ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2016, Vol. 53 ›› Issue (10): 2262-2276.doi: 10.7544/issn1000-1239.2016.20160443

Special Issue: 2016网络空间共享安全研究进展专题

Previous Articles     Next Articles

SQL Injection Prevention Based on Sensitive Characters

Zhang Huilin1, Ding Yu1, Zhang Lihua1, Duan Lei1, Zhang Chao2, Wei Tao3, Li Guancheng1, Han Xinhui1   

  1. 1(Institute of Computer Science and Technology, Peking University, Beijing 100080); 2(University of California at Berkeley, Berkeley, CA, 94720); 3(Baidu USA Limited Liability Company, Sunnyvale, CA, 94089)
  • Online:2016-10-01

Abstract: SQL injection attacks are prevalent Web threats. Researchers have proposed many taint analysis solutions to defeat this type of attacks, but few are efficient and practical to deploy. In this paper, we propose a practical and accurate SQL injection prevention method by tainting trusted sensitive characters into extended UTF-8 encodings. Unlike typical positive taint analysis solutions that taint all characters in hard-coded strings written by the developer, we only taint the trusted sensitive characters in these hard-coded strings. Furthermore, rather than modifying Web application interpreter to track taint information in extra memories, we encode the taint metadata into the bytes of trusted sensitive characters, by utilizing the characteristics of UTF-8 encoding. Lastly, we identify and escape untrusted sensitive characters in SQL statements to prevent SQL injection attacks, without parsing the SQL statements. A prototype called PHPGate is implemented as an extension on the PHP Zend engine. The evaluation results show that PHPGate can protect Web applications from real world SQL injection attacks and introduce a low performance overhead (less than 1.6%).

Key words: SQL injection attack, trusted sensitive character, dynamic taint analysis, positive taint analysis, UTF-8 encoding

CLC Number: