Department of Computer Science and Information Systems
Permanent URI for this collectionhttp://localhost:4000/handle/123456789/1928
Browse
8 results
Search Results
Item A Combined Model to Ensure Complete Security and Reliability in Cloud Computing(WCECS, 2015) Gupta, ShashankCloud Computing is the fastest growing technique in the IT (Information Technology) industry as its main idea is to maximising the capacity and capabilities vigorously without investing in new infrastructure and licensing software. It provides a large amount of storage capacity over the internet but the management and security of the data and services over the cloud is not entirely trustworthy. Because of the lack in trust, most of the businesses are still reluctant to deploy their business over cloud, so security is the major concern in cloud computing and becoming a major issue in the implementation of cloud. In this paper, a new framework is proposed which focuses on almost every aspect of security ie protection of data from beginning to end, ie, from cloud owner to user. This work focuses on major four aspects of security, ie, Confidentiality, Availability, Integrity and Non-Repudiation. This framework will work on all the categories of Cloud ie Public, Private and Hybrid Cloud and proposes an algorithm to select the correct category of cloud to put a data on to itItem Alleviating the proliferation of JavaScript worms from online social network in cloud platforms(IEEE, 2016) Gupta, ShashankThis paper presents a robust framework deployed in the settings of cloud environment that alleviates the propagation of JS worms from Web applications. The proposed framework automates the process of detecting the hidden injection points from the OSN-based web applications. In addition, it also detects the partial JavaScript injection by the attacker and performs the sanitization on the detected JavaScript attack vectors in a context-aware manner. The prototype of our framework was developed in java and installed in the virtual machines of cloud platforms as a Google Chrome extension. The testing of our framework is performed on the platform of real world OSN-based web applications in cloud platform. The performance analysis and experimental results reveal that our framework detects the partial JS worms with low false negative rate and acceptable false positive rate. We have also optimized the sanitization process in a context-aware manner in contrast to the methods adopted by existing defensive methodologies.Item CSSXC: Context-sensitive Sanitization Framework for Web Applications against XSS Vulnerabilities in Cloud Environments(Elsevier, 2016) Gupta, ShashankThis paper presents a context-sensitive sanitization based XSS defensive framework for the cloud environment. It discovers all the hidden injection points in HTML5-based web applications deployed on the platforms of cloud and sanitizes the XSS attack payloads injected in such points in a context sensitive manner. The identification of such injection points permits our technique to retrieve each possible web page of application, allowing a wider exploration and accelerating the process of applying the sanitizers on the untrusted variables of web application. The XSS attack mitigation capability of our framework was evaluated on web applications deployed for the cloud users in the cloud environment. The experimental results reveal that this technique detects the XSS attack payloads with minimum rate of false negatives and less runtime overhead.Item Enhanced XSS Defensive Framework for Web Applications Deployed in the Virtual Machines of Cloud Computing Environment(Elsevier, 2016) Gupta, ShashankTo thwart the virtual machines from being a victim of XSS attacks on the cloud computing environment, this paper presents an enhanced XSS defensive methodology for the cloud platforms. This framework initially scans the HTTP requests for the embedded URI links that points towards the links of external JS files and which may contain malicious XSS payload. Our design also explores the HTTP response for extracting the script content and compares this content with the script content retrieved from the URI links. Any resemblance observed in both these extracted set of scripts would be considered as malicious XSS worm. The testing and evaluation of our framework was done on tested bed of real world web applications by injecting the XSS attack payloads on their vulnerable injection points. Evaluation results revealed that our framework detects the XSS attack vectors with fewer rates of false negatives and false positivesItem POND: polishing the execution of nested context-familiar runtime dynamic parsing and sanitisation of XSS worms on online edge servers of fog computing(Inder Science, 2018-06) Gupta, ShashankThis article presents an enhanced duplex context-wise sanitisation generator and dynamic parser on the hierarchical distributed structure of cloud data centres and edge (fog) servers for obstructing the execution of XSS worms that was recently found on HTML5 and Twitter-based web applications. The online HTTP response generated by such edge servers undergoes through the phase of dynamic runtime parsing. This phase finds out the nested context of variables of script code that cannot be statically determined during the determination of nested context of such variables in a static manner. Finally, sanitised version of templates of HTML5 web pages are generated as an HTTP response and redirected to the network of smart devices. Cloud data centres and edge servers of fog nodes are utilised for integrating the infrastructure settings of our prototype framework that was developed in Java developed framework. Numerous tested open source platforms of OSN were utilised for assessing the performance of runtime nested context determination and sanitisation of suspicious JavaScript strings. Performance evaluation outcomes revealed that the proposed work experienced better response time at online phase and tolerable performance overhead caused due to the runtime nested context-wise parsing and sanitisation of XSS worms.Item RAJIVE: restricting the abuse of JavaScript injection vulnerabilities on cloud data centre by sensing the violation in expected workflow of web applications(Inder Science, 2018-03) Gupta, ShashankThis article introduces a novel defensive framework that detects and obstructs the exploitation of malicious JavaScript (JS) injection by spotting the violation in the expected workflow of web applications deployed on the cloud data centres. The framework initially generates some categories of axioms by examining the strings of HTTP request and response. Likewise, it detects the deviation in the intended workflow of web application by examining the violation in such generated axioms. The prototype of our work was developed in Java development framework and installed on the virtual machines of cloud data centres located at the core of network. Susceptible web applications were utilised for evaluating the workflow violation detection capability in order to obstruct the execution of XSS worms on the cloud data centres. Evaluation result revealed that framework detects the injection of XSS worms with high precision rate and lesser rate of false positives and false negatives.Item SFC: A Three Layer Smart Phone-Fag-Cloud Framework for Defending Against JavaScript Code Injection Vulnerabilities on OSN(IEEE, 2018) Gupta, ShashankThis article introduced a Fog centric model in the proximity of smart phone devices and virtual Cloud Data Centers (CDC) that senses and avoids an execution of JavaScript code injection vulnerabilities on Online Social Network (OSN). Such offline CDC statically computes the features of clustered-sanitized compressed patterns of JavaScript attack vectors embedded in the HTTP response messages and inject them on the online edge servers of Fog Computing network. The online edge web server dynamically re-computes the features of JavaScript code and compares these features with the statically calculated features in offline mode. Any discrepancy observed in these features will alarm the signal of injection of malicious script code on the edge server. The prototype of our Fog centric framework was developed in Java and installed on the offline virtual machines of Cloud platforms and online edge servers of Fog computing architecture. The online evaluation results exposed that the JavaScript attack vectors sensing rate of our work is high with tolerable rate of False Negatives (FNs), False Positives (FPs) and lesser overall performance overhead during the peak congestion of generation of sanitized HTTP response on the fog nodes.Item Nested context-aware sanitisation and feature injection in clustered templates of JavaScript worms on the cloud-based OSN(Inder Science, 2020) Gupta, ShashankThis article presents an enhanced JavaScript feature-injection based framework that obstructs the execution of cross-site scripting (XSS) worms from the virtual machines of cloud-based online social network (OSN). It calculates the features of clustered-sanitised compressed templates of JavaScript attack vectors embedded in the HTTP response messages. Any variation observed in such JavaScript feature set indicates the injection of XSS worms on the cloud-based OSN server. The injected worms will further undergo through the process of nested context-aware sanitisation for its safe interpretation on the web browser. The prototype of our framework was developed in Java and installed in the virtual machines of cloud environment. The experimental evaluation of our framework was performed on the platform of OSN-based web applications deployed in the cloud platform. The performance analysis done revealed that our framework detects the injection of malicious JavaScript code with low false negative rate and acceptable performance overhead.