Attack methodology Analysis: SQL Injection Attacks and Their Applicability to Control Systems Metadata

Metadata describes a digital item, providing (if known) such information as creator, publisher, contents, size, relationship to other resources, and more. Metadata may also contain "preservation" components that help us to maintain the integrity of digital files over time.

Available Formats

Dublin Core: XML Dublin Core: JSON Dublin Core: Text Dublin Core: RDF/XML UNTL: XML Access METS: XML

Title

  • Main Title Attack methodology Analysis: SQL Injection Attacks and Their Applicability to Control Systems

Creator

  • Author: Rolston, Bri
    Creator Type: Personal

Contributor

  • Sponsor: United States. Office of the Assistant Secretary for Nuclear Energy.
    Contributor Type: Organization
    Contributor Info: DOE - NE

Publisher

  • Name: Idaho National Laboratory
    Place of Publication: [Idaho Falls, Idaho]
    Additional Info: Idaho National Laboratory (INL)

Date

  • Creation: 2005-09-01

Language

  • English

Description

  • Content Description: Database applications have become a core component in control systems and their associated record keeping utilities. Traditional security models attempt to secure systems by isolating core software components and concentrating security efforts against threats specific to those computers or software components. Database security within control systems follows these models by using generally independent systems that rely on one another for proper functionality. The high level of reliance between the two systems creates an expanded threat surface. To understand the scope of a threat surface, all segments of the control system, with an emphasis on entry points, must be examined. The communication link between data and decision layers is the primary attack surface for SQL injection. This paper facilitates understanding what SQL injection is and why it is a significant threat to control system environments.

Subject

  • Keyword: Sql
  • Keyword: Database Exploit
  • Keyword: Database
  • Keyword: Computers
  • Keyword: Communications
  • Keyword: Sql Injection
  • STI Subject Categories: 24 - Power Transmission And Distribution
  • Keyword: Security Database
  • Keyword: Control Systems

Collection

  • Name: Office of Scientific & Technical Information Technical Reports
    Code: OSTI

Institution

  • Name: UNT Libraries Government Documents Department
    Code: UNTGD

Resource Type

  • Report

Format

  • Text

Identifier

  • Report No.: INL/EXT-05-00572
  • Grant Number: DE-AC07-99ID-13727
  • DOI: 10.2172/911631
  • Office of Scientific & Technical Information Report Number: 911631
  • Archival Resource Key: ark:/67531/metadc891443
Back to Top of Screen