CHAPTER ONE: INTRODUCTION

1.0       Background to the Study

1.1       Aim and Objective of the Project

1.2       Justification

1.3       Scope of the Study

1.4       Methodology/Research Procedure

1.5       Definition of Terms

1.6       Organisation of the Project

CHAPTER TWO: LITERATURE REVIEW

2.1       Vulnerability Analysis and Scanner

2.1.1    Limitations of the Vulnerability Scanner

2.2       Threat Modelling

2.3       Security Perimeter

2.4       Threat Classification

2.5       SQL Injection

2.5.1    SQL Injection Prevention– Intrusion Detection System

2.5.2.   Static Approach for SQL Injection Countermeasures

2.5.3    Dynamic Approach for SQL Injection Countermeasures

2.5.4    Hybrid SQLIA Prevention Approach

2.5.5    Mutation Based Approach to Detect SQL Injection

2.6       XPATH Injection

2.7       Session Hijacking

CHAPTER THREE

3.0       Design and Implementation

3.1       Proposed System

3.1.1 Advantages of Proposed System

3.3       Feasibility Study

3.2.1    Economic Feasibility

3.2.2 Technical Feasibility

3.2.3 Social Feasibility

3.3       System Specification

3.3.1.   Hardware Requirement

3.3.2.   Software Requirement

3.4       Software Description

3.4.1    ASP.NET

3.4.2.   Features of ASP.NET

CHAPTER FOUR

4.0       Module Description

4.1       Authentication Phase

4.2 Split Memory Phase

4.3       Address space Intrusion Avoidance phase

4.4       Preventing Code Injection phase

4.5       Data Flow Diagram

4.6       Database Design

4.6.1    Honey Pot Database

4.7                   Input Design

4.8       Output Design

4.9       System Testing

4.9.1    Unit Testing

4.9.2    Integration Testing

4.9.3    Validation Testing

4.10     System Implementation

CHAPTER FIVE: Conclusion and future Enhancements

5.1       Conclusion

REFERENCES

APPENDIX

Code injection attacks, despite being well researched, continue to be a problem today. Modern architectural solutions such as the NX-bit and PaX have been useful in limiting the attacks, however they enforce program layout restrictions and can often times still be circumvented by a determined attacker. We propose a change to the memory architecture of modern processors that addresses the code injection problem at its very root by virtually splitting memory into code memory and data memory such that a processor will never be able to fetch injected code for execution. This virtual split memory system can be implemented as a software only patch to an operating system, and can be used to supplement existing schemes for improved protection. Our experimental results show the system is effective in preventing a wide range of code injection attacks while incurring acceptable overhead.

Keywords: Code Injection, Secure Memory Architecture