XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment.
Web services have become a powerful interface for backend database systems which provides many services such as automatic purchasing, inventory tracking and clinical management. However, along the benefit of Web services, comes a serious risk of security breaches. Most Web services are deployed with...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Advanced Institute of Convergence Information Technology
2013
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/30654/1/XIPS.pdf http://psasir.upm.edu.my/id/eprint/30654/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Putra Malaysia |
| Language: | English |
| id |
my.upm.eprints.30654 |
|---|---|
| record_format |
eprints |
| spelling |
my.upm.eprints.306542015-09-07T03:41:32Z http://psasir.upm.edu.my/id/eprint/30654/ XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment. Asmawi, Aziah Affendey, Lilly Suriani Udzir, Nur Izura Mahmod, Ramlan Web services have become a powerful interface for backend database systems which provides many services such as automatic purchasing, inventory tracking and clinical management. However, along the benefit of Web services, comes a serious risk of security breaches. Most Web services are deployed with security flaws and these vulnerabilities expose them to XPath (XML Path Language) injection. This kind of attack can cause serious damage to the database at the back end of Web services. This paper proposes XIPS, a prevention mechanism against Blind XPath injection attacks within Web services environment. The prevention mechanism employs the model-based approach to detect malicious queries and thwart them before they are executed on the Web services back end database. This approach uses run time monitoring to check on the dynamically-generated queries and compares them against the statistically-built model. The employment of the XIPS architecture should be able to prevent Web services from any kinds of XPath injection attacks. Advanced Institute of Convergence Information Technology 2013-06 Article PeerReviewed application/pdf en http://psasir.upm.edu.my/id/eprint/30654/1/XIPS.pdf Asmawi, Aziah and Affendey, Lilly Suriani and Udzir, Nur Izura and Mahmod, Ramlan (2013) XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment. International Journal of Advancements in Computing Technology, 5 (10). pp. 69-77. ISSN 2005-8039; ESSN:2233-9337 |
| institution |
Universiti Putra Malaysia |
| building |
UPM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Putra Malaysia |
| content_source |
UPM Institutional Repository |
| url_provider |
http://psasir.upm.edu.my/ |
| language |
English |
| description |
Web services have become a powerful interface for backend database systems which provides many services such as automatic purchasing, inventory tracking and clinical management. However, along the benefit of Web services, comes a serious risk of security breaches. Most Web services are deployed with security flaws and these vulnerabilities expose them to XPath (XML Path Language) injection. This kind of attack can cause serious damage to the database at the back end of Web services. This paper proposes XIPS, a prevention mechanism against Blind XPath injection attacks within Web services environment. The prevention mechanism employs the model-based approach to detect malicious queries and thwart them before they are executed on the Web services back end database. This approach uses run time monitoring to check on the dynamically-generated queries and compares them against the statistically-built model. The employment of the XIPS architecture should be able to prevent Web services from any kinds of XPath injection attacks. |
| format |
Article |
| author |
Asmawi, Aziah Affendey, Lilly Suriani Udzir, Nur Izura Mahmod, Ramlan |
| spellingShingle |
Asmawi, Aziah Affendey, Lilly Suriani Udzir, Nur Izura Mahmod, Ramlan XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment. |
| author_facet |
Asmawi, Aziah Affendey, Lilly Suriani Udzir, Nur Izura Mahmod, Ramlan |
| author_sort |
Asmawi, Aziah |
| title |
XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment. |
| title_short |
XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment. |
| title_full |
XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment. |
| title_fullStr |
XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment. |
| title_full_unstemmed |
XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment. |
| title_sort |
xips : a model-based prevention mechanism for preventing blind xpath injection in database-centric web services environment. |
| publisher |
Advanced Institute of Convergence Information Technology |
| publishDate |
2013 |
| url |
http://psasir.upm.edu.my/id/eprint/30654/1/XIPS.pdf http://psasir.upm.edu.my/id/eprint/30654/ |
| _version_ |
1643830124006604800 |