COMMAND INJECTION PROTECTION FOR JAVA APPLICATIONS

摘要

A method of enhancing secure operation of a computer is disclosed. The computer receives input data from one us to source and also operates an application program which can utilise the input data. The method involves creating a tainted value cache and storing the input data in that cache. In the event that the application program invokes a method which utilises data from the cache, then that data is intercepted before it is utilised by the application program. The intercepted data is subjected to a data content test. If the intercepted data passes the data content test, then the intercepted data is forwarded to the application program to be utilised thereby. However, if the intercepted data fails the data content test, a security action is implemented.

主权项

1. A method of enhancing secure operation of a computer which receives input data from an untrusted source, and which operates an application program which can utilise said input data, said method comprising the steps of:
creating a tainted value cache, storing in said cache said input data, in the event that said application program invokes a method which utilises data from said cache, intercepting said data before it is utilised by said application program and subjecting the intercepted data to a data content test, if said intercepted data passes said data content test, forwarding said intercepted data to said application program for utilisation, and if said intercepted data fails said data of content test, implementing a security action.