Department of Computer Science and Information Systems
Permanent URI for this collectionhttp://localhost:4000/handle/123456789/1928
Browse
38 results
Search Results
Item Comparative study of risk assessment models corresponding to risk elements(IEEE, 2012) Gupta, ShashankIn the modern era of software engineering, the development of software in static and dynamic environment results in several vulnerabilities that need to be handled so that they do not step in with the clear defined project goals. Previous studies show that the wide variety of different risk analysis strategies provide a valid solution to address the lack of risk management strategies in Software risk assessment model (SRAM), Software risk assessment and estimation model (SRAEM) etc. In this paper we have discussed the comparison between different software risk assessment models corresponding to certain risk elements. These risk elements must be taken into account in order to cover some perspectives of the software industry which have not been covered up to now. Based on this analysis, we have also concluded the weaknesses and strengths of risk assessment models.Item BDS: Browser Dependent XSS Sanitizer(IGI Global, 2015) Gupta, ShashankCross-Site Scripting (XSS) attack is a vulnerability on the client-side browser that is caused by the improper sanitization of the user input embedded in the Web pages. Researchers in the past had proposed various types of defensive strategies, vulnerability scanners, etc., but still XSS flaws remains in the Web applications due to inadequate understanding and implementation of various defensive tools and strategies. Therefore, in this chapter, the authors propose a security model called Browser Dependent XSS Sanitizer (BDS) on the client-side Web browser for eliminating the effect of XSS vulnerability. Various earlier client-side solutions degrade the performance on the Web browser side. But in this chapter, the authors use a three-step approach to bypass the XSS attack without degrading much of the user's Web browsing experience. While auditing the experiments, this approach is capable of preventing the XSS attacks on various modern Web browsers.Item Efficient Service Utilization in Cloud Computing Exploitation Victimization as Revised Rough Set Optimization Service Parameters(Elsevier, 2015) Gupta, ShashankCloud computing is an effort in delivering resources as a service. In cloud computing setting the role of service supplier is split into two parts as Cloud Broker and repair suppliers. The Cloud Brokermanages cloud platforms and lease resources in keeping with a usage-based evaluation model. The repair suppliers rent resources from one or several infrastructure suppliers to serve the top users. The plan of action of choosing a Cloud Service supplier is evaluated upon the premise of Which-Cloud Provider-Provides-What. Selecting qualification applicableService supplier is more durable as results of all CSPs cannot be counted for all non-stop Service. The aim of this analysis work is to traumatize the programming of the requests on the premise of twelve parameters that got higher best-known to comprehend the simplest best ways that of cloud service supplier allotment to the users. Apart from the implementation and compression purpose taken identical four parameters that unit of measure gift in ROSP recursive program. It uses rough math's to urge the mathematical model inside that the algorithmic program Rough set improvement Service Parameters is created on the premise of the economical resource Utilization in Cloud Computing practice Revised ROSP programming Technique. Then the algorithm is enforced within the cloud machine within that cloudlets, datacenters, and cloud brokers unit of measure wont to perform the algorithms. Some integral packages of Cloud machine unit of measure won’t to simulate the strategy. The strategy is completed combined at a lower place internet Beans and Sql. The results once the implementation of the ERROSP algorithm got unit of measure on high of theROSP algorithm in time taken and mainframe utilization.Item A Combined Model to Ensure Complete Security and Reliability in Cloud Computing(WCECS, 2015) Gupta, ShashankCloud Computing is the fastest growing technique in the IT (Information Technology) industry as its main idea is to maximising the capacity and capabilities vigorously without investing in new infrastructure and licensing software. It provides a large amount of storage capacity over the internet but the management and security of the data and services over the cloud is not entirely trustworthy. Because of the lack in trust, most of the businesses are still reluctant to deploy their business over cloud, so security is the major concern in cloud computing and becoming a major issue in the implementation of cloud. In this paper, a new framework is proposed which focuses on almost every aspect of security ie protection of data from beginning to end, ie, from cloud owner to user. This work focuses on major four aspects of security, ie, Confidentiality, Availability, Integrity and Non-Repudiation. This framework will work on all the categories of Cloud ie Public, Private and Hybrid Cloud and proposes an algorithm to select the correct category of cloud to put a data on to itItem Digital Signature using Biometrics(WCECS, 2015) Gupta, ShashankIt is desirable to generate a digital signature using biometrics but not practicable because of its inaccurate measuring and complex methodologies, without using specific hardware devices that hold signature keys or biometric templates securely. Proposed model resolves the problem in biometric based digital signature by making it simple and secure. Proposed model uses the biometric template and generate the key which uses the AES which is much secure to make the signature useful.Item PHP-sensor: a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications(ACM Digital Library, 2015-05) Gupta, ShashankAs the usage of web applications for security-sensitive facilities has enlarged, the quantity and cleverness of web-based attacks against the web applications have grown-up as well. Several annual cyber security reports revealed that modern web applications suffer from two main categories of attacks: Workflow Violation Attacks and Cross-Site Scripting (XSS) attacks. Presently, in comparison to XSS attacks, there have been actual restricted work carried out that discover workflow violation attacks, as web application logic errors are particular to the expected functionality of a specific web application. This paper presents PHP-Sensor, a novel defensive model that discovers both the vulnerabilities of workflow violation attack and XSS attack concurrently in the real world PHP web applications. For the workflow violation attack, we extract a certain set of axioms by monitoring the sequences of HTTP request/responses and their corresponding session variables during the offline mode. The set of axioms is then utilized for evaluating the HTTP request/response in online mode. Any HTTP request/ response that bypass the corresponding axiom is recognized as a workflow violation attack in PHP web application. For the XSS attack, PHP-Sensor discovers the self-propagating features of XSS worms by monitoring the outgoing HTTP web request with the scripts that are injected in the currently HTTP response web page. We develop prototype of our proposed defensive model on the web proxy as well as on the client-side for the recognition of workflow violation and XSS attacks respectively. We evaluate the detection capability of PHP-Sensor on open source real-world PHP web applications and the simulation outcomes reveal that our defensive model is efficient and feasible at discovering workflow violation attacks, XSS attacks and experiences tolerable performance overhead.Item Cross-Site Scripting (XSS) Abuse and Defense: Exploitation on Several Testing Bed Environments and Its Defense(Taylor & Francis, 2015-07) Gupta, ShashankToday cyber physical systems (CPS) facilitate physical world devices to integrate with several Internet data sources and services. In the contemporary era of Web 2.0 technologies, web applications are being developed on several advanced technologies (e.g., AJAX, JavaScript, Flash, ASP.net). However, due to the frequent usage in daily life, web applications are constantly under attack. Cross-site scripting (XSS) attacks are presently the most exploited security problems in the modern web applications. XSS attacks are generally caused by the improper sanitization of user-supplied input on the applications. These attacked use vulnerabilities in the source code, resulting in serious consequences such as stealing of session-identifications embedded in cookies, passwords, credit card numbers, and several other related personal credentials. This article describes a three-fold approach: 1) testing the vulnerabilities of XSS attack on the local host server Apache Tomcat by utilizing the malicious scripts from XSS cheat sheet website; 2) exploiting the same vulnerabilities on Web Goat; and 3) exploiting encoded versions of the injected scripts for testing the level of XSS attack prevention capability. Based on the observed results, further work is also discussed.Item XSS-SAFE: A Server-Side Approach to Detect and Mitigate Cross-Site Scripting (XSS) Attacks in JavaScript Code(Springer, 2016) Gupta, ShashankNowadays, Web applications are considered to be one of the most ubiquitous platforms for providing the information and service release over the World Wide Web, particularly those deployed in health care, banking, e-commerce operations, etc. Boom of social networking sites and modern Web applications that transfer dynamic information to the client-side Web browsers has increased the user-generated and feature-rich HTML content on the Internet. This enhanced HTML content includes a malicious attack vector for Web-related attacks. Cross-site scripting (XSS) attacks are presently the most exploited security problems in modern Web applications and activated by an attacker to utilize the vulnerabilities of the poorly written Web application source code. Users across all over the popular social networking Web sites are exposed to XSS attacks. These attacks are generally caused by the malicious scripts, which do not validate the user-injected input appropriately and exploit the vulnerabilities in the source code of the Web applications. It results in the loss of confidential information such as stealing of cookies, theft of passwords, and other private credentials. In this paper, we propose a robust framework known as XSS-SAFE (Cross-Site Scripting Secure Web Application FramEwork), which is a server-side automated framework for the detection and mitigation of XSS attacks. XSS-SAFE is designed based on the idea of injecting the features of JavaScript and introduced an idea of injecting the sanitization routines in the source code of JavaScript to detect and mitigate the malicious injected XSS attack vectors. We repeatedly inject the feature content, generate rules, and insert sanitization routines for the discovery of XSS attacks. We have evaluated our approach on five real-world JavaServer Pages (JSP) programs. The results indicate that XSS-SAFE detects and mitigates most of the previously known and unknown XSS attacks with minimum false positives, zero false-negative rate, and low runtime overhead.Item JS-SAN: defense mechanism for HTML5-based web applications against javascript code injection vulnerabilities(Wiley, 2016-02) Gupta, ShashankThis paper presents an injection and clustering-based sanitization framework, i.e. JS-SAN (JavaScript SANitizer) for the mitigation of JS code injection vulnerabilities. It generates an attack vector template by performing the clustering on the extracted JS attack vector payloads corresponding to their level of similarity. As a result, it then sanitizes the extracted JS attack vector template by an automated technique of placement of sanitizers in the source code of generated templates of web applications. We have also performed the deepest possible crawling of web pages for finding the possible user-injection points and injected the latest HTML5-based XSS attack vectors for testing the mitigation capability of our framework. The implementation of our design was done on the browser-side JavaScript library and tested as an extension on the Google Chrome. The attack mitigation capability of JS-SAN was evaluated by incorporating the support from a tested suite of open source web applications that are vulnerable to JS code injection vulnerabilities. The proposed framework validates its novelty by producing a less rate of false negatives and tolerable runtime overhead as compared to existing sanitization-based approachesItem Reviewing the Security Features in Contemporary Security Policies and Models for Multiple Platform(IGI Global, 2018) Gupta, ShashankNumerous vulnerabilities have a tendency to taint modern real-world web applications, allowing attackers in retrieving sensitive information and exploiting genuine web applications as a platform for malware activities. Moreover, computing techniques are evolved from the large desktop computer systems to the devices like smartphones, smart watches and goggles. This needs to be ensure that these devices improve their usability and will not be utilized for attacking the personal credentilas (such as credit card numbers, transaction passwords, etc.) of the users. Therefore, there is a need of security architecture over the user's credentials so that no unauthorized user can access it. This chapter summarizes various security models and techniques that are being discovered, studied and utilized extensively in order to ensure computer security. It also discusses numerous security principles and presents the models that ensure these security principles. Security models (such as access control models, information flow models, protection ring, etc.) form the basis of various higher level and complex models. Therefore, learning such security models is very much essential for ensuring the security of the computer and cyber world.