300 word summary:
What is the paper about?
Defending Against Injection Attacks Through Context-Sensitive String Evaluation introduces CSSE – Context-Sensitive String Evaluation – a way to detect sqlI in php at runtime – essentially an intrusion detection platform for php apps (though it required modifications to source-code) and its implementation.
The paper is primarily aimed at developers of php applications and researchers.
The paper outlines what an injection attack is, and identifies important properties of injection attacks and the root causes of injection attacks.
The paper has a lot of theory about the types of injection attacks, and defines and implements a new detection method
This paper provides an invaluable section outlining related work and theory, including:
1) safe ad-hoc serialisation (manual input validation – the most common defence, automatic input validation [eg gpc_magic_quotes], variable tainting [eg perl] and techniques provided by SQLRand)
2) serialisation API’s eg DOM, PrepairedStatement in Java
finally, they introduce their own technique – Context-Sensitive String Evaluation [CSSE]
The authors are aware of potential weaknesses in their work, and evaluate identified weaknesses: false positives, false negatives, memory overhead, execution overhead, etc.
they note that it causes a 10% performance hit, and they list possible reasons why, with a note to check in future for possible performance tuning (they also note that they didn’t tune it for performance)
Is title/abstract accurate
Yes, its very descriptive of the paper
Is the big ‘point’ of the work clear?
Yes.
Is there an original/significant contribution to knowledge
Yes, this is unique / novel
Is this an extension to previous work?
Are aims and objectives clearly stated?
yes
Technical aspects of critique
Has proper attention been given to the current literature
yes, there is an awesome background information section
Are ideas/arguments technically correct?
yes, its from ibm research…
Is empirical evidence provided?
yes, they run an experiment and provide results
Is there a balanced presentation of the literature?
yes, its very well written
Is the research design/methodology clearly stated?
yes, its an experiment.
Has any sampling involved been carefully and thoughtfully selected?
yes, they provide tables of results
Is it representative? Is it likely to bias the research?
its results form other methods and their implementations (this is a common theme)
Have any ethical issues been clearly identified and handled correctly?
not really, they only tested one application, and they only tested previously known, publicly available bugs
Has the data collection method clearly stated?
yes, its an experiment on publicly available bugs, and the results without the CSSE enabled, compared to when it is enabled
Was there a pilot study to check proposed approach?
nope
Is the data collection method valid and reliable?
yes, its a repeatable experiment
What is the method of analysis? Clearly described and reliable?
experiment
Are results clearly presented?
yes, though a couple more tables would be nice
Are all hypotheses and any assumptions clearly stated at the outset?
yes.
Presentaton
IS the paper well structured? Can you follow the arguments? Is there a good flow through the paper i.e. Is there a ‘story’?
yes, its very well written
Are technical terms/abbreviations explained?
yes, ill be using this as one of my sources
Are tables/graphs/diagrams easy to follow and clearly signposted?
yes, they have a few graphs
Do they aid understanding?
they are a bit difficult, as they have used stacked graphs (my personal preference would be two separate tables)
Is the discussion well balanced? – Not front/top heavy
its got a lot of theory at the start, but the background info / theory / implementation / results sections are about the same size
Are conclusions well supported by arguments/results presented in the paper
Is the work well ‘joined-up’?
yeah, it flows well
Do the authors recognise potential areas of weakness in their work?
The authors are aware of potential weaknesses in their work, and evaluate identified weaknesses: false positives, false negatives, memory overhead, execution overhead, etc.
they note that it causes a 10% performance hit, and they list possible reasons why, with a note to check in future for possible performance tuning (they also note that they didn’t tune it for performance)
How up-to-date is the work – are references current and representative of the field?
upto about 2005

0 Comments