Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 2 of 2
Full-Text Articles in Entire DC Network
Composition Of Atomic-Obligation Security Policies, Danielle Ferguson
Composition Of Atomic-Obligation Security Policies, Danielle Ferguson
USF Tampa Graduate Theses and Dissertations
There has been significant work to date on policy-specification languages that allow specification of arbitrary obligations, but there continues to exist open challenges in the composition of these arbitrary obligations, especially when obligations can be complex (i.e. consist more than one action). There are currently no solutions that allow complete and automatic resolution of conflicts between policies and other policies' obligations or that allow policies to react to the complex obligations of other policies. In particular, there is minimal work that considers the benefits and challenges of allowing complex obligations that operate in an atomic fashion, that is that execute …
Defining And Preventing Code-Injection Attacks, Donald Ray
Defining And Preventing Code-Injection Attacks, Donald Ray
USF Tampa Graduate Theses and Dissertations
This thesis shows that existing definitions of code-injection attacks (e.g., SQL-injection attacks) are flawed. The flaws make it possible for attackers to circumvent existing mechanisms, by supplying code-injecting inputs that are not recognized as such. The flaws also make it possible for benign inputs to be treated as attacks. After describing these flaws in conventional definitions of code-injection attacks, this thesis proposes a new definition, which is based on whether the symbols input to an application get used as (normal-form) values in the application's output. Because values are already fully evaluated, they cannot be considered ``code'' when injected. This simple …