Keyword Search:


Bookmark and Share

XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment.

Asmawi, Aziah and Affendey, Lilly Suriani and Udzir, Nur Izura and Mahmod, Ramlan (2013) XIPS : a model-based prevention mechanism for preventing blind XPath injection in database-centric web services environment. International Journal of Advancements in Computing Technology, 5 (10). pp. 69-77. ISSN 2005-8039; ESSN:2233-9337

[img] PDF (Abstract)
83Kb

Abstract

Web services have become a powerful interface for backend database systems which provides many services such as automatic purchasing, inventory tracking and clinical management. However, along the benefit of Web services, comes a serious risk of security breaches. Most Web services are deployed with security flaws and these vulnerabilities expose them to XPath (XML Path Language) injection. This kind of attack can cause serious damage to the database at the back end of Web services. This paper proposes XIPS, a prevention mechanism against Blind XPath injection attacks within Web services environment. The prevention mechanism employs the model-based approach to detect malicious queries and thwart them before they are executed on the Web services back end database. This approach uses run time monitoring to check on the dynamically-generated queries and compares them against the statistically-built model. The employment of the XIPS architecture should be able to prevent Web services from any kinds of XPath injection attacks.

Item Type:Article
Keyword:Web services; Database security; Blind XPath injection; Model-based; Hotspot.
Faculty or Institute:Faculty of Computer Science and Information Technology
Publisher:Advanced Institute of Convergence Information Technology
ID Code:30654
Deposited By: Nida Hidayati Ghazali
Deposited On:14 Jul 2014 15:12
Last Modified:07 Sep 2015 11:41

Repository Staff Only: Edit item detail