论文信息 - Design and experimental evaluation of Web Content Verification and Recovery (WCVR) system : a survivable security system

Design and experimental evaluation of Web Content Verification and Recovery (WCVR) system : a survivable security system

We have designed a novel security system, called Web Content Verification and Recovery (WCVR) system to solve unauthorised tampering on server-side web content. Our solution is implemented as a prototype. This prototype consists of three mechanisms: web register, HTTP interface, and response hashing. In this paper, we have conducted a set of experiential studies to meet the security and performance objectives. The results of an experimental study have shown that the proposed system (WCVR) provides a high coverage of detection and protection, and a low level of overhead times.

Shadi Aljawarneh | Paul Vickers | Christopher Laing

[1] Magnus Almgren,et al. An Architecture for an Adaptive Intrusion-Tolerant Server , 2002, Security Protocols Workshop.

[2] Robert L. Probert,et al. Formal Testing of Web Content using TTCN-3 , 2005 .

[3] Shadi Aljawarneh,et al. Security policy framework and algorithms for web server content protection , 2007 .

[4] Shadi Aljawarneh,et al. Verification of web content integrity : a new approach to protect servers against tampering , 2007 .

[5] Richard Sharp,et al. Specifying and Enforcing Application-Level Web Security Policies , 2003, IEEE Trans. Knowl. Data Eng..

[6] Trent Jaeger,et al. Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[7] Josef Pieprzyk,et al. On-the-fly web content integrity check boosts users' confidence , 2002, CACM.

[8] Marko Hassinen,et al. Client controlled security for Web applications , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.

[9] Bob Gehling,et al. eCommerce security , 2005, InfoSecCD '05.

[10] Helen J. Wang,et al. BrowserShield: vulnerability-driven filtering of dynamic HTML , 2006, OSDI '06.

[11] A. Jefferson Offutt,et al. Bypass testing of Web applications , 2004, 15th International Symposium on Software Reliability Engineering.