Security policy framework and algorithms for web server content protection

نویسندگان

  • Shadi Aljawarneh
  • Christopher Laing
  • Paul Vickers
چکیده

A significant web security issue facing Internet users and organizations is the securing of web content against unauthorised tampering. Users must be comfortable with the security offered by web applications that sensitive web-based services. Some progress has been made in addressing the verification of web server content integrity, but current solutions are restricted by the limitations of the SSL protocol, the statelessness of HTTP, blind security mechanisms which is based on ad-hoc models, and difficulties with automatic code analysis. We present a web security real-time framework, a state protocol of web policies, and a number of particular algorithms that they can used to verify and protect the static and dynamic web content against unauthorised tampering. It is suggested that such a framework will offer a higher level of user confidence, and web service survivability.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Static Enforcement of Web Application Integrity Through Strong Typing

Security vulnerabilities continue to plague web applications, allowing attackers to access sensitive data and co-opt legitimate web sites as a hosting ground for malware. Accordingly, researchers have focused on various approaches to detecting and preventing common classes of security vulnerabilities in web applications, including anomaly-based detection mechanisms, static and dynamic analyses ...

متن کامل

بهینه‌سازی اجرا و پاسخ صفحات وب در فضای ابری با روش‌های پیش‌پردازش، مطالعه موردی سامانه‌های وارنیش و انجینکس

The response speed of Web pages is one of the necessities of information technology. In recent years, renowned companies such as Google and computer scientists focused on speeding up the web. Achievements such as Google Pagespeed, Nginx and varnish are the result of these researches. In Customer to Customer(C2C) business systems, such as chat systems, and in Business to Customer(B2C) systems, s...

متن کامل

A Distributed Content-Based Search Engine Based on Mobile Code and Web Service Technology

Current search engines crawl the Web, download content, and digest this content locally. For multimedia content, this involves considerable volumes of data. Furthermore, this process covers only publicly available content because content providers are concerned that they otherwise loose control over the distribution of their intellectual property. We present the prototype of our secure and dist...

متن کامل

Verification of Web Content Integrity: A new approach to protecting servers against tampering

The provision of web services is a real-time process, conducted in ad-hoc, ‘off the cuff’ manner. Consequently the verification of the data content and the identification of any authorized data interference or manipulation are not without problems. Some progress has been made in addressing the verification of server content integrity, but current solutions are restricted by the limitations of t...

متن کامل

Security Hardening for SAS® 9.3 Enterprise BI Web Applications

Web configuration for SAS 9.3 Enterprise BI Web applications need to be secured according to an organization's security policy. This paper examines the Web configuration security enhancement options and the protection of Web applications from security vulnerability attacks. Security enhancements for the configuration include single sign-on, integration with a reverse proxy security server, sett...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2007