Abstract

In the 21st century, there has been a significant rise in dependency on the Internet for daily activities. Web applications such as online banking, web-based emails, social networking, and many more services have become an instant means of communication. These web applications and the data to which they have access are often targeted using malicious attacks, including SQL (Structured Query Language) Injection Attacks (from now on referenced as SQLIAs), which may cause serious damage. In particular, attackers use SQLIAs to target interactive web applications that incorporate database services. In a SQLIA, an attacker can insert malicious SQL code as an input to perform unauthorized database operations, which could potentially jeopardize the privacy, integrity and security of the users.

This thesis proposes an unconventional hardware-based approach for solving SQL vulnerabilities and thwarting SQLIAs. Specifically, we are approaching the problem of SQL Injection by using an FPGA to search for action-based binding keywords which join multiple queries. These keywords form an integral part of any attack query. We search for these keywords in a user’s input space and replace them with a null string. By doing so, the binding query is nullified, and the attacking query is rendered harmless.

Degree Date

Spring 2017

Document Type

Thesis

Department

Electrical Engineering

Advisor

Jennifer Dworak

Second Advisor

Frank Coyle

Third Advisor

Freeman Mooore

Fourth Advisor

Pig. Gui

Fifth Advisor

Theodore Manikas

Number of Pages

75

Format

.pdf

Creative Commons License

Creative Commons Attribution-Noncommercial 4.0 License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License

Share

COinS