An Entire Security Model for SQL-injection: Formal Specification Using Petri Nets

Abstract

Database Security has gained significance and concern as institutions reliance on database systems has increased dramatically in addition to the simultaneous and severe grown of the associated offensives. Furthermore, and with the development, use and widespread of the Internet and web applications, it has been very important to ensure the confidentiality of information and protection from threats such as SQL Injection Attack (SQLIA). Which are considered as one of the top threats and prevalent types of database-driven applications security vulnerability. Consequently, SQLIA prevention and detection has become one of the most active topics of research in the computer science field. Therefore, this research contributes to such context by proposing an inclusive and formal security model for nearly all existing SQL-injection attacks using Petri Nets language. Additionally, the study has followed a scientific and formal methodology including determination of security requirements based on comprehensive security risk analysis and assessment. Moreover, The proposed model guarantees and supports multi-defense lines with variform-adaptable mechanisms that might gain the superiority of safeguard for the intended model. Finally, the study conducts and develops formal modeling in company with formal system specification for the proposed model using Petri Nets notation in order to assure and prove modularity, conformity, reliability, as well as flexibility