Action II — Taming Code Injection Attacks Across Multiple Domains
Project Code: 2166-01/01-01 Funding programme: Action 2 - Support to Postdoctoral ResearchersFunding Agency: Athens University of Economics and BusinessProject type: RTDStarting date: 2014-10-09Ending date: 2015-09-10Total budget: 13,000 €
Contact: Dimitris Mitropoulos Scientific coordinator: Diomidis Spinellis
Description
Code injection attacks are considered as one of the most damaging classes of application attacks that can harm various entities existing either on a web server, a client machine or a mobile device. With the proposed research we will aim to synthesize empirical findings coming of the analysis of the evolution and the behavior of software bugs that lead to code injection attacks, with existing pieces of theoretical work into an approach that covers all types of code injection attacks. Then, we will try to apply out approach to tame such attacks in different problem domains (web, mobile, etc.). For every application of our method, we will provide corresponding prototypes, deploy them in real world conditions and test them in terms of accuracy, operation cost and maintenance cost.
Publications
Journal Articles
Book Chapters
- Dimitris Mitropoulos. Securing software. In Phillip A. Laplante, editor, Encyclopedia of Computer Science and Technology, Second Edition. CRC Press, Taylor and Francis Group, 2016.
Conference Publications
- Dimitris Mitropoulos, Georgios Gousios, Panagiotis Papadopoulos, Vassilios Karakoidas, Panos Louridas, and Diomidis Spinellis. The vulnerability dataset of a large software ecosystem. In Proceedings of the 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS 2014), colocated with the 19th European Symposium on Research in Computer Security (ESORICS 2014). IEEE Computer Society, September 2014.