• Documents
  • Authors
  • Tables
  • Log in
  • Sign up
  • MetaCart
  • DMCA
  • Donate

CiteSeerX logo

Tools

Sorted by:
Try your query at:
Semantic Scholar Scholar Academic
Google Bing DBLP
Results 1 - 10 of 188
Next 10 →

Intrusion Detection via Static Analysis

by David Wagner, Drew Dean , 2001
"... One of the primary challenges in intrusion detection is modelling typical application behavior, so that we can recognize attacks by their atypical effects without raising too many false alarms. We show how static analysis may be used to automatically derive a model of application behavior. The resul ..."
Abstract - Cited by 352 (1 self) - Add to MetaCart
One of the primary challenges in intrusion detection is modelling typical application behavior, so that we can recognize attacks by their atypical effects without raising too many false alarms. We show how static analysis may be used to automatically derive a model of application behavior

An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications

by Dongseok Jang, Ranjit Jhala, Sorin Lerner, Hovav Shacham
"... The dynamic nature of JavaScript web applications has given rise to the possibility of privacy violating information flows. We present an empirical study of the prevalence of such flows on a large number of popular websites. We have (1) designed an expressive, fine-grained information flow policy la ..."
Abstract - Cited by 65 (2 self) - Add to MetaCart
The dynamic nature of JavaScript web applications has given rise to the possibility of privacy violating information flows. We present an empirical study of the prevalence of such flows on a large number of popular websites. We have (1) designed an expressive, fine-grained information flow policy

Experimenting with a policy-based hids based on an information flow control model

by Jacob Zimmermann, Ludovic Mé, Christophe Bidan - In Proceedings of the 19 Annual Computer Security Applications Conference (ACSAC), Las Vegas, NV , 2003
"... In [1], we proposed a model for policy-based intrusion detection, based on information flow control. In the present paper, we show its applicability and effectiveness on a standard OS. We present results of two set of experiments, one carried out in a completely controlled environment, the other on ..."
Abstract - Cited by 6 (0 self) - Add to MetaCart
In [1], we proposed a model for policy-based intrusion detection, based on information flow control. In the present paper, we show its applicability and effectiveness on a standard OS. We present results of two set of experiments, one carried out in a completely controlled environment, the other

INTRUSION DETECTION IN MULTITIER WEB APPLICATIONS

by Shenbagalakshmi Gunasekaran, K. Muneeswaran
"... Intrusion Detection Systems endeavor at detecting attacks against computer systems and networks that offer techniques for modeling and distinguish normal and abusive system behavior. Web Applications are widely used for critical services and sophistication of attacks against these applications has g ..."
Abstract - Add to MetaCart
provides a means of tracking the information flow from the web server to the database server for each session. Keywords-- Multitier Web Application, Anomaly Detection, Virtualization, Web-Based Attacks. I.

Sound and Precise Analysis of Web Applications for Injection Vulnerabilities

by Gary Wassermann, Zhendong Su - PLDI'07 , 2007
"... Web applications are popular targets of security attacks. One common type of such attacks is SQL injection, where an attacker exploits faulty application code to execute maliciously crafted database queries. Both static and dynamic approaches have been proposed to detect or prevent SQL injections; w ..."
Abstract - Cited by 161 (5 self) - Add to MetaCart
; while dynamic approaches provide protection for deployed software, static approaches can detect potential vulnerabilities before software deployment. Previous static approaches are mostly based on tainted information flow tracking and have at least some of the following limitations: (1) they do

Building Intrusion Tolerant Applications

by Thomas Wu, Michael Malkin, Dan Boneh - In Proceedings of the 8th USENIX Security Symposium , 1999
"... The ITTC project (Intrusion Tolerance via Threshold Cryptography) provides tools and an infrastructure for building intrusion tolerant applications. Rather than prevent intrusions or detect them after the fact, the ITTC system ensures that the compromise of a few system components does not compromis ..."
Abstract - Cited by 69 (0 self) - Add to MetaCart
into the Apache web server and into a Certication Authority (CA). Performance measurements on both the modied web server and the modied CA show that the architecture works and performs well. 1 Introduction To combat intrusions into a networked system one often installs intrusion detection software to monitor

Static analysis for Ajax intrusion detection

by Arjun Guha, Shriram Krishnamurthi, Trevor Jim - In International World Wide Web Conference , 2009
"... We present a static control-flow analysis for JavaScript programs running in a web browser. Our analysis tackles numerous challenges posed by modern web applications including asynchronous communication, frameworks, and dynamic code generation. We use our analysis to extract a model of expected clie ..."
Abstract - Cited by 66 (3 self) - Add to MetaCart
We present a static control-flow analysis for JavaScript programs running in a web browser. Our analysis tackles numerous challenges posed by modern web applications including asynchronous communication, frameworks, and dynamic code generation. We use our analysis to extract a model of expected

Evaluation of control flow traces in software applications for intrusion detection

by Imran Asad Gul, Nils Sommer, Matthias Rohr, André Van Hoorn, Wilhelm Hasselbring - In Proceedings of the 12th IEEE International Multitopic Conference (IEEE INMIC 2008 , 2008
"... Abstract—Software security has become an important requirement, particularly for systems that are publicly accessible through the Internet. Such systems can be equipped with intrusion detection systems to uncover security breaches. In this paper, we present a novel application-level intrusion detect ..."
Abstract - Cited by 1 (1 self) - Add to MetaCart
detection approach. A normal behavior profile is created from application-internal control flow in terms of operation execution traces. Anomalous control flows indicative for intrusion attempts are detected by continuously monitoring and analyzing the software system. A case study demonstrates the intrusion

DualGuard: Detecting Intrusions in Multitier Web Applications

by Sachin Narayan W, Manohar S. Chaudhari, Thaksen J. Parvat
"... Abstract- In our day to day life internet plays very important role, in terms communication and management of personal information from anywhere. Therefore for increase in application and complexity of data, webservices take interest in multitiered design like 1-tier, 2-tier and 3-tier design. By th ..."
Abstract - Add to MetaCart
. By the use of these design webserver run the application front end logic and data are outsourced to a database or file server. For this we proposed a DualGuard, an IDS (Intrusion detection system) system. This system performs the network behavior of user sessions across the both the front end and the back

Analyzing Information Flow in JavaScript-based Browser Extensions

by Mohan Dhawan, Vinod Ganapathy
"... JavaScript-based browser extensions (JSEs) enhance the core functionality of web browsers by improving their look and feel, and are widely available for commodity browsers. To enable a rich set of functionalities, browsers typically execute JSEs with elevated privileges. For example, unlike JavaScri ..."
Abstract - Cited by 47 (2 self) - Add to MetaCart
Script code in a web application, code in a JSE is not constrained by the same-origin policy. Malicious JSEs can misuse these privileges to compromise confidentiality and integrity, e.g., by stealing sensitive information, such as cookies and saved passwords, or executing arbitrary code on the host system
Next 10 →
Results 1 - 10 of 188
Powered by: Apache Solr
  • About CiteSeerX
  • Submit and Index Documents
  • Privacy Policy
  • Help
  • Data
  • Source
  • Contact Us

Developed at and hosted by The College of Information Sciences and Technology

© 2007-2019 The Pennsylvania State University