nach oben

Erschienen in:

2016 | OriginalPaper | Buchkapitel

An Infrastructure-Based Framework for the Alleviation of JavaScript Worms from OSN in Mobile Cloud Platforms

verfasst von : Shashank Gupta, Brij B. Gupta

Erschienen in: Network and System Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

This paper presents an infrastructure-based mobile cloud computing framework that obstructs the execution of JavaScript (JS) worms injected from the untrustworthy remote servers. The execution of such worms triggers the Cross-Site Scripting (XSS) attack on the mobile cloud-based Online Social Network (OSN). The framework executes in two steps. Initially, it extracts the Uniform Resource Identifier (URI) links embedded in the HTTP response for extracting the untrusted JS links/code. Secondly, our framework generates the Document Object Model (DOM) tree corresponding to each extracted HTTP response. This tree is explored for the script nodes and extracts the embedded JS code. Now, both these extracted set of JS code will be explored for the detection of similar code. Such similar code will simply point towards the untrusted JavaScript code that will be utilized by an attacker to exploit the vulnerabilities of XSS attack on the OSN. The prototype of our framework was developed in Java and integrated the functionality of its components on the virtual machines of mobile cloud platforms. The experimental testing and performance evaluation of our work was carried out on the open source OSN websites that are integrated in the virtual cloud servers. Evaluation results revealed that our framework is capable enough to detect the untrusted JS worms with very high precision rate, fewer rates of false positives and acceptable performance overhead.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel An Energy-Efficient Task Scheduling Heuristic Algorithm Without Virtual Machine Migration in Real-Time Cloud Environments

Nächstes Kapitel Ld-CNNs: A Deep Learning System for Structured Text Categorization Based on LDA in Content Security

Gupta, S., Gupta, B.B.: JS‐SAN: defense mechanism for HTML5‐based web applications against JavaScript code injection vulnerabilities. Secur. Commun. Netw. 9(11), 1477–1495 (2016) CrossRef

Gupta, S., Gupta, B.B.: BDS: browser dependent XSS sanitizer. In: Book on Cloud-Based Databases with Biometric Applications. IGI-Global’s Advances in Information Security, Privacy, and Ethics (AISPE) Series, pp. 174–191. IGI-Global, Hershey (2014)

Gupta, B.B., et al.: Cross-Site Scripting (XSS) abuse and defense: exploitation on several testing bed environments and its defense. J. Inf. Priv. Secur. 11(2), 118–136 (2015)

Grossman, J., Hansen, R., Petkov, P.D., Rager, A., Fogie, S.: XSS attacks: cross-site scripting exploits and defense. Syngress, Burlington (2007). http://www.sciencedirect.com/science/book/9781597491549. ISBN 9781597491549

Gupta, S., Gupta, B.B.: Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art. Int. J. Syst. Assur. Eng. Manag. 1–19 (2015)

Gupta, S., Gupta, B.B.: PHP-sensor: a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications. In: Proceedings of the 12th ACM International Conference on Computing Frontiers. ACM (2015)

Hydara, I., et al.: Current state of research on Cross-Site Scripting (XSS)–a systematic literature review. Inf. Softw. Technol. 58, 170–186 (2015)CrossRef

Gupta, S., Gupta, B.B.: XSS-SAFE: a server-side approach to detect and mitigate Cross-Site Scripting (XSS) attacks in JavaScript code. Arab. J. Sci. Eng. 41(3), 897–920 (2015)CrossRef

Almorsy, M., Grundy, J., Mueller, I.: An analysis of the cloud computing security problem. In: The Proceedings of the 2010 Asia Pacific Cloud Workshop, Colocated with APSEC 2010, Australia (2010)

10.

Hooimeijer, P., Livshits, B., Molnar, D., Saxena, P., Veanes, M.: Fast and precise sanitizer analysis with BEK. In: Proceedings of the 20th USENIX Conference on Security, p. 1. USENIX Association (2011)

11.

Balzarotti, D., Cova, M., Felmetsger, V., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G.: Saner: composing static and dynamic analysis to validate sanitization in web applications. In: IEEE Symposium on Security and Privacy, SP 2008, pp. 387–401. IEEE, Oakland (2008)

12.

Cao, Y., Yegneswaran, V., Porras, P.A., Che, Y.: PathCutter: severing the self-propagation path of XSS JavaScript worms in social web networks. In: NDSS (2012)

13.

Pelizzi, R., Sekar, R.: Protection, usability and improvements in reflected XSS filters. In: ASIACCS, p. 5 (2012)

14.

Bates, D., Barth, A., Jackson, C.: Regular expressions considered harmful in client-side XSS filters. In: Proceedings of the 19th International Conference on World Wide Web, pp. 91–100. ACM (2010)

15.

Saxena, P., Molnar, D., Livshits, B.: SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 601–614. ACM (2011)

16.

Dinh, H.T., Lee, C., Niyato, D., Wang, P.: A survey of mobile cloud computing: architecture, applications, and approaches. Wireless Commun. Mobile Comput. 13(18), 1587–1611 (2013)CrossRef

17.

HTML5 Security Cheat Sheet. http://html5sec.org/

18.

XSS vectors. http://xss2.technomancie.net/vectors/

19.

Technical Attack Sheet for Cross Site Penetration Tests. http://www.vulnerability-lab.com/resources/documents/531.txt

20.

@XSS Vector Twitter Account. https://twitter.com/XSSVector

21.

Joomla social networking site. https://www.joomla.org/download.html

22.

Drupal social networking site. https://www.drupal.org/download

23.

Gupta, S., Gupta, B.B.: XSS-secure as a service for the platforms of online social network-based multimedia web applications in cloud. Multimedia Tools Appl. 1–33 (2016)

Titel: An Infrastructure-Based Framework for the Alleviation of JavaScript Worms from OSN in Mobile Cloud Platforms
verfasst von: Shashank Gupta
Brij B. Gupta
Verlag: Springer International Publishing
Buch: Network and System Security
Print ISBN: 978-3-319-46297-4

Electronic ISBN: 978-3-319-46298-1

Copyright-Jahr: 2016
DOI: https://doi.org/10.1007/978-3-319-46298-1_7

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner