Two level security approaches for secure XML database centric web services against xpath injections

Web services are deployed using eXtensible Markup Language (XML), which is an independent language for easy transportation and storage. As an important transportation for data, Web services has become increasingly vulnerable to malicious attacks that could affect essential properties of inform...

Full description

Saved in:
Bibliographic Details
Main Author: Asmawi, Aziah
Format: Thesis
Language:English
Published: 2016
Subjects:
Online Access:http://psasir.upm.edu.my/id/eprint/68604/1/FSKTM%202016%2034%20IR.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-upm-ir.68604
record_format uketd_dc
spelling my-upm-ir.686042019-05-21T07:37:00Z Two level security approaches for secure XML database centric web services against xpath injections 2016-05 Asmawi, Aziah Web services are deployed using eXtensible Markup Language (XML), which is an independent language for easy transportation and storage. As an important transportation for data, Web services has become increasingly vulnerable to malicious attacks that could affect essential properties of information systems such as confidentiality, integrity, or availability. Like any other application that allows outside user submission data, Web services can be susceptible to code injection attacks, specifically XPath (XML Path Language) injection attacks. This kind of attack can cause serious damage to the database at the backend of Web services as well as the data within it. To cope with this attack, it is necessary to develop effective and efficient secure mechanism from various angles, outsider and insider. This thesis addresses both outsider and insider threats with respect to XPath injections in providing secure mechanism for XML database-centric Web services which yields the following significant contributions. We propose the two level security approaches for the ultimate solution within XML database-centric Web services. The first approach focuses on preventing malicious XPath input within Web services application. In order to address issues of XPath injections, we propose a model-based validation (XIPS) for XPath injection attack prevention in Web service applications. The second approach focuses on preventing insider threat within XML database. In order to deal with insider threat, we propose a severity-aware trust-based access control model (XTrust) for malicious XPath code in XML database. A prototype of the solution and each approach was designed, implemented and evaluated using synthetic data through experimental research approach to evaluate its security performance. Evidently, result analysis proved that the two level security approaches solution able to provide overall protection for XML database centric Web services environment from outsider and insider threats with respect to XPath injections. Meanwhile, the first approach, XIPS provides alternative solution for Web service applications against malicious XPath input compared to the previous work and the second approach, XTrust provide more secure access control for XML database against malicious XPath code compared to the previous work. As a conclusion, the two level security approaches solution improved security level in XML database-centric Web services. Database security 2016-05 Thesis http://psasir.upm.edu.my/id/eprint/68604/ http://psasir.upm.edu.my/id/eprint/68604/1/FSKTM%202016%2034%20IR.pdf text en public doctoral Universiti Putra Malaysia Database security
institution Universiti Putra Malaysia
collection PSAS Institutional Repository
language English
topic Database security


spellingShingle Database security


Asmawi, Aziah
Two level security approaches for secure XML database centric web services against xpath injections
description Web services are deployed using eXtensible Markup Language (XML), which is an independent language for easy transportation and storage. As an important transportation for data, Web services has become increasingly vulnerable to malicious attacks that could affect essential properties of information systems such as confidentiality, integrity, or availability. Like any other application that allows outside user submission data, Web services can be susceptible to code injection attacks, specifically XPath (XML Path Language) injection attacks. This kind of attack can cause serious damage to the database at the backend of Web services as well as the data within it. To cope with this attack, it is necessary to develop effective and efficient secure mechanism from various angles, outsider and insider. This thesis addresses both outsider and insider threats with respect to XPath injections in providing secure mechanism for XML database-centric Web services which yields the following significant contributions. We propose the two level security approaches for the ultimate solution within XML database-centric Web services. The first approach focuses on preventing malicious XPath input within Web services application. In order to address issues of XPath injections, we propose a model-based validation (XIPS) for XPath injection attack prevention in Web service applications. The second approach focuses on preventing insider threat within XML database. In order to deal with insider threat, we propose a severity-aware trust-based access control model (XTrust) for malicious XPath code in XML database. A prototype of the solution and each approach was designed, implemented and evaluated using synthetic data through experimental research approach to evaluate its security performance. Evidently, result analysis proved that the two level security approaches solution able to provide overall protection for XML database centric Web services environment from outsider and insider threats with respect to XPath injections. Meanwhile, the first approach, XIPS provides alternative solution for Web service applications against malicious XPath input compared to the previous work and the second approach, XTrust provide more secure access control for XML database against malicious XPath code compared to the previous work. As a conclusion, the two level security approaches solution improved security level in XML database-centric Web services.
format Thesis
qualification_level Doctorate
author Asmawi, Aziah
author_facet Asmawi, Aziah
author_sort Asmawi, Aziah
title Two level security approaches for secure XML database centric web services against xpath injections
title_short Two level security approaches for secure XML database centric web services against xpath injections
title_full Two level security approaches for secure XML database centric web services against xpath injections
title_fullStr Two level security approaches for secure XML database centric web services against xpath injections
title_full_unstemmed Two level security approaches for secure XML database centric web services against xpath injections
title_sort two level security approaches for secure xml database centric web services against xpath injections
granting_institution Universiti Putra Malaysia
publishDate 2016
url http://psasir.upm.edu.my/id/eprint/68604/1/FSKTM%202016%2034%20IR.pdf
_version_ 1747812604479275008