Command injection attacks, continuations, and the Lambek calculus

Hayo Thielecke (Computer Science; University of Birmingham)

arXiv:1606.06382·cs.PL·June 22, 2016·WoC

Command injection attacks, continuations, and the Lambek calculus

Hayo Thielecke (Computer Science, University of Birmingham)

PDF

TL;DR

This paper explores the theoretical connections between command injection attacks, continuations, and the Lambek calculus, showing how certain injections can be modeled as control effects within a logical framework.

Contribution

It introduces a novel application of the Lambek calculus to model command injection attacks as control effects, extending the typing of continuations.

Findings

01

Command injections can be represented as control effects in the Lambek calculus.

02

The Lambek calculus generalizes double-negation typing of continuations.

03

Connections between syntactic structures and security vulnerabilities are established.

Abstract

This paper shows connections between command injection attacks, continuations, and the Lambek calculus: certain command injections, such as the tautology attack on SQL, are shown to be a form of control effect that can be typed using the Lambek calculus, generalizing the double-negation typing of continuations. Lambek's syntactic calculus is a logic with two implicational connectives taking their arguments from the left and right, respectively. These connectives describe how strings interact with their left and right contexts when building up syntactic structures. The calculus is a form of propositional logic without structural rules, and so a forerunner of substructural logics like Linear Logic and Separation Logic.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.