-savvy platform developers. Our method is effective against most types of injection attacks, and we show that it is also less error-prone than other solutions proposed so far.
Currently, there are two prototype implementations available:
ContactTadeusz Pietraszek <pie-at-zurich.ibm.com> or Chris Vanden Berghe <vbc-at-zurich.ibm.com>
Last modified: $Id: index.html 14 2005-06-06 14:35:45Z tadekp $