Database Security is an concept that includes the following properties: authenticity (guarantees that a service or piece of information is authentic), confidentiality (absence of unauthorized disclosure of a service or piece of information), integrity (protection of a service or piece of information against illicit and/or undetected modification), and availability (protection of a service or pi...

Recent updates of Vulnerability reports of the Open Web Application Security Project confirm that Cross Site Scripting (XSS) is one of the most common and severe web security defects. Cross-Site Scripting occurs when an application takes data from the user and sends it back to a web browser without validation or encoding. It occurs when the web application references the user input in HTML page...

In many location-based services, the user location is determined on the mobile device and then shared with the service. For this type of interaction, a major problem is how to prevent service abuse by malicious users who lie about their location. This paper proposes LINK (Location verification through Immediate Neighbors Knowledge), a location authentication protocol in which users help verify ...

To conceal user identities, Tor, a popular anonymity system, forwards traffic through multiple relays. These relays, however, are often unreliable, leading to a degraded user experience. Worse yet, malicious relays may strategically introduce deliberate failures to increase their chance of compromising anonymity. In this paper we propose a reputation system that profiles the reliability of rela...

Keystrokes trigger interrupts which can be detected through software side channels to reconstruct keystroke timings. Keystroke timing attacks use these side channels to infer typed words, passphrases, or create user fingerprints. While keystroke timing attacks are considered harmful, they typically require native code execution to exploit the side channels and, thus, may not be practical in man...

Reputation and reliability play a central role in a wide range of applications, from online marketplaces to review aggregators to ridesharing services. Many reputation systems are vulnerable to manipulation, and protected only by keeping algorithms secret, avoiding high-stakes applications, or using side information to identify malicious users. The current situation is reminiscent of pre-modern...

Inadvertent insiders are trusted insiders who do not have malicious intent (as with malicious insiders) but do not responsibly managing security. The result is often enabling a malicious outsider to use the privileges of the inattentive insider to implement an insider attack. This risk is as old as conversion of a weak user password into root access, but the term inadvertent insider is recently...

0957-4174/$ see front matter 2012 Elsevier Ltd. A doi:10.1016/j.eswa.2012.01.210 ⇑ Corresponding author. Tel.: +1 416 736 2100x701 E-mail address: [email protected] (D. Stevanovic Distributed Denial of Service (DDoS) is one of the most damaging attacks on the Internet security today. Recently, malicious web crawlers have been used to execute automated DDoS attacks on web sites across the WWW. ...