基于敏感字符的SQL注入攻击防御方法

doi:10.7544/issn1000-1239.2016.20160443

计算机研究与发展 ›› 2016, Vol. 53 ›› Issue (10): 2262-2276.doi: 10.7544/issn1000-1239.2016.20160443

所属专题： 2016网络空间共享安全研究进展专题

基于敏感字符的SQL注入攻击防御方法

张慧琳¹,丁羽¹,张利华¹,段镭¹,张超²,韦韬³,李冠成¹,韩心慧¹

¹(北京大学计算机科学技术研究所北京 100080); ²(加州大学伯克利分校加利福尼亚伯克利 94720); ³(百度美国有限责任公司加利福尼亚森尼韦尔 94089) (zhanghuilin@pku.edu.cn)

出版日期: 2016-10-01
基金资助:
国家自然科学基金项目(61572149,61402125) This work was supported by the National Natural Science Foundation of China (61572149, 61402125).

SQL Injection Prevention Based on Sensitive Characters

Zhang Huilin¹, Ding Yu¹, Zhang Lihua¹, Duan Lei¹, Zhang Chao², Wei Tao³, Li Guancheng¹, Han Xinhui¹

¹(Institute of Computer Science and Technology, Peking University, Beijing 100080); ²(University of California at Berkeley, Berkeley, CA, 94720); ³(Baidu USA Limited Liability Company, Sunnyvale, CA, 94089)

Online: 2016-10-01

摘要/Abstract

摘要： SQL注入攻击历史悠久，其检测机制也研究甚广.现有的研究利用污点分析(taint analysis)结合SQL语句语法分析进行SQL注入攻击检测，但由于需要修改Web应用程序执行引擎来标记和跟踪污点信息，难以部署，并且时间和空间性能损失过大.通过分析SQL注入攻击机理，提出一种基于敏感字符的SQL注入攻击防御方法.1)仅对来自常量字符串的可信敏感字符进行积极污点标记；2)无需修改Web应用程序执行引擎，利用编码转换将污点信息直接存储在可信敏感字符的编码值中，动态跟踪其在程序中的传播；3)无需SQL语句语法分析，只需利用编码值判断SQL语句中敏感字符的来源、转义非可信敏感字符，即可防御SQL注入攻击.基于PHP的Zend引擎实现了系统原型PHPGate，以插件方式实现、易部署.实验证明：PHPGate可精确防御SQL注入攻击，且有效提升污点传播效率，页面应答的时间开销不超过1.6%.

关键词: SQL 注入攻击, 可信敏感字符, 动态污点分析, 积极污点分析, 编码转换

Abstract: SQL injection attacks are prevalent Web threats. Researchers have proposed many taint analysis solutions to defeat this type of attacks, but few are efficient and practical to deploy. In this paper, we propose a practical and accurate SQL injection prevention method by tainting trusted sensitive characters into extended UTF-8 encodings. Unlike typical positive taint analysis solutions that taint all characters in hard-coded strings written by the developer, we only taint the trusted sensitive characters in these hard-coded strings. Furthermore, rather than modifying Web application interpreter to track taint information in extra memories, we encode the taint metadata into the bytes of trusted sensitive characters, by utilizing the characteristics of UTF-8 encoding. Lastly, we identify and escape untrusted sensitive characters in SQL statements to prevent SQL injection attacks, without parsing the SQL statements. A prototype called PHPGate is implemented as an extension on the PHP Zend engine. The evaluation results show that PHPGate can protect Web applications from real world SQL injection attacks and introduce a low performance overhead (less than 1.6%).

Key words: SQL injection attack, trusted sensitive character, dynamic taint analysis, positive taint analysis, UTF-8 encoding

中图分类号:

TP393.08

张慧琳,丁羽,张利华,段镭,张超,韦韬,李冠成,韩心慧. 基于敏感字符的SQL注入攻击防御方法[J]. 计算机研究与发展, 2016, 53(10): 2262-2276.

Zhang Huilin, Ding Yu, Zhang Lihua, Duan Lei, Zhang Chao, Wei Tao, Li Guancheng, Han Xinhui. SQL Injection Prevention Based on Sensitive Characters[J]. Journal of Computer Research and Development, 2016, 53(10): 2262-2276.

	作者相关文章
	张慧琳
	丁羽
	张利华
	段镭
	张超
	韦韬
	李冠成
	韩心慧

基于敏感字符的SQL注入攻击防御方法

SQL Injection Prevention Based on Sensitive Characters

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 1

编辑推荐

Metrics

本文评价