| Attack methodology Analysis: SQL Injection Attacks and Their Applicability to Control Systems | |
| Rolston, Bri | |
| Idaho National Laboratory | |
| 关键词: Sql; Database Exploit; Database; Computers; Communications; | |
| DOI : 10.2172/911631 RP-ID : INL/EXT-05-00572 RP-ID : DE-AC07-99ID-13727 RP-ID : 911631 |
|
| 美国|英语 | |
| 来源: UNT Digital Library | |
 PDF
|
|
【 摘 要 】
Database applications have become a core component in control systems and their associated record keeping utilities. Traditional security models attempt to secure systems by isolating core software components and concentrating security efforts against threats specific to those computers or software components. Database security within control systems follows these models by using generally independent systems that rely on one another for proper functionality. The high level of reliance between the two systems creates an expanded threat surface. To understand the scope of a threat surface, all segments of the control system, with an emphasis on entry points, must be examined. The communication link between data and decision layers is the primary attack surface for SQL injection. This paper facilitates understanding what SQL injection is and why it is a significant threat to control system environments.
【 预 览 】
| Files | Size | Format | View |
|---|---|---|---|
| 911631.pdf | 469KB |  download |
878987797
028-85220240
