Skip to content

Latest commit

 

History

History
69 lines (53 loc) · 2.35 KB

README.md

File metadata and controls

69 lines (53 loc) · 2.35 KB

SEAL: A Secure Design Pattern Approach Toward Tackling Lateral-Injection Attacks


Core Secure Design


Official Implementation of A Secure Design Pattern Approach Toward Tackling Lateral-Injection Attacks. The 15th IEEE International Conference on Security of Information and Networks (SIN'22).

Abstract

Software weaknesses that create attack surfaces for adversarial exploits, such as lateral SQL injection (LSQLi) attacks, are usually introduced during the design phase of software development. Security design patterns are sometimes applied to tackle these weaknesses. However, due to the stealthy nature of lateral-based attacks, employing traditional security patterns to address these threats is insufficient. Hence, we present SEAL, a secure design that extrapolates architectural, design, and implementation abstraction levels to delegate security strategies toward tackling LSQLi attacks. We evaluated SEAL using case study software, where we assumed the role of an adversary and injected several attack vectors tasked with compromising the confidentiality and integrity of its database. Our evaluation of SEAL demonstrated its capacity to address LSQLi attacks.


Artifact Author: Chidera Biringa

Cite

@inproceedings{biringa2022secure,
  title={A Secure Design Pattern Approach Toward Tackling Lateral-Injection Attacks},
  author={Biringa, Chidera and Kul, G{\"o}khan},
  booktitle={2022 15th International Conference on Security of Information and Networks (SIN)},
  pages={01--04},
  year={2022},
  organization={IEEE}
}

Ethical Considerations

Lateral-Injection attack strategies employed in this work are strictly for research purposes.

Installation

$ git clone https://github.com/biringaChi/SEAL

Running SEAL

$ cd src
$ python main.py

Cases: Enter input below in the entry field and click inject

Case 1

User1

Case 2

User2

Case 3

'; UPDATE users SET Trust = 'T2' WHERE Username = 'User1'; SELECT 1; --

Case 4

User3

LICENSE: MIT LICENSE