Protecting web services with service oriented traceback architecture

Service oriented architecture (SOA) is a way of reorganizing software infrastructure into a set of service abstracts. In the area of applying SOA to Web service security, there have been some well defined security dimensions. However, current Web security systems, like WS-Security are not efficient enough to handle distributed denial of service (DDoS) attacks. Our new approach, service oriented traceback architecture (SOTA), provides a framework to be able to identify the source of an attack. This is accomplished by deploying our defence system at distributed routers, in order to examine the incoming SOAP messages and place our own SOAP header. By this method, we can then use the new SOAP header information, to traceback through the network the source of the attack. According to our experimental performance evaluations, we find that SOTA is quite scaleable, simple and quite effective at identifying the source.

Protecting web applications from DDoS attacks by an active distributed defense system

In the last a few years a number of highly publicized incidents of Distributed Denial of Service (DDoS) attacks against high-profile government and commercial websites have made people aware of the importance of providing data and services security to users. A DDoS attack is an availability attack, which is characterized by an explicit attempt from an attacker to prevent legitimate users of a service from using the desired resources. This paper introduces the vulnerability of web applications to DDoS attacks, and presents an active distributed defense system that has a deployment mixture of sub-systems to protect web applications from DDoS attacks. According to the simulation experiments, this system is effective in that it is able to defend web applications against attacks. It can avoid overall network congestion and provide more resources to legitimate web users.

A review of critical information infrastructure protection within IT security guidelines

This research takes the form of a review and looks at the current advisories offered to informationl security professionals in Ihe area of critical information infrastructure protection A critical information infrastructure protection mode! is also presented along with a critical review of some of lhe recent formal guidance that has been offered. The Critical lnformation Infrastructure Protection - Risk Analysis-Methodology (CIlP-RAM) is then offered as a solution to the lack of information and advice.

CIIP-RAM - a step-wise security risk analysis methodology for critical information infrastructure protection

Wilh the protection of critical information infrastructure becoming a priority for all levels of management. there is a need for a new security methodology to deal with the new and unique attack threats and vulnerabilities associated with the new information technology security paradigm. The fourth generation security risk analysis melhod which copes wilh the shift from computer/information security to critical information iinfrastructure protectionl is lhe next step toward handling security risk at all levels. The paper will present the methodology of
fourth generation models and their application to critical information infrastructure protection and the associated advantagess of this methodology.

Security in the online e-learning environment

This paper addresses the role of security in the collaborative e-learning environment, and in particular, the social aspects of security and the importance of identity. It represents a case study, completed in Nov 2004, which was conducted to test the sense of security that students experienced whilst using the wiki platform as a means of online collaboration in the tertiary education environment. Wikis, fully editable Web sites, are easily accessible, require no software and allow its contributors (in this case students) to feel a sense of responsibility and ownership. A comparison between two wiki studies will be made whereby one group employed user login and the other maintained anonymity throughout the course of the study. The results consider the democratic participation and evolution of the work requirements over time, which in fact ascertains the nonvalidity of administrative identification.

Information security standards for e-business

The process of buying, selling or interacting with customers via Internet, Tele-sale, Smart card or other computer network is referred to as Electronics Commerce. Whereas online trade has been touting its flexibility, convenience and cost savings, the newest entrant is wireless e-commerce. This form of business offers many attractions; including 24 hours seven days’ open shop–business, vastly reduced fixed cost, and increased profitability. Amazon.com is an example of a successful venture, in e-business. Internet Service providers (ISP/ASP) have a significant influence on the feasibility, security and cost competitiveness of an e-business venture. In the ISP model of services, multiple users and their databases are normally offered on a single hardware, platform sharing the same IP address and Domain name. Clients will require a mechanism, which allows them to update their Web contents and databases frequently even many times daily without intervention of local system Administrator (ISP Admin). The paper overviews few steps to enable corporate clients to update their web content more securely.

Phenomenological inquiry into the experience of web project managers

The advent of the Internet and the World Wide Web has been instrumental in bringing about the growth in the implementation of web-based information systems (WBIS). Such systems are designed with the aim of improving productivity, data accuracy, and the reduction of paperwork and administrative overheads. Moreover, unlike their conventional non-web-based predecessors, the WBIS are commonly aimed at users who are casual and untrained, geographically distributed and non-homogenous. The dissemination of WBIS necessitates additional infrastructure support in the form of a security system, workflow and transaction management, and web administration. WBIS are commonly developed using an evolutionary approach, whereby the version of the application, acquired from the vendor, is first deployed as a pilot, in order to gather feedback from the target users before the evolutionary cycles commence. While a number of web development methodologies have been proposed by existing research, there is a dearth of empirical evidence that elucidates the experiences of project initiators in pursuing the evolution of web services, a process that undoubtedly involves dealing with stakeholder issues. This research project presents a phenomenological investigation of the experiences of project managers with the implementation of web-based employee service systems (ESS), a domain that has witnessed a sharp growth in Australia in recent times. However, the project managers’ rich, multidimensional account of their experiences with the implementation of ESS revealed the social obstacles and fragility of intra-organizational relationships that demanded a cautious and tactful approach. Thus, the study provides a socio-organizational perspective to web projects in contrast to the functionalist paradigm of current web development methodologies. The research also confirms that consideration of the concerns of stakeholders by project managers is crucial to the successive cycles of ESS evolution. Project managers address stakeholder concerns by pursuing actions that are aimed at encouraging ESS usage, but at the same time, such actions can have consequences necessitating subsequent iterations of system enhancement and improvement. Finally, the research also discovered that despite the different socio-political climate prevalent in various organizations, in which ESS are being implemented, the experiences of project managers in dealing with stakeholder concerns can be captured and independently confirmed in terms of their perceived relevance and usefulness in problem-solving within the application domain.

Security Issue challenging facebook

The advancement in Internet and bandwidth has resulted in a number of new applications to be developed; many of these newer applications are described as being Web 2. A web 2 application such as Facebook has allowed people around the world to interact together. One of the interesting aspects of Facebook is the use of third parties applications and the interactions that this allows.

Not surprisingly, the problems that exist in the real world such as theft, fraud, vandalism also exist in online environment, and Web 2 applications are not exception to these issues. This paper explores and categorises several security issues within the Facebook environment. It contributes to practice and research by emphasising the importance of security awareness for businesses and the general public in the use of Web 2 applications such as Facebook.

Protecting web services from distributed denial of service attacks

The outcome of the research was the development of three network defence systems to protect corporate network infrastructure. The results showed that these defences were able to detect and filter around 94% of the DDoS attack traffic within a matter of seconds.

Defending grid web services from XDoS attacks by SOTA

Grid Web Services are still relevantly a new to business systems, and as more systems are being attached to it, any threat to it could bring collapse and huge harm. Some of these potential threats to Grid Web services come in a new form of a new denial of service attack (DoS), called XML Denial of Service or XDOS attacks. Though, as yet, there have not been any reported attacks from the media, we have observed these attacks are actually far less complex to implement than any previous Denial of Service (DoS), but still just as affective. Current security applications for grid web services (WS-Security for example), based on our observations, and are not up to job of handling the problem. In this paper, we build on our previous work called Service Oriented Traceback Architecture (SOTA), and apply our model to Grid Networks that employ web services. We further introduce a filter defence system, called XDetector, to work in combination with SOTA. Our results show that SOTA in conjunction with XDetector makes for an effective defence against XDoS attacks and upcoming DXDoS.

A layered security approach for cloud computing infrastructure

This paper introduces a practical security model based on key security considerations by looking at a number of infrastructure aspects of Cloud Computing such as SaaS, Utility, Web, Platform and Managed Services, Service commerce platforms and Internet Integration which was introduced with a concise literature review. The purpose of this paper is to offer a macro level solution for identified common infrastructure security requirements. This model with a number of emerged patterns can be applied to infrastructure aspect of Cloud Computing as a proposed shared security approach in system development life cycle focusing on the plan-built-run scope.

OST : A transaction based online social trust model for social network and file sharing security

The continuous growth of the users pool of Social Networking web sites such as Facebook and MySpace, and their incessant augmentation of services and capabilities will in the future, meet and compare in contrast with today's Content distribution Networks (CDN) and Peer-to-Peer File sharing applications such as Kazaa and BitTorrent, but how can these two main streams applications, that already encounter their own security problems cope with the combined issues, trust for Social Networks, content and index poisoning in CDN? We will address the problems of Social Trust and File Sharing with an overlay level of trust model based on social activity and transactions, this can be an answer to enable users to increase the reliability of their online social life and also enhance the content distribution and create a better file sharing example. The aim of this research is to lower the risk of malicious activity on a given Social Network by applying a correlated trust model, to guarantee the validity of someone's identity, privacy and trustfulness in sharing content.

Anonymous web browsing through predicted pages

Anonymous web browsing is an emerging hot topic with many potential applications for privacy and security. However, research on low latency anonymous communication, such as web browsing, is quite limited; one reason is the intolerable delay caused by the current dominant dummy packet padding strategy, as a result, it is hard to satisfy perfect anonymity and limited delay at the same time for web browsing. In this paper, we extend our previous proposal on using prefetched web pages as cover traffic to obtain perfect anonymity for anonymous web browsing, we further explore different aspects in this direction. Based on Shannon’s perfect secrecy theory, we formally established a mathematical model for the problem, and defined a metric to measure the cost of achieving perfect anonymity. The experiments on a real world data set demonstrated that the proposed strategy can reduce delay more than ten times compared to the dummy packet padding methods, which confirmed the vast potentials of the proposed strategy.

Improvement of DDoS attack detection and web access anonymity

The thesis has covered a range of algorithms that help to improve the security of web services. The research focused on the problems of DDoS attack and traffic analysis attack against service availability and information privacy respectively. Finally, this research significantly advantaged DDoS attack detection and web access anonymity.