Context-oriented web application protection model
详细信息 查看全文
- 作者:Victor Prokhorenko ; Kim-Kwang Raymond Choo ; raymond.choo@fulbrightmail.org" class="auth_mail" title="E-mail the corresponding author ; raymond.choo@unisa.edu.au" class="auth_mail" title="E-mail the corresponding author ; Helen Ashman
- 关键词:Context-based protection ; Web application attacks ; Web application protection ; Web application vulnerabilities
- 刊名:Applied Mathematics and Computation
- 出版年:2016
- 出版时间:20 July 2016
- 年:2016
- 卷:285
- 期:Complete
- 页码:59-78
- 全文大小:2039 K
文摘
Due to growing user demand, web application development is becoming increasingly complicated. Multiple programming languages along with the complex multi-tier architecture commonly involved in web application development contribute to the probability of programming mistakes. Such mistakes may cause serious security vulnerabilities, which can then be exploited by malicious users. Current classifications include a wide variety of web application vulnerabilities, such as SQL injections, Cross-Site Scripting and File Inclusion. Various different protections exist against attacks associated with these vulnerabilities making it difficult to apply a single universal solution. This paper takes an alternative view of the core root of the vulnerabilities. Based on the discovered common traits, a unified extensible context-based model of web applications is proposed. A concept of context is introduced and different attacks are reformulated in terms of context boundary violation. The proposed model can be used to implement a more universal web application protection suitable against different types of attacks.