Sample records for secure web applications

  1. Web application security engineering

    Microsoft Academic Search

    J. D. Meier

    2006-01-01

    Integrating security throughout the life cycle can improve overall Web application security. With a detailed review of the steps involved in applying security-specific activities throughout the software development life cycle, the author walks practitioners through effective, efficient application design, development, and testing. With this article, the author shares a way to improve Web application security by integrating security throughout the

  2. Web application security assessment tools

    Microsoft Academic Search

    Mark Curphey; Rudolph Arawo

    2006-01-01

    Security testing a Web application or Web site requires careful thought and planning due to both tool and industry immaturity. Finding the right tools involves several steps, including analyzing the development environment and process, business needs, and the Web application's complexity. Here, we describe the different technology types for analyzing Web applications and Web services for security vulnerabilities, along with

  3. Web Applications and Security Web protocol overview

    E-print Network

    Massachusetts at Amherst, University of

    Web Applications and Security Web protocol overview Web forms Cookies Attacks against Web>University of Massachusetts Amherst #12;Basic Web scripting There are two basic HTTP request methods, GET and POST descriptor. #12;Securing basic web apps is easy DON'T TRUST USER INPUT, EVER... Never execute code provide

  4. Web application security White paper

    E-print Network

    . The purpose of this paper is to compare these two methods. Evolving testing techniques Manual security security: automated scanning versus manual penetration testing. Page 2 #12;Web application security: automated scanning versus manual penetration testing. Page 3 security problems. In the late 1990s, companies

  5. Web application security management White paper

    E-print Network

    Web application security management White paper January 2008 Understanding Web application security Web applications, these com- plex entities grow more difficult to secure. Most companies equip their Web sites with firewalls, Secure Sockets Layer (SSL), and network and host security, but the majority

  6. End-to-End Web Application Security

    Microsoft Academic Search

    Úlfar Erlingsson; V. Benjamin Livshits; Yinglian Xie

    2007-01-01

    Web applications are important, ubiquitous distributed systems whose current security relies primarily on server-side mechanisms. This paper makes the end-to- end argument that the client and server must collaborate to achieve security goals, to eliminate common security exploits, and to secure the emerging class of rich, cross- domain Web applications referred to as Web 2.0. In order to support end-to-end

  7. Abstracting application-level web security

    Microsoft Academic Search

    David Scott; Richard Sharp

    2002-01-01

    Application-level web security refers to vulnerabilities inherent in the code of a web-application itself (irrespective of the technologies in which it is implemented or the security of the web-server\\/back-end database on which it is built). In the last few months application-level vulnerabilities have been exploited with serious consequences: hackers have tricked e-commerce sites into shipping goods for no charge, user-names

  8. Secure Input for Web Applications

    Microsoft Academic Search

    Martin Szydlowski; Christopher Kruegel; Engin Kirda

    2007-01-01

    The Web is an indispensable part of our lives. Every day, millions of users purchase items, transfer money, retrieve information and communicate over the Web. Although the Web is convenient for many users because it provides any time, anywhere access to information and services, at the same time, it has also become a prime target for miscreants who attack unsuspecting

  9. Secure Input for Web Applications

    Microsoft Academic Search

    Martin Szydlowski; Christopher Kruegel; Engin Kirda

    2007-01-01

    The web is an indispensable part of our lives. Every day, millions of users purchase items, transfer money, retrieve information and communicate over the web. Although the web is convenient for many users because it provides any- time, anywhere access to information and services, at the same time, it has also become a prime target for miscreants who attack unsuspecting

  10. Web application security Executive brief

    E-print Network

    , two key trends have emerged in the secu- rity world: 1. Hackers are no longer attacking for pride increasingly become high-value targets for hackers. Since so many Web sites contain vulnerabilities, hackers

  11. Architectures for Inlining Security Monitors in Web Applications

    E-print Network

    Sabelfeld, Andrei

    Architectures for Inlining Security Monitors in Web Applications Jonas Magazinius, Daniel Hedin policies to be enforced in web applications. This paper focuses on securing JavaScript code by inlining architectures for inlining security monitors for JavaScript: via browser extension, via web proxy, via suffix

  12. Testing Security Policies for Web Applications

    Microsoft Academic Search

    Wissam Mallouli; Gerardo Morales; Ana Cavalli

    2008-01-01

    Due to the increasing complexity of Web systems, security testing is becoming a critical activity to guarantee the respect of such systems to their security requirements. To challenge this issue, we rely in this paper on model based active testing. We first specify the Web system behavior using IF formalism. Second, we integrate security rules -modeled in Nomad language- within

  13. AProSec: an Aspect for Programming Secure Web Applications

    E-print Network

    Paris-Sud XI, Université de

    AProSec: an Aspect for Programming Secure Web Applications Gabriel Hermosillo - Roberto Gomez describe related work on security and AOP. 1. INTRODUCTION Companies and organizations use Web servers, or to mislead them later so that they provide these data to the attacker. Security techniques used by most web

  14. The Reality of Applying Security in Web Applications in Academia

    Microsoft Academic Search

    Mohamed Al-Ibrahim; Yousef Shams Al-Deen

    2014-01-01

    Web applications are used in academic institutions, such as universities, for variety of purposes. Since these web pages contain critical information, securing educational systems is as important as securing any banking system. It has been found that many academic institutions have not fully secured their web pages against some class of vulnerabilities. In this empirical study, these vulnerabilities are focused

  15. Web application security assessment by fault injection and behavior monitoring

    Microsoft Academic Search

    Yao-Wen Huang; Shih-Kun Huang; Tsung-Po Lin; Chung-Hung Tsai

    2003-01-01

    As a large and complex application platform, the World Wide Web is capable of delivering a broad range of sophisticated applications. However, many Web applications go through rapid development phases with extremely short turnaround time, making it difficult to eliminate vulnerabilities. Here we analyze the design of Web application security assessment mechanisms in order to identify poor coding practices that

  16. From client-side encryption to secure web applications

    E-print Network

    Stark, Emily (Emily Margarete)

    2013-01-01

    This thesis presents an approach for designing secure web applications that use client-side encryption to keep user data private in the face of arbitrary web server compromises, as well as a set of tools, called CryptFrame, ...

  17. Web Application Security Standards and Practices Page 1 of 13 Web Application Security Standard Operating Environment (SOE) V1.2

    E-print Network

    Yang, Junfeng

    Web Application Security Standards and Practices Page 1 of 13 Web Application Security Standard Operating Environment (SOE) V1.2 Columbia University Web Application Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Application Security Standards and Practices

  18. Web Application Security Standards and Practices Page 1 of 13 Web Application Security Standard Operating Environment (SOE) V1 1 (2).

    E-print Network

    Grishok, Alla

    Web Application Security Standards and Practices Page 1 of 13 Web Application Security Standard Operating Environment (SOE) V1 1 (2). Columbia University Web Application Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Application Security Standards and Practices

  19. Specifying and Enforcing Application-Level Web Security Policies

    Microsoft Academic Search

    David Scott; Richard Sharp

    2003-01-01

    Application-level Web security refers to vulnerabilities inherent in the code of a Web-application itself (irrespective of the technologies in which it is implemented or the security of the Web-server\\/back-end database on which it is built). In the last few months, application-level vulnerabilities have been exploited with serious consequences: Hackers have tricked e-commerce sites into shipping goods for no charge, usernames

  20. Integrating web application security into the IT curriculum

    Microsoft Academic Search

    James Walden

    2008-01-01

    Attackers are increasingly targeting web applications. Buffer overflows had been the most common vulnerability type since CERT began collecting statistics, but web applica- tion vulnerabilities like cross-site scripting have dominated vulnerability reports since 2005. Despite billions of dol- lars spent on network security, the amount lost to computer crime, much of it the result of the insecurity of web applica-

  1. Simon's Intelligence Phase for Security Risk Assessment in Web Applications

    Microsoft Academic Search

    Brunil Romero; Marianella Villegas; Marina Meza

    2008-01-01

    Organizations in this digital era use automated information technology systems to process their information in order to support their missions. Web applications (WA) offer services for business processes that imply handling organization valuable information. Their requirements have become more complex so as to guarantee information security. Security risk assessment (SRA) plays a critical role in protecting an organization's information assets.

  2. Web-Based Training Applications in Safeguards and Security

    SciTech Connect

    Lopez, R.L.

    1999-05-21

    The U.S. Department of Energy (DOE) requires all employees who hold a security clearance and have access to classified information and/or special nuclear material to be trained in the area of Safeguards and Security. Since the advent of the World Wide Web, personnel who are responsible for training have capitalized on this communication medium to develop and deliver Web-based training. Unlike traditional computer based training where the student was required to find a workstation where the training program resided, one of Web-based training strongest advantage is that the training can be delivered right to the workers desk top computer. This paper will address reasons for the driving forces behind the utilization of Web-based training at the Laboratory with a brief explanation of the different types of training conducted. Also discussed briefly is the different types of distance learning used in conjunction with Web-based training. The implementation strategy will be addressed and how the Laboratory utilized a Web-Based Standards Committee to develop standards for Web-based training applications. Web-based problems resulting from little or no communication between training personnel across the Laboratory will be touched on and how this was solved. Also discussed is the development of a ''Virtual Training Center'' where personnel can shop on-line for their training needs. Web-based training programs within the Safeguards and Security arena will be briefly discussed. Specifically, Web-based training in the area of Materials Control and Accountability will be explored. A Web-based example of what a student would experience during a training session is also discussed. A short closing statement of what the future of Web-based Training holds in the future is offered.

  3. Secure Web Application Development and Global Regulation

    Microsoft Academic Search

    William Bradley Glisson; L. Milton Glisson; Ray Welland

    2007-01-01

    The World Wide Web (WWW) has been predominantly responsible for instigating radical paradigm transformations in today's global information rich civilizations. Many societies have basic operational economical components that depend on Web enabled systems in order to support daily commercial activities. The acceptance of E-commerce as a valid channel for conducting business coupled with societal integration and dependence on Web enabled

  4. Towards a Pattern Language for Security Risk Analysis of Web Applications

    E-print Network

    Stølen, Ketil

    Towards a Pattern Language for Security Risk Analysis of Web Applications Yan Li, SINTEF ICT This article introduces a pattern language for security risk analysis of web applications in an example driven. The pattern language is intended to be used as a guideline to capture the security risk picture of a web

  5. Web Services Security Issues in Healthcare Applications

    Microsoft Academic Search

    Shelly Sachdeva; Saphina Mchome; Subhash Bhalla

    2010-01-01

    Many research efforts are in progress for developing unified standards for Electronic Health Records. Such records can be shared for provisions of health care and research. Significant benefits can be realized when the proposed systems are used widely. Additional security requirements are crucial for their wide adoption. Patients want privacy and confidentiality. These systems will be deployed in distributed databases

  6. Dynamic multi-process information flow tracking for web application security

    Microsoft Academic Search

    Susanta Nanda; Lap-chung Lam; Tzi-cker Chiueh

    2007-01-01

    Although there is a large body of research on detection and prevention of such memory corruption attacks as buer overflow, integer overflow, and format string attacks, the web application security prob- lem receives relatively less attention from the research community by comparison. The majority of web application security problems origi- nate from the fact that web applications fail to perform

  7. A testing framework for Web application security assessment

    Microsoft Academic Search

    Yao-wen Huang; Chung-hung Tsai; Tsung-po Lin; Shih-kun Huang; D. T. Lee; Sy-yen Kuo

    2005-01-01

    The rapid development phases and extremely short turnaround time of Web applications make it difficult to elim- inate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)—a black-box testing framework for automated Web

  8. Dynamic CPU provisioning for self-managed secure web applications in SMP hosting platforms

    Microsoft Academic Search

    Jordi Guitart; David Carrera; Vicenç Beltran; Jordi Torres; Eduard Ayguadé

    2008-01-01

    Overload control mechanisms such as admission control and connection differentiation have proven effective for pre- venting overload of application servers running secure web applications. However, achieving optimal results in overload prevention is only possible when some kind of resource management is considered in addition to these mechanisms. In this paper we propose an overload control strategy for secure web applications

  9. Web Security Detection Tool

    Microsoft Academic Search

    Abhishek Agashe

    2008-01-01

    According to Government Computer News (GCN) web attacks have been marked as all- time high this year. GCN says that some of the leading security software like SOPHOS detected about 15,000 newly infected web pages daily in initial three months of 2008 [13]. This has lead to the need of efficient software to make web applications robust and sustainable to

  10. Web Application Security Gateway with Java Non-blocking IO

    Microsoft Academic Search

    Zhenxing Luo; Nuermaimaiti Heilili; Dawei Xu; Chen Zhao; Zuoquan Lin

    2006-01-01

    We present the design and implementation of the WebDaemon Security Gateway (WDSG) with the techniques of event-driving, non-blocking\\u000a IO multiplexing, secure cookies, SSL and caches based on PKI framework and role-based access control (RBAC) policy. It not\\u000a only supports massive concurrency and avoids the pitfalls of traditional block I\\/O based design, but also is able to secure\\u000a all the resources

  11. Unit Testing and Action-Level Security Solution of Struts Web Applications Based on MVC

    Microsoft Academic Search

    Qinglin Wu; Yanzhong Hu; Yan Wang

    2010-01-01

    The MVC design pattern is very useful for architecting Web applications, which encourages developers to partition the applications as early as in the design phase. Nowadays, Struts Web applications based on MVC have become more and more popular in various fields, the unit testing and action-level security are the most important method for guaranteeing the applications quality.In this paper, we

  12. Security Analysis and Improvement Model for Web-based Applications 

    E-print Network

    Wang, Yong

    2010-01-14

    , confidentiality, and data integrity. According to the reports from http://www.securityfocus.com in May 2006, operating systems account for 9% vulnerability, web-based software systems account for 61% vulnerability, and other applications account for 30...

  13. Towards a Formal Foundation of Web Security

    Microsoft Academic Search

    Devdatta Akhawe; Adam Barth; Peifung E. Lam; John C. Mitchell; Dawn Song

    2010-01-01

    We propose a formal model of web security based on an abstraction of the web platform and use this model to analyze the security of several sample web mechanisms and applications. We identify three distinct threat models that can be used to analyze web applications, ranging from a web attacker who controls malicious web sites and clients, to stronger attackers

  14. Web Browsers and Security

    Microsoft Academic Search

    Flavio De Paoli; André L. M. Dos Santos; Richard A. Kemmerer

    1998-01-01

    Today the World Wide Web is considered to be a platform for building distributed applications. This evolution is made possible\\u000a by browsers with processing capabilities and by programming languages that allow web designers to embed real programs into\\u000a HTML documents. Downloading and executing code from anywhere on the Internet brings security problems along with it. A systematic\\u000a and thorough analysis

  15. A Gateway to Web Services Security - Securing SOAP with Proxies

    Microsoft Academic Search

    Gerald Brose

    2003-01-01

    Integrating applications and resources using Web Services increases the exposure of critical resources. Consequently, the introduction of Web Services requires that additional effort be spent on assessing the corresponding risks and establishing appropriate security mechanisms. This paper explains the main challenges for securing Web Services and summarizes emerging standards. The most important of these, WS-Security, defines a message-based security model

  16. Web Security: The Emperor's New Armour

    Microsoft Academic Search

    Eddy Cheung

    2001-01-01

    Abstract The World Wide Web originally provided no security services because it was not designed to support sensitive applications As the Web evolved to become a platform for all types of Internet applications security mechanisms were added Many Internet players, especially in the e - commerce sector, claim that the Web now can provide adequate security protection In this paper

  17. Web Security: The Emperor's New Armour

    Microsoft Academic Search

    Audun Jøsang; Peter M. Mollerund; Eddy Cheung

    2001-01-01

    The World Wide Web originally provided no security services because it was not designed to support sensitive applications. As the Web evolved to become a platform for all types of Internet applications security mechanisms were added. Many Internet players, especially in the e-commerce sector, claim that the Web now can provide adequate security protection. In this paper we analyses some

  18. Teaching Web Security Using Portable Virtual Labs

    ERIC Educational Resources Information Center

    Chen, Li-Chiou; Tao, Lixin

    2012-01-01

    We have developed a tool called Secure WEb dEvelopment Teaching (SWEET) to introduce security concepts and practices for web application development. This tool provides introductory tutorials, teaching modules utilizing virtualized hands-on exercises, and project ideas in web application security. In addition, the tool provides pre-configured…

  19. Security Lab Series Introduction to Web Technologies

    E-print Network

    Tao, Lixin

    Security Lab Series Introduction to Web Technologies Prof. Lixin Tao Pace University http...........................................................................................................................................1 1.1 Web ArchitectureScript..................................................................................16 4.6 Creating Your First JavaServer Page Web Application

  20. January 2008 SECURE WEB SERVERS

    E-print Network

    -44, Guidelines on Securing Public Web Servers, which focuses on the design, implementation, and operation, which focuses on the design, implementation, and operation of publicly accessible and secure Web serversJanuary 2008 SECURE WEB SERVERS: PROTECTING WEB SITES SECURE WEB SERVERS: PROTECTING WEB SITES

  1. Application of Formal Methods to the Analysis of Web Services Security

    Microsoft Academic Search

    M. Llanos Tobarra; Diego Cazorla; Fernando Cuartero; Gregorio Díaz

    2005-01-01

    \\u000a Web Services technologies have introduced a new challenge for security protocols. Traditional security protocols cannot handle\\u000a intermediaries and the flexibility of Web Services bindings. Thus, several proposals for introducing security in Web Services\\u000a have been presented. One of these is Web Services Security. In this paper we illustrate how this protocol works, with an example, and analyse whether it is

  2. Idea: Java vs. PHP: Security Implications of Language Choice for Web Applications

    Microsoft Academic Search

    James Walden; Maureen Doyle; Robert Lenhof; John Murray

    2010-01-01

    \\u000a While Java and PHP are two of the most popular languages for open source web applications found at \\u000a freshmeat.net\\u000a , Java has had a much better security reputation than PHP. In this paper, we examine whether that reputation is deserved.\\u000a We studied whether the variation in vulnerability density is greater between languages or between different applications written\\u000a in a single

  3. Integrated Security Framework for Secure Web Services

    Microsoft Academic Search

    Wenjun Zhang

    2010-01-01

    To address the challenges in Web services security, the author firstly analyzed threats facing Web services and related security standards, presented integrated security framework based on use of authentication, authorization, confidentiality, and integrity mechanisms for Web services, and proposed how to integrate and implement these security mechanisms in order to make Web services robust against the attacks.

  4. Web Applications Security Assessment in the Portuguese World Wide Web Panorama

    Microsoft Academic Search

    Nuno Teodoro; Carlos Serrão

    \\u000a Following the EU Information and Communication Technologies agenda, the Portuguese Government has started the creation of\\u000a many applications, enabling electronic interaction between individuals, companies and the public administration – the e-Government.\\u000a Due to the Internet open nature and the sensitivity of the data that those applications have to handle, it is important to\\u000a ensure and assess their security. Financial institutions,

  5. Flexible Cryptographic Component Design for Secure Web Applications

    Microsoft Academic Search

    Tae Ho Kim; Jong Jin Kim; Chang Hoon Kim; Chun Pyo Hong

    2006-01-01

    Although Internet serves many contents and services, it has serious problems of security: the invasion of privacy, hacking and etc. To prevent these problems, two implementations have been presented: Hardware and Software implementations of cryptographic algorithms. Hardware implementations of cryptographic algorithms provide much faster than software implementations. However, Software implementations are much flexible and low-cost. Many software-approaches have been presented.

  6. Web Services Security 2

    Microsoft Academic Search

    Chris Kaler; Thomas Demartini

    2005-01-01

    Abstract: 24 This document,describes,how,to use ISO\\/IEC 21000-5 Rights Expressions,with the Web 25 Services Security (WSS) specification. 26 WSS Rights Expression Language Token Profile,,14 November 2005

  7. Mapping software faults with web security vulnerabilities

    Microsoft Academic Search

    José Fonseca; Marco Vieira

    2008-01-01

    Web applications are typically developed with hard time constraints and are often deployed with critical software bugs, making them vulnerable to attacks. The classification and knowledge of the typical software bugs that lead to security vulnerabilities is of utmost importance. This paper presents a field study analyzing 655 security patches of six widely used web applications. Results are compared against

  8. A Survey of Web Security

    Microsoft Academic Search

    Aviel D. Rubin; Daniel E. Geer Jr.

    1998-01-01

    Developing security methods for the Web is a daunting task, in part because security concerns arose after the fact. Today, with an internationally connected user network and rapidly expanding Web functionality, reliability and security are critical. Vendors engaged in retrofitting security must contend with the Web environment's peculiarities, which include location irrelevance, statelessness, code and user mobility, and stranger-to-stranger communication.

  9. A Framework for Enhancing Web Services Security

    Microsoft Academic Search

    Navya Sidharth; Jigang Liu

    2007-01-01

    The applicability of the security protocols, such as WS-Security, WS-Trust, WS-SecureConversation, WS-Federation, WS-Authorization, and WS-SecurityPolicy, is limited as they only protect SOA (Service Oriented Architecture) communication between two trusted parties with an established security association. The pervasiveness of Web services and SOAP API that can be invoked by anonymous consumers introduces security vulnerabilities are not addressed by the existing standards.

  10. A Lightweight Approach to Web Application Integrity Per A. Hallgren

    E-print Network

    Sabelfeld, Andrei

    of the modern web. From a security point of view, they offer an all-or- nothing choice to web applications [Security and privacy]: Web application security General Terms Security, integrity, man-in-the-middle-attacks Keywords web application security, data integrity, lightweight en- forcement, application-level security

  11. A Secure Web Application Providing Public Access to High-Performance Data Intensive Scientific Resources - ScalaBLAST Web Application

    SciTech Connect

    Curtis, Darren S.; Peterson, Elena S.; Oehmen, Chris S.

    2008-05-04

    This work presents the ScalaBLAST Web Application (SWA), a web based application implemented using the PHP script language, MySQL DBMS, and Apache web server under a GNU/Linux platform. SWA is an application built as part of the Data Intensive Computer for Complex Biological Systems (DICCBS) project at the Pacific Northwest National Laboratory (PNNL). SWA delivers accelerated throughput of bioinformatics analysis via high-performance computing through a convenient, easy-to-use web interface. This approach greatly enhances emerging fields of study in biology such as ontology-based homology, and multiple whole genome comparisons which, in the absence of a tool like SWA, require a heroic effort to overcome the computational bottleneck associated with genome analysis. The current version of SWA includes a user account management system, a web based user interface, and a backend process that generates the files necessary for the Internet scientific community to submit a ScalaBLAST parallel processing job on a dedicated cluster.

  12. Protecting a Moving Target: Addressing Web Application Concept Drift

    E-print Network

    California at Santa Barbara, University of

    Protecting a Moving Target: Addressing Web Application Concept Drift Federico Maggi, William of the changed web applications. Keywords: Anomaly Detection, Web Application Security, Concept Drift, Machine

  13. Composite Web Services Security Considerations

    Microsoft Academic Search

    Reinhardt van Rooyen; Andrew Hutchison

    Web services are modular, self describing software components that can be invoked over a distributed network. A single transaction can be composed of many individual Web services. There are many security considerations that have to be taken into account when assessing such a Web service transaction. This paper investigates the security concerns involved in composite Web services and introduces at

  14. IBM Web Security -Overview Animation With more instrumentation, interconnections

    E-print Network

    IBM Web Security - Overview Animation With more instrumentation, interconnections and intelligence types of security solutions to protect these web applications and backend databases, and to help Security for a Smarter Planet ­ end-to-end web security from IBM. With its comprehensive array of solutions

  15. Modeling and Testing Secure Web-Based Systems: Application to an Industrial Case Study

    Microsoft Academic Search

    Wissam Mallouli; Mounir Lallali; Gerardo Morales; Ana Rosa Cavalli

    2008-01-01

    Ensuring that a Web-based system respects its security requirements is a critical issue that has become more and more difficult to perform in these last years. This difficulty is due to the complexity level of such systems as well as their variety and increasing distribution. To guarantee such a respect, we need to test the target Web system by applying

  16. WebALPS: a survey of E-commerce privacy and security applications

    Microsoft Academic Search

    S. W. Smith

    2001-01-01

    Web-based commerce is rife with scenarios where a party needs to trust properties of computation and data storage occurring at a remote machine, operated by a different party with different interests. In our WebALPS project, we have used off-the-shelf hardware and open source software to build co-resident with Web servers, and bring the secure SSL channel all the way into

  17. WebALPS: a survey of E-commerce privacy and security applications

    Microsoft Academic Search

    S. W. Smith

    2001-01-01

    Web-based commerce is rife with scenarios where a party needs to trust properties of computation and data storage occurring at a remote machine, operated by a different party with different interests. In our WebALPS project, we have used off-the-shelf hardware and open source software to build trusted co-servers co-resident with Web servers, and bring the secure SSL channel all the

  18. Introduction to Web and Internet Security Patrick McDaniel

    E-print Network

    McDaniel, Patrick Drew

    Introduction to Web and Internet Security Patrick McDaniel AT&T Labs - Research Florham Park, NJ tutorial, we present an introduction to the methods and pitfalls of Web and Internet security. We explore the types of security being used to support applications and services on the Web with a focus on practical

  19. Secure Web Access Control Algorithm

    Microsoft Academic Search

    Filip Ioan; Szeidert Iosif; Vasar Cristian

    The paper presents a flexible and efficient method to secure the access to a Web site implemented in PHP script language. The algorithm is based on the PHP's session mechanism. The proposed method is a general one and offers the possibility to implement a PHP based secured access to a Web site, through a portal page and using an additional

  20. On Security Analysis of PHP Web Applications David Hauzar and Jan Kofron

    E-print Network

    applications has become a crucial issue. The state-of-the-art tools for bug discovery in languages used for web of this group [5]; the examples include improper neu- tralization of SQL commands, cross-site request forgery-web" languages cannot be easily applied. The current state-of-the-art tools, however, still suffer from low error

  1. Securing web-based exams

    Microsoft Academic Search

    Olivier Sessink; Rik Beeftink; Johannes Tramper; Rob J. M. Hartog

    2004-01-01

    Learning management systems may offer web-based exam facilities. Such facilities entail a higher risk to exams fraud than traditional paper-based exams. The article discusses security issues with web-based exams, and proposes precautionary measures to reduce the risks. A security model is presented that distinguishes supervision support, software restrictions, and network restrictions. Solutions to security problems are tools to supervise and

  2. An Interface Design Secure Measurement Model for Improving Web App Security

    Microsoft Academic Search

    Sen-Tarng Lai

    2011-01-01

    In the internet age, the high efficiency and high profit activities must incorporate with the internet. Web Applications (Web App) is an important IT product in the internet age. However, the network intrusions and security vulnerabilities have continued to threaten the operation of Web App. In order to avoid Web App security vulnerabilities and defects cause user significant loss, how

  3. Web service security management using semantic web techniques

    Microsoft Academic Search

    Diego Zuquim Guimarães Garcia; Maria Beatriz Felgar De Toledo

    2008-01-01

    The importance of the Web service technology for business, government, among other sectors, is growing. Its use in these sectors demands security concern. The Web Services Security standard is a step towards satisfying this demand. However, in the current security approach, the mechanism used for describing security properties of Web services restricts security policy specification and intersection. In environments that

  4. The design and implementation of web mining in web sites security

    NASA Astrophysics Data System (ADS)

    Li, Jian; Zhang, Guo-Yin; Gu, Guo-Chang; Li, Jian-Li

    2003-06-01

    The backdoor or information leak of Web servers can be detected by using Web Mining techniques on some abnormal Web log and Web application log data. The security of Web servers can be enhanced and the damage of illegal access can be avoided. Firstly, the system for discovering the patterns of information leakages in CGI scripts from Web log data was proposed. Secondly, those patterns for system administrators to modify their codes and enhance their Web site security were provided. The following aspects were described: one is to combine web application log with web log to extract more information, so web data mining could be used to mine web log for discovering the information that firewall and Information Detection System cannot find. Another approach is to propose an operation module of web site to enhance Web site security. In cluster server session, Density-Based Clustering technique is used to reduce resource cost and obtain better efficiency.

  5. Web Services Security and Privacy

    Microsoft Academic Search

    Patrick C. K. Hung; Casey K. Fung

    2007-01-01

    Web services are becoming widely deployed to implement the automation of business processes such as supply chain management, inventory tracking, and healthcare management, just to name a few. A Web service is a new breed of web application that supports interoperable application-to-application interaction over a network based on a set of XML standards. This new architecture and new set of

  6. Web Services Security and Privacy

    Microsoft Academic Search

    Patrick C. K. Hung; Casey K. Fung

    2007-01-01

    Web services are becoming widely deployed to implement the automation of business processes such as supply chain management, inventory tracking, and healthcare management, just to name a few. A Web service is a new breed of web application that supports interoperable application-to-application interaction over a network based on a set of XML standards.

  7. Secure Sessions for Web Services Karthikeyan Bhargavan

    E-print Network

    Fournet, Cedric

    Secure Sessions for Web Services Karthikeyan Bhargavan Microsoft Research Ricardo Corin University ABSTRACT WS-Security provides basic means to secure SOAP traffic, one en- velope at a time. For typical web: Web Services Security. Web services are built on asynchronous communication of SOAP envelopes [29

  8. Model-Driven Security Based on a Web Services Security Architecture

    Microsoft Academic Search

    Yuichi Nakamura; Michiaki Tatsubori; Takeshi Imamura; Koichi Ono

    2005-01-01

    The emergence of Web services and Service-Oriented Architecture (SOA) makes application development easy. However, since the computing environments on which applications are running are becoming complex, it is harder for users to set up security properly. Con- sidering such complex security environments, this pa- per describes a tooling framework to generate Web services security configurations using Model Driven Architecture (MDA).

  9. Securing Web Service Compositions: Formalizing Authorization policies using Event Calculus

    E-print Network

    Paris-Sud XI, Université de

    Securing Web Service Compositions: Formalizing Authorization policies using Event Calculus Mohsen services based applications. As autonomous services are invoked through protocols, issues such as security trust and privacy between the components services. 1 Introduction Service Oriented Computing (SOC

  10. Web services and web service security standards

    Microsoft Academic Search

    Christian Geuer-Pollmann; Joris Claessens

    2005-01-01

    This paper provides a short introduction to basic web services concepts and describes in greater detail the various specifications related to reliability, transactions and in particular security which are referred to as the Microsoft\\/IBM WS-* family of specifications. The authors were not involved in the development and specification of the family of WS-* specs described in this paper.

  11. A Security Requirements Approach for Web Systems

    E-print Network

    A Security Requirements Approach for Web Systems Stefan Wagner, Daniel Mendez Fernandez, Shareeful proposes a web security model based on experiences with other quality models that is used in a security in software development to produce secure systems. This especially holds for web systems that are usually

  12. An advisor for web services security policies

    Microsoft Academic Search

    Karthikeyan Bhargavan; Cédric Fournet; Andrew D. Gordon; Greg O'shea

    2005-01-01

    We identify common security vulnerabilities found during security reviews of web services with policy-driven security. We describe the design of an advisor for web services security configurations, the first tool both to identify such vulnerabilities automatically and to offer remedial advice. We report on its implementation as a plu- gin for Microsoft Web Services Enhancements (WSE).

  13. Web Services Security: An Enabler of Semantic Web Services

    Microsoft Academic Search

    Abbie Barbir

    Web Services are emerging as an important technology for enabling various forms of information services across programming languages and platforms. Security is a major inhibitor for implementing Web Services. A key enabler of the development and future deployment of Semantic Web Services is the creation and adoption of an effective security model for the current generation of Web Services. The

  14. Secure Sessions for Web Services Karthikeyan Bhargavan

    E-print Network

    Fournet, Cedric

    their main security properties. We also informally discuss some pitfalls and limitations, Theory, Verification Additional Key Words and Phrases: Web Services, XML Security 1. INTRODUCTIONSecure Sessions for Web Services Karthikeyan Bhargavan Microsoft Research and Ricardo Corin

  15. Informing security indicator design in web browsers

    Microsoft Academic Search

    Pan Shi; Heng Xu

    2011-01-01

    In this paper, we aim at providing conceptual and empirical insights to the design of security indicators in web browsers. In examining why security indicators in web browsers fail to warn users about web frauds, we propose affordance-based principles for our new design of web authentication indicators. Following these principles, we present a new design for Extended Validation (EV) certificate

  16. Security Aware Mobile Web Service Provisioning

    E-print Network

    Srirama, Satish Narayana; Prinz, Wolfgang; Pendyala, Kiran

    2010-01-01

    Mobile data services in combination with profluent web services are seemingly the path breaking domain in current information research. Effectively, these mobile web services will pave the way for exciting performance and security challenges, the core need-to-be-addressed issues. On security front, though a lot of standardized security specifications and implementations exist for web services in the wired networks, not much has been analysed and standardized in the wireless environments. This paper addresses some of the critical challenges in providing security to the mobile web service domain. We first explore mobile web services and their key security issues, with special focus on provisioning based on a mobile web service provider realized by us. Later we discuss state-of-the-art security awareness in the wired and wireless web services, and finally address the realization of security for the mobile web service provisioning with performance analysis results.

  17. Designing Dependable Web Services Security Architecture Solutions

    Microsoft Academic Search

    D. Shravani; P. Suresh Varma; B. Padmaja Rani; M. Upendra Kumar; A. V. Krishna Prasad

    \\u000a Web Services Security Architectures have three layers, as provided by NIST standard: Web Service Layer, Web Services Framework\\u000a Layer (.NET or J2EE), and Web Server Layer. In services oriented web services architecture, business processes are executed\\u000a as a composition of services, which can suffer from vulnerabilities pertaining to secure data access and protecting code of\\u000a Web Services. The goal of

  18. Web Analytics for Security Informatics

    E-print Network

    Glass, Kristin

    2013-01-01

    An enormous volume of security-relevant information is present on the Web, for instance in the content produced each day by millions of bloggers worldwide, but discovering and making sense of these data is very challenging. This paper considers the problem of exploring and analyzing the Web to realize three fundamental objectives: 1.) security relevant information discovery; 2.) target situational awareness, typically by making (near) real-time inferences concerning events and activities from available observations; and 3.) predictive analysis, to include providing early warning for crises and forming predictions regarding likely outcomes of emerging issues and contemplated interventions. The proposed approach involves collecting and integrating three types of Web data, textual, relational, and temporal, to perform assessments and generate insights that would be difficult or impossible to obtain using standard methods. We demonstrate the efficacy of the framework by summarizing a number of successful real-wor...

  19. A Performance Evaluation of Web Services Security

    Microsoft Academic Search

    Kezhe Tang; Shiping Chen; David Levy; John Zic; Bo Yan

    2006-01-01

    Web services security (WSS) has been approved as a standard by OASIS and widely adopted in the industry as a solution for enhancing the security of Web services. However, the performance of WSS remains a concern due to the additional security contents added to SOAP message and the extra service time for processing these security contents. This paper aims at

  20. XML and Web Services Security Standards

    Microsoft Academic Search

    Nils Agne Nordbotten

    2009-01-01

    XML and Web services are widely used in current distributed systems. The security of the XML based communication, and the Web services themselves, is of great importance to the overall security of these systems. Furthermore, in order to facilitate interoperability, the security mechanisms should preferably be based on established standards. In this paper we provide a tutorial on current security

  1. Subspace: secure cross-domain communication for web mashups

    Microsoft Academic Search

    Collin Jackson; Helen J. Wang

    2007-01-01

    Combining data and code from third-party sources has en- abled a new wave of web mashups that add creativity and functionality to web applications. However, browsers are poorly designed to pass data between domains, often forc- ing web developers to abandon security in the name of func- tionality. To address this deficiency, we developed Subspace, a cross-domain communication mechanism that

  2. Mobile Security for Internet Applications

    Microsoft Academic Search

    Roger Kehr; Joachim Posegga; Roland Schmitz; Peter Windirsch

    2001-01-01

    The WebSIM is a technology for interfacing GSM SIMs with the Internet, by implementing a Web server inside a SIM. This paper discusses how this technology can be used for securing services over the Internet and describes several concrete application scenarios.

  3. web identity application sectioneleven

    E-print Network

    Derisi, Joseph

    web identity application sectioneleven 99 contents elements of webpage design......................................................................... 100-101 web development and design considerations web banners is required for all official UCSF webpages. This banner includes a required link

  4. Web Services Security: is the problem solved?

    Microsoft Academic Search

    Carlos Gutiérrez; Eduardo Fernández-medina; Mario Piattini

    2004-01-01

    This paper demonstrates that much work needs to be done in Web services security standardization. It explains the new Web services security threats and mentions the main initiatives and their respective specifications that try to prevent them.Recently Web services technology has reached such a level of maturity that it has evolved from being a promising technology to becoming a reality

  5. FOUNDATIONS OF WEB SCRIPT SECURITY Aaron Bohannon

    E-print Network

    Plotkin, Joshua B.

    FOUNDATIONS OF WEB SCRIPT SECURITY Aaron Bohannon A DISSERTATION in Computer and Information Science #12;FOUNDATIONS OF WEB SCRIPT SECURITY COPYRIGHT 2012 Aaron Bohannon #12;Acknowledgements applying reactive noninterference to web browsers. Before I started the final phase of my thesis research

  6. Web Development Evolution: The Assimilation of Web Engineering Security

    Microsoft Academic Search

    William Bradley Glisson; Ray Welland

    2005-01-01

    In today's e-commerce environment, information is an incredibly valuable asset. Surveys indicate that companies are suffering staggering financial losses due to web security issues. Analyzing the underlying causes of these security breaches shows that a significant proportion of them are caused by straightforward design errors in systems and not by failures in security mechanisms. There is significant research into security

  7. An Overview of Web Services Security

    Microsoft Academic Search

    P Kearney; J Chapman; N Edwards; M Gifford; L He

    2004-01-01

    Security and Web Services are consistently reported among the top technologies of interest to businesses. Concerns about security\\u000a are a major deterrent to companies considering use of the technology. This paper attempts to give an overview of the current\\u000a state of Web Services security. The main body of the paper is a tour through key concepts used in Web Services

  8. Introducing Web Application Development

    E-print Network

    Ding, Wei

    Introducing Web Application Development Instructor: Dr Wei Ding Development Instructor: Dr.Wei Ding Fall 2009 1CS 437/637 Database-BackedWeb Sites andWeb Services Introduction: Internet vs. World Wide Web Internet is an interconnected network of thousands ofInternet is an interconnected network

  9. Distributed Orchestration of Web Services under Security Constraints

    E-print Network

    Paris-Sud XI, Université de

    Distributed Orchestration of Web Services under Security Constraints Tigran Avanesov1 , Yannick industry and academia. Keywords: Web services, automatic composition, security, distributed orchestration to describe, especially if some security constraints are to be respected. Mainly two approaches to Web service

  10. WSEmail: Secure Internet Messaging Based on Web Services

    Microsoft Academic Search

    Kevin D. Lux; Michael J. May; Nayan L. Bhattad; Carl A. Gunter

    2005-01-01

    Web services offer an opportunity to redesign a variety of older systems to exploit the advantages of a flexible, ex- tensible, secure set of standards. In this paper we explore the objective of improving Internet messaging (email) by redesigning it as a family of web services, an approach we call WSEmail. We illustrate an architecture and describe some applications. Since

  11. Using web security scanners to detect vulnerabilities in web services

    Microsoft Academic Search

    Marco Vieira; Nuno Antunes; Henrique Madeira

    2009-01-01

    Although web services are becoming business- critical components, they are often deployed with criti- cal software bugs that can be maliciously explored. Web vulnerability scanners allow detecting security vulnerabilities in web services by stressing the service from the point of view of an attacker. However, re- search and practice show that different scanners have different performance on vulnerabilities detection. In

  12. Security for Web-Based Tests.

    ERIC Educational Resources Information Center

    Shermis, Mark D.; Averitt, Jason

    The purpose of this paper is to enumerate a series of security steps that might be taken by those researchers or organizations that are contemplating Web-based tests and performance assessments. From a security viewpoint, much of what goes on with Web-based transactions is similar to other general computer activity, but the recommendations here…

  13. Towards the integration of Web services security on enterprise environments

    Microsoft Academic Search

    Yuichi Nakamur; Satoshi Hada; Ryo Neyama

    2002-01-01

    Web services are applications that can be accessed via widely accepted standards such as HTTP and XML. Since they are based on message exchanges on the Internet, there are always security risks as messages could be stolen, lost, or modified. Fortunately there are security standards such as SSL, and emerging standards such as XML digital signatures. With these technologies, safe

  14. Designing, Implementing, and Evaluating Secure Web Browsers

    ERIC Educational Resources Information Center

    Grier, Christopher L.

    2009-01-01

    Web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems using browser-based attacks. Efforts that retrofit existing browsers have had limited success since modern browsers are not designed to withstand attack. To enable more secure web browsing, we design and implement new web browsers from the ground…

  15. Verifying policy-based web services security

    Microsoft Academic Search

    Karthikeyan Bhargavan; Cédric Fournet; Andrew D. Gordon

    2008-01-01

    WS-SecurityPolicy is a declarative language for configuring web services se- curity mechanisms. We describe a formal semantics for WS-SecurityPolicy and propose a more abstract language for specifying secure links between web ser- vices and their clients. We present the architecture and implementation of tools that (1) compile policy files from link specifications, and (2) verify by invoking a theorem prover

  16. Web Security Standards and Practices Page 1 of 13 Web Security Standard Operating Environment (SOE) V1.doc

    E-print Network

    Qian, Ning

    Web Security Standards and Practices Page 1 of 13 Web Security Standard Operating Environment (SOE) V1.doc Columbia University Web Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Security Standards and Practices document establishes a baseline of security related

  17. Web Applications in Java

    Microsoft Academic Search

    John Hunt; Chris Loftus

    \\u000a What is a Java Web Application? This chapter sets out to clarify what is meant in the Java Servlet and JavaServer Pages (JSPs)\\u000a specification about Web Applications. It introduces the concept of a Web Application, how they are defined, structured, implemented\\u000a and deployed. It does this using a very simple servlet that displays a welcome message and the current date.

  18. Two Patterns for Web Services Security

    Microsoft Academic Search

    Eduardo B. Fernández

    2004-01-01

    Patterns are widely used in software engineering where they have been successful in improving analysis and design by encapsulating the experience of many designers. Security patterns are a recent development as a way to encapsulate the accumulated knowledge about secure systems design. We present here two patterns for web services: 1) a Security Assertion Coordination pattern that coordinates authentication and

  19. PWSSec: Process for Web Services Security

    Microsoft Academic Search

    Carlos Gutiérrez; Eduardo Fernández-medina; Mario Piattini

    2006-01-01

    In the last few years, the field of Web services (WS) security has evolved rapidly producing an impressive number of WS-based security standards. This fact has caused that organizations are still reticent about adopting technologies based on this paradigm due to the learning curve necessary to integrate security into their practical deployments. In this paper, we present PWSSec (process for

  20. A Performance Evaluation of Mobile Web Services Security

    E-print Network

    Srirama, Satish Narayana; Prinz, Wolfgang

    2010-01-01

    It is now feasible to host basic web services on a smart phone due to the advances in wireless devices and mobile communication technologies. The market capture of mobile web services also has increased significantly, in the past years. While the applications are quite welcoming, the ability to provide secure and reliable communication in the vulnerable and volatile mobile ad-hoc topologies is vastly becoming necessary. Even though a lot of standardized security specifications like WS-Security, SAML exist for web services in the wired networks, not much has been analyzed and standardized in the wireless environments. In this paper we give our analysis of adapting some of the security standards, especially WS-Security to the cellular domain, with performance statistics. The performance latencies are obtained and analyzed while observing the performance and quality of service of our Mobile Host.

  1. Web Services Security (WS-Security)

    Microsoft Academic Search

    Bob Atkinson; Phillip Hallam-Baker; Chris Kaler; John Manferdelli; Hemma Prafullchandra; John Shewchuk

    2002-01-01

    WS-Security describes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies.

  2. An Overview and Evaluation of Web Services Security Performance Optimizations

    E-print Network

    van Engelen, Robert A.

    An Overview and Evaluation of Web Services Security Performance Optimizations Robert A. van Engelen,wzhang}@cs.fsu.edu Abstract WS-Security is an essential component of the Web ser- vices protocol stack. WS-Security provides-to-end message integrity assurance and authentication. 1. Introduction Web Services Security (WS-Security) [11

  3. A Survey of Web Services Security

    Microsoft Academic Search

    Carlos Gutiérrez; Eduardo Fernández-medina; Mario Piattini

    2004-01-01

    During the past years significant standardization work in web services technology has been made. As a consequence of these initial efforts, web services foundational stable specifications have already been delivered. Now, it is time for the industry to standardize and address the security issues that have risen from this paradigm. Great activity is being carried out on this subject. This

  4. Speculations on the science of web user security Ravi Sandhu

    E-print Network

    Sandhu, Ravi

    Speculations on the science of web user security Ravi Sandhu Institute for Cyber Security history: Available online 26 October 2012 Keywords: Web user security Security science Cyber security a b s t r a c t There appears to be consensus among seasoned cyber security researchers

  5. Crowdsourced Web Augmentation: A Security Model

    Microsoft Academic Search

    Cristóbal Arellano; Oscar Díaz; Jon Iturrioz

    2010-01-01

    \\u000a Web augmentation alters the rendering of existing Web applications at the back of these applications. Changing the layout, adding\\/removing content or providing additional\\u000a hyperlinks\\/widgets are examples of Web augmentation that account for a more personalized user experience. Crowdsourced Web augmentation considers end users not only the beneficiaries but also the contributors of augmentation scripts. The fundamental\\u000a problem with so augmented

  6. Information Flow Control to Secure Dynamic Web Service Composition

    E-print Network

    Siekmann, Jörg H.

    Information Flow Control to Secure Dynamic Web Service Composition Dieter Hutter and Melanie to other web services demanding the required degree of security. In this pa- per we propose a methodology security fa- cilities to guarantee the security requirements of all participants. Web services have

  7. Verifying Policy-Based Security for Web Services Karthikeyan Bhargavan

    E-print Network

    Fournet, Cedric

    Verifying Policy-Based Security for Web Services Karthikeyan Bhargavan Microsoft Research C configuration language for driv- ing web services security mechanisms. We describe a formal se- mantics for WS-SecurityPolicy, and propose a more abstract link language for specifying the security goals of web services and their clients

  8. Secure Password-Based Authenticated Key Exchange for Web Services

    E-print Network

    - 1 - Secure Password-Based Authenticated Key Exchange for Web Services Liang Fang1,2 , Samuel and key exchange, while the WS-Trust and WS-SecureConversation are emerging Web Services Security to the portion of the Globus Toolkit that implements security functionality. The recent definition of the Web

  9. Android Applications Security

    Microsoft Academic Search

    Paul POCATILU

    2011-01-01

    The use of smartphones worldwide is growing very fast and also the malicious attacks have increased. The mobile security applications development keeps the pace with this trend. The paper presents the vulnerabilities of mobile applications. The Android applications and devices are analyzed through the security perspective. The usage of restricted API is also presented. The paper also focuses on how

  10. Secure Communication and Access Control for Mobile Web Service Provisioning

    E-print Network

    Srirama, Satish Narayana

    2010-01-01

    It is now feasible to host basic web services on a smart phone due to the advances in wireless devices and mobile communication technologies. While the applications are quite welcoming, the ability to provide secure and reliable communication in the vulnerable and volatile mobile ad-hoc topologies is vastly becoming necessary. The paper mainly addresses the details and issues in providing secured communication and access control for the mobile web service provisioning domain. While the basic message-level security can be provided, providing proper access control mechanisms for the Mobile Host still poses a great challenge. This paper discusses details of secure communication and proposes the distributed semantics-based authorization mechanism.

  11. A Security Mechanism of Web Services-Based Communication for Wind Power Plants

    Microsoft Academic Search

    Nian Liu; Jianhua Zhang; Wenxia Liu

    2008-01-01

    The IEC 61400-25 standard has defined the mapping of wind power-plant information model to Web services (WS). Ensuring the security of WS-based communication for wind power plants is an unsolved problem. WS-security is a standard used to deal with the security requirements in applications of Web services, while the username\\/password and X.509 certificates are security tokens most commonly used in

  12. Enhancing web browser security against malware extensions

    Microsoft Academic Search

    Mike Ter Louw; Jin Soon Lim; V. N. Venkatakrishnan

    2008-01-01

    In this paper we examine security issues of functionality extension mechanisms supported by web browsers. Extensions (or “plug-ins”)\\u000a in modern web browsers enjoy unrestrained access at all times and thus are attractive vectors for malware. To solidify the\\u000a claim, we take on the role of malware writers looking to assume control of a user’s browser space. We have taken advantage

  13. Designing personalized web applications

    Microsoft Academic Search

    Gustavo Rossi; Daniel Schwabe; Robson Guimarães

    2001-01-01

    The goal of this paper is to argue the need to approach the personalization issues in Web applications from the very beginning in the application's development cycle. Since personalization is a critical aspect in many popular domains such as e-commerce, it important enough that it should be dealt with through a design view, rather than only an implementation view (which

  14. Security in WebCom: Addressing Naming Issues for a Web Services Architecture

    E-print Network

    Foley, Simon

    Security in WebCom: Addressing Naming Issues for a Web Services Architecture Thomas B. Quillinan t in grids, distributed middlewares and web services. Decentralised security architectures allow. ACM Workshop on Secure Web Services, October 29, 2004, Fairfax VA, USA. Copyright 2004 ACM X

  15. Improving web site security with data flow management

    E-print Network

    Yip, Alexander Siumann, 1979-

    2009-01-01

    This dissertation describes two systems, RESIN and BFLow, whose goal is to help Web developers build more secure Web sites. RESIN and BFLOW use data flow management to help reduce the security risks of using buggy or ...

  16. Standards for XML and Web Services Security

    Microsoft Academic Search

    Martin Naedele

    2003-01-01

    XML schemas convey the data syntax and semantics for various application domains, such as business-to-business transactions, medical records, and production status reports. However, these schemas seldom address security issues, which can lead to a worst-case scenario of systems and protocols with no security at all. At best, they confine security to transport level mechanisms such as secure sockets layer (SSL).

  17. Reliability, compliance, and security in web-based course assessments

    NASA Astrophysics Data System (ADS)

    Bonham, Scott

    2008-06-01

    Pre- and postcourse assessment has become a very important tool for education research in physics and other areas. The web offers an attractive alternative to in-class paper administration, but concerns about web-based administration include reliability due to changes in medium, student compliance rates, and test security, both question leakage and utilization of web resources. An investigation was carried out in introductory astronomy courses comparing pre- and postcourse administration of assessments using the web and on paper. Overall no difference was seen in performance due to the medium. Compliance rates fluctuated greatly, and factors that seemed to produce higher rates are identified. Notably, email reminders increased compliance by 20%. Most of the 559 students complied with requests to not copy, print, or save questions nor use web resources; about 1% did copy some question text and around 2% frequently used other windows or applications while completing the assessment.

  18. Factsheets Web Application

    SciTech Connect

    VIGIL,FRANK; REEDER,ROXANA G.

    2000-10-30

    The Factsheets web application was conceived out of the requirement to create, update, publish, and maintain a web site with dynamic research and development (R and D) content. Before creating the site, a requirements discovery process was done in order to accurately capture the purpose and functionality of the site. One of the high priority requirements for the site would be that no specialized training in web page authoring would be necessary. All functions of uploading, creation, and editing of factsheets needed to be accomplished by entering data directly into web form screens generated by the application. Another important requirement of the site was to allow for access to the factsheet web pages and data via the internal Sandia Restricted Network and Sandia Open Network based on the status of the input data. Important to the owners of the web site would be to allow the published factsheets to be accessible to all personnel within the department whether or not the sheets had completed the formal Review and Approval (R and A) process. Once the factsheets had gone through the formal review and approval process, they could then be published both internally and externally based on their individual publication status. An extended requirement and feature of the site would be to provide a keyword search capability to search through the factsheets. Also, since the site currently resides on both the internal and external networks, it would need to be registered with the Sandia search engines in order to allow access to the content of the site by the search engines. To date, all of the above requirements and features have been created and implemented in the Factsheet web application. These have been accomplished by the use of flat text databases, which are discussed in greater detail later in this paper.

  19. Performance Evaluation and Modeling of Web Services Security

    Microsoft Academic Search

    Shiping Chen; John Zic; Kezhe Tang; David Levy

    2007-01-01

    While Web Services Security (WSS) enhances the security of web services, it may also introduce additional performance overheads to standard web services due to additional CPU processing and larger messages transferred. In this paper, we aim at clarifying this concern by conducting a quantitative performance evaluation of WSS overhead. Based on the evaluation, we extend our existing web services performance

  20. Trustworthy Browsing - A Secure Web Accessing Model

    Microsoft Academic Search

    Joe C. K. Yau; Lucas Chi Kwong Hui; Bruce S. N. Cheung; Siu-ming Yiu; Yan Woo; K. W. Lau; Eric H. M. Li

    2005-01-01

    The Web technology we are enjoying now is insecure, especially for accessing sensitive information. There is no solution that provides highly reliable user authentication to prove the identity of the information requestor to the server, nor a solution that securely protects the browsed information from being stolen. To solve this problem, the Trustworthy Browsing system, based on a special browsing

  1. Complex Image Recognition and Web Security

    Microsoft Academic Search

    Henry S. Baird

    Web services offered for human use are being abused by programs. Efforts to defend against these abuses have, over the last 5 years, stimulated the development of a new family of security protocols able to distinguish between human and machine users automatically over graphical user interfaces (GUIs) and networks. AltaVista pioneered this technology in 1997; by 2000, Yahoo! and PayPal

  2. UDDI and WSDL extensions for Web service: a security framework

    Microsoft Academic Search

    Carlisle Adams; Sharon Boeyen

    2002-01-01

    This paper outlines a framework for implementing security for Web Services by extending UDDI and WSDL. The framework includes security of UDDI itself, security of Web services transactions, and linkages with existing infrastructures outside UDDI. Extensions to the schema for both UDDI and WSDL are identified, as well as extensions to the security of thepublication and discovery mechanism itself.

  3. Specifying Dynamic Security Properties of Web Service Based Systems

    Microsoft Academic Search

    Artem Vorobiev; Jun Han

    2006-01-01

    The security characteristics of web service based systems depend on those of the individual web services (WS) involved and the way in which they are related to each other. In principle, the security characteristics of WS or systems can be expressed in security properties that are published and available to external parties. Only by knowing the security properties of the

  4. 75 FR 47320 - Millington Securities, Inc., et al.; Notice of Application

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-08-05

    ...Secretary, Securities and Exchange...o Millington Securities, Inc., 222...summary of the application. The complete application may be obtained...Commission's Web site by searching...registered under the Securities Exchange...

  5. Assessing and Exploiting Web Applications with the Open-Source Samurai Web Testing Framework

    Microsoft Academic Search

    Raul Siles

    \\u000a The Samurai Web Testing Framework (WTF) is an open-source LiveCD based on Ubuntu and focused on web application security testing.\\u000a It includes an extensive collection of pre-installed and pre-configured top penetration testing and security analysis tools,\\u000a becoming the perfect environment for assessing and exploiting web applications. The tools categorization guides the analyst\\u000a through the web-app penetration testing methodology, from reconnaissance,

  6. Application Security Automation

    ERIC Educational Resources Information Center

    Malaika, Majid A.

    2011-01-01

    With today's high demand for online applications and services running on the Internet, software has become a vital component in our lives. With every revolutionary technology comes challenges unique to its characteristics; for online applications, security is one huge concern and challenge. Currently, there are several schemes that address…

  7. SPIM Architecture for MVC based Web Applications

    E-print Network

    Sridaran, R; Iyakutti, K; Mani, M N S

    2010-01-01

    The Model / View / Controller design pattern divides an application environment into three components to handle the user-interactions, computations and output respectively. This separation greatly favors architectural reusability. The pattern works well in the case of single-address space and not proven to be efficient for web applications involving multiple address spaces. Web applications force the designers to decide which of the components of the pattern are to be partitioned between the server and client(s) before the design phase commences. For any rapidly growing web application, it is very difficult to incorporate future changes in policies related to partitioning. One solution to this problem is to duplicate the Model and controller components at both server and client(s). However, this may add further problems like delayed data fetch, security and scalability issues. In order to overcome this, a new architecture SPIM has been proposed that deals with the partitioning problem in an alternative way. S...

  8. Intelligent Crawling of Web Applications for Web Archiving

    E-print Network

    Paris-Sud XI, Université de

    in Figure 1. A Web crawler (also known as Web spider or robot) is a computer program that inspects the WebIntelligent Crawling of Web Applications for Web Archiving Muhammad Faheem supervised by Pierre.senellart}@telecom.paristech.fr ABSTRACT The steady growth of the World Wide Web raises challenges regarding the preservation of meaningful

  9. Identifying information disclosure in web applications with retroactive auditing

    E-print Network

    Williams, Brian C.

    disclosure of sensitive information is a common problem, despite improvements in security tech- niques be expensive because in- stitutions are often required by law to inform their users of the security breach information was leaked in the context of web applications, such as a health care application that collects

  10. FPA Depot - Web Application

    NASA Technical Reports Server (NTRS)

    Avila, Edwin M. Martinez; Muniz, Ricardo; Szafran, Jamie; Dalton, Adam

    2011-01-01

    Lines of code (LOC) analysis is one of the methods used to measure programmer productivity and estimate schedules of programming projects. The Launch Control System (LCS) had previously used this method to estimate the amount of work and to plan development efforts. The disadvantage of using LOC as a measure of effort is that one can only measure 30% to 35% of the total effort of software projects involves coding [8]. In the application, instead of using the LOC we are using function point for a better estimation of hours in each software to develop. Because of these disadvantages, Jamie Szafran of the System Software Branch of Control And Data Systems (NE-C3) at Kennedy Space Canter developed a web application called Function Point Analysis (FPA) Depot. The objective of this web application is that the LCS software architecture team can use the data to more accurately estimate the effort required to implement customer requirements. This paper describes the evolution of the domain model used for function point analysis as project managers continually strive to generate more accurate estimates.

  11. Building Web Application with XQuery

    Microsoft Academic Search

    Zhiming Gui; Husheng Liao; linlin Fu

    2010-01-01

    \\u000a This paper proposes to design and implement a new XQuery-based framework for generating web application. It supports the development\\u000a of both client and server side program in a uniform way using XQuery. Further more, through translating the fully XQuery based\\u000a web application into corresponding client and server side code in appropriate target language, it enables web application\\u000a developed using our

  12. Solving Some Modeling Challenges when Testing Rich Internet Applications for Security

    E-print Network

    Jourdan, Guy-Vincent

    Solving Some Modeling Challenges when Testing Rich Internet Applications for Security Suryakant benefitting from automated tools for testing web applications. Keywords: Security Testing, Automated Crawling was the development of automated tools for testing web applications for security. There are various commercial

  13. Towards a Framework for Migrating Web Applications to Web Services

    E-print Network

    Cordy, James R.

    Towards a Framework for Migrating Web Applications to Web Services Asil A. Almonaies Manar H {asil,alalfi,cordy,dean}@cs.queensu.ca Abstract Migrating traditional legacy web applications to web services is an important step in the modernization of web-based business systems to more complex inter

  14. MedlinePlus Connect: Web Application

    MedlinePLUS

    ... nih.gov/medlineplus/connect/application.html MedlinePlus Connect: Web Application To use the sharing features on this ... please see our guidelines and instructions on linking. Web Application Overview The API for the Web application ...

  15. Web 2.0 Technologies and Social Networking Security Fears in Enterprises

    E-print Network

    Almeida, Fernando

    2012-01-01

    Web 2.0 systems have drawn the attention of corporation, many of which now seek to adopt Web 2.0 technologies and transfer its benefits to their organizations. However, with the number of different social networking platforms appearing, privacy and security continuously has to be taken into account and looked at from different perspectives. This paper presents the most common security risks faced by the major Web 2.0 applications. Additionally, it introduces the most relevant paths and best practices to avoid these identified security risks in a corporate environment.

  16. Guest Editorial: Web Security Using the web is a security risk. However, today's business world and our desire for useful and entertaining

    E-print Network

    McDaniel, Patrick Drew

    Guest Editorial: Web Security Using the web is a security risk. However, today's business world of active debate since the Internet's inception. Significant strides toward a secure and private web have been made. However, the investigation of web security is in its infancy and much work remains

  17. Teaching a web security course to practice information assurance

    Microsoft Academic Search

    H. Yu; W. Liao; X. Yuan; J. Xu

    2006-01-01

    This paper presents a hybrid teaching approach, a new Web Security course as well as how to use the hybrid approach to teach the Web Security course to practice information assurance. The hybrid teaching approach contains three key issues that are keeping the lecture materials up-to-date, assigning former research projects as comprehensive team projects, and connecting classroom knowledge with real

  18. New approach for the dynamic enforcement of Web services security

    Microsoft Academic Search

    Azzam Mourad; Sara Ayoubi; Hamdi Yahyaoui; Hadi Otrok

    2010-01-01

    We propose in this paper a new approach for the dynamic enforcement of Web services security, which is based on a synergy between Aspect-Oriented Programming (AOP) and composition of Web services. Security policies are specified as aspects. The elaborated aspects are then weaved (integrated) in the Business Process Execution Language (BPEL) process at runtime. The main contributions of our approach

  19. Centralized Web Proxy Services: Security and Privacy Considerations

    Microsoft Academic Search

    Guy-vincent Jourdan

    2007-01-01

    The widespread use of centrally controlled, externally run Web proxy services has several potential security issues related to privacy and deception, intranet information disclosure, and the creation of a single point of failure for widespread attacks. The author evaluates the security implications of such a Web proxy service from the viewpoints of users, organizations, and content providers. The discussion is

  20. Web Security Requirements: A Phishing Perspective School of Computer Science

    E-print Network

    Sadeh, Norman M.

    Web Security Requirements: A Phishing Perspective Ian Fette School of Computer Science Carnegie@cs.cmu.edu Abstract-- We are currently focusing on web security prob- lems caused by phishing, and similar semantic behavior. I. INTRODUCTION Phishing is a growing problem[1] that affects an increasing number of users

  1. Java web services: WS-Security without client certificates

    E-print Network

    -SecureConversation performance. About this series Web services are a crucial part of Java technology's role in enterprise, simplifying your web service configuration while also providing performance benefits. You can use it directly'll also see how plain WS-Security symmetric encryption performance compares to WS

  2. A Dynamic Web Agent for Verifying the Security and Integrity of a Web Site's Contents

    Microsoft Academic Search

    Soroush Sedaghat; Josef Pieprzyk; Ehsan Vossough

    2001-01-01

    To harness safe operation of Web-based systems in Web environments, we propose an SSPA (Server-based SHA-1 Page-digest Algorithm) to verify the integrity of Web contents before the server issues an HTTP response to a user request. In addition to standard security measures, our Java implementation of the SSPA, which is called the Dynamic Security Surveillance Agent (DSSA), provides further security

  3. On securing privacy in composite web service transactions

    Microsoft Academic Search

    Rattikorn Hewett; Phongphun Kijsanayothin

    2009-01-01

    Today's numerous online transactions are implemented as composite web services in various domains including business, healthcare, government and education. One important aspect of secured online transactions is privacy protection. This paper addresses privacy issues in composite web service transactions by providing an intelligent semi-automated privacy-aware approach to efficiently building an appropriate composite web service that (1) satisfies service functional requirements

  4. RBAC ON THE WEB BY SECURE COOKIES Joon S. Park

    E-print Network

    Sandhu, Ravi

    Chapter 1 RBAC ON THE WEB BY SECURE COOKIES Joon S. Park Ravi Sandhu SreeLatha Ghanta Abstract the strong access control technology of RBAC in large-scale Web environments. Cookies can be used to support RBAC on the Web, holding users' role information. However, it is insecure to store and transmit

  5. Information SecurityInformation Security--Applications andApplications and

    E-print Network

    Ahmed, Farid

    Information SecurityInformation Security-- Applications andApplications and Techniques about? InformationInformation SecuritySecurity Information SecurityInformation Security What?What? Why of Information SecuritySecurity Network SecurityNetwork Security PGP, SSL,PGP, SSL, IPsecIPsec Data Security

  6. TY*SecureWS: An Integrated Web Service Security Solution Based on Java

    Microsoft Academic Search

    Sung-min Lee; O-sik Kwon; Jae-ho Lee; Oh Chan-joo; Sung-Hoon Ko

    2003-01-01

    \\u000a In this paper we propose an integrated XML web service security solution based on Java. The goal of the proposed solution\\u000a is guaranteeing confidentiality, integrity, and non-repudiation in using web services. It provides flexibility as its security\\u000a functions are implemented in security handlers instead of modifying web services engine. It also supports extensibility since\\u000a it has been developed based on

  7. A Framework for Migrating Web Applications to Web Services

    E-print Network

    Cordy, James R.

    A Framework for Migrating Web Applications to Web Services Asil A. Almonaies, Manar H. Alalfi-automatically migrat- ing monolithic legacy web applications to service oriented architecture (SOA) by separating potentially reusable features as web services. Software design re- covery and source transformation techniques

  8. Validating a Web service security abstraction by typing

    Microsoft Academic Search

    Andrew D. Gordon; Riccardo Pucella

    2002-01-01

    An XML web service is, to a first approximation, an RPC service in which requests and responses are encoded in XML as SOAP envelopes, and transported over HTTP. We consider the problem of authenticating requests and responses at the SOAP-level, rather than relying on transport-level security. We propose a security abstraction, inspired by earlier work on secure RPC, in which

  9. CSC8417 assignment 3 Web Services:Security

    Microsoft Academic Search

    David Sale

    2006-01-01

    Abstract Many web services have sensitive data that requires restricting access to authorized users. Most system implementations,focus entirely on the technical aspects of security such as encryption, digital signatures, and authentication. These aspects have matured sufficiently to provide a reasonably high degree of security. However, it is the human element that has been neglected in many security systems, and this

  10. ENABLING USER PARTICIPATION IN WEB-BASED INFORMATION SECURITY EDUCATION

    Microsoft Academic Search

    Ryan Goss; Johan van Niekerk

    The greatest threat to Information Security are the employees within an organization. Many security controls rely on the user in order to be effec- tive. It is thus vital to educate users about their role(s) in security. Many companies cannot afford, in terms of time or finances, to replace employees during training periods. The Web has long since been identified

  11. The Fundamentals and Practical Use of Certificate-Based Security in Secure Web-Based Systems

    Microsoft Academic Search

    Robin M. Snyder

    2002-01-01

    Secure key exchange, public key cryptography, and symmetric key cryptography help solve the problem of achieving secure communication between two parties. But how do you know with whom you are communicating securely? Certificate-based security is designed to solve this prob- lem of identifying with whom you are communicating and is gaining increasingly widespread use as a way to identify web

  12. Extending UML for Modeling Web Applications

    Microsoft Academic Search

    Luciano Baresi; Franca Garzotto; Paolo Paolini

    2001-01-01

    Web sites are progressively evolving from browsable, read-only information repositories to web-based distrib- uted applications. Compared to traditional web sites, these web applications do not only support navigation and browsing, but also operations that have affects their contents and navigation states. Compared to traditional applications, web applications integrate operations with the built-in browsing capabilities of hypermedia. These novelties make web

  13. Lecture 24: Document and Web Applications

    E-print Network

    Roweis, Sam

    Lecture 24: Document and Web Applications Sam Roweis March 31, 2004 Machine Learning on Text/Web Machine Learning Problems for Text/Web Data · Document / Web Page Classification or Detection 1. Does this document/web page contain an example of thing X? e.g. Job advertisements (FlipDog). 2. Is this document/web

  14. Web Cube: a Programming Model for Reliable Web Applications

    E-print Network

    Utrecht, Universiteit

    Web Cube: a Programming Model for Reliable Web Applications I.S.W.B. Prasetya, T.E.J. Vos, S UU-CS-2005-002 www.cs.uu.nl #12;Web Cube: a Programming Model for Reliable Web Applications I@cs.uu.nl, tanja@iti.upv.es, doaitse@cs.uu.nl, bela@cs.ui.ac.id Abstract Web Cube is a server side programming

  15. Web Application Programmer Fort Collins, Colorado

    E-print Network

    Web Application Programmer Fort Collins, Colorado POSITION A Web Application Programmer (Research activities. RESPONSIBILITIES The CEMML Geographic Information Systems (GIS) Lab is developing interactive web-based map applications and decision support tools. The web application programmer is part of the CEMML GIS

  16. Web Services Security: a preliminary study using Casper and FDR

    Microsoft Academic Search

    E. Kleiner; A. W. Roscoe

    Web Services is an important new XML-based architecture in which security is increasingly important. The WS-Security specification defines mechanisms for securing the SOAP messages. We show how those messages can be mapped to Casper notation and therefore be analysed with FDR. We show two attacks on proposed protocols and lastly discuss informally some ramifications of the use of the WS-Security

  17. Web-based security cost analysis in electricity markets

    Microsoft Academic Search

    Hong Chen; Claudio A. Cañizares; Ajit Singh

    2005-01-01

    Security cost analysis is important in electricity markets to address the correlation between market operation and power system operation. This paper proposes an efficient security cost analysis method and describes its implementation using a three-tier client\\/server architecture and up-to-date web technologies. The proposed security cost analysis is based on a system security index and its sensitivities with respect to certain

  18. Intelligent and Adaptive Crawling of Web Applications for Web Archiving

    E-print Network

    Senellart, Pierre

    Intelligent and Adaptive Crawling of Web Applications for Web Archiving Muhammad Faheem1 and Pierre Kong, Hong Kong firstname.lastname@telecom.paristech.fr Abstract. Web sites are dynamic in nature with content and structure changing overtime. Many pages on the Web are produced by content management systems

  19. A MULTIFACTOR SECURITY PROTOCOL FOR WIRELESS PAYMENT SECURE WEB AUTHENTICATION USING MOBILE DEVICES

    Microsoft Academic Search

    Ayu Tiwari; Sudip Sanyal; Ajith Abraham; Svein Johan Knapskog; Sugata Sanyal

    2007-01-01

    Previous Web access authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. This paper proposes a new protocol using multifactor authentication system that is both secure and highly usable. It uses a novel approach based on Transaction Identification Code and SMS to enforce extra security level with the

  20. Secure Architectures for Mobile Applications

    Microsoft Academic Search

    Cristian TOMA

    2007-01-01

    The paper presents security issues and architectures for mobile applications and GSM infrastructure. The article also introduces the idea of a new secure architecture for an inter-sector electronic wallet used in payments - STP4EW (Secure Transmission Protocol for Electronic Wallet)

  1. Implementing Web Services: Conflicts Between Security Features and Publish/Subscribe

    E-print Network

    Kansas, University of

    Implementing Web Services: Conflicts Between Security Features and Publish/Subscribe Communication...................................................................... 2 #12;1 Implementing Web Services: Conflicts Between Security Features and Publish..................................................................................................................................... 1 1) Security Requirements

  2. A Policy Based Approach to Security for the Semantic Web

    Microsoft Academic Search

    Lalana Kagal; Timothy W. Finin; Anupam Joshi

    2003-01-01

    \\u000a Along with developing specifications for the description of meta-data and the extraction of information for the Semantic Web,\\u000a it is important to maximize security in this environment, which is fundamentally dynamic, open and devoid of many of the clues\\u000a human societies have relied on for security assessment. Our research investigates the marking up of web entities with a semantic\\u000a policy

  3. Users' conceptions of web security: a comparative study

    Microsoft Academic Search

    Batya Friedman; David Hurley; Daniel C. Howe; Edward W. Felten; Helen Nissenbaum

    2002-01-01

    This study characterizes users' conceptions of web security. Seventy-two individuals, 24 each from a rural community in Maine, a suburban professional community in New Jersey, and a high-technology community in California, participated in an extensive (2-hour) semi-structured interview (including a drawing task) about Web security. The results show that many users across the three diverse communities mistakently evaluated whether a

  4. Service Level Agreements: Web Services and Security

    Microsoft Academic Search

    Ganna Frankova; Marco Aiello; Fabio Massacci

    2007-01-01

    To support the quality of service guarantee from the service provider side, complex web services require to be contracted\\u000a through service level agreement. State of the art on web services and web service compositions provides for a number of models\\u000a for describing quality of service for web services and their compositions, languages for specifying service level agreement\\u000a in the web

  5. Integrating elliptic curve cryptography into the web's security infrastructure

    Microsoft Academic Search

    Vipul Gupta; Douglas Stebila; Sheueling Chang Shantz

    2004-01-01

    RSA is the most popular public-key cryptosystem on the Web today but long-term trends such as the proliferation of smaller, simpler devices and increasing security needs will make continued reliance on RSA more challenging over time. We offer Elliptic Curve Cryptography (ECC) as a suitable alternative and describe our integration of this technology into several key components of the Web's

  6. Building Secure High-Performance Web Services with OKWS

    Microsoft Academic Search

    Maxwell N. Krohn

    2004-01-01

    OKWS is a toolkit for building fast and secure Web ser- vices. It provides Web developers with a small set of tools that has proved powerful enough to build complex systems with limited effort. Despite its emphasis on se- curity, OKWS shows performance improvements com- pared to popular systems: when servicing fully dynamic, non-disk-bound database workloads, OKWS's through- put and

  7. Reliability, Compliance, and Security in Web-Based Course Assessments

    ERIC Educational Resources Information Center

    Bonham, Scott

    2008-01-01

    Pre- and postcourse assessment has become a very important tool for education research in physics and other areas. The web offers an attractive alternative to in-class paper administration, but concerns about web-based administration include reliability due to changes in medium, student compliance rates, and test security, both question leakage…

  8. Application Web Services

    E-print Network

    Oxford, University of

    Admin sif node Online Book Search Service Balancing Service · Performs federated query across all · Performs federated query across all libraries to find books matching the search criteria of an online user Archive CSV Plugin Derby JDBC Plugin SQL Federation Service sif Middleware DB2 Database Plugin Web Service

  9. Kerberos Plus RSA for World Wide Web Security

    Microsoft Academic Search

    Don Davis

    1995-01-01

    We show how to use Kerberos to enable its clientsto interact securely with non-Kerberized World WideWeb servers. That is, our protocol does not requirethat the Web server be a member of a Kerberos realm,and also does not rely on time-synchronization betweenthe participants. In our protocol, the Kerberosclient uses the Web server's public-key certificateto gain cryptographic credentials that conformto public-key authentication

  10. A WEB-BASED PORTAL FOR INFORMATION SECURITY EDUCATION

    Microsoft Academic Search

    JOHAN VAN NIEKERK; ROSSOUW VON SOLMS

    Today's organizations have become so dependant on information resources that even the effects of a single information security incident could be devastating. Increasing Information Security awareness is the most cost- effective control that an organization can implement. However, most organizations do not have the necessary financial or knowledge resources needed for a comprehensive awareness education program. A web-based portal acting

  11. Towards an Automatic Analysis of Web Service Security

    Microsoft Academic Search

    Yannick Chevalier; Denis Lugiez; Michaël Rusinowitch

    2007-01-01

    Web services send and receive messages in XML syntax with some parts hashed, encrypted or signed, according to the WS-Security standard. In this paper we introduce a model to formally describe the protocols that underly these services, their security properties and the rewriting attacks they might be subject to. Unlike other protocol models (in symbolic analysis) ours can handle non-deterministic

  12. Web services enterprise security architecture: a case study

    Microsoft Academic Search

    Carlos Gutiérrez; Eduardo Fernández-medina; Mario Piattini

    2005-01-01

    Web Services (WS hereafter) Security is a crucial aspect for technologies based on this paradigm to be completely adopted by the industry. As a consequence, a lot of initiatives have arisen during the last years setting as their main purpose the standardization of the security factors related to this paradigm. In fact, over the past years, the most important consortiums

  13. On the Relationship Between Web Services Security and Traditional Protocols

    Microsoft Academic Search

    E. Kleiner; A. W. Roscoe

    2006-01-01

    XML and Web Services security specifications define elements to incorporate security tokens within a SOAP message. We propose a method for mapping such messages to an abstract syntax in the style of Dolev-Yao, and in particular Casper notation. We show that this translation preserves flaws and attacks. Therefore we provide a way for all the methods, and specifically Casper and

  14. Project Assessment Skills Web Application

    NASA Technical Reports Server (NTRS)

    Goff, Samuel J.

    2013-01-01

    The purpose of this project is to utilize Ruby on Rails to create a web application that will replace a spreadsheet keeping track of training courses and tasks. The goal is to create a fast and easy to use web application that will allow users to track progress on training courses. This application will allow users to update and keep track of all of the training required of them. The training courses will be organized by group and by user, making readability easier. This will also allow group leads and administrators to get a sense of how everyone is progressing in training. Currently, updating and finding information from this spreadsheet is a long and tedious task. By upgrading to a web application, finding and updating information will be easier than ever as well as adding new training courses and tasks. Accessing this data will be much easier in that users just have to go to a website and log in with NDC credentials rather than request the relevant spreadsheet from the holder. In addition to Ruby on Rails, I will be using JavaScript, CSS, and jQuery to help add functionality and ease of use to my web application. This web application will include a number of features that will help update and track progress on training. For example, one feature will be to track progress of a whole group of users to be able to see how the group as a whole is progressing. Another feature will be to assign tasks to either a user or a group of users. All of these together will create a user friendly and functional web application.

  15. Secure Web Services with Globus GSI and gSOAP

    Microsoft Academic Search

    Giovanni Aloisio; Massimo Cafaro; Daniele Lezzi; Robert Van Engelen

    2003-01-01

    \\u000a In this paper we describe a plug-in for the gSOAP Toolkit that allows development of Web Services exploiting the Globus Security\\u000a Infrastructure (GSI). Our plug-in allows the development of GSI enabled Web Services and clients, with full support for mutual\\u000a authentication\\/authorization, delegation of credentials and connection caching. The software provides automatic, transparent\\u000a transport-level security for Web Services and is freely

  16. Secure, Autonomous, Intelligent Controller for Integrating Distributed Sensor Webs

    NASA Technical Reports Server (NTRS)

    Ivancic, William D.

    2007-01-01

    This paper describes the infrastructure and protocols necessary to enable near-real-time commanding, access to space-based assets, and the secure interoperation between sensor webs owned and controlled by various entities. Select terrestrial and aeronautics-base sensor webs will be used to demonstrate time-critical interoperability between integrated, intelligent sensor webs both terrestrial and between terrestrial and space-based assets. For this work, a Secure, Autonomous, Intelligent Controller and knowledge generation unit is implemented using Virtual Mission Operation Center technology.

  17. A Windows Phone 7 Oriented Secure Architecture for Business Intelligence Mobile Applications

    Microsoft Academic Search

    Silvia TRIF; Adrian VISOIU

    2011-01-01

    This paper present and implement a Windows Phone 7 Oriented Secure Architecture for Business Intelligence Mobile Application. In the developing process is used a Windows Phone 7 application that interact with a WCF Web Service and a database. The types of Business Intelligence Mobile Applications are presented. The Windows mobile devices security and restrictions are presented. The namespaces and security

  18. Threats and Solutions to Web Services Security

    Microsoft Academic Search

    Stuart King

    2003-01-01

    It is difficult to sum up what a Web Service is in a few words. My own effort begins “A Web Service encapsulates a business practice and places it directly onto the Internet.” This brief sentence does no justice whatsoever to the power and flexibility of Web services, but does indicate the essential importance of the technology; i.e. the promise

  19. RBAC on the Web by Secure Cookies

    Microsoft Academic Search

    Joon S. Park; Ravi S. Sandhu; Sreelatha Ghanta

    1999-01-01

    Current approaches to access control on Web servers do not scale to enterprise- wide systems, since they are mostly based on individual users. Therefore, we were motivated by the need to manage and enforce the strong access control technology of RBAC in large-scale Web environments. Cookies can be used to support RBAC on the Web, holding users' role information. However,

  20. Application Security Models for Mobile Agent Systems

    Microsoft Academic Search

    J. Todd Mcdonald; Alec Yasinsac

    2006-01-01

    Mobile agents are a distributed computing paradigm based on mobile autonomous programs. Mobile applications must balance security requirements with available security mechanisms in order to meet application level security goals. We introduce a trust framework to reason about application security requirements, trust expression, and agent protection mechanisms. We develop application security models that capture initial trust relationships and consider their

  1. Security Encryption Scheme for Communication of Web Based Control Systems

    NASA Astrophysics Data System (ADS)

    Robles, Rosslin John; Kim, Tai-Hoon

    A control system is a device or set of devices to manage, command, direct or regulate the behavior of other devices or systems. The trend in most systems is that they are connected through the Internet. Traditional Supervisory Control and Data Acquisition Systems (SCADA) is connected only in a limited private network Since the internet Supervisory Control and Data Acquisition Systems (SCADA) facility has brought a lot of advantages in terms of control, data viewing and generation. Along with these advantages, are security issues regarding web SCADA, operators are pushed to connect Control Systems through the internet. Because of this, many issues regarding security surfaced. In this paper, we discuss web SCADA and the issues regarding security. As a countermeasure, a web SCADA security solution using crossed-crypto-scheme is proposed to be used in the communication of SCADA components.

  2. Using Patterns to Understand and Compare Web Services Security Products and Standards

    Microsoft Academic Search

    Eduardo B. Fernández; Nelly A. Delessy

    2006-01-01

    Web services are becoming an important way for enterprises to interoperate. Many security standards have been developed for web services, but they are still vulnerable to a variety of attacks; lack of security is one of the main reasons given by people who are reluctant to use web services even knowing of their advantages. A problem with web services security

  3. GRID-BASED SECURE WEB SERVICE FRAMEWORK FOR BIOINFORMATICS Dawei Sun, Xiaoyu Zhang

    E-print Network

    Zhang, Xiaoyu

    GRID-BASED SECURE WEB SERVICE FRAMEWORK FOR BIOINFORMATICS Dawei Sun, Xiaoyu Zhang Department, security for web services is a very important issue that was not addressed in most web-service based bioinformatics systems. We developed a Grid-based Secure Web Service Framework for Bioinformatics (GSWSF

  4. Identifying Opportunities for Web Services Security Performance Optimizations Robert A. van Engelen and Wei Zhang

    E-print Network

    van Engelen, Robert A.

    Identifying Opportunities for Web Services Security Performance Optimizations Robert A. van Engelen,wzhang}@cs.fsu.edu Abstract WS-Security is an essential component of the Web ser- vices protocol stack. WS-Security provides, provide fast but limited security options for Web services. TLS requires negotiation and handshake, which

  5. Declarative specification of Web applications exploiting Web services and workflows

    Microsoft Academic Search

    Marco Brambilla; Stefano Ceri; Sara Comai; Marco Dario; Piero Fraternali; Ioana Manolescu

    2004-01-01

    This demo presents an extension of a declarative language for specifying data-intensive Web applications. We demonstrate a scenario extracted from a real-life application, the Web portal of a computer manufacturer, including interactions with third-party service providers and enabling distributors to participate in well-defined business processes. The crucial advantage of our framework is the high-level modeling of a complex Web application,

  6. TokDoc: A Self-Healing Web Application Firewall

    Microsoft Academic Search

    Tammo Krueger; Christian Gehly; Konrad Rieck; Pavel Laskov

    The growing amount of web-based attacks poses a severe threat to the security of web applications. Signature-based detection techniques increasingly fail to cope with the vari- ety and complexity of novel attack instances. As a remedy, we introduce a protocol-aware reverse HTTP proxy TokDoc (the token doctor), which intercepts requests and decides on a per-token basis whether a token requires

  7. Model-Checking Web Applications with Web-TLR

    Microsoft Academic Search

    Mar ´ ia Alpuente; Demis Ballis; Javier Espert; Daniel Romero

    2010-01-01

    \\u000a \\u000a Web-TLR is a software tool designed for model-checking Web applications which is based on rewriting logic. Web applications are expressed\\u000a as rewrite theories which can be formally verified by using the Maude built-in LTLR model-checker. Web-TLR is equipped with a user-friendly, graphical Web interface that shields the user from unnecessary information. Whenever a\\u000a property is refuted, an interactive slideshow is

  8. The importance of technology trust in Web services security

    Microsoft Academic Search

    Pauline Ratnasingam

    2002-01-01

    The Internet is changing the way businesses operate today. Firms are using the Web for procurement, to find trading partners, and to link existing applications to other applications. Web services are rapidly becoming the enabling technology of today’s e-business, and e-commerce systems. We are having a massive impact on the way businesses think about designing, developing, and deploying Web-based applications.

  9. In this part of the course we consider the second of our security case IY2760/CS3760: Case Study 2: Web security

    E-print Network

    Mitchell, Chris

    Study 2: Web security studies. 1 We start by introducing the web and its key components. IY2760: Case Study 2: Web security 2 #12;The World Wide Web (or just the web) is essentially a means of providing: Web security to data across the Internet in a way that hides most of the complexity. In technical

  10. Application Instructions for: Cyber Security Fundamentals Certificate

    E-print Network

    Application Instructions for: Cyber Security Fundamentals Certificate Naval Postgraduate School Center for Information Systems Security Studies and Research (CISR) Monterey, CA 93943 cyber@nps.edu #12;Cyber Security Fundamentals Certificate - Online Application Instructions 1. Go to https

  11. SAMP: Application Messaging for Desktop and Web Applications

    NASA Astrophysics Data System (ADS)

    Taylor, M. B.; Boch, T.; Fay, J.; Fitzpatrick, M.; Paioro, L.

    2012-09-01

    SAMP, the Simple Application Messaging Protocol, is a technology which allows tools to communicate. It is deployed in a number of desktop astronomy applications including ds9, Aladin, TOPCAT, World Wide Telescope and numerous others, and makes it straightforward for a user to treat a selection of these tools as a loosely-integrated suite, combining the most powerful features of each. It has been widely used within Virtual Observatory contexts, but is equally suitable for non-VO use. Enabling SAMP communication from web-based content has long been desirable. An obvious use case is arranging for a click on a web page link to deliver an image, table or spectrum to a desktop viewer, but more sophisticated two-way interaction with rich internet applications would also be possible. Use from the web however presents some problems related to browser sandboxing. We explain how the SAMP Web Profile, introduced in version 1.3 of the SAMP protocol, addresses these issues, and discuss the resulting security implications.

  12. Designing User-Centered Web Applications in Web Time

    Microsoft Academic Search

    Molly Hammar Cloyd

    2001-01-01

    As designers struggle to develop Web applications “in Web time,” they are under the added pressure of delivering usability. The author describes her company's successful transformation to user-driven processes for designing e-commerce applications. She also offers strategies for introducing human factors methods into a reluctant development organization

  13. Defeasible security policy composition for web services

    Microsoft Academic Search

    Adam J. Lee; Jodie P. Boyer; Lars E. Olson; Carl A. Gunter

    2006-01-01

    The ability to automatically compose security policies created by multiple organizations is fundamental to the development of scalable security systems. The diversity of policies leads to conflicts and the need to resolve prior- ities between rules. In this paper we explore the concept of defeasible policy composition, wherein policies are rep- resented in defeasible logic and composition is based on

  14. Architectural Patterns for Enabling Application Security

    Microsoft Academic Search

    Joseph Yoder

    1997-01-01

    Making an application secure is much harder than just adding a password protected login screen. Thispaper contains a collection of patterns to be used when dealing with application security. Secure AccessLayer provides an interface for applications to use the security of the systems on which they are built.Single Access Point limits entry into the application through one single point. Check

  15. Architectural Patterns for Enabling Application Security

    Microsoft Academic Search

    Joseph Yoder; Jeffrey Barcalow

    1998-01-01

    Making an application secure is much harder than just adding a password protected login screen. This paper contains a collection of patterns to be used when dealing with application security. Secure Access Layer provides an interface for applications to use the security of the systems on which they are built. Single Access Point limits entry into the application through one

  16. A Web-Based Portal For Information Security Education

    Microsoft Academic Search

    Johan Van Niekerk

    2002-01-01

    Abstract:,Today’s organizations have become ,so dependant ,on information ,resources that even ,the effects of a ,single information ,security incident could be devastating. Increasing Information Security awareness ,is the ,most ,costeffective control that an organization can implement. However, most organizations do not ,have the necessary financial or knowledge ,resources needed,for a comprehensive ,awareness ,education ,program. A web-based portal acting as a

  17. XML-Based Specification for Web Services Document Security

    Microsoft Academic Search

    Rafae Bhatti; Elisa Bertino; Arif Ghafoor; James Joshi

    2004-01-01

    The Internet and related technologies have seen tremendous growth in distributed applications such as medicine, education, e-commerce, and digital libraries. As demand increases for online content and integrated, automated services, various applications employ Web services technology for document exchange among data repositories. Web services provide a mechanism to expose data and functionality using standard protocols, and hence to integrate many

  18. Efficient Authorization of Rich Presence Using Secure and Composed Web Services

    NASA Astrophysics Data System (ADS)

    Li, Li; Chou, Wu

    This paper presents an extended Role-Based Access Control (RBAC) model for efficient authorization of rich presence using secure web services composed with an abstract presence data model. Following the information symmetry principle, the standard RBAC model is extended to support context sensitive social relations and cascaded authority. In conjunction with the extended RBAC model, we introduce an extensible presence architecture prototype using WS-Security and WS-Eventing to secure rich presence information exchanges based on PKI certificates. Applications and performance measurements of our presence system are presented to show that the proposed RBAC framework for presence and collaboration is well suited for real-time communication and collaboration.

  19. FUZZY KEYSTROKE BIOMETRICS ON WEB SECURITY

    Microsoft Academic Search

    Marino Tapiador; Juan A. Sigüenza

    BioWeb has two different parts: the client side and the server side. The client part consists of DHTML pages and the browser. The browser was a common navigator (Netscape). The system simulates a website with a UserId\\/Password to control the access to it; indeed BioWeb has several features as the capability of register new users, simulate a login, and the

  20. Web Browser as an Application Platform

    Microsoft Academic Search

    Antero Taivalsaari; Tommi Mikkonen; Dan Ingalls; Krzysztof Palacz

    2008-01-01

    For better or worse, the web browser has become a widely used target platform for software applications. Desktop-style applications such as word processors, spreadsheets, calendars, games and instant messaging systems that were earlier written for specific operating systems, CPU architectures or devices are now written for the World Wide Web, to be used from a web browser. In this paper

  1. Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications

    E-print Network

    Sabatini, David M.

    Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications Michael web applications. Authentication attacks occur when a web application authenticates users unsafely, granting access to web clients that lack the ap- propriate credentials. Access control attacks occur when

  2. XMM-Newton Mobile Web Application

    NASA Astrophysics Data System (ADS)

    Ibarra, A.; Kennedy, M.; Rodríguez, P.; Hernández, C.; Saxton, R.; Gabriel, C.

    2013-10-01

    We present the first XMM-Newton web mobile application, coded using new web technologies such as HTML5, the Query mobile framework, and D3 JavaScript data-driven library. This new web mobile application focuses on re-formatted contents extracted directly from the XMM-Newton web, optimizing the contents for mobile devices. The main goals of this development were to reach all kind of handheld devices and operating systems, while minimizing software maintenance. The application therefore has been developed as a web mobile implementation rather than a more costly native application. New functionality will be added regularly.

  3. Smart Certi cates: Extending X.509 for Secure Attribute Services on the Web

    E-print Network

    Sandhu, Ravi

    Smart Certi cates: Extending X.509 for Secure Attribute Services on the Web Joon S. Park and Ravi, authentication, and con dentiality, Web servers can then trust these secure at- tributes and use them for many, we present a com- prehensive approach to secure attribute services on the Web. We identify the user

  4. SECURE SEMANTIC SENSOR WEB AND PERVASIVE COMPUTING Bhavani Thuraisingham and Kevin W. Hamlen

    E-print Network

    Hamlen, Kevin W.

    SECURE SEMANTIC SENSOR WEB AND PERVASIVE COMPUTING Bhavani Thuraisingham and Kevin W. Hamlen@utdallas.edu Abstract--In this paper we discuss issues on developing a secure semantic sensor web. SensorML is the starting point for this work. We explore the layers for a semantic sensor web and discuss security issues

  5. Security Controls Applied to Web Service Architectures R. Baird R. Gamble

    E-print Network

    Gamble, R. F.

    Security Controls Applied to Web Service Architectures R. Baird R. Gamble Software Engineering for configuring of web service standards to enforce security requirements on service interaction specification architecture to notate the comparison of security controls across services. 1. Introduction Web services

  6. INSTITUTE FOR CYBER SECURITY Application-Centric Security Models

    E-print Network

    Sandhu, Ravi

    INSTITUTE FOR CYBER SECURITY 1 Application-Centric Security Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University of Texas at San Antonio July 2009 ravi.sandhu@utsa.edu www.profsandhu.com © Ravi Sandhu #12;INSTITUTE FOR CYBER SECURITY Dr. Robert W. Gracy Vice President

  7. SOCIAL SECURITY ADMINISTRATION Application for a Social Security Card

    E-print Network

    Li, Mo

    /ethnic background. We use this information for statistical reports on how Social Security programs affect people. We Security number before), you must show us proof of : AGE, IDENTITY, and U.S. CITIZENSHIP or LAWFUL ALIENSOCIAL SECURITY ADMINISTRATION Application for a Social Security Card Applying for a Social

  8. Integrated Security Context Management of Web Components and Services in Federated Identity Environments

    Microsoft Academic Search

    Apurva Kumar

    2008-01-01

    The problem of providing unified web security management in an environment with multiple autonomous security domains is considered.\\u000a Security vendors provide separate security management solutions for cross-domain browser based and web service based interactions.\\u000a This is partly due to the fact that different web standards dominate in each space. E.g. Security Assertion Markup Language\\u000a (SAML) which is an important standard

  9. Design and Implementation of a Secure Web-Based File Exchange Server: Specification Design Document

    E-print Network

    Mokhov, Serguei A; Benssam, Ali; Benredjem, Djamel

    2011-01-01

    We report on the software engineering design and implementation of an web- and LDAP-based secure file exchange system with bi-directional authentication of all parties involved in the process that is the user's browsers and the application server mutually authenticate, and the application and database servers authenticate using certificates, credentials, etcs. with the directory service provided by LDAP using open-source technologies.

  10. Securely implementing open geospatial consortium web service interface standards in oracle spatial

    Microsoft Academic Search

    An Ning; Raja Chatterjee; Mike Hörhammer; Siva Ravada

    2009-01-01

    In this paper, we briefly describe the implementation of various Open Geospatial Consortium Web Service Interface Standards in Oracle Spatial 11g. We highlight how we utilize Oracle's implementation of OASIS Web Services Security (WSS) to provide a robust security framework for these OGC Web Services. We also discuss our future direction in supporting OGC Web Service Interface Standards.

  11. RECAPTCHA: Human-based character recognition via web security measures

    Microsoft Academic Search

    L. Von Ahn; Benjamin Maurer; Colin McMillen; David Abraham; Manuel Blum

    2008-01-01

    CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) are widespread security measures on the World Wide Web that prevent automated programs from abusing online services. They do so by asking humans to perform a task that computers cannot yet perform, such as deciphering distorted characters. Our research explored whether such human effort can be channeled into

  12. The GridSite Web\\/Grid security system

    Microsoft Academic Search

    Andrew Mcnab

    2005-01-01

    SUMMARY This paper describes the architecture of the GridSite system, which adds support for several Grid security protocols to the Apache Web server platform. These include the Globus GSI authentication system, Grid Access Control Language (GACL) access policy files, and Distinguished Name (DN) List and Virtual Organization Membership Service (VOMS) group memberships. Particular emphasis is placed on how the architecture

  13. Subspace: Secure Cross-Domain Communication for Web Mashups

    E-print Network

    Hunt, Galen

    Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University, we developed Subspace, a cross-domain communication mechanism that allows effi- cient communication and functionality. Current practices include giving uncontrolled cross domain execution through the use of

  14. A Secure, Publisher-Centric Web Caching Infrastructure

    E-print Network

    Shewchuk, Jonathan

    A Secure, Publisher-Centric Web Caching Infrastructure Andy Myersy John Chuangz Urs Hengartner pro- vided by publishers. In the control plane, caches will return logs of client accesses to publishers. In this paper, we introduce Gemini, a system which has both of these capabilities, and discuss

  15. A Secure, Publisher-Centric Web Caching Infrastructure

    E-print Network

    Hengartner, Urs

    A Secure, Publisher-Centric Web Caching Infrastructure Andy Myers John Chuang ¡ Urs Hengartner by running code pro- vided by publishers. In the control plane, caches will return logs of client accesses to publishers. In this paper, we introduce Gemini, a system which has both of these capabilities, and discuss

  16. Threat Modelling for Web Services Based Web Applications

    Microsoft Academic Search

    Lieven Desmet; Bart Jacobs; Frank Piessens; Wouter Joosen

    Threat analysis of a web application can lead to a wide variety of identified threats. Some of these threats will be very\\u000a specific to the application; others will be more related to the underlying infrastructural software, such as the web or application\\u000a servers, the database, the directory server and so forth. This paper analyzes the threats that can be related

  17. Building smarter web applications with HTML5

    Microsoft Academic Search

    Johan Harjono; Gloria Ng; Ding Kong; Jimmy Lo

    2010-01-01

    Web applications have seen increased usage as of late, to the point where they are more favorable than desktop applications. The rise in the prevalence of web applications can be attributed to their flexibility, which enable programmers to go beyond the limitation of conventional desktop applications.

  18. Challenges of Testing Web Services and Security in SOA Implementations

    Microsoft Academic Search

    Abbie Barbir; Chris Hobbs; Elisa Bertino; Frederick Hirsch; Lorenzo D. Martino

    2007-01-01

    The World Wide Web is evolving into a medium providing a wide array of e-commerce, business-to-business, business-to-consumer, and other information-based services. In Service Oriented Architecture (SOA) technology, Web Services are emerging as the enabling technology that bridges decoupled systems across various platforms, programming languages, and applications. The benefits of Web Services and SOA come at the expense of introducing new

  19. State of the Art: Automated Black-Box Web Application Vulnerability Testing Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell

    E-print Network

    Mitchell, John C.

    State of the Art: Automated Black-Box Web Application Vulnerability Testing Jason Bau, Elie that probe web applications for security vulnerabilities. In order to assess the current state of the art, we security vulnerabilities such as cross-site scripting, SQL injection, and cross-site request forgeries

  20. Improving Web Service Security and Privacy

    Microsoft Academic Search

    Xinfeng Ye; Lei Zhong

    2011-01-01

    This paper proposes a scheme that allows the web service providers to carry out fine-grained access control on the data hosted by them. Through data tracking, the scheme also automatically detects the data flows that might lead to attacks on online services. Compared with existing schemes, the proposed scheme is more flexible in managing the data on the service provider.

  1. Providing Secure Environments for Untrusted Network Applications

    E-print Network

    Lee, Ruby B.

    Providing Secure Environments for Untrusted Network Applications ----With Case Studies using Workstation is a suitable platform to provide a secure environment that can contain most existing network from doing business on the Internet. Various network security solutions provide different protection

  2. Helping Developers Construct Secure Mobile Applications

    E-print Network

    Chin, Erika Michelle

    2013-01-01

    on Cyber Security Experimentation and Test, 2011. [62] D.requirements. If a test case throws a security exceptiontest their applications, false positives would likely be relatively harmless. This approach achieves full compatibility, but security

  3. Towards a Semantic Web Security Infrastructure

    Microsoft Academic Search

    Ronald Ashri; Terry Payne; Darren Marvin; Mike Surridge; Steve Taylor

    2004-01-01

    The move towards supporting more autonomous systems, where decisions are made without direct user intervention, and more complex operating scenarios, where services from multiple organisations form temporary ties to solve particular problems, creates new security challenges. This paper argues that the answers should combine the use of conventional se- curity solutions, such as cryptographic mechanisms, with the ability to reason

  4. Security seal. [Patent application

    DOEpatents

    Gobeli, G.W.

    1981-11-17

    Security for a package or verifying seal in plastic material is provided by a print seal with unique thermally produced imprints in the plastic. If tampering is attempted, the material is irreparably damaged and thus detectable. The pattern of the imprints, similar to fingerprints are recorded as a positive identification for the seal, and corresponding recordings made to allow comparison. The integrity of the seal is proved by the comparison of imprint identification records made by laser beam projection.

  5. Model-Based Penetration Test Framework for Web Applications Using TTCN-3

    Microsoft Academic Search

    Pulei Xiong; Bernard Stepien; Liam Peyton

    2009-01-01

    Penetration testing is a widely used method for testing the security of web applications, but it can be inefficient if it\\u000a is not done systematically. Public databases of web application vulnerabilities can be used to drive penetration testing,\\u000a but testers need to understand them and interpret them into executable test cases. This requires an in-depth knowledge of\\u000a security. This paper

  6. Development of Web Applications from Web Enhanced Conceptual Schemas

    Microsoft Academic Search

    Joan Fons; Vicente Pelechano; Manoli Albert; Oscar Pastor

    2003-01-01

    \\u000a This work presents an OO software production method that defines a systematic process for conceptual modelling of web applications.\\u000a The paper discusses a set of minimum primitives to capture the essentials of dynamic web applications and it discusses how\\u000a to introduce them in a classical model-centered OO method that provides systematic code generation. Finally, the paper presents\\u000a some ideas to

  7. Connecting web applications with interface agents

    Microsoft Academic Search

    Analía Amandi; Marcelo Armentano

    2004-01-01

    Interface agents are one of the most relevant applications of agent technology to assist humans in using computer software. However, the development of agents assisting users working on the web, using multiple applications to browse information, represents a challenging task. Particularly, when these agents need to act on standard web applications whose source code is not available, developers have one

  8. Combining World Wide Web and Wireless Security

    Microsoft Academic Search

    Joris Claessens; Bart Preneel; Joos Vandewalle

    2001-01-01

    In current electronic commerce systems, customers have an on-line inter- action with merchants via a browser on their personal computer. Also payment is done electronically via the Internet, mostly with a credit card. In parallel to this, e-services via wireless-only systems are emerg- ing. This paper identifles security and functionality weaknesses in both of these current approaches. The paper discusses

  9. Proceedings of Student-Faculty Research Day, CSIS, Pace University, May 7th Improving Web Security Education with Virtual Labs

    E-print Network

    Tappert, Charles

    Web Security Education with Virtual Labs and Shared Course Modules Lixin Tao, Li-Chiou Chen and skills of a web developer to understand many of the web security topics, and some of them are normally virtual machines in supporting hands-on web security education, and developing multiple virtual web

  10. Social Security Online: The Official Web Site of the Social Security Administration

    NSDL National Science Digital Library

    Social Security Online: The Official Web Site of the Social Security Administration provides information on the agency's history, goals, budget, services, laws and regulations, as well as statistical data and research. The site provides consumers with information about retirement and disability benefits, forms, answers to frequently asked questions, and instructions and directories that will help those interested in contacting the agency. Employers will find information on wage reporting, tax guides, and employee handouts. Consumers who have a web browser that supports Secure Sockets Layer (SSL) can file an electronic request for Personal Earnings and Benefit Estimate statement; however, as reported in the May 23, 1997 Scout Report, for security reasons the SSA no longer sends the statement online.

  11. Homeland Security and Defense Applications

    SciTech Connect

    None

    2014-11-06

    Homeland Security and Defense Applications personnel are the best in the world at detecting and locating dirty bombs, loose nukes, and other radiological sources. The site trains the Nation's emergency responders, who would be among the first to confront a radiological or nuclear emergency. Homeland Security and Defense Applications highly training personnel, characterize the threat environment, produce specialized radiological nuclear detection equipment, train personnel on the equipment and its uses, test and evaluate the equipment, and develop different kinds of high-tech equipment to defeat terrorists. In New York City for example, NNSS scientists assisted in characterizing the radiological nuclear environment after 9/11, and produced specialized radiological nuclear equipment to assist local officials in their Homeland Security efforts.

  12. Homeland Security and Defense Applications

    ScienceCinema

    None

    2015-01-09

    Homeland Security and Defense Applications personnel are the best in the world at detecting and locating dirty bombs, loose nukes, and other radiological sources. The site trains the Nation's emergency responders, who would be among the first to confront a radiological or nuclear emergency. Homeland Security and Defense Applications highly training personnel, characterize the threat environment, produce specialized radiological nuclear detection equipment, train personnel on the equipment and its uses, test and evaluate the equipment, and develop different kinds of high-tech equipment to defeat terrorists. In New York City for example, NNSS scientists assisted in characterizing the radiological nuclear environment after 9/11, and produced specialized radiological nuclear equipment to assist local officials in their Homeland Security efforts.

  13. An Advisor for Web Services Security Policies Karthikeyan Bhargavan Cedric Fournet Andrew D. Gordon Greg O'Shea

    E-print Network

    Fournet, Cedric

    An Advisor for Web Services Security Policies Karthikeyan Bhargavan C´edric Fournet Andrew D identify common security vulnerabilities found during security reviews of web services with policy-driven security. We describe the design of an advisor for web services security configurations, the first tool

  14. Security Framework for Mobile Applications

    Microsoft Academic Search

    Nicolai Munk Petersen; Deborah Estrin

    2008-01-01

    In this paper we describe a Kerberos and Public Private key enabled security system. The system is tailored to be used with pervasive, widely available, and mobile sensor devices such as cell phones. Third-party applications can access the data using a simplistic access control schema. The system has build-in support for single-sign on and easy application front-end integration.

  15. Survey of Technologies for Web Application Development

    Microsoft Academic Search

    Barry Doyle; Cristina Videira Lopes

    2008-01-01

    Web-based application developers face a dizzying array of platforms, languages, frameworks and technical artifacts to choose from. We survey, classify, and compare technologies supporting Web application development. The classification is based on (1) foundational technologies; (2) integration with other information sources; and (3) dynamic content generation. We further survey and classify software engineering techniques and tools that have been adopted

  16. Bachelor Project StockHome -Web Application

    E-print Network

    Lanza, Michele

    Bachelor Project StockHome - Web Application User interface for a financial analysis tool Gilad and assisting us during dark times. Last but not least, I would like to thank my friends who spent those long . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 iii #12;Gilad Geron StockHome - Web Application A Technologies 31 A.1 Ruby

  17. Extensible Web Browser Security Mike Ter Louw, Jin Soon Lim, and V.N. Venkatakrishnan

    E-print Network

    Venkatakrishnan, V.N.

    Extensible Web Browser Security Mike Ter Louw, Jin Soon Lim, and V.N. Venkatakrishnan Department examine the security issues in functionality extension mechanisms supported by web browsers. Extensions (or "plug-ins") in modern web browsers enjoy unlimited power without restraint and thus are attractive

  18. E-Net Models of a Software System for Web Pages Security SECURITY

    E-print Network

    Stoianov, Nikolai Todorov

    2010-01-01

    This paper presents solutions for cryptography protection for web pages. The solutions comprise the authors' experience in development and implementation of systems for information security in the Automated Information Systems of Bulgarian Armed Forces. The architecture, the models and the methods are being explained.

  19. Specifying Secure Mobile Applications

    Microsoft Academic Search

    Andrew Phillips; Susan Eisenbach; Bashar Nuseibeh; Nobuko Yoshida

    Ambient calculi are a promising formalism for specifying mo- bile computation, which benefit from a range of analysis techniques. How- ever, Ambient calculi have been designed mostly as minimal models for mobility, rather than as specification languages for mobile applications. This paper describes a variant of Ambients, the Channel Ambient calcu- lus, which is designed to be at a level

  20. Web Application Software for Ground Operations Planning Database (GOPDb) Management

    NASA Technical Reports Server (NTRS)

    Lanham, Clifton; Kallner, Shawn; Gernand, Jeffrey

    2013-01-01

    A Web application facilitates collaborative development of the ground operations planning document. This will reduce costs and development time for new programs by incorporating the data governance, access control, and revision tracking of the ground operations planning data. Ground Operations Planning requires the creation and maintenance of detailed timelines and documentation. The GOPDb Web application was created using state-of-the-art Web 2.0 technologies, and was deployed as SaaS (Software as a Service), with an emphasis on data governance and security needs. Application access is managed using two-factor authentication, with data write permissions tied to user roles and responsibilities. Multiple instances of the application can be deployed on a Web server to meet the robust needs for multiple, future programs with minimal additional cost. This innovation features high availability and scalability, with no additional software that needs to be bought or installed. For data governance and security (data quality, management, business process management, and risk management for data handling), the software uses NAMS. No local copy/cloning of data is permitted. Data change log/tracking is addressed, as well as collaboration, work flow, and process standardization. The software provides on-line documentation and detailed Web-based help. There are multiple ways that this software can be deployed on a Web server to meet ground operations planning needs for future programs. The software could be used to support commercial crew ground operations planning, as well as commercial payload/satellite ground operations planning. The application source code and database schema are owned by NASA.

  1. A taxonomy and business analysis for mobile web applications

    E-print Network

    Liu, Kevin H

    2009-01-01

    Mobile web applications refer to web applications on mobile devices, aimed at personalizing, integrating, and discovering mobile contents in user contexts. This thesis presents a comprehensive study of mobile web applications ...

  2. SIF: Enforcing Confidentiality and Integrity in Web Applications

    Microsoft Academic Search

    Stephen Chong; K. Vikram; Andrew C. Myers

    SIF (Servlet Information Flow) is a novel software framework for building high-assurance web applications, using language-based information-flow control to en- force security. Explicit, end-to-end confidentiality and integrity policies can be given either as compile-time program annotations, or as run-time user requirements. Compile-time and run-time checking efficiently enforce these policies. Information flow analysis is known to be useful against SQL injection

  3. Leveraging Legacy Code to Deploy Desktop Applications on the Web

    Microsoft Academic Search

    John R. Douceur; Jeremy Elson; Jon Howell; Jacob R. Lorch

    2008-01-01

    Xax is a browser plugin model that enables developers to leverage existing tools, libraries, and entire programs to deliver feature-rich applications on the web. Xax em- ploys a novel combination of mechanisms that collec- tively provide security, OS-independence, performance, and support for legacy code. These mechanisms include memory-isolated native code execution behind a narrow syscall interface, an abstraction layer that

  4. Application Instructions for: Cyber Security Defense Certificate

    E-print Network

    Application Instructions for: Cyber Security Defense Certificate Naval Postgraduate School Center for Information Systems Security Studies and Research (CISR) Monterey, CA 93943 cyber@nps.edu #12;Cyber Security ­ Cyber Security Defense iv. Academic Year/ Quarter: SELECT THE FOLLOWING START DATE: a. Quarter 3 Start

  5. No Web Site Left Behind: Are We Making Web Security Only for the Elite?

    E-print Network

    Somayaji, Anil

    with more artistic backgrounds, and others involve web applications installed by non-programmers who want some are created and maintained by random indi- viduals: pet owners, parents, sports teams, garage

  6. Service for secure and protected applications in Collaborative Learning Environments

    Microsoft Academic Search

    Thiago de Medeiros Gualberto; Sérgio Donizetti Zorzo

    2010-01-01

    This paper presents a service which offers security through Web Services technology and offers its services to meet security requirements of Collaborative Learning environment. The use of Web Services to offer security in Collaborative Learning environments complements the functionalities of such environments, that is, it is not limited to the platforms in which the client system was developed. This security

  7. A specialized framework for data retrieval Web applications

    SciTech Connect

    Jerzy Nogiec; Kelley Trombly-Freytag; Dana Walbridge

    2004-07-12

    Although many general-purpose frameworks have been developed to aid in web application development, they typically tend to be both comprehensive and complex. To address this problem, a specialized server-side Java framework designed specifically for data retrieval and visualization has been developed. The framework's focus is on maintainability and data security. The functionality is rich with features necessary for simplifying data display design, deployment, user management and application debugging, yet the scope is deliberately kept limited to allow for easy comprehension and rapid application development. The system clearly decouples the application processing and visualization, which in turn allows for clean separation of layout and processing development. Duplication of standard web page features such as toolbars and navigational aids is therefore eliminated. The framework employs the popular Model-View-Controller (MVC) architecture, but it also uses the filter mechanism for several of its base functionalities, which permits easy extension of the provided core functionality of the system.

  8. PKI and UDDI based trust centre: an attempt to improve web service security Wiem REKIK1,2

    E-print Network

    Paris-Sud XI, Université de

    PKI and UDDI based trust centre: an attempt to improve web service security Wiem REKIK1,2 1HANA to provide ad- equate security for web services. 1. Introduction A web service (WS) can be any given on both the PKI and the improvement of the UDDI functioning which attempt to provide security for web ser

  9. Network and Application Security in Mobile e-Health Applications

    Microsoft Academic Search

    Ramon Martí; Jaime Delgado; Xavier Perramon

    2004-01-01

    \\u000a Different IT applications require different network and application security services. We have been working in the area of\\u000a e-health applications in mobile environments, and we have needed to integrate security services therein. This paper presents\\u000a a specification of such network and application security services for mobile e-health applications and how we have implemented\\u000a them. First, various security threats specific of e-health

  10. Lines of Fracture, Webs of Cohesion: Economic Interconnection and Security Politics in Asia

    E-print Network

    Zysman, John; Borrus, Michael

    1994-01-01

    Webs of Cohesion: Economic Interconnection and Securityand security issues (issue linkage).30 But as much as the fact of this expanding webweb of economic ties in Asia will mute national conflicts in the region, creating a more stable security

  11. VOGCLUSTERS: An Example of DAME Web Application

    NASA Astrophysics Data System (ADS)

    Castellani, M.; Brescia, M.; Mancini, E.; Pellecchia, L.; Longo, G.

    2012-07-01

    We present the alpha release of the VOGCLUSTERS web application, specialized for data and text mining on globular clusters. It is one of the web2.0 technology based services of Data Mining &Exploration (DAME) Program, devoted to mine and explore heterogeneous information related to globular clusters data.

  12. Scalability, Security Technologies and Mobile Applications

    Microsoft Academic Search

    Larry Korba; Ronggong Song

    2004-01-01

    \\u000a Multi-agent applications are expected to take an important role in the future of e-business applications. However, security\\u000a for multi-agent applications has become a critical issue. Unfortunately, effective security technologies often tend to require\\u000a considerable computational and network resources, leading to scalability issues. Thus, scalability of the security technologies\\u000a is a vital issue when developing practical agent-based applications. In this paper,

  13. Security Types for Dynamic Web Data 1 Mariangiola Dezani-Ciancaglini a

    E-print Network

    Paris-Sud XI, Université de

    Security Types for Dynamic Web Data 1 Mariangiola Dezani-Ciancaglini a Silvia Ghilezan b Jovanka is based on types for locations, data and processes, expressing security levels. A tree can store data of different security level, independently from the security level of the enclosing location. The access

  14. WWM: A Practical Methodology for Web Application Modeling

    Microsoft Academic Search

    Chanwit Kaewkasi; Wanchai Rivepiboon

    2002-01-01

    Web applications are becoming more complex and the way to manage the complexity is to model them. This paper presents a methodology to model Web applications directly from the object-oriented fashion on the top of the event-driven programming concept. Our approach, WebForm-based Web application modeling methodology (WWM), provides guidelines to model Web application architectures from higher point-of-view than the Web

  15. Rubicon: Bounded Verification of Web Applications

    E-print Network

    Jackson, Daniel

    Rubicon is a verifier for web applications. Specifications are written in an embedded domain-specific language and are checked fully automatically. Rubicon is designed to fit with current practices: its language is based ...

  16. Multimedia Security System for Security and Medical Applications

    ERIC Educational Resources Information Center

    Zhou, Yicong

    2010-01-01

    This dissertation introduces a new multimedia security system for the performance of object recognition and multimedia encryption in security and medical applications. The system embeds an enhancement and multimedia encryption process into the traditional recognition system in order to improve the efficiency and accuracy of object detection and…

  17. Memento: A Framework for Hardening Web Applications

    Microsoft Academic Search

    Karthick Jayaraman; Grzegorz Lewandowski; Steve J. Chapin

    2008-01-01

    We propose a generic framework called Memento for systemati cally hardening web applications. Memento models a web application's behavior using a deterministic finite automata (DFA), where each server-side script is a state, and st ate transitions are triggered by HTTP requests. We use this DFA t o defend against cross-site request forgery (CSRF) and cros s- site-scripting (XSS) attacks. The

  18. Modeling Web Applications Using Java and XML Related Technologies

    Microsoft Academic Search

    Sam Chung; Yun-Sik Lee

    2003-01-01

    The purpose of this paper is to propose visual models for a web application using Java and XML related technologies. We consider a web application that uses 3- tier architecture and each tier is distributed onto web, application, and data base servers. In the web applications, various Java and XML related technologies are employed in the form of different languages:

  19. Access Control of Web and Java Based Applications

    NASA Technical Reports Server (NTRS)

    Tso, Kam S.; Pajevski, Michael J.; Johnson, Bryan

    2011-01-01

    Cyber security has gained national and international attention as a result of near continuous headlines from financial institutions, retail stores, government offices and universities reporting compromised systems and stolen data. Concerns continue to rise as threats of service interruption, and spreading of viruses become ever more prevalent and serious. Controlling access to application layer resources is a critical component in a layered security solution that includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. In this paper we discuss the development of an application-level access control solution, based on an open-source access manager augmented with custom software components, to provide protection to both Web-based and Java-based client and server applications.

  20. Do You Talk to Each Poster? Security and Privacy for Interactions with Web Service by Means of Contact Free Tag Readings

    Microsoft Academic Search

    Peter Schoo; Massimo Paolucci

    2009-01-01

    The pervasive service interaction (PERCI) application allows interaction with Web services through associated real world objects equipped with contact less tags. The tags are read with a mobile. The read tag content is used to invoke Web service in the back-end system. The case study presented here is identifying in a structured approach security and privacy requirements of an near

  1. Secure Coprocessors in Electronic Commerce Applications

    Microsoft Academic Search

    Bennet Yee J. D. Tygar

    1995-01-01

    Many researchers believe electronic wallets (secure storagedevices that maintain account balances) are the solutionto electronic commerce challenges. This paper arguesfor a more powerful model --- a secure coprocessor --- thatcan run a small operating system, run application programs,and also keep secure storage for cryptographickeys and balance information.We have built a system called Dyad, on top of a port ofthe Mach

  2. Secure Coprocessors in Electronic Commerce Applications

    Microsoft Academic Search

    Bennet Yee; J. D. Tygar

    1996-01-01

    Many researchers believe electronic wallets (secure stor- age devices that maintain account balances) are the solu- tion to electronic commerce challenges. This paper argues for a more powerful model — a secure coprocessor — that can run a small operating system, run application pro- grams, and also keep secure storage for cryptographic keys and balance information. We have built a

  3. An Empirical Study on the Security of Cross-Domain Policies in Rich Internet Applications

    E-print Network

    Markatos, Evangelos P.

    An Empirical Study on the Security of Cross-Domain Policies in Rich Internet Applications Georgios, in order to enrich user experience, led to the use of cross-domain policies by content providers. Cross-domain on the deployment and security issues of cross-domain policies in the web. Through the examination of a large set

  4. Where Did All the Data Go? Internet Security for Web-Based Assessments.

    ERIC Educational Resources Information Center

    Shermis, Mark D.; Averitt, Jason

    The purpose of this paper is to enumerate a series of security steps that might be taken by those individuals or organizations that are contemplating Web-based tests and performance assessments. From a security viewpoint, much of what goes on with Web-based transactions is similar to other general computer activity, but the recommendations focus…

  5. Geant4 application in a Web browser

    NASA Astrophysics Data System (ADS)

    Garnier, Laurent; Geant4 Collaboration

    2014-06-01

    Geant4 is a toolkit for the simulation of the passage of particles through matter. The Geant4 visualization system supports many drivers including OpenGL[1], OpenInventor, HepRep[2], DAWN[3], VRML, RayTracer, gMocren[4] and ASCIITree, with diverse and complementary functionalities. Web applications have an increasing role in our work, and thanks to emerging frameworks such as Wt [5], building a web application on top of a C++ application without rewriting all the code can be done. Because the Geant4 toolkit's visualization and user interface modules are well decoupled from the rest of Geant4, it is straightforward to adapt these modules to render in a web application instead of a computer's native window manager. The API of the Wt framework closely matches that of Qt [6], our experience in building Qt driver will benefit for Wt driver. Porting a Geant4 application to a web application is easy, and with minimal effort, Geant4 users can replicate this process to share their own Geant4 applications in a web browser.

  6. Development and Testing of Web GUI Application for the LHCb VELO Data Quality Monitoring System

    E-print Network

    Prykhodko, Pavlo; Collins, Paula

    A great interest of IT engineers at CERN is to simplify the access to the Data Quality Monitoring (DQM) applications that usually lay behind several layers of security firewalls. In order to make it simple and thus help to save time for the scientists who rely on this data, additional application for the Web had to be developed and tested. The goal of this thesis work was to develop such a Web DQM application for CERN. First, a Web Graphical User Interface (GUI) was developed. In parallel, an Apache server was installed and configured for testing. Moreover, software program called ROOTJS that processes and displays CERN data files on the Web was presented. Through this thesis project, new functionalities were developed to meet the requirements. Furthermore, the ROOTJS program was merged with the Web GUI application and series of tests were performed to showcase the capabilities of the application which was developed through this thesis work.

  7. Application commerce: Security challenges and workflows

    Microsoft Academic Search

    Vijay Anand; Jafar Saniie; Erdal Oruklu

    2011-01-01

    Application commerce refers to the economics related to the creation and distribution of software applications to the users of a computing platform. The need for a security infrastructure by the Application Programming Interface (API) makers for application commerce is necessitated by i) user privacy and trust concerns for the application, ii) the warranty concerns of the application maker, iii) the

  8. Reengineering Web Applications Based on Cloned Pattern Analysis

    Microsoft Academic Search

    Andrea De Lucia; Rita Francese; Giuseppe Scanniello; Genoveffa Tortora

    2004-01-01

    Web applications are subject to continuous and rapid evolution. Often it happens that programmers indiscriminately duplicate Web pages without considering systematic development and maintenance methods. This practice creates code clones that make Web applications hard to maintain and reuse. This paper presents an approach for reengineering Web applications based on clone analysis that aims at identifying and generalizing static and

  9. A FRAMEWORK FOR COLLECTING CLIENTSIDE PARADATA IN WEB APPLICATIONS

    E-print Network

    Bremen, Universität

    language JavaScript became the de facto standard for web applications. In the past, it was mainly used@cs.uni-duesseldorf.de ABSTRACT User behavior on web applications holds valuable information that can be used by web engineers and stores clients' behavior on web applications. The framework is implemented in JavaScript, PHP, and My

  10. On specifying security policies for web documents with an XML-based language

    Microsoft Academic Search

    Elisa Bertino; Silvana Castano; Elena Ferrari

    2001-01-01

    The rapid growth of the Web and the ease with which data can be accessed facilitate the distribution and sharing of information. Information dissemination often takes the form of documents that are made available at Web servers, or that are actively broadcasted by Web servers to interested clients. In this paper, we present an XML-compliant formalism for specifying security-related information

  11. Detective Browsers: A Software Technique to Improve Web Access Performance and Security

    Microsoft Academic Search

    Songqing Chen; Xiaodong Zhang

    The amount of dynamic Web contents and secured e- commerce transactions has been dramatically increasing in In- ternet where proxy servers between clients and Web servers are commonly used for the purpose of sharing commonly accessed data and reducing Internet traffic. A significant and unneces- sary Web access delay is caused by the overhead in proxy servers to process two

  12. Enforcing direct communications between clients and Web servers to improve proxy performance and security

    Microsoft Academic Search

    Songqing Chen; Xiaodong Zhang

    2004-01-01

    SUMMARY The amount of dynamic Web contents and secured e-commerce transactions has been dramatically increasing on the Internet, where proxy servers between clients and Web servers are commonly used for the purpose of sharing commonly accessed data and reducing Internet traffic. A significant and unnecessary Web access delay is caused by the overhead in proxy servers to process two types

  13. The Devil is Phishing: Rethinking Web Single Sign-On Systems Security (Extended Abstract)

    E-print Network

    Yue, Chuan

    The Devil is Phishing: Rethinking Web Single Sign-On Systems Security (Extended Abstract) Chuan Yue accounts. However, the large- scale threat from phishing attacks to real-world Web SSO systems has been unique in Web SSO phishing, (2) provide one example to illustrate how the identity providers (Id

  14. Robust image obfuscation for privacy protection in Web 2.0 applications

    NASA Astrophysics Data System (ADS)

    Poller, Andreas; Steinebach, Martin; Liu, Huajian

    2012-03-01

    We present two approaches to robust image obfuscation based on permutation of image regions and channel intensity modulation. The proposed concept of robust image obfuscation is a step towards end-to-end security in Web 2.0 applications. It helps to protect the privacy of the users against threats caused by internet bots and web applications that extract biometric and other features from images for data-linkage purposes. The approaches described in this paper consider that images uploaded to Web 2.0 applications pass several transformations, such as scaling and JPEG compression, until the receiver downloads them. In contrast to existing approaches, our focus is on usability, therefore the primary goal is not a maximum of security but an acceptable trade-off between security and resulting image quality.

  15. Towards a Formal Foundation of Web Security Devdatta Akhawe, Adam Barth, Peifung E. Lam, John Mitchell and Dawn Song

    E-print Network

    California at Irvine, University of

    Towards a Formal Foundation of Web Security Devdatta Akhawe, Adam Barth, Peifung E. Lam, John,abarth,dawnsong}@cs.berkeley.edu Stanford University {pflam,mitchell}@cs.stanford.edu Abstract--We propose a formal model of web security based on an abstraction of the web platform and use this model to analyze the security of several sample

  16. Building Dependable and Secure Web Services L. E. Moser,1 P. M. Melliar-Smith,1 and W. Zhao2

    E-print Network

    Zhao, Wenbing

    Building Dependable and Secure Web Services L. E. Moser,1 P. M. Melliar-Smith,1 and W. Zhao2 management for which there exist Web Services specifi- cations. We also present security technologies security technologies. We discuss how these technologies can be applied to the components of a typical Web

  17. DISC-SET: Handling temporal and security aspects in the Web services composition Ehtesham Zahoor, Olivier Perrin and Claude Godart

    E-print Network

    Paris-Sud XI, Université de

    DISC-SET: Handling temporal and security aspects in the Web services composition Ehtesham Zahoor, time-units and other) and security aspects (access control, confidentiality and others) for Web to be composed and as the Web services are autonomous, having local (temporal and security) constraints

  18. Decomposition and Abstraction of Web Applications for Web Service Extraction and Composition

    Microsoft Academic Search

    Michiaki Tatsubori; Kenichi Takahashi

    2006-01-01

    There are large demands for re-engineering human- oriented Web application systems for use as machine- oriented Web application systems, which are called Web Services. This paper describes a framework named H2W, which can be used for constructing Web Service wrappers from existing, multi-paged Web applications. H2W's contribution is mainly for service extraction, rather than for the widely studied problem of

  19. Performance Comparison of Web Services Security: Kerberos Token Profile Against X.509 Token Profile

    Microsoft Academic Search

    A. Moralis; Vassiliki Pouli; Mary Grammatikou; Symeon Papavassiliou; Vasilis Maglaris

    2007-01-01

    Web Services (WS) Security is the set of standards that provides means for applying security to WS. In this paper we present the performance of the WS Security Kerberos Token profile in contrast to the X.509 Token Profile. The measurements are based on the Apache wss4j library for the X.509 Token Profile and the extensions we have made on the

  20. Recent advancement in sensor web architectures and applications

    Microsoft Academic Search

    Lutful Karim; Nidal Nasser; Nargis Khan

    2009-01-01

    Wireless Sensor Networks (WSN) consist of thousands of spatially distributed, low cost, low energy, unattended, and resource constrained sensor nodes for environmental monitoring, pollution detections, battle field surveillance etc. A Sensor Web (SW) is a web-based WSN, where a web application works as a gateway between the WSN and Internet. The Web interface is connected to the World Wide Web

  1. ReSTful OSGi Web Applications Tutorial

    NASA Technical Reports Server (NTRS)

    Shams, Khawaja; Norris, Jeff

    2008-01-01

    This slide presentation accompanies a tutorial on the ReSTful (Representational State Transfer) web application. Using Open Services Gateway Initiative (OSGi), ReST uses HTTP protocol to enable developers to offer services to a diverse variety of clients: from shell scripts to sophisticated Java application suites. It also uses Eclipse for the rapid development, the Eclipse debugger, the test application, and the ease of export to production servers.

  2. Serving Embedded Content via Web Applications: Model, Design and Experimentation

    E-print Network

    Paris-Sud XI, Université de

    Serving Embedded Content via Web Applications: Model, Design and Experimentation Simon Duquennoy dedicated terminals. A new trend consists in embedding Web servers in small devices, making both access of embedded Web servers, and we introduce a taxonomy of the contents possi- bly served by Web applications

  3. Scrap Your Web Application Boilerplate or Metaprogramming with Row Types

    E-print Network

    Chlipala, Adam

    of programming language design is the history of finding better ways to let programmers write more exactly what development is particularly in­ teresting in this light. Web applications (``web apps'' for short that CGI is just one possible protocol for interfac­ ing web applications with web servers, and the fact

  4. Learning Effective Oracle Comparator Combinations for Web Applications

    Microsoft Academic Search

    Sara Sprenkle; Emily Hill; Lori Pollock

    2007-01-01

    Web application testers need automated, effective approaches to validate the test results of complex, evolving Web applications. In previous work, we developed a suite of automated oracle comparators that focus on specific characteristics of a Web application's HTML response. We found that oracle comparators' effectiveness depends on the application's behavior. We also found that by combining the results of two

  5. Secure coprocessing applications and research issues

    SciTech Connect

    Smith, S.W.

    1996-08-01

    The potential of secure coprocessing to address many emerging security challenges and to enable new applications has been a long-standing interest of many members of the Computer Research and Applications Group, including this author. The purpose of this paper is to summarize this thinking, by presenting a taxonomy of some potential applications and by summarizing what we regard as some particularly interesting research questions.

  6. AT&TWeb Application Today's organizations rely on Web applications

    E-print Network

    Fisher, Kathleen

    . Many compliance mandates including Payment Card Industry (PCI), Federal Financial Institutions Examination Council's (FFIEC), North American Electric Reliability Corporation (NERC), Critical Infrastructure effective than code audit alone · Provides visibility into Web application layer traffic · Reduces risk

  7. IBM Software IBM Security AppScan: Application

    E-print Network

    solutions specific to the challenges of application security that go beyond basic security testing to manageScan portfolio combines advanced security testing with the strengths of the IBM Rational® Application Lifecycle Security AppScan solutions to identify the latest threats with advanced security testing for application

  8. Web Based Training (WEB BT) TES employees can get free training on applications within

    E-print Network

    Tsien, Roger Y.

    Web Based Training (WEB BT) TES employees can get free training on applications within office, and Internet/Intranet skills. WEB BT allows you to conduct self-directed tutorials from any of the above for one tutorial per month. Hours WEB BT is available to temporary employees, in the TES Office, for up

  9. Automated Oracle Comparators for Testing Web Applications

    Microsoft Academic Search

    Sara Sprenkle; Lori Pollock; Holly Esquivel; Barbara Hazelwood; Stacey Ecott

    Software developers need automated techniques to main- tain the correctness of complex, evolving Web applications. While there has been success in automating some of the test- ing process for this domain, there exists little automated support for verifying that the executed test cases produce expected results. We assist in this tedious task by present- ing a suite of automated oracle

  10. Scalable query result caching for web applications

    Microsoft Academic Search

    Charles Garrod; Amit Manjhi; Anastasia Ailamaki; Bruce M. Maggs; Todd C. Mowry; Christopher Olston; Anthony Tomasic

    2008-01-01

    The backend database system is often the performance bot- tleneck when running web applications. A common ap- proach to scale the database component is query result cach- ing, but it faces the challenge of maintaining a high cache hit rate while eciently ensuring cache consistency as the database is updated. In this paper we introduce Ferdinand, the rst proxy-based cooperative

  11. Introducing haptic interactions in web application modeling

    Microsoft Academic Search

    Sara Comai; Davide Mazza

    2010-01-01

    Haptic devices, providing tactile feedback to the user, by applying forces, vibrations, and\\/or motions, are becoming a common way of user interaction in several fields of applications, from gaming, to mobile, automotive, etc. This innovative technology could be thought as suitable also for Web navigation in the near future, with haptic devices replacing mice and offering to the user a

  12. An Investigation of Cloning in Web Applications

    Microsoft Academic Search

    Damith C. Rajapakse; Stan Jarzabek

    2005-01-01

    Cloning (ad hoc reuse by duplication of design or code) speeds up development, but also hinders future maintenance. Cloning also hints at reuse opportunities that, if exploited systematically, might have positive impact on development and maintenance productivity. Unstable requirements and tight schedules pose unique challenges for Web Application engineering that encourage cloning. We are conducting a systematic study of cloning

  13. Virtual real-time inspection of nuclear material via VRML and secure web pages

    SciTech Connect

    Nilsen, C.; Jortner, J.; Damico, J.; Friesen, J.; Schwegel, J.

    1997-04-01

    Sandia National Laboratories` Straight Line project is working to provide the right sensor information to the right user to enhance the safety, security, and international accountability of nuclear material. One of Straight Line`s efforts is to create a system to securely disseminate this data on the Internet`s World-Wide-Web. To make the user interface more intuitive, Sandia has generated a three dimensional VRML (virtual reality modeling language) interface for a secure web page. This paper will discuss the implementation of the Straight Line secure 3-D web page. A discussion of the ``pros and cons`` of a 3-D web page is also presented. The public VRML demonstration described in this paper can be found on the Internet at the following address: http://www.ca.sandia.gov/NMM/. A Netscape browser, version 3 is strongly recommended.

  14. Securely Replicated Web Documents Bogdan C. Popescu Janek Sacha Maarten van Steen

    E-print Network

    van Steen, Maarten

    , Amsterdam, The Netherlands {bpopescu, jsacha, steen, crispo, ast, ikuz}@cs.vu.nl Abstract In order data integrity and secure nam- ing for Web content even when this content is replicated on untrusted

  15. Secure voice for mobile satellite applications

    NASA Technical Reports Server (NTRS)

    Vaisnys, Arvydas; Berner, Jeff

    1990-01-01

    The initial system studies are described which were performed at JPL on secure voice for mobile satellite applications. Some options are examined for adapting existing Secure Telephone Unit III (STU-III) secure telephone equipment for use over a digital mobile satellite link, as well as for the evolution of a dedicated secure voice mobile earth terminal (MET). The work has included some lab and field testing of prototype equipment. The work is part of an ongoing study at JPL for the National Communications System (NCS) on the use of mobile satellites for emergency communications. The purpose of the overall task is to identify and enable the technologies which will allow the NCS to use mobile satellite services for its National Security Emergency Preparedness (NSEP) communications needs. Various other government agencies will also contribute to a mobile satellite user base, and for some of these, secure communications will be an essential feature.

  16. Information security control in the application of grid security

    Microsoft Academic Search

    Yuan Jia-bin; Gu Kai-kai

    2007-01-01

    To improve the security of the information system, the information security control theory is studied. This paper introduces information security and automatic control theory, presents the information security control theory, traverses the characteristic of the information security control theory. This paper also analyses the security grid technology, introduces the information security control theory into the grid system, builds the security

  17. WebAppArmor: A Framework for Robust Prevention of Attacks on Web Applications (Invited Paper)

    Microsoft Academic Search

    V. N. Venkatakrishnan; Prithvi Bisht; Mike Ter Louw; Michelle Zhou; Kalpana Gondi; Karthik Thotta Ganesh

    2010-01-01

    \\u000a As the World Wide Web continues to evolve, the number of web-based attacks that target web applications is on the rise. Attacks\\u000a such as Cross-site Scripting (XSS), SQL Injection and Cross-site Request Forgery (XSRF) are among the topmost threats on the\\u000a Web, and defending against these attacks is a growing concern. In this paper, we describe WebAppArmor, a framework that

  18. Authorization schemes for large-scale systems based on Java, CORBA and Web security models

    Microsoft Academic Search

    Carla Merkle Westphall; Joni Da Silva Fraga

    1999-01-01

    This paper presents an authorization scheme for large-scale networks that involves programming models and tools represented by the Web, Java and CORBA. The authorization scheme is based on structures and concepts introduced in the Web, Java and CORBA for security. A discretionary prototype is presented here, where the solutions adopted involving a concrete scheme are discussed. This scheme was developed

  19. Top 10 Free Web-Mail Security Test Using Session Hijacking

    Microsoft Academic Search

    P. Noiumkar; T. Chomsiri

    2008-01-01

    This research presents the results of the experimental about security level of the top 10 popular free Web-mail. These 10 Web mails were hacked by means of session hijacking. The researcher conducted this experiment on the LAN system and used information capturing technique to gain cookies and session ID inside cookies. Then, hijacking was conducted by using two hijacking methods.

  20. Comparison of performance of Web services, WS-Security, RMI, and RMI-SSL

    Microsoft Academic Search

    Matjaz B. Juric; Ivan Rozman; Bostjan Brumen; Matjaz Colnaric; Marjan Hericko

    2006-01-01

    This article analyses two most commonly used distributed models in Java: Web services and RMI (Remote Method Invocation). The paper focuses on regular (unsecured) as well as on secured variants, WS-Security and RMI-SSL. The most important functional differences are identified and the performance on two operating systems (Windows and Linux) is compared. Sources of performance differences related to the architecture

  1. A Web-Based Secure System for the Distributed Printing of Documents and Images

    Microsoft Academic Search

    Ping Wah Wong; Daniel Tretter; Thomas Kite; Qian Lin; Hugh Nguyen

    1999-01-01

    We propose and consider a secure printing system for the distributed printing of documents and images over the World Wide Web. The main feature of the system is that it allows previewing and printing of selected documents and images, where only a certain number of hardcopies can be generated based on an agreed payment. The security of the system resides

  2. XPRIDE: Policy-Driven Web Services Security Based on XML Content

    Microsoft Academic Search

    Zein Radwan; Camille Gaspard; Ayman I. Kayssi; Ali Chehab

    2007-01-01

    In this paper we present XPRIDE as an efficient security architecture for assuring the confidentiality and integrity of the XML-based SOAP messages in Web Services. The policy-based approach employed in XPRIDE can be easily configured and modified to provide security according to the content and sensitivity of the data. Implementation shows that XPRIDE has considerable performance gains over existing bulk

  3. Mt-wave: profiling multi-tier web applications

    Microsoft Academic Search

    Anthony J. Arkles; Dwight J. Makaroff

    2011-01-01

    Modern web applications consist of many distinct services that collaborate to provide the full application functionality. To improve application performance, developers need to be able to identify the root cause of performance problems; identifying and fixing performance problems in these distributed, heterogeneous applications can be very difficult. As web applications become more complicated, the number of systems involved will continue

  4. Method of creating web services from web applications

    Microsoft Academic Search

    Yusuke Nakano; Yoji Yamato; Michiharu Takemoto; Hiroshi Sunaga

    2007-01-01

    Web 2.0 is becoming popular among people who are interested in creating or providing more useful services on the Internet. Mashup is one of the most important methods in Web 2.0, which creates services by combining components on the Internet, such as Web services. Mashup enables many people to create various services easily and use services created by many other

  5. Web Service-Security Specification based on Usability Criteria and Pattern Approach

    Microsoft Academic Search

    Ricardo Mendoza González; Miguel Vargas Martin; Jaime Muñoz Arteaga; Francisco J. Álvarez Rodríguez; Carlos Alberto Ochoa Ortíz Zezzatti

    2009-01-01

    A specification is provided in this paper to assist in the design of usable and secure web-services. In particular, this specification helps design an adequate security information feedback based on User Interface Patterns, the resulting visual feedback is then evaluated against a set of design\\/evaluation criteria called Human- Computer Interaction for Security (HCI-S). In addition we propose in a theoretical

  6. Justifying information security investments in web software: (Quantitative techno-business modeling approach)

    Microsoft Academic Search

    J. Zoric; A. Helme; H. Kvalheim; E. Sundve

    2010-01-01

    Security of services and platforms is a vital and complex aspect, which requires significant investments. We use a techno-business modeling (TBM) approach for analysis of service platform security, aiming at justifying the information security investments during the life-cycle of a web software platform. Techno-business environment influences the above-mentioned models and scenarios. It is analyzed by drivers and driver-based scenarios. The

  7. WIRM: An Open Source Toolkit for Building Biomedical Web Applications

    Microsoft Academic Search

    REX M. JAKOBOVITS; CORNELIUS ROSSE; JAMES F. B RINKLEY

    This article describes an innovative software toolkit that allows the creation of web applications that facilitate the acquisition, integration, and dissemination of multimedia bio- medical data over the web, thereby reducing the cost of knowledge sharing. There is a lack of high- level web application development tools suitable for use by researchers, clinicians, and educators who are not skilled programmers.

  8. Web-Based Resources and Applications: Quality and Influence

    ERIC Educational Resources Information Center

    Liu, Leping; Johnson, D. Lamont

    2005-01-01

    This paper evaluates the quality of two major types of Web resources for K-12 education --information for research, and interactive applications for teaching and learning. It discusses an evaluation on the quality of 1,025 pieces of Web information (articles, research reports, news, and statistics) and 900 Web applications (tutorials, drills,…

  9. The Webbridge Framework for Building Web-Based Agent Applications

    Microsoft Academic Search

    Alexander Pokahr; Lars Braubach

    2007-01-01

    Web applications represent an important category of appli- cations that owe much of their popularity to the ubiquitous accessibil- ity using standard web browsers. The complexity of web applications is steadily increasing since the inception of the Internet and the way it is perceived changes from a pure information source to a platform for ap- plications. In order to make

  10. ShadowCrypt: Encrypted Web Applications for Everyone UC Berkeley

    E-print Network

    Song, Dawn

    ShadowCrypt: Encrypted Web Applications for Everyone Warren He UC Berkeley -w@berkeley.edu Devdatta that enables encrypted input/output without trusting any part of the web ap- plications. ShadowCrypt allows users to transparently switch to encrypted input/output for text-based web applications. Shadow- Crypt

  11. A framework for 3D interactive applications on the web

    Microsoft Academic Search

    Tansel Halic; Woojin Ahn; Suvranu De

    2011-01-01

    Increasing capabilities of the latest web browsers have facilitated the accessibility, interoperability and mobility of the web. Platform-independent applications run directly through the web browser and a minimal operating system on various devices. It is now possible to develop complex computational environments including 3D graphics directly using the web browser. Recently, the emergence of the WebGL 3D graphics API's. coupled

  12. Implementing a secure client/server application

    SciTech Connect

    Kissinger, B.A.

    1994-08-01

    There is an increasing rise in attacks and security breaches on computer systems. Particularly vulnerable are systems that exchange user names and passwords directly across a network without encryption. These kinds of systems include many commercial-off-the-shelf client/server applications. A secure technique for authenticating computer users and transmitting passwords through the use of a trusted {open_quotes}broker{close_quotes} and public/private keys is described in this paper.

  13. Seaweed : a Web application for designing economic games

    E-print Network

    Chilton, Lydia B

    2009-01-01

    Seaweed is a web application for experimental economists with no programming background to design two-player symmetric games in a visual-oriented interface. Games are automatically published to the web where players can ...

  14. Adaptively Secure Garbling with Applications to One-Time Programs and Secure Outsourcing

    E-print Network

    Adaptively Secure Garbling with Applications to One-Time Programs and Secure Outsourcing Mihir) and secure outsourcing (Gennaro, Gentry, Parno 2010)-- need adaptive security, where x may depend on F. We for one- time programs and secure outsourcing, with privacy being the goal in the first case

  15. Evaluation of Classifiers: Practical Considerations for Security Applications

    E-print Network

    Baras, John S.

    Evaluation of Classifiers: Practical Considerations for Security Applications Alvaro A. C, biometrics and multimedia forensics. Measur- ing the security performance of these classifiers, or for comparing multiple classifiers. There are however relevant con- siderations for security related problems

  16. A visual environment for dynamic web application composition

    Microsoft Academic Search

    Kimihito Ito; Yuzuru Tanaka

    2003-01-01

    HTML-based interface technologies enable end-users to easily use various remote Web applications. However, it is difficult for end-users to compose new integrated tools of both existing Web applications and legacy local applications such as spreadsheets, chart tools and database. In this paper, the authors propose a new framework where end-users can wrap remote Web applications into visual components called pads,

  17. Automated Driver Generation for Analysis of Web Applications

    Microsoft Academic Search

    Oksana Tkachuk; Sreeranga P. Rajan

    2011-01-01

    \\u000a With web applications in high demand, one cannot underestimate the importance of their quality assurance process. Web applications\\u000a are open event-driven systems that take sequences of user events and produce changes in the user interface or the underlying\\u000a application. Web applications are difficult to test because the set of possible sequences of user inputs allowed by the interface\\u000a of a

  18. Dynamically accelerating client-side web applications through decoupled execution

    Microsoft Academic Search

    Mojtaba Mehrara; Scott A. Mahlke

    2011-01-01

    The emergence and wide adoption of web applications have moved the client-side component, often written in JavaScript, to the forefront of computing on the web. Web application developers try to move more computation to the client side to avoid unnecessary network traffic and make the applications more responsive. Therefore, JavaScript applications are becoming larger and more computation intensive. Trace-based just-in-time

  19. Recent advancements on the development of web-based applications for the implementation of seismic analysis and surveillance systems

    NASA Astrophysics Data System (ADS)

    Friberg, P. A.; Luis, R. S.; Quintiliani, M.; Lisowski, S.; Hunter, S.

    2014-12-01

    Recently, a novel set of modules has been included in the Open Source Earthworm seismic data processing system, supporting the use of web applications. These include the Mole sub-system, for storing relevant event data in a MySQL database (see M. Quintiliani and S. Pintore, SRL, 2013), and an embedded webserver, Moleserv, for serving such data to web clients in QuakeML format. These modules have enabled, for the first time using Earthworm, the use of web applications for seismic data processing. These can greatly simplify the operation and maintenance of seismic data processing centers by having one or more servers providing the relevant data as well as the data processing applications themselves to client machines running arbitrary operating systems.Web applications with secure online web access allow operators to work anywhere, without the often cumbersome and bandwidth hungry use of secure shell or virtual private networks. Furthermore, web applications can seamlessly access third party data repositories to acquire additional information, such as maps. Finally, the usage of HTML email brought the possibility of specialized web applications, to be used in email clients. This is the case of EWHTMLEmail, which produces event notification emails that are in fact simple web applications for plotting relevant seismic data.Providing web services as part of Earthworm has enabled a number of other tools as well. One is ISTI's EZ Earthworm, a web based command and control system for an otherwise command line driven system; another is a waveform web service. The waveform web service serves Earthworm data to additional web clients for plotting, picking, and other web-based processing tools. The current Earthworm waveform web service hosts an advanced plotting capability for providing views of event-based waveforms from a Mole database served by Moleserve.The current trend towards the usage of cloud services supported by web applications is driving improvements in JavaScript, css and HTML, as well as faster and more efficient web browsers, including mobile. It is foreseeable that in the near future, web applications are as powerful and efficient as native applications. Hence the work described here has been the first step towards bringing the Open Source Earthworm seismic data processing system to this new paradigm.

  20. Towards Practical Security Monitors of UML Policies for Mobile Applications

    Microsoft Academic Search

    Fabio Massacci; Katsiaryna Naliuka

    2007-01-01

    There is increasing demand for running interacting applications in a secure and controllable way on mobile devices. Such demand is not fully supported by the Java\\/.NET security model based on trust domains nor by current security monitors or language-based security approaches. We propose an approach that allows security policies that are i) expressive enough to capture multiple sessions and interacting

  1. WIRM: an open source toolkit for building biomedical web applications.

    PubMed

    Jakobovits, Rex M; Rosse, Cornelius; Brinkley, James F

    2002-01-01

    This article describes an innovative software toolkit that allows the creation of web applications that facilitate the acquisition, integration, and dissemination of multimedia biomedical data over the web, thereby reducing the cost of knowledge sharing. There is a lack of high-level web application development tools suitable for use by researchers, clinicians, and educators who are not skilled programmers. Our Web Interfacing Repository Manager (WIRM) is a software toolkit that reduces the complexity of building custom biomedical web applications. WIRM's visual modeling tools enable domain experts to describe the structure of their knowledge, from which WIRM automatically generates full-featured, customizable content management systems. PMID:12386108

  2. WIRM: An Open Source Toolkit for Building Biomedical Web Applications

    PubMed Central

    Jakobovits, Rex M.; Rosse, Cornelius; Brinkley, James F.

    2002-01-01

    This article describes an innovative software toolkit that allows the creation of web applications that facilitate the acquisition, integration, and dissemination of multimedia biomedical data over the web, thereby reducing the cost of knowledge sharing. There is a lack of high-level web application development tools suitable for use by researchers, clinicians, and educators who are not skilled programmers. Our Web Interfacing Repository Manager (WIRM) is a software toolkit that reduces the complexity of building custom biomedical web applications. WIRM’s visual modeling tools enable domain experts to describe the structure of their knowledge, from which WIRM automatically generates full-featured, customizable content management systems. PMID:12386108

  3. Profiling and accelerating string matching algorithms in three network content security applications

    Microsoft Academic Search

    Po-ching Lin; Zhi-xiang Li; Ying-dar Lin; Yuan-cheng Lai; Frank C. Lin

    2006-01-01

    The efficiency of string matching algorithms is essential for network con- tent security applications, such as intrusion detection systems, anti-virus sys- tems, and Web content filters. This work reviews typical algorithms and profiles their performance under various situations to study the influence of the number, the length, and the character distribution of the signatures on performance. This profiling can reveal

  4. A product-line architecture for web service-based visual composition of web applications

    Microsoft Academic Search

    Marcel Karam; Sergiu Dascalu; Haïdar Safa; Rami Santina; Zeina Koteiche

    2008-01-01

    A web service-based web application (WSbWA) is a collection of web services or reusable proven software parts that can be discovered and invoked using standard Internet protocols. The use of these web services in the development process of WSbWAs can help overcome many problems of software use, deployment and evolution. Although the cost-effective software engineering of WSbWAs is potentially a

  5. Security and Privacy for Web Databases and Services

    Microsoft Academic Search

    Elena Ferrari; Bhavani M. Thuraisingham

    2004-01-01

    \\u000a A semantic web can be thought of as a web that is highly intelligent and sophisticated and one needs little or no human intervention\\u000a to carry out tasks such as scheduling appointments, coordinating activities, searching for complex documents as well as integrating\\u000a disparate databases and information systems. While much progress has been made toward developing such an intelligent web,\\u000a there

  6. How to Make Personalized Web Browising Simple, Secure, and Anonymous

    Microsoft Academic Search

    Eran Gabber; Phillip B. Gibbons; Yossi Matias; Alain J. Mayer

    1997-01-01

    . An increasing number of web-sites require users to establishan account before they can access the information stored on that site("personalized web browsing"). Typically, the user is required to provideat least a unique username, a secret password and an e-mail address.Establishing accounts at multiple web-sites is a tedious task. A securityandprivacy-aware user may have to invent a distinct username and

  7. Use of a secure Internet Web site for collaborative medical research.

    PubMed

    Marshall, W W; Haley, R W

    2000-10-11

    Researchers who collaborate on clinical research studies from diffuse locations need a convenient, inexpensive, secure way to record and manage data. The Internet, with its World Wide Web, provides a vast network that enables researchers with diverse types of computers and operating systems anywhere in the world to log data through a common interface. Development of a Web site for scientific data collection can be organized into 10 steps, including planning the scientific database, choosing a database management software system, setting up database tables for each collaborator's variables, developing the Web site's screen layout, choosing a middleware software system to tie the database software to the Web site interface, embedding data editing and calculation routines, setting up the database on the central server computer, obtaining a unique Internet address and name for the Web site, applying security measures to the site, and training staff who enter data. Ensuring the security of an Internet database requires limiting the number of people who have access to the server, setting up the server on a stand-alone computer, requiring user-name and password authentication for server and Web site access, installing a firewall computer to prevent break-ins and block bogus information from reaching the server, verifying the identity of the server and client computers with certification from a certificate authority, encrypting information sent between server and client computers to avoid eavesdropping, establishing audit trails to record all accesses into the Web site, and educating Web site users about security techniques. When these measures are carefully undertaken, in our experience, information for scientific studies can be collected and maintained on Internet databases more efficiently and securely than through conventional systems of paper records protected by filing cabinets and locked doors. JAMA. 2000;284:1843-1849. PMID:11025839

  8. Component architecture for web based EMR applications.

    PubMed Central

    Berkowicz, D. A.; Barnett, G. O.; Chueh, H. C.

    1998-01-01

    The World Wide Web provides the means for the collation and display of disseminated clinical information of use to the healthcare provider. However, the heterogeneous nature of clinical data storage and formats makes it very difficult for the physician to use one consistent client application to view and manipulate information. Similarly, developers are faced with a multitude of possibilities when creating interfaces for their users. A single patients records may be distributed over a number of different record keeping systems, and/or a physician may see patients whose individual records are stored at different sites. Our goal is to provide the healthcare worker with a consistent application interface independent of the parent database and at the same time allow developers the opportunity to customize the GUI in a well controlled, stable application environment. PMID:9929193

  9. A performance-oriented interface design model of web applications

    Microsoft Academic Search

    Razale Ibrahim; Rozilawati Razali

    2011-01-01

    Web-based applications are task-oriented software that is accessed through a web browser and connected to a Hypertext Transfer Protocol (HTTP) for data communication. Nowadays, web-based applications have become much more complex as their operations are beyond simple browsing of information. The applications include not only HyperText Markup Language (HTML) files but also other components such as images and objects on

  10. Using The GSM\\/UMTS SIM to Secure Web Services

    Microsoft Academic Search

    John A. Macdonald; Chris J. Mitchell

    2005-01-01

    In this paper we present a mobile operator endorsed authentication and payment platform for the consumption of Web services by a mobile station. We propose a protocol where the mobile operator plays the role of dusted third party to issue authentication and authenticated payment authorisation tokens to facilitate a transaction between a mobile station and a Web service provider. We

  11. Web administered pre\\/post assessment: reliability, compliance and security

    Microsoft Academic Search

    Scott W. Bonham

    2006-01-01

    Pre\\/post assessment measures learning by comparing assessment performance before and after instruction. Usually it is administered on paper during class, needing to be distributed, collected, graded and analyzed. Administration on the web outside class frees up class time and automates many steps. However, this switch to unproctored web administration raises questions. Will the results be as reliable? Will students take

  12. Piazza: data management infrastructure for semantic web applications

    Microsoft Academic Search

    Alon Y. Halevy; Zachary G. Ives; Peter Mork; Igor Tatarinov

    2003-01-01

    The Semantic Web envisions a World Wide Web in which data is described with rich semantics and applications can pose complex queries. To this point, researchers have defined new languages for specifying meanings for concepts and developed techniques for reasoning about them, using RDF as the data model. To flourish, the Semantic Web needs to be able to accommodate the

  13. A personal agent application for the semantic web Subhash Kumar

    E-print Network

    Finin, Tim

    A personal agent application for the semantic web Subhash Kumar , Anugeetha Kunjithapatham, Mithun University of Maryland Baltimore County Baltimore MD 21250 USA Abstract The Semantic Web is a vision agents and in particular personal assistants that can better function and thrive on the Semantic Web than

  14. 3 Ontology-based Information Visualization: Towards Semantic Web Applications

    E-print Network

    van Harmelen, Frank

    3 Ontology-based Information Visualization: Towards Semantic Web Applications Christiaan Fluit, Marta Sabou and Frank van Harmelen 3.1 Introduction The Semantic Web is an extension of the current yet unheard of. Rather than being merely a vision, the Semantic Web has significant backing from

  15. Highlights Lotus Web Content Management Better integration with enterprise applications

    E-print Network

    on IT · IT is burdened with managing web sites and share LOB responsibilities ­ affects both IT's and the business skills in IBM's 57 development labs ... has deep technical skills in the Lotus and WebSphere PortalHighlights Lotus Web Content Management · Better integration with enterprise applications · Better

  16. A Framework for Effective Commercial Web Application Development.

    ERIC Educational Resources Information Center

    Lu, Ming-te; Yeung, Wing-lok

    1998-01-01

    Proposes a framework for commercial Web application development based on prior research in hypermedia and human-computer interfaces. First, its social acceptability is investigated. Next, economic, technical, operational, and organizational viability are examined. For Web-page design, the functionality and usability of Web pages are considered.…

  17. COMPARABILITY: THE KEY TO THE APPLICABILITY OF FOOD WEB RESEARCH

    Microsoft Academic Search

    F. JORDÁN

    2003-01-01

    However food webs have always been considered as a central issue of ecology, their value and usefulness are frequently questioned. In this paper, I overview some causes of this skepticism and discuss in which cases two or more food webs can be compared. I suggest that the comparability of different food webs is a key to possible applications. I show

  18. MEMS and MOEMS for national security applications

    NASA Astrophysics Data System (ADS)

    Scott, Marion W.

    2003-01-01

    Major opportunities for microsystem insertion into commercial applications, such as telecommunications and medical prosthesis, are well known. Less well known are applications that ensure the security of our nation, the protection of its armed forces, and the safety of its citizens. Microsystems enable entirely new possibilities to meet National Security needs, which can be classed along three lines: anticipating security needs and threats, deterring the efficacy of identified threats, and defending against the application of these threats. In each of these areas, specific products that are enabled by MEMS and MOEMS are discussed. In the area of anticipating needs and threats, sensored microsystems designed for chem/bio/nuclear threats, and sensors for border and asset protection can significantly secure our borders, ports, and transportation systems. Key features for these applications include adaptive optics and spectroscopic capabilities. Microsystems to monitor soil and water quality can be used to secure critical infrastructure, food safety can be improved by in-situ identification of pathogens, and sensored buildings can ensure the architectural safety of our homes and workplaces. A challenge to commercializing these opportunities, and thus making them available for National Security needs, is developing predictable markets and predictable technology roadmaps. The integrated circuit manufacturing industry provides an example of predictable technology maturation and market insertion, primarily due to the existence of a "unit cell" that allows volume manufacturing. It is not clear that microsystems can follow an analogous path. The possible paths to affordable low-volume production, as well as the prospects of a microsystems unit cell, are discussed.

  19. APFEL Web: a web-based application for the graphical visualization of parton distribution functions

    NASA Astrophysics Data System (ADS)

    Carrazza, Stefano; Ferrara, Alfio; Palazzo, Daniele; Rojo, Juan

    2015-05-01

    We present APFEL Web, a Web-based application designed to provide a flexible user-friendly tool for the graphical visualization of parton distribution functions. In this note we describe the technical design of the APFEL Web application, motivating the choices and the framework used for the development of this project. We document the basic usage of APFEL Web and show how it can be used to provide useful input for a variety of collider phenomenological studies. Finally we provide some examples showing the output generated by the application.

  20. Security Ontology Proposal for Mobile Applications

    Microsoft Academic Search

    Sofien Beji; Nabil El-Kadhi

    2009-01-01

    Mobility is an emerging area that comes up with several technologies and stakeholders. Dealing with the security requirement for mobile applications means acquiring all the knowledge and the available technologies for the design and deployment of a reliable and usable countermeasure. Not only the field lacks of standards but also requires several quality constraints. To assist developers to face such

  1. Photonic sensor applications in transportation security

    Microsoft Academic Search

    David A. Krohn

    2007-01-01

    There is a broad range of security sensing applications in transportation that can be facilitated by using fiber optic sensors and photonic sensor integrated wireless systems. Many of these vital assets are under constant threat of being attacked. It is important to realize that the threats are not just from terrorism but an aging and often neglected infrastructure. To specifically

  2. Video motion detection for physical security applications

    SciTech Connect

    Matter, J.C.

    1990-01-01

    Physical security specialists have been attracted to the concept of video motion detection for several years. Claimed potential advantages included additional benefit from existing video surveillance systems, automatic detection, improved performance compared to human observers, and cost effectiveness. In recent years significant advances in image processing dedicated hardware and image analysis algorithms and software have accelerated the successful application of video motion detection systems to a variety of physical security applications. Currently Sandia is developing several advanced systems that employ image processing techniques for a broader set of safeguards and security applications. TCATS (Target Cueing and Tracking System) uses a set of powerful, flexible, modular algorithms and software to alarm on purposeful target motion. Custom TCATS hardware optimized for perimeter security applications is currently being evaluated with video input. VISDTA (Video Imaging System for Detection, Tracking, and Assessment) uses some of the same TCATS algorithms and operates with a thermal imager input. In the scan mode, VISDTA detects changes in a scene from the previous image at a given scan point; in the stare mode, VISDTA detects purposeful motion similar to TCATS.

  3. Web-based IDE to create Model and Controller Components for MVC-based Web Applications on Presented to

    E-print Network

    Pollett, Chris

    Web-based IDE to create Model and Controller Components for MVC-based Web Applications on Cake and Controller Components for MVC-based Web Applications on CakePHP by Sugiharto Widjaja The purpose users to easily create the Model and Controller components for MVC-based Web applications on Cake

  4. Irradiation applications for homeland security

    NASA Astrophysics Data System (ADS)

    Desrosiers, Marc F.

    2004-09-01

    In October 2001, first-class mail laced with anthrax was sent to political and media targets resulting in several deaths, illnesses, significant mail-service disruption, and economic loss. The White House Office of Science and Technology Policy established a technical task force on mail decontamination that included three key agencies: National Institute of Standards and Technology with responsibility for radiation dosimetry and coordinating and performing experiments at industrial accelerator facilities; the Armed Forces Radiobiology Research Institute with responsibility for radiobiology; and the US Postal Service with responsibility for radiation-processing quality assurance and quality control. An overview of the anthrax attack decontamination events will be presented as well as expectations for growth in this area and the prospects of other homeland security areas where irradiation technology can be applied.

  5. A fuzzy outranking approach in risk analysis of web service security

    Microsoft Academic Search

    Ping Wang; Kuo-ming Chao; Chi-chun Lo; Chun-lung Huang; Muhammad Younas

    2007-01-01

    Risk analysis is considered as an important process to identify the known and potential vulnerabilities and threats in the\\u000a web services security. It is quite difficult for users to collect adequate events to estimate the full vulnerabilities and\\u000a probability of threats in the Web, due to the rapid change of the malicious attacks and the new computer’s vulnerabilities.\\u000a In this

  6. Microcontroller-Based AWGNG for Security Enhancement of Embedded Real-Time Web Services

    Microsoft Academic Search

    Behnam Rahnama; Atilla Elçi; Ramin Bakhshi; Alirad Malek; Arjang Ahmadi

    2009-01-01

    In this paper, a microcontroller-based Additive White Gaussian Noise Generator (AWGNG) for security enhancement of embedded real-time web services running on embedded boards is presented. The scheme utilizes combination of Windows Embedded Standard based Web Service on Vortex86 based embedded system connected to Atmega128 microcontroller generating Additive White Gaussian Noise stream. The real time generated stream can be used as

  7. WEB DEVELOPMENT EVOLUTION: THE BUSINESS PERSPECTIVE ON SECURITY

    Microsoft Academic Search

    William Bradley Glisson; L. Milton Glisson; Ray Welland

    Protection of data, information, and knowledge is a hot topic in today's business environment. Societal, legislative and consumer pressures are forcing companies to examine business strategies, modify processes and acknowledge security to accept and defend accountability. Research indicates that a significant portion of the financial losses is due to straight forward software design errors. Security should be addressed throughout the

  8. From wheels to webs: Reconstructing Asia?pacific security arrangements

    Microsoft Academic Search

    Dennis C. Blair; John T. Hanley Jr

    2001-01-01

    The commander?in?chief of U.S. Pacific Command (CINCPAC) outlines the new U.S. regional security strategy. The United States is building on the hub?and?spoke arrangement of bilateral alliances to form “security communities” of states with shared interests.

  9. The Bioverse API and Web Application

    SciTech Connect

    Guerquin, Michal; McDermott, Jason E.; Frazier, Zach; Samudrala, Ram

    2009-04-20

    The Bioverse is a framework for creating, warehousing and presenting biological information based on hierarchical levels of organisation. The framework is guided by a deeper philosophy of desiring to represent all relationships between all components of biological systems towards the goal of a wholistic picture of organismal biology. Data from various sources is combined into a single repository and a uniform interface is exposed to access it. The power of the approach of the Bioverse is that, due to its inclusive nature, patterns emerge from the acquired data and new predictions are made. The implementation of this repository (beginning with acquisition of source data, processing in a pipeline and concluding with storage in a relational database) and interfaces to the data contained in it, from a programmatic application interface to a user friendly web application, are discussed

  10. Towards Practical Security Monitors of UML Policies for Mobile Applications

    E-print Network

    Massacci, Fabio

    Towards Practical Security Monitors of UML Policies for Mobile Applications Fabio Massacci to the applications after it read some sensitive information. Equipping every mobile device with a security system@dit.unitn.it Abstract--There is increasing demand for running interacting applications in a secure and controllable way

  11. A Study of CAPTCHAs for Securing Web Services

    E-print Network

    Banday, M Tariq

    2011-01-01

    Atomizing various Web activities by replacing human to human interactions on the Internet has been made indispensable due to its enormous growth. However, bots also known as Web-bots which have a malicious intend and pretending to be humans pose a severe threat to various services on the Internet that implicitly assume a human interaction. Accordingly, Web service providers before allowing access to such services use various Human Interaction Proof's (HIPs) to authenticate that the user is a human and not a bot. Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is a class of HIPs tests and are based on Artificial Intelligence. These tests are easier for humans to qualify and tough for bots to simulate. Several Web services use CAPTCHAs as a defensive mechanism against automated Web-bots. In this paper, we review the existing CAPTCHA schemes that have been proposed or are being used to protect various Web services. We classify them in groups and compare them with each other i...

  12. Photonic sensor applications in transportation security

    NASA Astrophysics Data System (ADS)

    Krohn, David A.

    2007-09-01

    There is a broad range of security sensing applications in transportation that can be facilitated by using fiber optic sensors and photonic sensor integrated wireless systems. Many of these vital assets are under constant threat of being attacked. It is important to realize that the threats are not just from terrorism but an aging and often neglected infrastructure. To specifically address transportation security, photonic sensors fall into two categories: fixed point monitoring and mobile tracking. In fixed point monitoring, the sensors monitor bridge and tunnel structural health and environment problems such as toxic gases in a tunnel. Mobile tracking sensors are being designed to track cargo such as shipboard cargo containers and trucks. Mobile tracking sensor systems have multifunctional sensor requirements including intrusion (tampering), biochemical, radiation and explosives detection. This paper will review the state of the art of photonic sensor technologies and their ability to meet the challenges of transportation security.

  13. WebViz: A web browser based application for collaborative analysis of 3D data

    NASA Astrophysics Data System (ADS)

    Ruegg, C. S.

    2011-12-01

    In the age of high speed Internet where people can interact instantly, scientific tools have lacked technology which can incorporate this concept of communication using the web. To solve this issue a web application for geological studies has been created, tentatively titled WebViz. This web application utilizes tools provided by Google Web Toolkit to create an AJAX web application capable of features found in non web based software. Using these tools, a web application can be created to act as piece of software from anywhere in the globe with a reasonably speedy Internet connection. An application of this technology can be seen with data regarding the recent tsunami from the major japan earthquakes. After constructing the appropriate data to fit a computer render software called HVR, WebViz can request images of the tsunami data and display it to anyone who has access to the application. This convenience alone makes WebViz a viable solution, but the option to interact with this data with others around the world causes WebViz to be taken as a serious computational tool. WebViz also can be used on any javascript enabled browser such as those found on modern tablets and smart phones over a fast wireless connection. Due to the fact that WebViz's current state is built using Google Web Toolkit the portability of the application is in it's most efficient form. Though many developers have been involved with the project, each person has contributed to increase the usability and speed of the application. In the project's most recent form a dramatic speed increase has been designed as well as a more efficient user interface. The speed increase has been informally noticed in recent uses of the application in China and Australia with the hosting server being located at the University of Minnesota. The user interface has been improved to not only look better but the functionality has been improved. Major functions of the application are rotating the 3D object using buttons. These buttons have been replaced with a new layout that is easier to understand the function and is also easy to use with mobile devices. With these new changes, WebViz is easier to control and use for general use.

  14. Key Dependent Message Security: Recent Results and Applications

    E-print Network

    Malkin, Tal

    protocols. For instance, this notion is used in an anonymous credential system [17], where a KDM secureKey Dependent Message Security: Recent Results and Applications Tal Malkin Columbia University tal) secure if it is secure even against an attacker who has access to encryptions of messages which depend

  15. A mobile application framework for the geospatial web

    Microsoft Academic Search

    Rainer Simon; Peter Fröhlich

    2007-01-01

    In this paper we present an application framework that leverages geospatial content on the World Wide Web by enabling innovative modes of interaction and novel types of user interfaces on advanced mobile phones and PDAs. We discuss the current development steps involved in building mobile geospatial Web applications and derive three technological pre-requisites for our framework: spatial query operations based

  16. Web Applications ? Spaghetti Code for the 21st Century

    Microsoft Academic Search

    Tommi Mikkonen; Antero Taivalsaari

    2008-01-01

    The software industry is currently in the middle of a paradigm shift. Applications are increas- ingly written for the World Wide Web rather than for any specific type of an operating system, computer or device. Unfortunately, the technologies used for web application development today violate well-known software engineering principles. Furthermore,they have reintroduced problems that had already been eliminated years ago

  17. Video motion detection for physical security applications

    SciTech Connect

    Matter, J.C. (Sandia National Lab., Albuquerque, NM (United States))

    1990-01-01

    Physical security specialists have been attracted to the concept of video motion detection for several years. Claimed potential advantages included additional benefit from existing video surveillance systems, automatic detection, improved performance compared to human observers, and cost-effectiveness. In recent years, significant advances in image-processing dedicated hardware and image analysis algorithms and software have accelerated the successful application of video motion detection systems to a variety of physical security applications. Early video motion detectors (VMDs) were useful for interior applications of volumetric sensing. Success depended on having a relatively well-controlled environment. Attempts to use these systems outdoors frequently resulted in an unacceptable number of nuisance alarms. Currently, Sandia National Laboratories (SNL) is developing several advanced systems that employ image-processing techniques for a broader set of safeguards and security applications. The Target Cueing and Tracking System (TCATS), the Video Imaging System for Detection, Tracking, and Assessment (VISDTA), the Linear Infrared Scanning Array (LISA); the Mobile Intrusion Detection and Assessment System (MIDAS), and the Visual Artificially Intelligent Surveillance (VAIS) systems are described briefly.

  18. 20 CFR 703.203 - Application for security deposit determination; information to be submitted; other requirements.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ...false Application for security deposit determination; information to be submitted; other... Insurance Carrier Security Deposit Requirements...203 Application for security deposit determination; information to be submitted;...

  19. 20 CFR 703.203 - Application for security deposit determination; information to be submitted; other requirements.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ...false Application for security deposit determination; information to be submitted; other... Insurance Carrier Security Deposit Requirements...203 Application for security deposit determination; information to be submitted;...

  20. 20 CFR 703.203 - Application for security deposit determination; information to be submitted; other requirements.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ...false Application for security deposit determination; information to be submitted; other... Insurance Carrier Security Deposit Requirements...203 Application for security deposit determination; information to be submitted;...

  1. Where Did All the Data Go? Internet Security for Web-based Assessments.

    ERIC Educational Resources Information Center

    Shermis, Mark D.; Averitt, Jason

    2002-01-01

    Outlines a series of security steps that might be taken by researchers or organizations that are contemplating Web-based tests and performance assessments. Focuses on what can be done to avoid the loss, compromising, or modification of data collected by or stored through the Internet. (SLD)

  2. An XML-based approach to combine firewalls and web services security specifications

    Microsoft Academic Search

    Marco Cremonini; Sabrina De Capitani di Vimercati; Ernesto Damiani; Pierangela Samarati

    2003-01-01

    The Web Services Architecture (WSA) defines a comprehensive model for service-oriented interactions among endpoints over a private network or the Internet. Since the many opportunities for better interacting services and the provision of richer functionality, crossing the boundary of organizations many standard proposals addressing different aspects of such interaction model are appearing. In this paper, we analyze the security requirements

  3. A Hybrid Web Based Personal Health Record System Shielded with Comprehensive Security

    Microsoft Academic Search

    Jennifer Israelson; Ebru Celikel Cankaya

    2012-01-01

    We present the design and development of a hybrid, web-based scheme for creating, maintaining and sharing personal health records (PHRs) with embedded security. We adopt a hybrid approach to processing PHRs and present a prototype called Personal Health Manager (PHM) that is based on this hybrid model. PHRs in the PHM prototype are owned by patients but updated by medical

  4. SessionJuggler: Secure Web Login From an Untrusted Terminal Using Session Hijacking

    E-print Network

    Boneh, Dan

    . Instead, users log in to a web site using a smartphone app and then transfer the entire session, including Keywords Mobile, session hijacking, secure login, cookies 1. INTRODUCTION It is well known that password authentication is vulnerable to malware on the client's computer and that users logging in from untrusted

  5. Pervasive Home Security: An Intelligent Domotics Application

    Microsoft Academic Search

    Vincenza Carchiolo; Alessandro Longheu; Michele Malgeri; Giuseppe Mangioni; Danilo Torrisi

    \\u000a The pervasive computing paradigm promotes new applications in several scenarios. Among these, domotics is receiving a considerable\\u000a attention. This work presents an intelligent and pervasive surveillance system for home and corporate security based on the\\u000a ZigBee protocol which detects and classifies intrusions discarding false positives, also providing remote control and cameras\\u000a live streaming. Results of tests in different environments show

  6. Providing Web Service Security in a Federated Environment

    Microsoft Academic Search

    Lori L. Delooze

    2007-01-01

    One of the Internet's biggest successes has been the automation of the travel-reservation system. Travelocity, Expedia, and Orbitz have all thrived in a fickle economic sector. The key to their success is Web services, which are exploding across government and industry. A business federation is very similar to a political federation, which is a union of self-governing states united by

  7. Building Trust Through Secure Web Sites. The Systems Librarian

    ERIC Educational Resources Information Center

    Breeding, Marshall

    2005-01-01

    Who can be trusted on the Web? These days, with identity theft seemingly rampant, it's more important than ever to take all possible measures to protect privacy and to shield personal information from those who might not have good intentions. Today, librarians also have to take reasonable precautions to ensure that the online services that they…

  8. @Yuan Xue (yuan.xue@vanderbilt.edu) Web Security

    E-print Network

    .xue@vanderbilt.edu) Case Study Bob sells BatLab on Internet Software License Alice buys BatLab via Web Credit card.xue@vanderbilt.edu) Full version of SSL SSL session vs. SSL connection Session state Session ID Master secret key Cipher

  9. Simple Security Policy for the Web Terri Kimiko Oda

    E-print Network

    Somayaji, Anil

    were a siege, the attackers would be winning: it is relatively easy to compro- mise a site attacks in order to level the playing field. In this thesis, I demonstrate how several facets of the web and this work, but in providing insights into graphic design, infographics, sharks, ponies, and totally

  10. From Web Sites to Web Applications: New Issues for Conceptual Modeling

    Microsoft Academic Search

    Luciano Baresi; Franca Garzotto; Paolo Paolini

    2000-01-01

    E-commerce, web-based booking systems, and on-line auction sys- tems are only a few examples that demonstrate how WWW sites are evolving from hypermedia information repositories to hypermedia distributed applica- tions, hereafter web applications. They blend navigation and browsing capabili- ties, common features of hypermedia, with \\

  11. INSTITUTE FOR CYBER SECURITY Application-Centric Security

    E-print Network

    Sandhu, Ravi

    .g. vulnerability analysis, penetration testing, protocol proofs, security properties, etc.) Layered software stacks protocols, etc. in a real Enforcement level security analysis (e.g. safe approximations with respect to network latency, protocol proofs, security properties, etc.) Technologies and standards such as SOA, Cloud

  12. Speeding up Secure Web Transactions Using Elliptic Curve Cryptography

    Microsoft Academic Search

    Vipul Gupta; Douglas Stebila; Stephen Fung; Sheueling Chang Shantz; Nils Gura; Hans Eberle

    2004-01-01

    Elliptic Curve Cryptography (ECC) is emerging as an attractive alternative to traditional public-key cryptosys- tems (RSA, DSA, DH). ECC offers equivalent security with smaller key sizes resulting in faster computations, lower power consumption, as well as memory and bandwidth sav- ings. While these characteristics make ECC especially ap- pealing for mobile devices, they can also alleviate the com- putational burden

  13. Creating Web-Based Scientific Applications Using Java Servlets

    NASA Technical Reports Server (NTRS)

    Palmer, Grant; Arnold, James O. (Technical Monitor)

    2001-01-01

    There are many advantages to developing web-based scientific applications. Any number of people can access the application concurrently. The application can be accessed from a remote location. The application becomes essentially platform-independent because it can be run from any machine that has internet access and can run a web browser. Maintenance and upgrades to the application are simplified since only one copy of the application exists in a centralized location. This paper details the creation of web-based applications using Java servlets. Java is a powerful, versatile programming language that is well suited to developing web-based programs. A Java servlet provides the interface between the central server and the remote client machines. The servlet accepts input data from the client, runs the application on the server, and sends the output back to the client machine. The type of servlet that supports the HTTP protocol will be discussed in depth. Among the topics the paper will discuss are how to write an http servlet, how the servlet can run applications written in Java and other languages, and how to set up a Java web server. The entire process will be demonstrated by building a web-based application to compute stagnation point heat transfer.

  14. Web Application Design Using Server-Side JavaScript

    SciTech Connect

    Hampton, J.; Simons, R.

    1999-02-01

    This document describes the application design philosophy for the Comprehensive Nuclear Test Ban Treaty Research & Development Web Site. This design incorporates object-oriented techniques to produce a flexible and maintainable system of applications that support the web site. These techniques will be discussed at length along with the issues they address. The overall structure of the applications and their relationships with one another will also be described. The current problems and future design changes will be discussed as well.

  15. Detecting Concurrency Errors in Client-side JavaScript Web Applications

    E-print Network

    Detecting Concurrency Errors in Client-side JavaScript Web Applications Shin Hong, Yongbae Park in client-side web applications written in JavaScript. WAVE generates various sequences of operations-world web applications. I. INTRODUCTION Web technologies including web browsers, JavaScript, and client

  16. Quantifying the Attack Surface of a Web Application

    Microsoft Academic Search

    Thomas Heumann; Sven Türpe; Jörg Keller

    2010-01-01

    The attack surface of a system represents the exposure of application objects to attackers and is affected primarily by architecture and design decisions. Given otherwise consistent conditions, reducing the attack surface of a system or an application is expected to reduce its overall vulnerability. So far, only systems have been considered but not single applications. As web applications provide a

  17. Transforming Legacy Web Applications to the MVC Architecture

    Microsoft Academic Search

    Yu Ping; Kostas Kontogiannis; Terence C. Lau

    2003-01-01

    With the rapid changes that occur in the area of Web technologies, the porting and adaptation of existing Web applications into new platforms that take advantage of modern technologies has become an issue of increasing importance. This paper presents a reengineering framework whose target system is an architecture based on the Model-View-Controller (MVC) design pattern and enabled for the Java™

  18. Bifocals: Analyzing WebView Vulnerabilities in Android Applications

    E-print Network

    Wagner, David

    branches (e.g., Kindle Fire, Nook Tablet); and a score of competing platforms including iOS and WindowsBifocals: Analyzing WebView Vulnerabilities in Android Applications Erika Chin and David Wagner University of California, Berkeley {emc, daw}@cs.berkeley.edu Abstract. WebViews allow Android developers

  19. AJAXSearch: crawling, indexing and searching web 2.0 applications

    Microsoft Academic Search

    Cristian Duda; Gianni Frey; Donald Kossmann; Chong Zhou

    2008-01-01

    Current search engines such as Google and Yahoo! are prevalent for searching the Web. Search in dynamic pages, however, is ei- ther inexistent or far from perfect. AJAX and Rich Internet Ap- plication are such applications. They are increasingly frequent on the Web (in YouTube, Amazon, GMail, Yahoo!Mail) or mobile de- vices and are offering a high degree of interactivity

  20. DEVELOPING GIS VISUALIZATION WEB SERVICES FOR GEOPHYSICAL APPLICATIONS

    E-print Network

    DEVELOPING GIS VISUALIZATION WEB SERVICES FOR GEOPHYSICAL APPLICATIONS A. Sayar a,b. *, M. Pierce Commission II, WG II/2 KEY WORDS: GIS, Geophysics, Visualization, Internet/Web, Interoperability, Networks Information System (GIS) community. In this paper we will describe our group's efforts to implement GIS

  1. Web Applications: A Proposal to Improve Response Time and Its Application to MOODLE

    Microsoft Academic Search

    David Horat; Alexis Quesada-arencibia

    2009-01-01

    This paper covers some of the most advanced optimization techniques for web servers and web applications applied to a Modular\\u000a Object Oriented Distance Learning Environment based on PHP 5 and Apache 2.

  2. Application of Security Metrics in Auditing Computer Network Security: A Case Study

    Microsoft Academic Search

    Upeka Premaratne; Jagath Samarabandu; Tarlochan Sidhu; Bob Beresh; Jian-Cheng Tan

    2008-01-01

    This paper presents a case study of the application of security metrics to a computer network. A detailed survey is conducted on existing security metric schemes. The Mean Time to Compromise (MTTC) metric and VEA-bility metric are selected for this study. The input data for both metrics are obtained from a network security tool. The results are used to determine

  3. Security concept in 'MyAngelWeb((R))' a website for the individual patient at risk of emergency.

    PubMed

    Pinciroli; Nahaissi; Boschini; Ferrari; Meloni; Camnasio; Spaggiari; Carnerone

    2000-11-01

    We describe the Security Plan for the 'MyAngelWeb' service. The different actors involved in the service are subject to different security procedures. The core of the security system is implemented at the host site by means of a DBMS and standard Information Technology tools. Hardware requirements for sustainable security are needed at the web-site construction sites. They are not needed at the emergency physician's site. At the emergency physician's site, a two-way authentication system (password and test phrase method) is implemented. PMID:11154972

  4. Accelerators for Discovery Science and Security applications

    NASA Astrophysics Data System (ADS)

    Todd, A. M. M.; Bluem, H. P.; Jarvis, J. D.; Park, J. H.; Rathke, J. W.; Schultheiss, T. J.

    2015-05-01

    Several Advanced Energy Systems (AES) accelerator projects that span applications in Discovery Science and Security are described. The design and performance of the IR and THz free electron laser (FEL) at the Fritz-Haber-Institut der Max-Planck-Gesellschaft in Berlin that is now an operating user facility for physical chemistry research in molecular and cluster spectroscopy as well as surface science, is highlighted. The device was designed to meet challenging specifications, including a final energy adjustable in the range of 15-50 MeV, low longitudinal emittance (<50 keV-psec) and transverse emittance (<20 ? mm-mrad), at more than 200 pC bunch charge with a micropulse repetition rate of 1 GHz and a macropulse length of up to 15 ?s. Secondly, we will describe an ongoing effort to develop an ultrafast electron diffraction (UED) source that is scheduled for completion in 2015 with prototype testing taking place at the Brookhaven National Laboratory (BNL) Accelerator Test Facility (ATF). This tabletop X-band system will find application in time-resolved chemical imaging and as a resource for drug-cell interaction analysis. A third active area at AES is accelerators for security applications where we will cover some top-level aspects of THz and X-ray systems that are under development and in testing for stand-off and portal detection.

  5. Utilizing Output in Web Application Server-Side Testing

    E-print Network

    Harman, Mark

    empirical studies to implement and eval- uate the proposed approaches: SWAT (Search based Web Application. SWAT-U (SWAT-Uniqueness) augments test suites with test cases that produce outputs not observed

  6. Intrusion recovery for database-backed web applications

    E-print Network

    Chandra, Ramesh

    Warp is a system that helps users and administrators of web applications recover from intrusions such as SQL injection, cross-site scripting, and clickjacking attacks, while preserving legitimate user changes. Warp repairs ...

  7. NGL Viewer: a web application for molecular visualization.

    PubMed

    Rose, Alexander S; Hildebrand, Peter W

    2015-07-01

    The NGL Viewer (http://proteinformatics.charite.de/ngl) is a web application for the visualization of macromolecular structures. By fully adopting capabilities of modern web browsers, such as WebGL, for molecular graphics, the viewer can interactively display large molecular complexes and is also unaffected by the retirement of third-party plug-ins like Flash and Java Applets. Generally, the web application offers comprehensive molecular visualization through a graphical user interface so that life scientists can easily access and profit from available structural data. It supports common structural file-formats (e.g. PDB, mmCIF) and a variety of molecular representations (e.g. 'cartoon, spacefill, licorice'). Moreover, the viewer can be embedded in other web sites to provide specialized visualizations of entries in structural databases or results of structure-related calculations. PMID:25925569

  8. NGL Viewer: a web application for molecular visualization

    PubMed Central

    Rose, Alexander S.; Hildebrand, Peter W.

    2015-01-01

    The NGL Viewer (http://proteinformatics.charite.de/ngl) is a web application for the visualization of macromolecular structures. By fully adopting capabilities of modern web browsers, such as WebGL, for molecular graphics, the viewer can interactively display large molecular complexes and is also unaffected by the retirement of third-party plug-ins like Flash and Java Applets. Generally, the web application offers comprehensive molecular visualization through a graphical user interface so that life scientists can easily access and profit from available structural data. It supports common structural file-formats (e.g. PDB, mmCIF) and a variety of molecular representations (e.g. ‘cartoon, spacefill, licorice’). Moreover, the viewer can be embedded in other web sites to provide specialized visualizations of entries in structural databases or results of structure-related calculations. PMID:25925569

  9. Mobile Applications for Public Sector: Balancing Usability and Security

    Microsoft Academic Search

    Yuri NATCHETOI; Viktor KAUFMAN; Konstantin BEZNOSOV

    2008-01-01

    Development of mobile software applications for use in specific domains such as Public Security must conform to stringent security requirements. While mobile devices have many known limitations, assuring complex fine-grained security policies poses an additional challenge to quality mobile services and raises usability concerns. We address these challenges by means of a novel approach to authentication and gradual multi-factor authorization

  10. Big Ideas Paper: Enforcing End-to-end Application Security

    E-print Network

    Paris-Sud XI, Université de

    Big Ideas Paper: Enforcing End-to-end Application Security in the Cloud Jean Bacon1 , David Evans1 the risk of exacerbating an impedance mismatch with the security middleware. Not only do we want cloud failures. Fears about security can come from a lack of isolation. It is understood that cloud providers

  11. CS 6301-005: LBS Security Foundations

    E-print Network

    Hamlen, Kevin W.

    CS 6301-005: LBS Security Foundations Instructor: Dr. Kevin W. Hamlen Fall 2014 #12;A Web Security Scenario Client (web browser) Web Server #12;A Web Security Scenario Client (web browser) Web Server #12;A Web Security Scenario Client (web browser) Web Server Ad Network #12;A Web Security Scenario Client

  12. Device Independent Web Applications - The Author Once - Display Everywhere Approach

    Microsoft Academic Search

    Thomas Ziegert; Markus Lauff; Lutz Heuser

    2004-01-01

    \\u000a Building web applications for mobile and other non-desktop devices using established methods often requires a tremendous development\\u000a effort. One of the major challenges is to find sound software engineering approaches enabling the cost efficient application\\u000a development for multiple devices of varying technical characteristics. A new approach is to single author web content in a\\u000a device independent markup language, which gets

  13. WISE-CAPS: Web-Based Interactive Secure Environment for Collaborative Analysis of Planetary Science

    Microsoft Academic Search

    Junya Terazono; Ryosuke Nakamura; Shinsuke Kodama; Naotaka Yamamoto; Hirohide Demura; Naru Hirata; Yoshiko Ogawa; Jun’ichi Haruyama; Makiko Ohtake; Tsuneo Matsunaga

    2010-01-01

    \\u000a We are now developing Web-GIS based collaboration environment for lunar and planetary science. This system, called WISE-CAPS\\u000a aims for promotion of researchers’ collaboration and data sharing through the network. In WISE-CAPS, all data are stored in\\u000a server and data access to server is controlled with security modules of the server and control files. This system combines\\u000a easy-to-use user environment and

  14. Integrating Web Services and Intelligent Agents in Supply Chain for Securing Sensitive Messages

    Microsoft Academic Search

    Esmiralda Moradian

    2008-01-01

    Security is a global issue for today’s businesses that operate at the crossroads on multiple e-supply chains. Organizations\\u000a increasingly use agent technologies and web services that allow assembling unique business processes. Businesses share information\\u000a and manage electronic transactions with trading partners throughout the e-supply chains. The key factor in business success\\u000a is decisions made on the basis of correct information

  15. Development of a Web-based financial application System

    NASA Astrophysics Data System (ADS)

    Hasan, M. R.; Ibrahimy, M. I.; Motakabber, S. M. A.; Ferdaus, M. M.; Khan, M. N. H.; Mostafa, M. G.

    2013-12-01

    The paper describes a technique to develop a web based financial system, following latest technology and business needs. In the development of web based application, the user friendliness and technology both are very important. It is used ASP .NET MVC 4 platform and SQL 2008 server for development of web based financial system. It shows the technique for the entry system and report monitoring of the application is user friendly. This paper also highlights the critical situations of development, which will help to develop the quality product.

  16. A Secure Web Service-based Platform for Wireless Sensor Network Management and

    E-print Network

    Paris-Sud XI, Université de

    military applications to civilian ones, for security, home automation and health care... Up to now, most WSNs need to be interconnected with the existing IP networks and mainly Internet. This makes the data

  17. NEWT: A RESTful service for building High Performance Computing web applications

    Microsoft Academic Search

    Shreyas Cholia; David Skinner; Joshua Boverhof

    2010-01-01

    The NERSC Web Toolkit (NEWT) brings High Performance Computing (HPC) to the web through easy to write web applications. Our work seeks to make HPC resources more accessible and useful to scientists who are more comfortable with the web than they are with command line interfaces. The effort required to get a fully functioning web application is decreasing, thanks to

  18. Towards Practical Security Monitors of UML Policies for Mobile Applications

    Microsoft Academic Search

    Fabio Massacci; Katsiaryna Naliuka

    2008-01-01

    Abstract—There is increasing demand,for running,interacting applications in a secure and,controllable way,on mobile,devices. Such demand,is not fully supported,by the Java\\/.NET security model,based on trust domains,nor by current security monitors or language-based,security approaches. We propose,an approach that allows,security,policies that are i) expressive,enough,to capture multiple sessions and interacting applications, ii) suitable for efficient monitoring, iii) convenient for a developer to specify them. Since

  19. Interface Development for Hypermedia Applications in the Semantic Web

    Microsoft Academic Search

    Sabrina Silva De Moura; Daniel Schwabe

    2004-01-01

    The Semantic Web has been gaining increasing attention, spurr ing a large number of initiatives to design and implement applications in this environment. This paper proposes an approach to specifying the user interface to such applications, as part of the Semantic Hypermedia Design Method. It proposes the use of an Abstract Interface Ontology, which is mapped onto application elements on

  20. Secure Web-based Ground System User Interfaces over the Open Internet

    NASA Technical Reports Server (NTRS)

    Langston, James H.; Murray, Henry L.; Hunt, Gary R.

    1998-01-01

    A prototype has been developed which makes use of commercially available products in conjunction with the Java programming language to provide a secure user interface for command and control over the open Internet. This paper reports successful demonstration of: (1) Security over the Internet, including encryption and certification; (2) Integration of Java applets with a COTS command and control product; (3) Remote spacecraft commanding using the Internet. The Java-based Spacecraft Web Interface to Telemetry and Command Handling (Jswitch) ground system prototype provides these capabilities. This activity demonstrates the use and integration of current technologies to enable a spacecraft engineer or flight operator to monitor and control a spacecraft from a user interface communicating over the open Internet using standard World Wide Web (WWW) protocols and commercial off-the-shelf (COTS) products. The core command and control functions are provided by the COTS Epoch 2000 product. The standard WWW tools and browsers are used in conjunction with the Java programming technology. Security is provided with the current encryption and certification technology. This system prototype is a step in the direction of giving scientist and flight operators Web-based access to instrument, payload, and spacecraft data.

  1. Semantic Web Application Areas , C. Bussler2

    E-print Network

    Menczer, Filippo

    potential". Tim Berners-Lee, Director of the World Wide Web Consortium, referred to the future that extends far beyond current capabilities ([Berners-Lee et al., 2001], [Fensel & Musen, 2001]). The explicit

  2. A Large-scale System Authorization Scheme Proposal integrating Java, CORBA and Web Security Models and a Discretionary Prototype

    Microsoft Academic Search

    Carla Merkle Westphall; Joni da Silva Fraga

    1999-01-01

    This paper presents an a uthorization scheme for large-scale ne tworks that involves programming models and tools represented by Web, Java and CORBA. The authorization scheme is based on structures and concepts introduced in Web, Java and CORBA for security. A discretionary prototype is presented here, where the solutions adopted involving a concrete scheme a re discussed. This scheme was

  3. A security evaluation of a novel resilient web serving architecture: Lessons learned through industry\\/academia collaboration

    Microsoft Academic Search

    Yih Huang; Anup K. Ghosh; Tom Bracewell; Brian Mastropietro

    2010-01-01

    We have previously developed a virtualization-based web serving architecture and a prototype to enhance web service resilience under cyber attack. The proposed system utilizes replicated virtual servers managed by a closed-loop feedback controller without humans in the loop. We have replicated the prototype at the Raytheon Company, which conducted a thorough penetration test and security examination. In this paper, we

  4. Integrated of Learning Management Systems and Web Applications using Web Services

    Microsoft Academic Search

    K. Friesen; N. Mazloumi

    2004-01-01

    Modern o-the-shelf learning management systems are mostly based on the Web paradigm. If external learning resources have to be integrated into a course, it stands to reason that Web protocols can be applied as well. But collaboration can be di cult when courses need to access a complex legacy application. This article suggests a exible and easy-to-use approach for a

  5. A web-based wireless mobile system design of security and privacy framework for u-Healthcare

    Microsoft Academic Search

    Weider D. Yu; Roopa Gummadikayala; Sriram Mudumbi

    2008-01-01

    The research project aims at designing and implementing a Web based wireless mobile system security and privacy framework that is centered on the concepts of ubiquitous healthcare services provided to the patients in rural or remote areas from distant hospitals. With this system framework, a physician can securely access and carry the patient information from a mobile device, update the

  6. Radiation Detection for Homeland Security Applications

    NASA Astrophysics Data System (ADS)

    Ely, James

    2008-05-01

    In the past twenty years or so, there have been significant changes in the strategy and applications for homeland security. Recently there have been significant at deterring and interdicting terrorists and associated organizations. This is a shift in the normal paradigm of deterrence and surveillance of a nation and the `conventional' methods of warfare to the `unconventional' means that terrorist organizations resort to. With that shift comes the responsibility to monitor international borders for weapons of mass destruction, including radiological weapons. As a result, countries around the world are deploying radiation detection instrumentation to interdict the illegal shipment of radioactive material crossing international borders. These efforts include deployments at land, rail, air, and sea ports of entry in the US and in European and Asian countries. Radioactive signatures of concern include radiation dispersal devices (RDD), nuclear warheads, and special nuclear material (SNM). Radiation portal monitors (RPMs) are used as the main screening tool for vehicles and cargo at borders, supplemented by handheld detectors, personal radiation detectors, and x-ray imaging systems. This talk will present an overview of radiation detection equipment with emphasis on radiation portal monitors. In the US, the deployment of radiation detection equipment is being coordinated by the Domestic Nuclear Detection Office within the Department of Homeland Security, and a brief summary of the program will be covered. Challenges with current generation systems will be discussed as well as areas of investigation and opportunities for improvements. The next generation of radiation portal monitors is being produced under the Advanced Spectroscopic Portal program and will be available for deployment in the near future. Additional technologies, from commercially available to experimental, that provide additional information for radiation screening, such as density imaging equipment, will be reviewed. Opportunities for further research and development to improve the current equipment and methodologies for radiation detection for the important task of homeland security will be the final topic to be discussed.

  7. Design of Secure Mobile Application on Cellular Phones

    Microsoft Academic Search

    Masahiro Kuroda; Mariko Yoshida; Shoji Sakurai; Tatsuji Munaka

    2002-01-01

    Cellular data services have become popular in Japan. These services are based on the first generation security model for cellular\\u000a phones. The model has server authentication, data encryption, application integrity check and user authentication. This paper\\u000a discusses the security functions and evaluates the security features of an application on cellular phones. The evaluation\\u000a shows that real usage is important to

  8. MedIT Solutions Web application development

    E-print Network

    MacMillan, Andrew

    to manage merit increments and ap- pointments. SharePoint collaborations Looking for a way to share-based, collaboration and con- tent-management system called SharePoint. Cloud computing MedIT has developed a secure

  9. 77 FR 4841 - BOX Options Exchange LLC; Notice of Filing of Application, as Amended, for Registration as a...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-01-31

    ...a Form 1 application under the Securities Exchange Act...its Form 1 application. See Securities Exchange Act...Secretary, Securities and Exchange...Commission's Internet Web site (http...Applicant's Form 1 applications filed...

  10. Scheduling Security-Critical Real-Time Applications on Clusters

    E-print Network

    Xie, Tao

    Scheduling Security-Critical Real-Time Applications on Clusters Tao Xie, Member, IEEE, and Xiao Qin performance. In recognition that many applications running on clusters demand both real-time performance strategy for clusters (SAREC), which integrates security requirements into the scheduling for real- time

  11. : A Vehicular Surveillance and Sensing System for Security Applications

    E-print Network

    Tseng, Yu-Chee

    VS3 : A Vehicular Surveillance and Sensing System for Security Applications Lien-Wu Chen, Kun-based mobile device for car security applications. On the car side, it consists of a CO2 sensor, a camera to transmit SMS, MMS, or interactive video call to the vehicle owner, who can then monitor the car situation

  12. SmartNotes: Application of Crowdsourcing to the Detection of Web Threats

    E-print Network

    Fink, Eugene

    --Crowdsourcing, Machine Learning, Web Security. I. INTRODUCTION Cybersecurity threats can be broadly divided to two high such security threats is still an ongoing battle, but there is another critical type of cybersecurity threats, the statistics available from alexa.com and similar web metrics companies can help spotting websites with high

  13. Towards Client-side HTML Security Policies Joel Weinberger

    E-print Network

    Song, Dawn

    that HTML security poli- cies should be at the core of web application security, but much research stillTowards Client-side HTML Security Policies Joel Weinberger University of California, Berkeley Adam rich web applications, content injection has become an increasing problem. Cross site scripting

  14. Security Applications Of Computer Motion Detection

    NASA Astrophysics Data System (ADS)

    Bernat, Andrew P.; Nelan, Joseph; Riter, Stephen; Frankel, Harry

    1987-05-01

    An important area of application of computer vision is the detection of human motion in security systems. This paper describes the development of a computer vision system which can detect and track human movement across the international border between the United States and Mexico. Because of the wide range of environmental conditions, this application represents a stringent test of computer vision algorithms for motion detection and object identification. The desired output of this vision system is accurate, real-time locations for individual aliens and accurate statistical data as to the frequency of illegal border crossings. Because most detection and tracking routines assume rigid body motion, which is not characteristic of humans, new algorithms capable of reliable operation in our application are required. Furthermore, most current detection and tracking algorithms assume a uniform background against which motion is viewed - the urban environment along the US-Mexican border is anything but uniform. The system works in three stages: motion detection, object tracking and object identi-fication. We have implemented motion detection using simple frame differencing, maximum likelihood estimation, mean and median tests and are evaluating them for accuracy and computational efficiency. Due to the complex nature of the urban environment (background and foreground objects consisting of buildings, vegetation, vehicles, wind-blown debris, animals, etc.), motion detection alone is not sufficiently accurate. Object tracking and identification are handled by an expert system which takes shape, location and trajectory information as input and determines if the moving object is indeed representative of an illegal border crossing.

  15. The essence of command injection attacks in web applications

    Microsoft Academic Search

    Zhendong Su; Gary Wassermann

    2006-01-01

    Web applications typically interact with a back-end database to re- trieve persistent data and then present the data to the user as dy- namically generated output, such as HTML web pages. However, this interaction is commonly done through a low-level API by dy- namically constructing query strings within a general-purpose pro- gramming language, such as Java. This low-level interaction is

  16. The essence of command injection attacks in web applications

    Microsoft Academic Search

    Zhendong Su; Gary Wassermann

    2006-01-01

    Web applications typically interact with a back-end database to retrieve persistent data and then present the data to the user as dynamically generated output, such as HTML web pages. However, this interaction is commonly done through a low-level API by dynamically constructing query strings within a general-purpose programming language, such as Java. This low-level interaction is ad hoc because it

  17. A widget library for creating policy-aware semantic Web applications

    E-print Network

    Hollenbach, James Dylan

    2010-01-01

    In order to truly reap the benefits of the Semantic Web, there must be adequate tools for writing Web applications that aggregate, view, and edit the widely varying data the Semantic Web makes available. As a step toward ...

  18. Understanding transportation modes based on GPS data for web applications

    Microsoft Academic Search

    Yu Zheng; Yukun Chen; Quannan Li; Xing Xie; Wei-Ying Ma

    2010-01-01

    User mobility has given rise to a variety of Web applications, in which the global positioning system (GPS) plays many important roles in bridging between these applications and end users. As a kind of human behavior, transportation modes, such as walking and driving, can provide pervasive computing systems with more contextual information and enrich a user's mobility with informative knowledge.

  19. Opal: Simple Web Services Wrappers for Scientific Applications

    E-print Network

    Krishnan, Sriram

    management in an easy-to-use and configurable manner. We will present some of the scientific applicationsFlops, and over 1 PetaByte of online disk storage. Modern scientific methods require access to resourcesOpal: Simple Web Services Wrappers for Scientific Applications Sriram Krishnan, Brent Stearn, Karan

  20. Aspect-Oriented Development of PHP-Based Web Applications

    Microsoft Academic Search

    Shin NAKAJIMA; Keiji HOKAMURA; Naoyasu UBAYASHI

    2010-01-01

    Web applications, which are sometimes developed incrementally and iteratively, may result in program codes that are poorly organized. The notion of aspect can theoretically be introduced for better modularization, but trials occasionally fail because homogeneous aspects alone are not adequate. The approach taken here is to introduce feature analysis and to radically use heterogeneous aspects to implement identified application features.

  1. Protocols with Security Proofs for Mobile Applications

    Microsoft Academic Search

    Yiu Shing Terry Tin; Harikrishna Vasanta; Colin Boyd; Juan Manuel González Nieto

    2004-01-01

    The Canetti-Krawczyk (CK) model is useful for building reusable components that lead to rapid development of secure proto- cols, especially for engineers working outside of the security community. We work in the CK model and obtain a new secure authenticated key transport protocol with three parties. This protocol is constructed with two newly developed components in the CK model, thus

  2. A Secure Web-Based File Exchange Server: Software Requirements Specification Document

    E-print Network

    Mokhov, Serguei A; Benssam, Ali; Benredjem, Djamel

    2011-01-01

    This document presents brief software specification of a secure file exchange system prototype involving mutual authentication of the users via their browser and the application server with PKI-based certificates as credentials, the use of LDAP for credential management, and authentication between the application and database servers to maintain a high level of trust between all parties.

  3. EMBEDDEDSYSTEMS Medinet is a Web-based

    E-print Network

    Abrardo, Andrea

    of the necessary requirements for telemedicine appli- cations. More security is required for patient data than ON THE WORLD WIDE WEB The first Web-based telemedicine applications have demonstrated that the Web offers- works. Today's telemedicine applications have two main network requirements: they must enable

  4. Scoring recognizability of faces for security applications

    NASA Astrophysics Data System (ADS)

    Bianco, Simone; Ciocca, Gianluigi; Guarnera, Giuseppe Claudio; Scaggiante, Andrea; Schettini, Raimondo

    2014-03-01

    In security applications the human face plays a fundamental role, however we have to assume non-collaborative subjects. A face can be partially visible or occluded due to common-use accessories such as sunglasses, hats, scarves and so on. Also the posture of the head influence the face recognizability. Given a video sequence in input, the proposed system is able to establish if a face is depicted in a frame, and to determine its degree of recognizability in terms of clearly visible facial features. The system implements features filtering scheme combined with a skin-based face detection to improve its the robustness to false positives and cartoon-like faces. Moreover the system takes into account the recognizability trend over a customizable sliding time window to allow a high level analysis of the subject behaviour. The recognizability criteria can be tuned for each specific application. We evaluate our system both in qualitative and quantitative terms, using a data set of manually annotated videos. Experimental results confirm the effectiveness of the proposed system.

  5. From Trusted to Secure: Building and Executing Applications That Enforce System Security

    Microsoft Academic Search

    Boniface Hicks; Sandra Rueda; Trent Jaeger; Patrick Drew Mcdaniel

    2007-01-01

    Commercial operating systems have recently introduced mandatory access controls (MAC) that can be used to ensure system-wide data confidentiality and integrity. These protections rely on restricting the flow of infor- mation between processes based on security levels. The problem is, there are many applications that defy simple classification by security level, some of them essential for system operation. Surprisingly, the

  6. Web application for detailed real-time database transaction monitoring for CMS condition data

    NASA Astrophysics Data System (ADS)

    de Gruttola, Michele; Di Guida, Salvatore; Innocente, Vincenzo; Pierro, Antonio

    2012-12-01

    In the upcoming LHC era, database have become an essential part for the experiments collecting data from LHC, in order to safely store, and consistently retrieve, a wide amount of data, which are produced by different sources. In the CMS experiment at CERN, all this information is stored in ORACLE databases, allocated in several servers, both inside and outside the CERN network. In this scenario, the task of monitoring different databases is a crucial database administration issue, since different information may be required depending on different users' tasks such as data transfer, inspection, planning and security issues. We present here a web application based on Python web framework and Python modules for data mining purposes. To customize the GUI we record traces of user interactions that are used to build use case models. In addition the application detects errors in database transactions (for example identify any mistake made by user, application failure, unexpected network shutdown or Structured Query Language (SQL) statement error) and provides warning messages from the different users' perspectives. Finally, in order to fullfill the requirements of the CMS experiment community, and to meet the new development in many Web client tools, our application was further developed, and new features were deployed.

  7. Recent applications of thermal imagers for security assessment

    SciTech Connect

    Bisbee, T.L.

    1997-06-01

    This paper discusses recent applications by Sandia National Laboratories of cooled and uncooled thermal infrared imagers to wide-area security assessment systems. Thermal imagers can solve many security assessment problems associated with the protection of high-value assets at military bases, secure installations, and commercial facilities. Thermal imagers can provide surveillance video from security areas or perimeters both day and night without expensive security lighting. Until fairly recently, thermal imagers required open-loop cryogenic cooling to operate. The high cost of these systems and associated maintenance requirements restricted their widespread use. However, recent developments in reliable, closed-loop, linear drive cryogenic coolers and uncooled infrared imagers have dramatically reduced maintenance requirements, extended MTBF, and are leading to reduced system cost. These technology developments are resulting in greater availability and practicality for military as well as civilian security applications.

  8. 33 CFR 106.262 - Security measures for newly-hired employees.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ...OCS) Facility Security Requirements § 106.262 Security measures for newly-hired...not act upon a TWIC application within 30 days...operator or Facility Security Officer (FSO...Guard's Homeport Web site...

  9. Code Splitting for Network Bound Web 2.0 Applications

    Microsoft Academic Search

    Benjamin Livshits; Chen Ding

    2007-01-01

    ModernWeb 2.0 applications such as Gmail, Live Maps, MySpace, Flickr and many others have become a common part of everyday life. These applications are network bound, meaning that their performance can and does vary a great deal based on network conditions. However, there has not been much systematic research on trying to optimize network usage of these applications to make

  10. Optical Imaging Sensors and Systems for Homeland Security Applications

    NASA Astrophysics Data System (ADS)

    Javidi, Bahram

    Optical and photonic systems and devices have significant potential for homeland security. "Optical Imaging Sensors and Systems for Homeland Security Applications" presents original and significant technical contributions from leaders of industry, government, and academia in the field of optical and photonic sensors, systems and devices for detection, identification, prevention, sensing, security, verification and anti-counterfeiting. The chapters have recent and technically significant results, ample illustrations, figures, and key references.

  11. A Web-based Animation Authoring Application for Quadrupedal Characters

    E-print Network

    Murphy, Krista Lea

    2014-12-03

    database so that it is available to the application at any time. Web scripts are also stored online for the purpose of transporting data back and forth between the application and the database. 20 3.4.2 Benefits of Being Web-Based 3.4.2.1 Lightweight Tool... are also made possible with this piece of data. 4.1.2 Motion Data Conditioning The process of conditioning the motion data, whether it is rotational or trans- lational, is the same. A Python script is executed inside Maya’s Script Editor that extracts...

  12. 2014 Twelfth Annual Conference on Privacy, Security and Trust (PST) ZARATHUSTRA: Extracting WebInject Signatures

    E-print Network

    Cortes, Corinna

    applications (e.g., online banking) have no tools that they can possibly use to even mitigate the effect of Web (e.g., online banking website, search engine) are rendered on the browser. This additional code used to steal banking credentials when the victim is using an online banking service. However

  13. A Passive Testing Approach for Security Checking and its Practical Usage for Web Services Monitoring

    Microsoft Academic Search

    Ana Rosa Cavalli; Azzedine Benameur; Wissam Mallouli; Keqin Li

    2009-01-01

    To achieve a meaningful business goal, Web services are combined and connected together based on a predefined workflow. In this dis- tributed configuration, tasks are executed by different entities usu- ally managed by different business partners which makes the secu- rity monitoring of the whole business process complex. Indeed, the application of classical monitoring methods is not suitable in this

  14. Application-level simulation for network security

    Microsoft Academic Search

    Rainer Bye; Stephan Schmidt; Katja Luther; Sahin Albayrak

    2008-01-01

    We introduce and describe a novel network simulation tool called NeSSi (Network Security Simulator). NeSSi incorporates a vari- ety of features relevant to network security distinguishing it from general-purpose network simulators. Its capabilities such as profile- based automated attack generation, traffic analysis and interface support for the plug-in of detection algorithms allow it to be used for security research and

  15. A Measurement Ontology Generalizable for Emerging Domain Applications on the Semantic Web

    E-print Network

    Dalkilic, Mehmet

    1 A Measurement Ontology Generalizable for Emerging Domain Applications on the Semantic Web Henry M;2 A Measurement Ontology Generalizable for Emerging Domain Applications on the Semantic Web Abstract This paper introduces a measurement ontology for applications to semantic Web applications, specifically for emerging

  16. Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

    SciTech Connect

    Hadley, Mark D.; Clements, Samuel L.

    2009-01-01

    Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

  17. The Data and Application Security and Privacy (DASPY) Challenge

    E-print Network

    Sandhu, Ravi

    taught cyber security not studied as a success story missing technologies highly regarded by academia Computer security Information security = Computer security + Communications security Information Computer security Information security = Computer security + Communications security Information

  18. Application of evolutionary programming to security constrained economic dispatch

    Microsoft Academic Search

    P. Somasundaram; K. Kuppusamy

    2005-01-01

    This paper presents an algorithm, for solving security constrained economic dispatch (SCED) problem, through the application of evolutionary programming (EP). The controllable system quantities in the base case state are optimized, to minimize some defined objective function, subject to the base case operating constraints as well as the contingency case security constraints. Two representative systems: 10-bus [10] and adapted IEEE

  19. SIGMA WEB INTERFACE FOR REACTOR DATA APPLICATIONS

    SciTech Connect

    Pritychenko,B.; Sonzogni, A.A.

    2010-05-09

    We present Sigma Web interface which provides user-friendly access for online analysis and plotting of the evaluated and experimental nuclear reaction data stored in the ENDF-6 and EXFOR formats. The interface includes advanced browsing and search capabilities, interactive plots of cross sections, angular distributions and spectra, nubars, comparisons between evaluated and experimental data, computations for cross section data sets, pre-calculated integral quantities, neutron cross section uncertainties plots and visualization of covariance matrices. Sigma is publicly available at the National Nuclear Data Center website at http://www.nndc.bnl.gov/sigma.

  20. Framework for Supporting Web-Based Collaborative Applications

    NASA Astrophysics Data System (ADS)

    Dai, Wei

    The article proposes an intelligent framework for supporting Web-based applications. The framework focuses on innovative use of existing resources and technologies in the form of services and takes the leverage of theoretical foundation of services science and the research from services computing. The main focus of the framework is to deliver benefits to users with various roles such as service requesters, service providers, and business owners to maximize their productivity when engaging with each other via the Web. The article opens up with research motivations and questions, analyses the existing state of research in the field, and describes the approach in implementing the proposed framework. Finally, an e-health application is discussed to evaluate the effectiveness of the framework where participants such as general practitioners (GPs), patients, and health-care workers collaborate via the Web.

  1. 17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... false Registration of securities information processors: form of application...609 Registration of securities information processors: form of application...for the registration of a securities information processor shall be...

  2. 17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... false Registration of securities information processors: form of application...609 Registration of securities information processors: form of application...for the registration of a securities information processor shall be...

  3. 17 CFR 242.609 - Registration of securities information processors: form of application and amendments.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... false Registration of securities information processors: form of application...609 Registration of securities information processors: form of application...for the registration of a securities information processor shall be...

  4. Secure Bike Storage Rental Application Rental Periods

    E-print Network

    Thompson, Michael

    is rentable based on the academic term schedule. All rental periods expire on the last day of the arranged be purchased at the cost of $5.00. Any cards reported lost or stolen will be deactivated. Should you notice any suspicious activity around the Secure Bike Storage facility, you can reach Security Services 24/7 by calling

  5. Distributed workload and response time management for web applications

    Microsoft Academic Search

    Shengzhi Zhang; Haishan Wu; Wenjie Wang; Bo Yang; Peng Liu; Athanasios V. Vasilakos

    2011-01-01

    Managing workload for large scale web applications is a fundamental task for satisfactory quality of service, low management and operation cost. In this paper, we present SCOPS, a system of distributed workload management to achieve service differentiation and overload protection in such large scale deployment. Our system splits the workload management logic into distributed components on each back-end server and

  6. The Adversarial Route Analysis Tool: A Web Application

    SciTech Connect

    Casson, William H. Jr. [Los Alamos National Laboratory

    2012-08-02

    The Adversarial Route Analysis Tool is a type of Google maps for adversaries. It's a web-based Geospatial application similar to Google Maps. It helps the U.S. government plan operations that predict where an adversary might be. It's easily accessible and maintainble and it's simple to use without much training.

  7. Twitter Web Application How to Discover Twitter Friendship through

    E-print Network

    Zhang, Junshan

    Twitter Web Application How to Discover Twitter Friendship through REST API David Prejban (dprejba1 online social network dataset and implement a tool to utilize Twitter's REST API to collect user's friendship information ·To provide a visual representation of the Twitter friendship Conclusion ·Twitter

  8. A Web Application to Support Consumer Health Vocabulary Development

    PubMed Central

    Crowell, Jon; Zeng, Qing; Tse, Tony

    2005-01-01

    We describe a Web application that supports collaborative development of a consumer health vocabulary. It performs text analyses and enables distributed human review. It also provides on-the-fly summary reports and facilitates the generation of a final vocabulary based on the results of the review. PMID:16779219

  9. Student project Web resource/application for biological data

    E-print Network

    Wolkenhauer, Olaf

    Student project Web resource/application for biological data The amount of biological data on the Python script language, that can be used to access and mine a specific type of biological data. This project involves the implementation of existing tools/resources, the organization of data in a database

  10. Concept Maps for Web-Based Applications. ERIC Technical Report.

    ERIC Educational Resources Information Center

    Milam, John H., Jr.; Santo, Susan A.; Heaton, Lisa A.

    This study examined the use of concept maps for Web-based applications in higher education. The purpose of the project was to design concept maps that could serve as prototypes for navigating and searching Internet resources. It also explored the value of concept mapping as a method of bibliographic retrieval for the ERIC database. Following an…

  11. An Application-Driven Perspective on Wireless Sensor Network Security

    E-print Network

    Kang, Kyoung-Don

    (WSNs) have recently attracted a lot of interest due to the range of applications they en- able. Unfortunately, WSNs are exposed to numerous secu- rity threats that can adversely affect the success of impor- tant applications. Securing WSNs is challenging due to their unique nature as an application

  12. Advanced Web Programming for Scientific and Educational Applications

    NASA Astrophysics Data System (ADS)

    Petrusek, Brett; Budiardja, Reuben; Guidry, Mike

    2004-11-01

    The Center for Advanced Educational Technology at the University of Tennessee is involved extensively in the development of state-of-the-art technology for scientific web sites, accessible and portable scientific visualization, and networked databases for scientific educational applications. These are being developed using primarily Flash Actionscript, Java, and cascading style sheets on the client side, PHP and Java middleware, and SQL databases. We shall present a variety of application examples in astronomy, astrophysics, and physics.

  13. Web-Based Application for Electric Circuit Analysis

    Microsoft Academic Search

    J. Bicak

    2009-01-01

    This paper presents web-based application for analysis of electric and electronic circuit. The application is based on PHP scripts and use Spice and Maple with PraCAn package as a computation engine. Continuous-time linear and nonlinear circuits as well as periodically switched linear (PSL) circuits can be analyzed. Results can be obtained in symbolic form for case of linear circuits. Description

  14. Design and Implementation of a PHP-based Web Server for the Tele-Lab IT Security

    Microsoft Academic Search

    Michael Schmitt II; Christoph Meinel

    2003-01-01

    The Tele-Lab IT Security project aims at specifying and implementing a web-based, intelligent tutoring system that allows computer science students, sys- tem administrators, and end users to get familiar with the basics of IT security. It provides a powerful, real-life working environment in which users can develop and practice solutions for problems of their every-day work with only little support

  15. Creating HTML5 Offline Web Applications

    Microsoft Academic Search

    Peter Lubbers; Brian Albers; Frank Salim

    \\u000a In this chapter, we will explore what you can do with offline HTML5 applications. HTML5 applications do not necessarily require\\u000a constant access to the network, and loading cached resources can now be more flexibly controlled by developers.

  16. Rigorous and Automatic Testing of Web Applications Xiaoping Jia and Hongming Liu

    E-print Network

    Jia, Xiaoping

    Rigorous and Automatic Testing of Web Applications Xiaoping Jia and Hongming Liu School of Computer, jordan}@cs.depaul.edu ABSTRACT As web applications become more and more prevalent, the quality assurance of web applications has become more and more important. Due to the complexity of the underlying

  17. A microwave imaging spectrometer for security applications

    NASA Astrophysics Data System (ADS)

    Jirousek, Matthias; Peichl, Markus; Suess, Helmut

    2010-04-01

    In recent years the security of people and critical infrastructures is of increasing interest. Passive microwave sensors in the range of 1 - 100 GHz are suitable for the detection of concealed objects and wide-area surveillance through poor weather and at day and night time. The enhanced extraction of significant information about an observed object is enabled by the use of a spectral sensitive system. For such a spectral radiometer in the microwave range also some depth information can be extracted. The usable frequency range is thereby dependent on the application. For through-wall imaging or detection of covert objects such as for example landmines, the lower microwave range is best suited. On the other hand a high spatial resolution requires higher frequencies or instruments with larger physical dimensions. The drawback of a large system is the required movement of a mirror or a deflecting plate in the case of a mechanical scanner system, or a huge amount of receivers in a fully-electronic instrument like a focal plane array. An innovative technique to overcome these problems is the application of aperture synthesis using a highly thinned array. The combination of spectral radiometric measurements within a wide frequency band, at a high resolution, and requiring a minimum of receivers and only minor moving parts led to the development of the ANSAS instrument (Abbildendes Niederfrequenz-Spektrometer mit Apertursynthese). ANSAS is a very flexible aperture synthesis technology demonstrator for the analysis of main features and interactions concerning high spatial resolution and spectral sensing within a wide frequency range. It consists of a rotated linear thinned array and thus the spatial frequency spectrum is measured on concentric circles. Hence the number of receivers and correlators is reduced considerably compared to a fully two-dimensional array, and measurements still can be done in a reasonable time. In this paper the basic idea of ANSAS and its setup are briefly introduced. Some first imaging results showing the basic capabilities are illustrated. Possible error sources and their impacts are discussed by simulation and compared to the measured data.

  18. Application of models in information security management

    Microsoft Academic Search

    Danijel Milicevic; Matthias Goeken

    2011-01-01

    The impact of information technology on business operations is widely recognized and its role in the emergence of new business models is well-known. In order to leverage the benefits of IT-supported business processes the security of the underlying information systems must be managed. Various so- called best-practice models and information security standards have positioned themselves as generic solutions for a

  19. Security Aspects of FPGAs in Cryptographic Applications

    Microsoft Academic Search

    Thomas Wollinger; Christof Paar

    This contribution provides a state-of-the-art description of security issues on FPGAs from a system perspective.We consider the potential security problems of FPGAs and propose some countermeasure for the existing drawbacks of FPGAs. Even though there have been many contributions dealing with the algorithmic aspects of cryptographic schemes implemented on FPGAs, this contribution is one of the few investigations of system

  20. Edge Caching for Directory Based Web Applications

    Microsoft Academic Search

    Apurva Kumar; Rajeev Gupta

    In this paper, a dynamic content caching framework is proposed for deploying directory based applications at the edge of the\\u000a network, closer to the client. The framework consists of a Lightweight Directory Access Protocol (LDAP) directory cache and\\u000a the offloaded application running at a proxy. The LDAP directory cache is an enhanced LDAP proxy server which stores results\\u000a and semantic

  1. LAVA: Secure Delegation of Mobile Applets: Design, Implementation, and Applications

    Microsoft Academic Search

    Jatin N. Hansoty; Mladen A. Vouk; Shyhtsun Felix Wu

    1997-01-01

    Mobile agents are tasks or processes which can be autonomously delegated or transferred from one network node to another. This distributed computing paradigm is modern and powerful. Many network-based applications have been developed or designed under this model. The application areas include, for example, intelligent agent, network and system management, web-based mobile applets, electronic commerce and more recently, active networking.

  2. Analyzing Clusters of Web Application User Sessions

    E-print Network

    Pollock, Lori L.

    , Lori Pollock University of Delaware Amie Souter Drexel University WODA 05 Sara Sprenkle · University applications · Beta/maintenance testing phases WODA 05 Sara Sprenkle · University of Delaware 3 home covered by executing user session · faults detected when user session executed relate WODA 05 Sara

  3. Information Security Plan for Flight Simulator Applications

    Microsoft Academic Search

    Jason Slaughter; Syed Shawon M. Rahman

    2011-01-01

    The Department of Defense has a need for an identity management system that uses two factor authentications to ensure that only the correct individuals get access to their top secret flight simulator program. Currently the Department of Defense does not have a web interface sign in system. We will be creating a system that will allow them to access their

  4. A Construction Kit for Modeling the Security of M-Commerce Applications

    E-print Network

    Reif, Wolfgang

    features of the mobile devices result in securing an m-commerce application being a challenging task. #12A Construction Kit for Modeling the Security of M-Commerce Applications Dominik Haneberg, Wolfgang-commerce applications. The security problems that we are addressing are breaches of security due to erroneous

  5. For Fast, Secure, Anytime-Anywhere Proof of Employment or Income via the Web or phone we bring you ... The Work Number

    E-print Network

    Subramanian, Venkat

    For Fast, Secure, Anytime-Anywhere Proof of Employment or Income via the Web or phone we bring you proof of employment. 2) Write down your Social Security Number in the boxes below. 3) Give: · Washington University's Employer Code: 11570 · The employee's Social Security Number: - - Client Service

  6. 17 CFR 275.0-4 - General requirements of papers and applications.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ...Securities Exchanges SECURITIES AND EXCHANGE COMMISSION...requirements of papers and applications. (a) Filings...or otherwise to the Securities and Exchange Commission...the Commission's Web site at http...specifications respecting applications. Every...

  7. MT-WAVE: profiling multi-tier web applications (abstracts only)

    Microsoft Academic Search

    Anthony Arkles; Dwight Makaroff

    2011-01-01

    Modern web applications consist of many distinct services that collaborate to provide the full application functionality. To improve application performance, developers need to be able to identify the root cause of performance problems; identifying and fixing performance problems in these distributed, heterogeneous applications can be very difficult. As web applications become more complicated, the number of systems involved will continue

  8. DOHA: scalable real-time web applications through adaptive concurrent execution

    Microsoft Academic Search

    Aiman Erbad; Norman C. Hutchinson; Charles Krasic

    2012-01-01

    Browsers have become mature execution platforms enabling web applications to rival their desktop counterparts. An important class of such applications is interactive multimedia: games, animations, and interactive visualizations. Unlike many early web applications, these applications are latency sensitive and processing (CPU and graphics) intensive. When demands exceed available resources, application quality (e.g., frame rate) diminishes because it is hard to

  9. Securing context-aware applications using environment roles

    Microsoft Academic Search

    Michael J. Covington; Wende Long; Srividhya Srinivasan; Anind K. Dev; Mustaque Ahamad

    2001-01-01

    In the future, a largely invisible and ubiquitous computing infrastructure will assist people with a variety of activities in the home and at work. The applications that will be deployed in such systems will create and manipulate private information and will provide access to a variety of other resources. Securing such applications is challenging for a number of reasons. Unlike

  10. Dynamic Analysis and Debugging of Binary Code for Security Applications

    E-print Network

    Wang, Chao

    practice. One example is white-box fuzzing [1], where the goal is to systematically generate test inputs] in a honey-pot. Despite the aforementioned progress, however, there are major limitations in exist- ing is undoubtedly important for applications such as software testing. However, security applications

  11. Big Ideas Paper: Enforcing End-to-end Application Security

    E-print Network

    Pietzuch, Peter

    Big Ideas Paper: Enforcing End-to-end Application Security in the Cloud Jean Bacon1 , David Evans1 techniques that can help form the afore- mentioned trusted code base. Our big idea--cloud-hosted services retarding the evolution of large-scale cloud computing. Keywords: application-level virtualisation

  12. Application of Internet of Things in the Community Security Management

    Microsoft Academic Search

    Jihong Liu; Li Yang

    2011-01-01

    My paper mainly introduces some applications of the technologies of the Internet of Things (IoT) which offer capabilities to identify and connect worldwide physical objects into a unified system. With the rapid development of the construction industries, people are eager to get more intelligent living conditions. The Intelligent Community Security System (ICSS) is becoming one of the biggest applications of

  13. Duke University Graduate School Application Data Security Policy

    E-print Network

    Zhou, Pei

    , including but not limited to transportation, administration, and review, must have on file a signed copyDuke University Graduate School Application Data Security Policy Revision Date: September 2, 2014 information about student applicants and distributes and transmits that information to many administrative

  14. A Mashup Tool for Cross-Domain Web Applications Using HTML5 Technologies

    Microsoft Academic Search

    Akiyoshi Matono; Akihito Nakamura; Isao Kojima

    2011-01-01

    \\u000a Many web applications that do not take reusability and interoperability into account are being published today. However, there\\u000a are demands that developers provide the ability to collaborate among different web applications. In e-Science, an application\\u000a uses the results of other application as input data. In this paper, we introduce a mashup tool which can easily create a mashup\\u000a web application

  15. 20 CFR 404.611 - How do I file an application for Social Security benefits?

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ...Section 404.611 Employees' Benefits SOCIAL SECURITY ADMINISTRATION...INSURANCE (1950- ) Filing of Applications and Other Forms Applications § 404.611 How do I...application for Social Security benefits? (a) General...

  16. A novel web application frame developed by MVC

    Microsoft Academic Search

    Luo GuangChun; WangYanhua Lu; Xianliang Hanhong

    2003-01-01

    The MVC (Model\\/View\\/Controller) design pattern was developed in Smalltalk-80 and widely used in software design. This paper introduces a novel Web application frame based on MVC. This frame separates the transaction logic from the presentation format. It also improves the system maintain-ability, scalability and performance by using the module data-base, template database, messaging object and buffer queue.

  17. An Architecture of Dynamically Adaptive PHP-based Web Applications

    Microsoft Academic Search

    Shin Nakajima

    2011-01-01

    Self-adaptive systems, changing their functional behavior at runtime, provide desired a level of flexibility. Although various runtime frameworks have been studied, they tend to rely on a particular architecture. It is inadequate to study the characteristics of self-adaptive systems. This paper presents an abstract, declarative framework for them and relates it to an adaptive PHP-based Web application architecture, which takes

  18. Extracting RESTful Services from Web Applications Bipin Upadhyaya, Foutse Khomh, Ying Zou

    E-print Network

    Zou, Ying

    Extracting RESTful Services from Web Applications Bipin Upadhyaya, Foutse Khomh, Ying Zou.upadhyaya, foutse.khomh, ying.zou}@queensu.ca Abstract-- The Web contains large amount of information and services primarily intended for human users. A Web application offers high user experience and responsiveness. A user

  19. A Visual Architectural Approach to Maintaining Web Applications Ahmed E. Hassan and Richard C. Holt

    E-print Network

    Holt, Richard C.

    A Visual Architectural Approach to Maintaining Web Applications Ahmed E. Hassan and Richard C. Holt aeehassa@plg.uwaterloo.ca September 4, 2002 #12;Abstract Web applications are complex software systems which contain a rich structure with many relations between their components. Web developers are faced

  20. DEVELOPMENT, EVALUATION, AND APPLICATION OF A FOOD WEB BIOACCUMULATION MODEL FOR PCBS

    E-print Network

    DEVELOPMENT, EVALUATION, AND APPLICATION OF A FOOD WEB BIOACCUMULATION MODEL FOR PCBS IN THE STRAIT Management Title of Research Project: Development, Evaluation, and Application of a Food Web Bioaccumulation of Georgia; food web; sediment quality guidelines iii #12;ACKNOWLEDGEMENTS I sincerely thank Frank Gobas, my

  1. Empirical Examination of A Collaborative Web Application Christopher Stewart Matthew Leventi Kai Shen

    E-print Network

    Shen, Kai

    used in the evaluation of online systems. This paper argues that collabora­ tive web applications compared to traditional online benchmarks. Our arguments stem from an empirical examination of WeB­ WorEmpirical Examination of A Collaborative Web Application Christopher Stewart Matthew Leventi Kai

  2. Empirical Examination of A Collaborative Web Application Christopher Stewart Matthew Leventi Kai Shen

    E-print Network

    Shen, Kai

    used in the evaluation of online systems. This paper argues that collabora- tive web applications compared to traditional online benchmarks. Our arguments stem from an empirical examination of WeB- WorEmpirical Examination of A Collaborative Web Application Christopher Stewart Matthew Leventi Kai

  3. Imagen: Runtime Migration of Browser Sessions for JavaScript Web Applications

    E-print Network

    Mesbah, Ali

    @ece.ubc.ca ABSTRACT Due to the increasing complexity of web applications and emerging HTML5 standards, a large amountScript, session migration, HTML5, JSON, DOM 1. INTRODUCTION The World Wide Web was originally designed around. With the evolution of web technologies, browsers, and HTML5 [5] a great deal of application state is being offloaded

  4. Reactive Web Applications with Dynamic Dataflow in F# Anton Tayanovskyy Simon Fowler Loc Denuzire Adam Granicz

    E-print Network

    Tobin-Hochstadt, Sam

    of declarative animations, and show how the framework can ease the implementation of existing functional webReactive Web Applications with Dynamic Dataflow in F# Anton Tayanovskyy Simon Fowler Loïc Denuzière.denuziere, granicz.adam}@intellifactory.com Abstract Modern web applications depend heavily on data which may change

  5. Web-Based IDE to Create Model and Controller Components for MVC-based Web Applications on CakePHP

    Microsoft Academic Search

    Sugiharto Widjaja

    2010-01-01

    A Web-based IDE that allows users to easily manage Model and Controller components of a CakePHP web application was developed. With this IDE, users are able to manage the model and controller components without having to write very much PHP code. They are able to create new model components without having to worry about creating the database tables for the

  6. WEBnm@: a web application for normal mode analyses of proteins

    PubMed Central

    Hollup, Siv Midtun; Salensminde, Gisle; Reuter, Nathalie

    2005-01-01

    Background Normal mode analysis (NMA) has become the method of choice to investigate the slowest motions in macromolecular systems. NMA is especially useful for large biomolecular assemblies, such as transmembrane channels or virus capsids. NMA relies on the hypothesis that the vibrational normal modes having the lowest frequencies (also named soft modes) describe the largest movements in a protein and are the ones that are functionally relevant. Results We developed a web-based server to perform normal modes calculations and different types of analyses. Starting from a structure file provided by the user in the PDB format, the server calculates the normal modes and subsequently offers the user a series of automated calculations; normalized squared atomic displacements, vector field representation and animation of the first six vibrational modes. Each analysis is performed independently from the others and results can be visualized using only a web browser. No additional plug-in or software is required. For users who would like to analyze the results with their favorite software, raw results can also be downloaded. The application is available on . We present here the underlying theory, the application architecture and an illustration of its features using a large transmembrane protein as an example. Conclusion We built an efficient and modular web application for normal mode analysis of proteins. Non specialists can easily and rapidly evaluate the degree of flexibility of multi-domain protein assemblies and characterize the large amplitude movements of their domains. PMID:15762993

  7. Concept Mapping Your Web Searches: A Design Rationale and Web-Enabled Application

    ERIC Educational Resources Information Center

    Lee, Y.-J.

    2004-01-01

    Although it has become very common to use World Wide Web-based information in many educational settings, there has been little research on how to better search and organize Web-based information. This paper discusses the shortcomings of Web search engines and Web browsers as learning environments and describes an alternative Web search environment…

  8. Can We Support Applications' Evolution in Multi-application Smart Cards by Security-by-Contract?

    Microsoft Academic Search

    Nicola Dragoni; Olga Gadyatskaya; Fabio Massacci

    2010-01-01

    \\u000a Java card technology have progressed at the point of running web servers and web clients on a smart card. Yet concrete deployment\\u000a of multi-applications smart cards have remained extremely rare because the business model of the asynchronous download and\\u000a update of applications by different parties requires the control of interactions among possible applications after the card has been fielded. Yet

  9. GIST Web Services: A New Design Model for Developing GIS Customized ITS Application Systems

    Microsoft Academic Search

    Xiaolin Lu

    2006-01-01

    \\u000a The GIS-T web services can provide the hosted spatial data and GIS functionalities that can be accessed and integrated into\\u000a the different customized ITS applications. This paper presents the system design for building the Web GIS based intelligent\\u000a transportation application system with GIS-T web service technology. The GIS-T web services are designed to perform basic\\u000a geo-processing tasks, such as address

  10. Opal: Simple Web Services Wrappers for Scientific Applications

    Microsoft Academic Search

    Sriram Krishnan; Brent Stearn; Karan Bhatia; Kim K. Baldridge; Wilfred Li; Peter Arzberger

    The Grid-based computational infrastructure en- ables large-scale scientific applications to be run on distributed resources and coupled in innovative ways. However, in practice, Grid-based resources are not very easy to use for the end-user. The end-user has to learn how to generate security credentials, stage inputs and outputs, access Grid-based schedulers, and install complex client software to do so. This

  11. Opal: SimpleWeb Services Wrappers for Scientific Applications

    Microsoft Academic Search

    Sriram Krishnan; Brent Stearn; Karan Bhatia; Kim K. Baldridge; Wilfred W. Li; Peter W. Arzberger

    2006-01-01

    Abstract— The Grid-based computational infrastructure en- ables large-scale scientific applications to be run on distributed resources and coupled in innovative ways. However, in practice, Grid-based resources are not very easy to use for the end-user. The end-user has to learn how to generate security credentials, stage inputs and outputs, access Grid-based schedulers, and install complex client software to do so.

  12. Developing CRM System of Web Application Based on JavaServer Faces

    Microsoft Academic Search

    Xu JunWu; Liang JunLing

    2010-01-01

    This paper describes research in the use of The Java Server Faces (JSF) to develop web applications for CRM. JSF is a standardized specification for building User Interfaces (UI) for server-side applications. If you are familiar with Struts (a popular open source JSP-based Web application framework) and Swing (the standard Java user interface framework for desktop applications), think of Java

  13. A flexible security architecture to support third-party applications on mobile devices

    E-print Network

    Massacci, Fabio

    A flexible security architecture to support third-party applications on mobile devices Dries approach is the notion of "security-by-contract" to protect mobile applications . Mo- bile applications can ABSTRACT The problem of supporting the secure execution of poten- tially malicious third-party applications

  14. Mobile Application Security Framework for the Handheld Devices in Wireless Cellular Networks

    Microsoft Academic Search

    S. Vijay Anand

    The Small, Portable Mobile handheld devices are often left unsecured due to their limited computing power. The approach is also inadequate for mobile applications that require security as a controllable service attribute to maintain various security levels that are acceptable to the users. Hence, we need a tunable and differentiable Application security framework for handheld devices that provides differential security

  15. Using the PL/SQL Cartridge of the Oracle Application Server to Deploy Web Applications

    SciTech Connect

    Begovich, C.L.

    1999-06-14

    Deploying business applications on the internal Web is a priority at Oak Ridge National Laboratory (Lockheed Martin Energy Research) and Lockheed Martin Energy Systems, Inc. as with most corporations. Three separate applications chose the Oracle Application Server (OAS), using the PL/SQL cartridge as a Web deployment method. This method was chosen primarily because the data was already stored in Oracle tables and developers knew HJSQL or at least SQL. The Database Support group had the responsibility of installing, testing, and determining standard methods for interfacing with the PL/SQL cartridge of the OAS. Note that the term Web Application Server was used for version 3, but in this discussion, OAS will be used for both version 3 and version 4.

  16. RDFa Ontology-Based Architecture for String-Based Web Attacks: Testing and Evaluation

    Microsoft Academic Search

    Shadi Aljawarneh; Faisal Alkhateeb

    \\u000a String input is an issue for web application security. The problem is that developers often trust string input without checking\\u000a for validity. Typically, a little attention is paid to it in a web development project, because overenthusiastic validation\\u000a can tend to break the security upon web applications. In this chapter, security vulnerabilities such as SQL injection has\\u000a been described and

  17. Secure electronic commerce communication system based on CA

    Microsoft Academic Search

    Deyun Chen; Junfeng Zhang; Shujun Pei

    2001-01-01

    In this paper, we introduce the situation of electronic commercial security, then we analyze the working process and security for SSL protocol. At last, we propose a secure electronic commerce communication system based on CA. The system provide secure services such as encryption, integer, peer authentication and non-repudiation for application layer communication software of browser clients' and web server. The

  18. Power efficiency analysis of multimedia secured mobile applications

    Microsoft Academic Search

    Marius Marcu; Dacian Tudor; Sebastian Fuicu

    2010-01-01

    Multimedia mobile applications using wireless communication and security services become more and more demanding with respect to processing speed and power consumption. Power saving is one of the most important feature that network interface and mobile processor must provide in order to prolong battery lifetime of a mobile device. The multitude and complexity of devices that implement a large spectrum

  19. Using Genetic Algorithms in Secured Business Intelligence Mobile Applications

    Microsoft Academic Search

    Silvia TRIF

    2011-01-01

    The paper aims to assess the use of genetic algorithms for training neural networks used in secured Business Intelligence Mobile Applications. A comparison is made between classic back-propagation method and a genetic algorithm based training. The design of these algorithms is presented. A comparative study is realized for determining the better way of training neural networks, from the point of

  20. Securing J2ME Mobile Application API Using XACML

    Microsoft Academic Search

    Gautham Kasinath; Leisa J Armstrong

    2007-01-01

    Following Moore's law, the numbers of mobile phones and their capabifities have increased exponentially in recent years. The platform of choice for running applications on resource constrained devices such as mobile phones, today, is the Java 2 Micro Edition (J2ME) with Connected Limited Device Configuration (CLDC). This popularity exposes the security risks. These risks include the loss of data, money