AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks

300 word summary:

AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks.

Provides a valuable background section on the countermeasures for SQL injection attacks:

Defensive Programming
General Techniques against SQLi
Static Analysis techniques

Provides examples of SQL injection attacks, with sql code.
Provides a definition of an sql injection attack:

“An SQL Injection Attack (SQLIA) occurs when an attacker attempts to change the logic, semantics or syntax of a legitimate SQL statement by inserting new SQL keywords or operators into the statement.”

Provides a blueprint for their implementation:

Identify hotspots: Scan the application code to identify hotspots — points in the application code that issue SQL queries to the underlying database.
Build SQL-query models: For each hotspot, build a model that represents all the possible SQL queries that may be generated at that hotspot. A SQL-query model is a non-deterministic finite-state automaton in which the transition labels consist of SQL tokens (SQL keywords and operators), delimiters, and place holders for string values.
Instrument Application: At each hotspot in the application, add calls to the runtime monitor.
Run-time monitoring: At runtime, check the dynamically-generated queries against the SQL-query model and reject and report queries that violate the model.


What is the paper about?
A new technique to detect sql injection

Who is the intended audience?
Professionals / Researchers

Is title/abstract accurate
Yes, its the name of their implementation

Is the big ‘point’ of the work clear?

Is there an original/significant contribution to knowledge
Yes, they have a theory and implementation for a new type of SQLi detection

Is this an extension to previous work?
Yes, it lists the previous methods, their weaknesses, and gives a new method

Are aims and objectives clearly stated?

Technical aspects of critique
Has proper attention been given to the current literature
Yes, it has an excellent ‘Background information section’

Are ideas/arguments technically correct?

Is empirical evidence provided?
yes, they have an experiment comparing their tool with others tools and the results

Is there a balanced presentation of the literature?
Yes, they have lots of very good information

Is the research design/methodology clearly stated?
Yes, with a big section on the theory behind it

Has any sampling involved been carefully and thoughtfully selected?
yes, they list other methods, and implementations of those methods, and they test them and compare with results of their own method and implementation

Is it representative? Is it likely to bias the research?

Have any ethical issues been clearly identified and handled correctly?

Has the data collection method clearly stated?
yes, excellent experiment section

Was there a pilot study to check proposed approach?

Is the data collection method valid and reliable?
yes, its a repeatable experiment

What is the method of analysis? Clearly described and reliable?
experiment comparison between their implementation/method and other methods/implelmentations

Are results clearly presented?
yes, in tables

Are all hypotheses and any assumptions clearly stated at the outset?
yes, they have a very good theoretical section

IS the paper well structured? Can you follow the arguments? Is there a good flow through the paper i.e. Is there a ‘story’?
yes, and its full of very useful information, this is going to be heavily used in my paper

Are technical terms/abbreviations explained?
yes, very clearly

Are tables/graphs/diagrams easy to follow and clearly signposted?

Do they aid understanding?

Is the discussion well balanced? – Not front/top heavy
its pretty heavy on theory and background

Are conclusions well supported by arguments/results presented in the paper
Is the work well ‘joined-up’?
yes, it flows well from background to current theory, to their theory, to comparison and conculsion

Do the authors recognise potential areas of weakness in their work?
yes, its very precise and expensive (resource-wise) also, its only for java apps

How up-to-date is the work – are references current and representative of the field?
upto 2005, so not very new

Leave a Reply