Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
IFIPTM
2009
2009
Detection and Prevention of Insider Threats in Database Driven Web Services
In this paper, we take the first step to address the gap between the security needs in outsourced hosting services and the protection provided in the current practice. We consider both insider and outsider attacks in the third-party web hosting scenarios. We present SafeWS, a modular solution that is inserted between server side scripts and databases in order to prevent and detect website hijacking and unauthorized access to stored data. To achieve the required security, SafeWS utilizes a combination of lightweight cryptographic integrity and encryption tools, software engineering techniques, and security data management principles. We also describe our implementation of SafeWS and its evaluation. The performance analysis of our prototype shows the overhead introduced by security verification is small. SafeWS will allow business owners to significantly reduce the security risks and vulnerabilities of outsourcing their sensitive customer data to third-party providers.
Real-time TrafficIFIPTM 2009 | Lightweight Cryptographic Integrity | Management | Security | Sensitive Customer Data |
| Added | 20 Feb 2011 |
| Updated | 20 Feb 2011 |
| Type | Journal |
| Year | 2009 |
| Where | IFIPTM |
| Authors | Tzvi Chumash, Danfeng Yao |
Comments (0)
Researcher Info
|
