Abstract
In the 21st century, there has been a significant rise in dependency on the Internet for daily activities. Web applications such as online banking, web-based emails, social networking, and many more services have become an instant means of communication. These web applications and the data to which they have access are often targeted using malicious attacks, including SQL (Structured Query Language) Injection Attacks (from now on referenced as SQLIAs), which may cause serious damage. In particular, attackers use SQLIAs to target interactive web applications that incorporate database services. In a SQLIA, an attacker can insert malicious SQL code as an input to perform unauthorized database operations, which could potentially jeopardize the privacy, integrity and security of the users.
This thesis proposes an unconventional hardware-based approach for solving SQL vulnerabilities and thwarting SQLIAs. Specifically, we are approaching the problem of SQL Injection by using an FPGA to search for action-based binding keywords which join multiple queries. These keywords form an integral part of any attack query. We search for these keywords in a user’s input space and replace them with a null string. By doing so, the binding query is nullified, and the attacking query is rendered harmless.
Degree Date
Spring 2017
Document Type
Thesis
Degree Name
M.S.E.E.
Department
Electrical and Computer Engineering
Advisor
Jennifer Dworak
Second Advisor
Frank Coyle
Third Advisor
Freeman Mooore
Fourth Advisor
Pig. Gui
Fifth Advisor
Theodore Manikas
Number of Pages
75
Format
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License
Recommended Citation
Shah, Nisharg, "Securing Database Users from the Threat of SQL Injection Attacks" (2017). Electrical Engineering Theses and Dissertations. 1.
https://scholar.smu.edu/engineering_electrical_etds/1