论文信息 - Web Contents Protection, Secure Execution and Authorized Distribution

Web Contents Protection, Secure Execution and Authorized Distribution

This paper describes the design and implementation of a comprehensive system for protection of Web contents. In this design, new security components and extended security features are introduced in order to protect Web contents ageist various Web attacks. Components and extended security features are: protection of Web pages using strong encryption techniques, encapsulation of Web contents and resources in PKCS#7, extended secure execution environment for Java Web Server, eXtensible Access Control Markup Language (XACML) based authorization policies, and secure Web proxy. Design and implementation of our system is based on the concepts of generic security objects and component-based architecture that makes it compatible with exiting Web infrastructures without any modification.

Abdul Ghafoor Abbasi | Sead Muftic | Ikrom Hotamov | S. Muftic | Ikrom Hotamov

[1] Roger A. Grimes,et al. Malicious Mobile Code: Virus Protection for Windows , 2001 .

[2] Mukesh Singhal,et al. Password-Based Authentication: Preventing Dictionary Attacks , 2007, Computer.

[3] Niels Provos,et al. The Ghost in the Browser: Analysis of Web-based Malware , 2007, HotBots.

[4] Maria Schuett. Authentication Methods , 2011, Encyclopedia of Information Assurance.

[5] Abdul Ghafoor Abbasi,et al. CryptoNET : integrated secure workstation , 2009 .

[6] Ravi S. Sandhu,et al. The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[7] Sead Muftic,et al. CryptoNET: Software Protection and Secure Execution Environment , 2010 .

[8] Chengyu Song,et al. Studying Malicious Websites and the Underground Economy on the Chinese Web , 2008, WEIS.

[9] T. Dierks,et al. The TLS protocol , 1999 .