摘要
SQL注入攻击是RFID系统的一个重要攻击方式,RFID系统的吞吐量较大,因此其防御方案应具有较高的计算效率,对此提出一种基于两阶段规则的SQL注入攻击防御方案。首先,按照合法数据域建立合法规则库;然后,对RFID标签中数据的格式与内容进行检查,对非法字符或内容予以标记并忽略;最终,对中间件中动态生成的SQL请求进行格式与内容的检查,对不符合SQL口令规则的请求进行标记并忽略。试验结果证明,本算法可成功检查并防御目前主要类型的注入攻击,且计算效率极高,同时本算法对二次注入攻击具有免疫性。
SQL injection attacks is one of the main attack types, the corresponding prevention approach need to be efficient and low cost due to the high throughput of the RFID system, a new detection and prevention approach is proposed based on two phase rule to solve that problem. Firstly, a rule set is set up in accordance with the legal data region. Then, the detection to the layout and the content of the data in the RFID tag is processed, the illegal characters are labeled and discarded. Lastly, the detec- tion to the layout and content of the SQL queries which are generated dynamically are processed, the illegal characters are labeled and discarded. Experimental results prove that proposed approach can successfully detect and prevent the main injection attacks, and has low computation cost, at the same time, the approach can prevent the second order injection.
出处
《电子技术应用》
北大核心
2015年第5期119-122,共4页
Application of Electronic Technique
