In this paper, we describe a system that distinguishes be- tween legitimate and malicious database transactions per- formed by application programs. Our system is particularly useful for protecting against code-modification attacks performed by insiders who have access to and can change the programs' source code to make them execute different queries than those they are expected to execute. Our system works with any type of DBMS and requires minimum modification to application programs.

Date of this Version






To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.