Attack methodology Analysis [electronic resource] : SQL Injection Attacks and Their Applicability to Control Systems
- Washington, D.C. : United States. Office of the Assistant Secretary for Nuclear Energy, 2005. and Oak Ridge, Tenn. : Distributed by the Office of Scientific and Technical Information, U.S. Dept. of Energy.
- Additional Creators:
- Idaho National Laboratory, United States. Office of the Assistant Secretary for Nuclear Energy, and United States. Department of Energy. Office of Scientific and Technical Information
- Restrictions on Access:
- Free-to-read Unrestricted online access
- Database applications have become a core component in control systems and their associated record keeping utilities. Traditional security models attempt to secure systems by isolating core software components and concentrating security efforts against threats specific to those computers or software components. Database security within control systems follows these models by using generally independent systems that rely on one another for proper functionality. The high level of reliance between the two systems creates an expanded threat surface. To understand the scope of a threat surface, all segments of the control system, with an emphasis on entry points, must be examined. The communication link between data and decision layers is the primary attack surface for SQL injection. This paper facilitates understanding what SQL injection is and why it is a significant threat to control system environments.
- Published through SciTech Connect., 09/01/2005., "inl/ext-05-00572", and Bri Rolston.
- Funding Information:
View MARC record | catkey: 14757170