Tools
Sorted by:
Try your query at:
 |
 |
 |
 |
 |
 |
Results 1 - 10
of
188
Intrusion Detection via Static Analysis
, 2001
"... One of the primary challenges in intrusion detection is modelling typical application behavior, so that we can recognize attacks by their atypical effects without raising too many false alarms. We show how static analysis may be used to automatically derive a model of application behavior. The resul ..."
Abstract
-
Cited by 352 (1 self)
- Add to MetaCart
One of the primary challenges in intrusion detection is modelling typical application behavior, so that we can recognize attacks by their atypical effects without raising too many false alarms. We show how static analysis may be used to automatically derive a model of application behavior
An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications
"... The dynamic nature of JavaScript web applications has given rise to the possibility of privacy violating information flows. We present an empirical study of the prevalence of such flows on a large number of popular websites. We have (1) designed an expressive, fine-grained information flow policy la ..."
Abstract
-
Cited by 65 (2 self)
- Add to MetaCart
The dynamic nature of JavaScript web applications has given rise to the possibility of privacy violating information flows. We present an empirical study of the prevalence of such flows on a large number of popular websites. We have (1) designed an expressive, fine-grained information flow policy
Experimenting with a policy-based hids based on an information flow control model
- In Proceedings of the 19 Annual Computer Security Applications Conference (ACSAC), Las Vegas, NV
, 2003
"... In [1], we proposed a model for policy-based intrusion detection, based on information flow control. In the present paper, we show its applicability and effectiveness on a standard OS. We present results of two set of experiments, one carried out in a completely controlled environment, the other on ..."
Abstract
-
Cited by 6 (0 self)
- Add to MetaCart
In [1], we proposed a model for policy-based intrusion detection, based on information flow control. In the present paper, we show its applicability and effectiveness on a standard OS. We present results of two set of experiments, one carried out in a completely controlled environment, the other
INTRUSION DETECTION IN MULTITIER WEB APPLICATIONS
"... Intrusion Detection Systems endeavor at detecting attacks against computer systems and networks that offer techniques for modeling and distinguish normal and abusive system behavior. Web Applications are widely used for critical services and sophistication of attacks against these applications has g ..."
Abstract
- Add to MetaCart
provides a means of tracking the information flow from the web server to the database server for each session. Keywords-- Multitier Web Application, Anomaly Detection, Virtualization, Web-Based Attacks. I.
Sound and Precise Analysis of Web Applications for Injection Vulnerabilities
- PLDI'07
, 2007
"... Web applications are popular targets of security attacks. One common type of such attacks is SQL injection, where an attacker exploits faulty application code to execute maliciously crafted database queries. Both static and dynamic approaches have been proposed to detect or prevent SQL injections; w ..."
Abstract
-
Cited by 161 (5 self)
- Add to MetaCart
; while dynamic approaches provide protection for deployed software, static approaches can detect potential vulnerabilities before software deployment. Previous static approaches are mostly based on tainted information flow tracking and have at least some of the following limitations: (1) they do
Building Intrusion Tolerant Applications
- In Proceedings of the 8th USENIX Security Symposium
, 1999
"... The ITTC project (Intrusion Tolerance via Threshold Cryptography) provides tools and an infrastructure for building intrusion tolerant applications. Rather than prevent intrusions or detect them after the fact, the ITTC system ensures that the compromise of a few system components does not compromis ..."
Abstract
-
Cited by 69 (0 self)
- Add to MetaCart
into the Apache web server and into a Certication Authority (CA). Performance measurements on both the modied web server and the modied CA show that the architecture works and performs well. 1 Introduction To combat intrusions into a networked system one often installs intrusion detection software to monitor
Static analysis for Ajax intrusion detection
- In International World Wide Web Conference
, 2009
"... We present a static control-flow analysis for JavaScript programs running in a web browser. Our analysis tackles numerous challenges posed by modern web applications including asynchronous communication, frameworks, and dynamic code generation. We use our analysis to extract a model of expected clie ..."
Abstract
-
Cited by 66 (3 self)
- Add to MetaCart
We present a static control-flow analysis for JavaScript programs running in a web browser. Our analysis tackles numerous challenges posed by modern web applications including asynchronous communication, frameworks, and dynamic code generation. We use our analysis to extract a model of expected
Evaluation of control flow traces in software applications for intrusion detection
- In Proceedings of the 12th IEEE International Multitopic Conference (IEEE INMIC 2008
, 2008
"... Abstract—Software security has become an important requirement, particularly for systems that are publicly accessible through the Internet. Such systems can be equipped with intrusion detection systems to uncover security breaches. In this paper, we present a novel application-level intrusion detect ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
detection approach. A normal behavior profile is created from application-internal control flow in terms of operation execution traces. Anomalous control flows indicative for intrusion attempts are detected by continuously monitoring and analyzing the software system. A case study demonstrates the intrusion
DualGuard: Detecting Intrusions in Multitier Web Applications
"... Abstract- In our day to day life internet plays very important role, in terms communication and management of personal information from anywhere. Therefore for increase in application and complexity of data, webservices take interest in multitiered design like 1-tier, 2-tier and 3-tier design. By th ..."
Abstract
- Add to MetaCart
. By the use of these design webserver run the application front end logic and data are outsourced to a database or file server. For this we proposed a DualGuard, an IDS (Intrusion detection system) system. This system performs the network behavior of user sessions across the both the front end and the back
Analyzing Information Flow in JavaScript-based Browser Extensions
"... JavaScript-based browser extensions (JSEs) enhance the core functionality of web browsers by improving their look and feel, and are widely available for commodity browsers. To enable a rich set of functionalities, browsers typically execute JSEs with elevated privileges. For example, unlike JavaScri ..."
Abstract
-
Cited by 47 (2 self)
- Add to MetaCart
Script code in a web application, code in a JSE is not constrained by the same-origin policy. Malicious JSEs can misuse these privileges to compromise confidentiality and integrity, e.g., by stealing sensitive information, such as cookies and saved passwords, or executing arbitrary code on the host system
Results 1 - 10
of
188
