Action II — Taming Code Injection Attacks Across Multiple Domains

Project Code: 2166-01/01-01
Funding programme: Action 2 - Support to Postdoctoral Researchers
Funding Agency: Athens University of Economics and Business
Project type: RTD
Starting date: 2014-10-09
Ending date: 2015-09-10
Total budget: 13,000 €


Contact: Dimitris Mitropoulos
Scientific coordinator: Diomidis Spinellis

Description

Code injection attacks are considered as one of the most damaging classes of application attacks that can harm various entities existing either on a web server, a client machine or a mobile device. With the proposed research we will aim to synthesize empirical findings coming of the analysis of the evolution and the behavior of software bugs that lead to code injection attacks, with existing pieces of theoretical work into an approach that covers all types of code injection attacks. Then, we will try to apply out approach to tame such attacks in different problem domains (web, mobile, etc.). For every application of our method, we will provide corresponding prototypes, deploy them in real world conditions and test them in terms of accuracy, operation cost and maintenance cost.

Publications

Journal Articles

    • Vassilios Karakoidas, Dimitris Mitropoulos, Panagiotis Louridas, and Diomidis Spinellis. A type-safe embedding of SQL into Java using the extensible compiler framework J. Computer Languages, Systems & Structures, 41:1–20, April 2015.

Book Chapters

    • Dimitris Mitropoulos. Securing software. In Phillip A. Laplante, editor, Encyclopedia of Computer Science and Technology, Second Edition. CRC Press, Taylor and Francis Group, 2016.

Conference Publications

    • Dimitris Mitropoulos, Georgios Gousios, Panagiotis Papadopoulos, Vassilios Karakoidas, Panos Louridas, and Diomidis Spinellis. The vulnerability dataset of a large software ecosystem. In Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2014), colocated with the 19th European Symposium on Research in Computer Security (ESORICS 2014). IEEE Computer Society, September 2014.

Magazine Articles

    • Dimitris Mitropoulos. On the evolution of security bugs. XRDS: Crossroads, The ACM Magazine for Students, 21(3):18–19, 2015.