Filters








2,087 Hits in 5.3 sec

Decidability of the Security against Inference Attacks Using a Functional Dependency on XML Databases

Kenji HASHIMOTO, Hiroto KAWAI, Yasunori ISHIHARA, Toru FUJIWARA
2012 IEICE transactions on information and systems  
This paper discusses verification of the security against inference attacks on XML databases in the presence of a functional dependency.  ...  Example 1: We show an example of inference attacks on XML databases, which are getting used actively in many organizations recently. We consider a document D valid against the following schema A:  ...  Conclusion This paper has discussed verification of the security against inference attacks on XML databases, considering a functional dependency.  ... 
doi:10.1587/transinf.e95.d.1365 fatcat:q5i74skl55fjpehmfusnhoy4zi

Verification of the Security against Inference Attacks on XML Databases

Kenji HASHIMOTO, Kimihide SAKANO, Fumikazu TAKASUKA, Yasunori ISHIHARA, Toru FUJIWARA
2009 IEICE transactions on information and systems  
This paper discusses verification of the security against inference attacks on XML databases.  ...  First, a security definition called ksecrecy against inference attacks on XML databases is proposed. k-secrecy with an integer k > 1 (or k = ∞) means that attackers cannot narrow down the candidates for  ...  Acknowledgments This research was supported in part by "Global COE (Centers of Excellence) Program" of the Ministry of Education, Culture, Sports, Science and Technology, Japan, and by the Telecommunications  ... 
doi:10.1587/transinf.e92.d.1022 fatcat:tcwlmzo5srdwde2unjgz37ewya

Inference Attacks and Control on Database Structures

Muhamed Turkanovic, Tatjana Welzer Druzovec, Marko Hölbl
2015 TEM Journal  
Furthermore, it covers new inference problems which rise from the dimensions of new technologies like XML, semantics, etc.  ...  This paper focuses on the inference problem on different database structures. It presents possible treats on privacy with relation to the inference, and control methods for mitigating these treats.  ...  Su and Ozsoyoglu presented a so-called Merlin schema analysis system which was used by the AERIE project as a mechanization of inference detection using second-path analysis based on functional dependencies  ... 
doaj:53a50dce017a48249590cef7834197e5 fatcat:lb6u2kpqcbhxncjwvxnj4kgrrq

Web Anomaly Misuse Intrusion Detection Framework for SQL Injection Detection

Shaimaa Ezzat, Mohamed I., Laila M., Yehia K.
2012 International Journal of Advanced Computer Science and Applications  
Databases at the background of e-commerce applications are vulnerable to SQL injection attack which is considered as one of the most dangerous web attacks.  ...  The main idea of this framework is to create a profile for legitimate database behavior extracted from applying association rules on XML file containing queries submitted from application to the database  ...  We need this step because sometimes the intent of the attacker is to identify the security holes in the site or to infer the structure of the database through the error message returned from the application  ... 
doi:10.14569/ijacsa.2012.030321 fatcat:nt2kaelnk5dwrg4pvd53nk4t7u

Making agents secure on the semantic Web

C. Farkas, M.N. Huhns
2002 IEEE Internet Computing  
Huhns is a professor of computer science and engineering at the University of South Carolina, where he also directs the Center for Information Technology.  ...  Csilla Farkas is an assistant professor of computer science and engineering at the University of South Carolina, where she teaches and conducts research in information security. Michael N.  ...  Acknowledgements The US National Science Foundation supported this work under grants number IIS-0083362 and IIS-0112874.  ... 
doi:10.1109/mic.2002.1067741 fatcat:diexbncbarei5datnnlzylegzm

Security Enforcement with query routing Information Brokering in Distributed Information Sharing

A. Banu Prabha
2014 IOSR Journal of Computer Engineering  
The system defines two privacy attacks, namely attributecorrelation attack and inference attack.  ...  Peer-to-peer (P2P) systems are gaining increasing popularity as a scalable means to share data among a large number of autonomous nodesand to balance the load.  ...  Query evaluation time highly depends on XML databases system, size of XML documents, and types of XML queries.  ... 
doi:10.9790/0661-162117682 fatcat:dcbk7r37gjclhcvwzmhq7bydx4

Knowledge-based security testing of web applications by logic programming

Philipp Zech, Michael Felderer, Ruth Breu
2017 International Journal on Software Tools for Technology Transfer (STTT)  
Our method helps to overcome the current prevalent focus on functional instead of non-functional (or negative) requirements as well as the required high level of security knowledge when performing non-functional  ...  This article introduces a new method for knowledge-based security testing by logic programming and the related tool implementation for model-based nonfunctional security testing of web applications.  ...  However, one of the problems in non-functional security testing is that prior to executing a test case, i.e., an attack, one does not clearly know what will be the output of the SUT, as this depends on  ... 
doi:10.1007/s10009-017-0472-3 fatcat:s2u7d46iareutlsimfykrbrpwq

Intrusion Detection Framework for SQL Injection [article]

Israr Ali, Syed Hasan Adil, Mansoor Ebrahim
2020 arXiv   pre-print
These Databases irrespective of the technology used are vulnerable to SQL injection attacks. These Attacks are considered very dangerous as well as very easy to use for attackers and intruders.  ...  After that we will use a hybrid (anomaly + misuse) detection model which will depend on data mining techniques to detect queries that deviates from our normal behavior profile.  ...  of the site to SQL Injection Attacks or to perform inference attack.  ... 
arXiv:2009.13868v1 fatcat:frctiahexjg7zbqeo3n66zsll4

Securing Your Transactions: Detecting Anomalous Patterns In XML Documents [article]

Eitan Menahem, Alon Schclar, Lior Rokach, Yuval Elovici
2013 arXiv   pre-print
Abnormal transactions, the result of either an on-going cyber attack or the actions of a benign user, can potentially harm the interacting systems and therefore they are regarded as a threat.  ...  Central to the functioning of the framework is a novel multi-univariate anomaly detection algorithm, ADIFA.  ...  The number of scalars depends on the number of aggregation functions used. For numerical and time/date complex-features, we use Maximum and Minimum aggregation functions.  ... 
arXiv:1209.1797v3 fatcat:f6ixif4fgvha5k5fy34fyfkbsi

Video Surveillance in the Cloud?

DJ Neal, Syed (Shawon) Rahman
2019 Zenodo  
With the recent advances in cloud technologies, opportunity for the utilization of virtualization and the opportunity for distributed computing techniques of cloud storage have been pursued on the basis  ...  using cloud technologies for a video surveillance management system.  ...  Depending on the validation results the filter on the web application server decides whether to continue with the request or to deny the request.  ... 
doi:10.5281/zenodo.3358616 fatcat:t4bq66eoqvdlvatitm3vmnrr64

Enforcing Secure and Privacy-Preserving Information Brokering in Distributed Information Sharing

Fengjun Li, Bo Luo, Peng Liu, Dongwon Lee, Chao-Hsien Chu
2013 IEEE Transactions on Information Forensics and Security  
However, privacy of data location and data consumer can still be inferred from metadata (such as query and access control rules) exchanged within the IBS, but little attention has been put on its protection  ...  We are among the first to formally define two privacy attacks, namely attribute-correlation attack and inference attack, and propose two countermeasure schemes automaton segmentation and query segment  ...  ACKNOWLEDGEMENTS This work was partially supported by University of Kansas General Research Fund (GRF), NRGRF 2302283, NSF OIA-1028098, AFOSR FA9550-07-1-0527 (MURI), ARO W911NF-09-1-0525 (MURI), NSF CNS  ... 
doi:10.1109/tifs.2013.2247398 fatcat:4ozusth2qzfvrox3ecwtxvogva

An Ontology Framework for Managing Security Attacks and Defences in Component Based Software Systems

Artem Vorobiev, Jun Han, Nargiza Bekmamedova
2008 Australian Software Engineering Conference : Proceedings  
In this paper, we argue that one way to detect and resist against such attacks is through the collaboration of a system's constituent components.  ...  We use a case study involving Mitnick attacks to demonstrate how system components use the ontologies to detect and counter attacks. 19th Australian Conference on Software Engineering 1530-0803/08 $25.00  ...  SAO closely correlates with SDO, which is mainly used as a specification of a number of defensive mechanisms to resist certain security attacks and define dependences between the security algorithms and  ... 
doi:10.1109/aswec.2008.4483245 fatcat:63a5grdld5fgnmxzqnomojtcdu

Automaton segmentation

Fengjun Li, Bo Luo, Peng Liu, Dongwon Lee, Chao-Hsien Chu
2007 Proceedings of the 14th ACM conference on Computer and communications security - CCS '07  
In this paper, we address privacypreserving information sharing via on-demand information access. We propose a flexible and scalable system using a broker-coordinator overlay network.  ...  However, little attention has been drawn on privacy of data and metadata stored and exchanged within DIBS.  ...  The anonymous reviewers provided valuable feedback that helped improve the paper's quality. This research was supported in part by NSF CCR-0233324 and NSF/DHS 0335241.  ... 
doi:10.1145/1315245.1315308 dblp:conf/ccs/LiLLLC07 fatcat:xoa5cwjyifdirjvx7whdascilu

Secure compilation of a multi-tier web language

Ioannis G. Baltopoulos, Andrew D. Gordon
2008 Proceedings of the 4th international workshop on Types in language design and implementation - TLDI '09  
We propose a secure compilation strategy, which uses authenticated encryption to eliminate these threats, and we implement it as a simple extension to the LINKS system.  ...  We characterise these attacks as failures of the general principle that security properties of multi-tier applications should follow simply from review of the source code (as opposed to the detailed study  ...  Yet, in the context of multi-tier web languages, security depends not only on the language design but also on the correctness of the implementation.  ... 
doi:10.1145/1481861.1481866 dblp:conf/tldi/BaltopoulosG09 fatcat:3rswmnqfdjg6ji2yyw5g6eia2i

MV-OPES: Multivalued-Order Preserving Encryption Scheme: A Novel Scheme for Encrypting Integer Value to Many Different Values

Hasan KADHEM, Toshiyuki AMAGASA, Hiroyuki KITAGAWA
2010 IEICE transactions on information and systems  
It is robust against statistical attack and the estimation of true values.  ...  Encryption can provide strong security for sensitive data against inside and outside attacks.  ...  Acknowledgements This research has been supported in part by the Graintin-Aid for Scientific Research from MEXT (#21013004) and Grant-in-Aid for Young Scientists (B) (#21700093) by JSPS.  ... 
doi:10.1587/transinf.e93.d.2520 fatcat:ujnj72xaxvh4npcdnz6w2xcgd4
« Previous Showing results 1 — 15 out of 2,087 results