Citation
Asmawi, Aziah and Affendey, Lilly Suriani and Udzir, Nur Izura and Mahmod, Ramlan
(2012)
Model-based system architecture for preventing XPath injection in database-centric web services environment.
In: 7th International Conference on Computing and Convergence Technology (ICCCT 2012), 3-5 Dec. 2012, Seoul, Korea. (pp. 621-625).
Abstract
Web services have become a powerful interface for back-end database systems. It is a self-describing component that can be used by other applications in a platform-independent manner. However, along the benefit of Web services, comes a serious risk of security breaches. Most web services are deployed with security flaws and these vulnerabilities make them exposed to XPath (XML Path Language) injection. This kind of attack can cause serious damage to the database at the backend of web services. This paper proposes a system architecture for prevention mechanism against XPath injection attacks within web services. The prevention mechanism employs the model-based approach to detect malicious queries and prevent them before they are executed on the web services backend database. This approach uses runtime monitoring to check on the dynamically-generated queries and compares them against the statistically-built model.
Download File
![[img]](http://psasir.upm.edu.my/47685/2.hassmallThumbnailVersion/Model-based%20system%20architecture%20for%20preventing%20XPath%20injection%20in%20database-centric%20web%20services%20environment.pdf)  Preview |
|
PDF (Abstract)
Model-based system architecture for preventing XPath injection in database-centric web services environment.pdf
Download (36kB)
| Preview
|
|
Additional Metadata
Actions (login required)
 |
View Item |
