Database Security, AutoML, and Data Lake Table Joining
Classified in Computers
Written on in English with a size of 3.65 KB
Acid Rain: Concurrency-Related Attacks in Database-Backed Web Applications
Motivation:
- 12 popular self-hosted e-commerce applications (deployed over 2M websites, representing over 50% of all e-commerce websites)
- 22 critical ACIDRain attacks identified and verified
- Flexcoin -> Bankrupted
Problem Definition:
An application is vulnerable if:
- Anomalies Possible: Under concurrent API access, the application may exhibit behaviors (i.e., anomalies) that could not have arisen under serial execution.
- Sensitive Invariants: The anomalies arising from concurrent access lead to violations of application invariants.
Solution:
- Execute API calls against a live application and database to generate a (possibly sequential) trace of database activity.
- Analyze the trace