Validating denial of service vulnerabilities in web services

The loosely-coupled and dynamic nature of web services architectures has many benefits, but also leads to an increased vulnerability to denial of service attacks. While many papers have surveyed and described these vulnerabilities, they are often theoretical and lack experimental data to validate them, and assume an obsolete state of web services technologies. This paper describes experiments involving several denial of service vulnerabilities in well-known web services platforms, including Java Metro, Apache Axis, and Microsoft .NET. The results both confirm and deny the presence of some of the most well-known vulnerabilities in web services technologies. Specifically, major web services platforms appear to cope well with attacks that target memory exhaustion. However, attacks targeting CPU-time exhaustion are still effective, regardless of the victim’s platform.

Reinforcing bad behaviour : the misuse of security indicators on popular websites

Before making a security or privacy decision, Internet users should evaluate several security indicators in their browser, such as the use of HTTPS (indicated via the lock icon), the domain name of the site, and information from extended validation certificates. However, studies have shown that human subjects infrequently employ these indicators, relying on other indicators that can be spoofed and convey no cryptographic assurances. We identify four simple security indicators that accurately represent security properties of the connection and then examine 125 popular websites to determine if the sites' designs result in correctly displayed security indicators during login. In the vast majority of cases, at least some security indicators are absent or suboptimal. This suggests users are becoming habituated to ignoring recommended security indicators.

Defending web services against denial of service attacks using client puzzles

The interoperable and loosely-coupled web services architecture, while beneficial, can be resource-intensive, and is thus susceptible to denial of service (DoS) attacks in which an attacker can use a relatively insignificant amount of resources to exhaust the computational resources of a web service. We investigate the effectiveness of defending web services from DoS attacks using client puzzles, a cryptographic countermeasure which provides a form of gradual authentication by requiring the client to solve some computationally difficult problems before access is granted. In particular, we describe a mechanism for integrating a hash-based puzzle into existing web services frameworks and analyze the effectiveness of the countermeasure using a variety of scenarios on a network testbed. Client puzzles are an effective defence against flooding attacks. They can also mitigate certain types of semantic-based attacks, although they may not be the optimal solution.

Tool-supported dataflow analysis of a security-critical embedded device

Defence organisations perform information security evaluations to confirm that electronic communications devices are safe to use in security-critical situations. Such evaluations include tracing all possible dataflow paths through the device, but this process is tedious and error-prone, so automated reachability analysis tools are needed to make security evaluations faster and more accurate. Previous research has produced a tool, SIFA, for dataflow analysis of basic digital circuitry, but it cannot analyse dataflow through microprocessors embedded within the circuit since this depends on the software they run. We have developed a static analysis tool that produces SIFA compatible dataflow graphs from embedded microcontroller programs written in C. In this paper we present a case study which shows how this new capability supports combined hardware and software dataflow analyses of a security critical communications device.

Modelling web-server Flash Events

A Flash Event (FE) represents a period of time when a web-server experiences a dramatic increase in incoming traffic, either following a newsworthy event that has prompted users to locate and access it, or as a result of redirection from other popular web or social media sites. This usually leads to network congestion and Quality-of-Service (QoS) degradation. These events can be mistaken for Distributed Denial-of-Service (DDoS) attacks aimed at disrupting the server. Accurate detection of FEs and their distinction from DDoS attacks is important, since different actions need to be undertaken by network administrators in these two cases. However, lack of public domain FE datasets hinders research in this area. In this paper we present a detailed study of flash events and classify them into three broad categories. In addition, the paper describes FEs in terms of three key components: the volume of incoming traffic, the related source IP-addresses, and the resources being accessed. We present such a FE model with minimal parameters and use publicly available datasets to analyse and validate our proposed model. The model can be used to generate different types of FE traffic, closely approximating real-world scenarios, in order to facilitate research into distinguishing FEs from DDoS attacks.

Comparative eye tracking of experts and novices in web single sign-on

Security indicators in web browsers alert users to the presence of a secure connection between their computer and a web server; many studies have shown that such indicators are largely ignored by users in general. In other areas of computer security, research has shown that technical expertise can decrease user susceptibility to attacks. In this work, we examine whether computer or security expertise affects use of web browser security indicators. Our study takes place in the context of web-based single sign-on, in which a user can use credentials from a single identity provider to login to many relying websites; single sign-on is a more complex, and hence more difficult, security task for users. In our study, we used eye trackers and surveyed participants to examine the cues individuals use and those they report using, respectively. Our results show that users with security expertise are more likely to self-report looking at security indicators, and eye-tracking data shows they have longer gaze duration at security indicators than those without security expertise. However, computer expertise alone is not correlated with recorded use of security indicators. In survey questions, neither experts nor novices demonstrate a good understanding of the security consequences of web-based single sign-on.

On the security of TLS renegotiation

The Transport Layer Security (TLS) protocol is the most widely used security protocol on the Internet. It supports negotiation of a wide variety of cryptographic primitives through different cipher suites, various modes of client authentication, and additional features such as renegotiation. Despite its widespread use, only recently has the full TLS protocol been proven secure, and only the core cryptographic protocol with no additional features. These additional features have been the cause of several practical attacks on TLS. In 2009, Ray and Dispensa demonstrated how TLS renegotiation allows an attacker to splice together its own session with that of a victim, resulting in a man-in-the-middle attack on TLS-reliant applications such as HTTP. TLS was subsequently patched with two defence mechanisms for protection against this attack. We present the first formal treatment of renegotiation in secure channel establishment protocols. We add optional renegotiation to the authenticated and confidential channel establishment model of Jager et al., an adaptation of the Bellare--Rogaway authenticated key exchange model. We describe the attack of Ray and Dispensa on TLS within our model. We show generically that the proposed fixes for TLS offer good protection against renegotiation attacks, and give a simple new countermeasure that provides renegotiation security for TLS even in the face of stronger adversaries.

Secure modular password authentication for the web using channel bindings

Secure protocols for password-based user authentication are well-studied in the cryptographic literature but have failed to see wide-spread adoption on the Internet; most proposals to date require extensive modifications to the Transport Layer Security (TLS) protocol, making deployment challenging. Recently, a few modular designs have been proposed in which a cryptographically secure password-based mutual authentication protocol is run inside a confidential (but not necessarily authenticated) channel such as TLS; the password protocol is bound to the established channel to prevent active attacks. Such protocols are useful in practice for a variety of reasons: security no longer relies on users' ability to validate server certificates and can potentially be implemented with no modifications to the secure channel protocol library. We provide a systematic study of such authentication protocols. Building on recent advances in modelling TLS, we give a formal definition of the intended security goal, which we call password-authenticated and confidential channel establishment (PACCE). We show generically that combining a secure channel protocol, such as TLS, with a password authentication protocol, where the two protocols are bound together using either the transcript of the secure channel's handshake or the server's certificate, results in a secure PACCE protocol. Our prototype based on TLS is available as a cross-platform client-side Firefox browser extension and a server-side web application which can easily be installed on deployed web browsers and servers.

Learning-based Relevance Feedback for Web-based Relation Completion

In a pilot application based on web search engine calledWeb-based Relation Completion (WebRC), we propose to join two columns of entities linked by a predefined relation by mining knowledge from the web through a web search engine. To achieve this, a novel retrieval task Relation Query Expansion (RelQE) is modelled: given an entity (query), the task is to retrieve documents containing entities in predefined relation to the given one. Solving this problem entails expanding the query before submitting it to a web search engine to ensure that mostly documents containing the linked entity are returned in the top K search results. In this paper, we propose a novel Learning-based Relevance Feedback (LRF) approach to solve this retrieval task. Expansion terms are learned from training pairs of entities linked by the predefined relation and applied to new entity-queries to find entities linked by the same relation. After describing the approach, we present experimental results on real-world web data collections, which show that the LRF approach always improves the precision of top-ranked search results to up to 8.6 times the baseline. Using LRF, WebRC also shows performances way above the baseline.

Analysis of an inter-centre, web-based radiation oncology peer-review case conference

Purpose Peer-review programmes in radiation oncology are used to facilitate the process and evaluation of clinical decision-making. However, web-based peer-review methods are still uncommon. This study analysed an inter-centre, web-based peer-review case conference as a method of facilitating the decision-making process in radiation oncology. Methodology A benchmark form was designed based on the American Society for Radiation Oncology targets for radiation oncology peer review. This was used for evaluating the contents of the peer-review case presentations on 40 cases, selected from three participating radiation oncology centres. A scoring system was used for comparison of data, and a survey was conducted to analyse the experiences of radiation oncology professionals who attended the web-based peer-review meetings in order to identify priorities for improvement. Results The mean scores for the evaluations were 82·7, 84·5, 86·3 and 87·3% for cervical, prostate, breast and head and neck presentations, respectively. The survey showed that radiation oncology professionals were confident about the role of web-based peer-reviews in facilitating sharing of good practice, stimulating professionalism and promoting professional growth. The participants were satisfied with the quality of the audio and visual aspects of the web-based meeting. Conclusion The results of this study suggest that simple inter-centre web-based peer-review case conferences are a feasible technique for peer review in radiation oncology. Limitations such as data security and confidentiality can be overcome by the use of appropriate structure and technology. To drive the issues of quality and safety a step further, small radiotherapy departments may need to consider web-based peer-review case conference as part of their routine quality assurance practices.

Global banana disease management - getting serious with sustainability and food security

Much research in understanding plant diseases has been undertaken, but there has been insufficient attention given to dealing with coordinated approaches to preventing and managing diseases. A global management approach is essential to the long-term sustainability of banana production. This approach would involve coordinated surveys, capacity building in developing countries, development of disease outbreak contingency plans and coordinated quarantine awareness, including on-line training in impact risk assessment and web-based diagnostic software. Free movement of banana plants and products between some banana-producing countries is causing significant pressure on the ability to manage diseases in banana. The rapid spread of Fusarium oxysporum f. sp. cubense 'tropical race 4' in Asia, bacterial wilts in Africa and Asia and black leaf streak [Mycosphaerella fijiensis] in Brazil and elsewhere are cases in point. The impact of these diseases is devastating, severely cutting family incomes and jeopardising food security around the globe. Agreements urgently need to be reached between governments to halt the movement of banana plants and products between banana-producing countries before it is too late and global food security is irreparably harmed. Black leaf streak, arguably the most serious banana disease, has become extremely difficult to control in commercial plantations in various parts of the world. Sometimes in excess of 50 fungicide sprays have to be applied each year. Disease eradication and effective disease control is not possible because there is no control of disease inoculum in non-commercial plantings in these locations. Additionally, there have been enormous sums of money invested in international banana breeding programmes over many years only to see the value of hybrid products lost too soon. 'Goldfinger' (AAAB, syn. 'FHIA-01'), for example, has recently been observed severely affected by black leaf streak in Samoa. Resistant cultivars alone cannot be relied upon in the fight against this disease. Real progress in control may only come when the local communities are engaged and become actively involved in regional programmes. Global recommendations are long overdue and urgently needed to help ensure the long-term sustainable utilisation of the products of the breeding programmes.

Performance assessment of XACML authorizations for supply chain traceability web services

Service-Oriented Architecture (SOA) and Web Services (WS) offer advanced flexibility and interoperability capabilities. However they imply significant performance overheads that need to be carefully considered. Supply Chain Management (SCM) and Traceability systems are an interesting domain for the use of WS technologies that are usually deemed to be too complex and unnecessary in practical applications, especially regarding security. This paper presents an externalized security architecture that uses the eXtensible Access Control Markup Language (XACML) authorization standard to enforce visibility restrictions on trace-ability data in a supply chain where multiple companies collaborate; the performance overheads are assessed by comparing 'raw' authorization implementations - Access Control Lists, Tokens, and RDF Assertions - with their XACML-equivalents. © 2012 IEEE.