Model-based system architecture for preventing XPath injection in database-centric web services environment

Web services have become a powerful interface for back-end database systems. It is a self-describing component that can be used by other applications in a platform-independent manner. However, along the benefit of Web services, comes a serious risk of security breaches. Most web services are deployed with security flaws and these vulnerabilities make them exposed to XPath (XML Path Language) injection. This kind of attack can cause serious damage to the database at the backend of web services. This paper proposes a system architecture for prevention mechanism against XPath injection attacks within web services. The prevention mechanism employs the model-based approach to detect malicious queries and prevent them before they are executed on the web services backend database. This approach uses runtime monitoring to check on the dynamically-generated queries and compares them against the statistically-built model

Building an End-To-End Security Infrastructure for Web-Based Aerospace Components E-Trading

The research paper focuses on the development of a generic framework and architecture for building an integrated end-to-end security infrastructure and closedloop solution to secure e-commerce and m-commerce. As an integral component, an intelligent decision support mechanism is developed in helping systems designers and managers make architectural, design, implementation, and deployment decisions on employing particular security solutions to issues and requirements arising in various e-commerce and m-commerce scenarios. In addition, this research identifies the key features, options and benefits of several security technologies as well as provide guidelines in managing the costs and complexities involved in the deployment of those security solutions. As an important groundwork for building a prototype based on the proposed research work, a study has been conducted to investigate the current B2B ecommerce operations between Pratt & Whitney (P&W) [15] (a division of United Technologies Corporation (UTC) [17]) and its partnering e-business and supply chain players in the aviation industry

DESIGN OF SAFER + ENCRYPTION ALGORITHM FOR BLUETOOTH TRANSMISSION

In this paper, a VLSI design and  implementation for the high-end SAFER+ encryption algorithm is presented. The combination of security, and high speed implementation, makes SAFER+ a very good choice for wireless systems. The SAFER+ algorithm is a basic component in the authentication Bluetooth mechanism. The relation between the algorithm properties and the VLSI architecture are described. Performance of the algorithm is evaluated based on the data throughput,frequency and security level.The results show that the modified SAFER plus algorithm has enhanced security compared to the existing algorithms

A Novel Blockchain Based Information Management Framework for Web 3.0

Web 3.0 is the third generation of the World Wide Web (WWW), concentrating on the critical concepts of decentralization, availability, and increasing client usability. Although Web 3.0 is undoubtedly an essential component of the future Internet, it currently faces critical challenges, including decentralized data collection and management. To overcome these challenges, blockchain has emerged as one of the core technologies for the future development of Web 3.0. In this paper, we propose a novel blockchain-based information management framework, namely Smart Blockchain-based Web, to manage information in Web 3.0 effectively, enhance the security and privacy of users data, bring additional profits, and incentivize users to contribute information to the websites. Particularly, SBW utilizes blockchain technology and smart contracts to manage the decentralized data collection process for Web 3.0 effectively. Moreover, in this framework, we develop an effective consensus mechanism based on Proof-of-Stake to reward the user's information contribution and conduct game theoretical analysis to analyze the users behavior in the considered system. Additionally, we conduct simulations to assess the performance of SBW and investigate the impact of critical parameters on information contribution. The findings confirm our theoretical analysis and demonstrate that our proposed consensus mechanism can incentivize the nodes and users to contribute more information to our systems

Detection of Adversarial Training Examples in Poisoning Attacks through Anomaly Detection

Machine learning has become an important component for many systems and applications including computer vision, spam filtering, malware and network intrusion detection, among others. Despite the capabilities of machine learning algorithms to extract valuable information from data and produce accurate predictions, it has been shown that these algorithms are vulnerable to attacks. Data poisoning is one of the most relevant security threats against machine learning systems, where attackers can subvert the learning process by injecting malicious samples in the training data. Recent work in adversarial machine learning has shown that the so-called optimal attack strategies can successfully poison linear classifiers, degrading the performance of the system dramatically after compromising a small fraction of the training dataset. In this paper we propose a defence mechanism to mitigate the effect of these optimal poisoning attacks based on outlier detection. We show empirically that the adversarial examples generated by these attack strategies are quite different from genuine points, as no detectability constrains are considered to craft the attack. Hence, they can be detected with an appropriate pre-filtering of the training dataset

The Main Directions of Integration of States' Activities to Ensure Economic Security

Methodological and legislative issues of ensuring economic security are investigated within the framework of the article. The novelty of the research topic is about the statement of the problem determined by the negative consequences of globalization of international relations, which led to an increase in the rates of transnational crime and has become a threat to international security. The purpose of the study is to find out areas for optimizing international cooperation on counteraction to economic crimes, taking into account the specifics of the current stage of socio-economic integration. The research tasks included disclosure of the legal nature of corruption as a basic component of the shadow economy, essential properties and signs of corruption as a negative social phenomenon, determining the quality of implementation of international standards within the framework of legislation of national legal systems and establishing priority areas for cooperation between states to ensure economic security. The methodology of the research is based on a set of general scientific, private, and special methods of scientific knowledge that allow the system to structure, subject to formal and legal means, a mechanism for counteracting economic crimes and conduct a comparative legal analysis, identifying general and specific trends in ensuring economic security in various legal systems. As a result of the study, it was concluded that one of the problems of ensuring economic security at the international level is the absence in the international acts of a unified approach to the concept of corruption, which naturally caused in the foreign legislation legal pluralism in regulating the grounds for bringing to legal, including criminal liability. The problems of the definitive correlation of corruption inspire inadequate coherence of measures to counter international corruption in terms of identifying, disclosing, prophylactic and preventing corruption. The effectiveness of international legal cooperation presupposes the unification of approaches to the qualification of criminally punishable offenses of corruption orientation, proceeding from corrupt schemes of state, ecological, economic crime associated with illegal transfer of funds within the shadow turnover and legalization of incomes

A Privacy Preserving Framework for RFID Based Healthcare Systems

RFID (Radio Frequency IDentification) is anticipated to be a core technology that will be used in many practical applications of our life in near future. It has received considerable attention within the healthcare for almost a decade now. The technology’s promise to efficiently track hospital supplies, medical equipment, medications and patients is an attractive proposition to the healthcare industry. However, the prospect of wide spread use of RFID tags in the healthcare area has also triggered discussions regarding privacy, particularly because RFID data in transit may easily be intercepted and can be send to track its user (owner). In a nutshell, this technology has not really seen its true potential in healthcare industry since privacy concerns raised by the tag bearers are not properly addressed by existing identification techniques. There are two major types of privacy preservation techniques that are required in an RFID based healthcare system—(1) a privacy preserving authentication protocol is required while sensing RFID tags for different identification and monitoring purposes, and (2) a privacy preserving access control mechanism is required to restrict unauthorized access of private information while providing healthcare services using the tag ID. In this paper, we propose a framework (PriSens-HSAC) that makes an effort to address the above mentioned two privacy issues. To the best of our knowledge, it is the first framework to provide increased privacy in RFID based healthcare systems, using RFID authentication along with access control technique