Model-based system architecture for preventing XPath injection in database-centric web services environment
Web services have become a powerful interface for back-end database systems. It is a self-describing component that can be used by other applications in a platform-independent manner. However, along the benefit of Web services, comes a serious risk of security breaches. Most web services are deploye...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
IEEE
2012
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/47685/2/Model-based%20system%20architecture%20for%20preventing%20XPath%20injection%20in%20database-centric%20web%20services%20environment.pdf http://psasir.upm.edu.my/id/eprint/47685/ http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6530409&queryText=universiti%20putra%20malaysia&pageNumber=3&newsearch=true |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Putra Malaysia |
| Language: | English |
| id |
my.upm.eprints.47685 |
|---|---|
| record_format |
eprints |
| spelling |
my.upm.eprints.476852016-07-14T04:40:18Z http://psasir.upm.edu.my/id/eprint/47685/ Model-based system architecture for preventing XPath injection in database-centric web services environment Asmawi, Aziah Affendey, Lilly Suriani Udzir, Nur Izura Mahmod, Ramlan Web services have become a powerful interface for back-end database systems. It is a self-describing component that can be used by other applications in a platform-independent manner. However, along the benefit of Web services, comes a serious risk of security breaches. Most web services are deployed with security flaws and these vulnerabilities make them exposed to XPath (XML Path Language) injection. This kind of attack can cause serious damage to the database at the backend of web services. This paper proposes a system architecture for prevention mechanism against XPath injection attacks within web services. The prevention mechanism employs the model-based approach to detect malicious queries and prevent them before they are executed on the web services backend database. This approach uses runtime monitoring to check on the dynamically-generated queries and compares them against the statistically-built model. IEEE 2012 Conference or Workshop Item PeerReviewed application/pdf en http://psasir.upm.edu.my/id/eprint/47685/2/Model-based%20system%20architecture%20for%20preventing%20XPath%20injection%20in%20database-centric%20web%20services%20environment.pdf Asmawi, Aziah and Affendey, Lilly Suriani and Udzir, Nur Izura and Mahmod, Ramlan (2012) Model-based system architecture for preventing XPath injection in database-centric web services environment. In: 7th International Conference on Computing and Convergence Technology (ICCCT 2012), 3-5 Dec. 2012, Seoul, Korea. (pp. 621-625). http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6530409&queryText=universiti%20putra%20malaysia&pageNumber=3&newsearch=true |
| institution |
Universiti Putra Malaysia |
| building |
UPM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Putra Malaysia |
| content_source |
UPM Institutional Repository |
| url_provider |
http://psasir.upm.edu.my/ |
| language |
English |
| description |
Web services have become a powerful interface for back-end database systems. It is a self-describing component that can be used by other applications in a platform-independent manner. However, along the benefit of Web services, comes a serious risk of security breaches. Most web services are deployed with security flaws and these vulnerabilities make them exposed to XPath (XML Path Language) injection. This kind of attack can cause serious damage to the database at the backend of web services. This paper proposes a system architecture for prevention mechanism against XPath injection attacks within web services. The prevention mechanism employs the model-based approach to detect malicious queries and prevent them before they are executed on the web services backend database. This approach uses runtime monitoring to check on the dynamically-generated queries and compares them against the statistically-built model. |
| format |
Conference or Workshop Item |
| author |
Asmawi, Aziah Affendey, Lilly Suriani Udzir, Nur Izura Mahmod, Ramlan |
| spellingShingle |
Asmawi, Aziah Affendey, Lilly Suriani Udzir, Nur Izura Mahmod, Ramlan Model-based system architecture for preventing XPath injection in database-centric web services environment |
| author_facet |
Asmawi, Aziah Affendey, Lilly Suriani Udzir, Nur Izura Mahmod, Ramlan |
| author_sort |
Asmawi, Aziah |
| title |
Model-based system architecture for preventing XPath injection in database-centric web services environment |
| title_short |
Model-based system architecture for preventing XPath injection in database-centric web services environment |
| title_full |
Model-based system architecture for preventing XPath injection in database-centric web services environment |
| title_fullStr |
Model-based system architecture for preventing XPath injection in database-centric web services environment |
| title_full_unstemmed |
Model-based system architecture for preventing XPath injection in database-centric web services environment |
| title_sort |
model-based system architecture for preventing xpath injection in database-centric web services environment |
| publisher |
IEEE |
| publishDate |
2012 |
| url |
http://psasir.upm.edu.my/id/eprint/47685/2/Model-based%20system%20architecture%20for%20preventing%20XPath%20injection%20in%20database-centric%20web%20services%20environment.pdf http://psasir.upm.edu.my/id/eprint/47685/ http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6530409&queryText=universiti%20putra%20malaysia&pageNumber=3&newsearch=true |
| _version_ |
1643833951856361472 |