Sciweavers

Share
IFIPTM
2009

Detection and Prevention of Insider Threats in Database Driven Web Services

9 years 11 months ago
Detection and Prevention of Insider Threats in Database Driven Web Services
In this paper, we take the first step to address the gap between the security needs in outsourced hosting services and the protection provided in the current practice. We consider both insider and outsider attacks in the third-party web hosting scenarios. We present SafeWS, a modular solution that is inserted between server side scripts and databases in order to prevent and detect website hijacking and unauthorized access to stored data. To achieve the required security, SafeWS utilizes a combination of lightweight cryptographic integrity and encryption tools, software engineering techniques, and security data management principles. We also describe our implementation of SafeWS and its evaluation. The performance analysis of our prototype shows the overhead introduced by security verification is small. SafeWS will allow business owners to significantly reduce the security risks and vulnerabilities of outsourcing their sensitive customer data to third-party providers.
Tzvi Chumash, Danfeng Yao
Added 20 Feb 2011
Updated 20 Feb 2011
Type Journal
Year 2009
Where IFIPTM
Authors Tzvi Chumash, Danfeng Yao
Comments (0)
books