Reverse Proxy Framework using Sanitization Technique for Intrusion Prevention in Database

With the increasing importance of the internet in our day to day life, data security in web application has become very crucial. Ever increasing on line and real time transaction services have led to manifold rise in the problems associated with the database security. Attacker uses illegal and unauthorized approaches to hijack the confidential information like username, password and other vital details. Hence the real time transaction requires security against web based attacks. SQL injection and cross site scripting attack are the most common application layer attack. The SQL injection attacker pass SQL statement through a web applications input fields, URL or hidden parameters and get access to the database or update it. The attacker take a benefit from user provided data in such a way that the users input is handled as a SQL code. Using this vulnerability an attacker can execute SQL commands directly on the database. SQL injection attacks are most serious threats which take users input and integrate it into SQL query. Reverse Proxy is a technique which is used to sanitize the users inputs that may transform into a database attack. In this technique a data redirector program redirects the users input to the proxy server before it is sent to the application server. At the proxy server, data cleaning algorithm is triggered using a sanitizing application. In this framework we include detection and sanitization of the tainted information being sent to the database and innovate a new prototype.Comment: 9 pages, 6 figures, 3 tables; CIIT 2013 International Conference, Mumba

X-Ray Emission from Rotating Elliptical Galaxies

The slow inward flow of the hot gas in elliptical galaxy cooling flows is nearly impossible to detect directly due to instrumental limitations. However, in rotating galaxies, if the inflowing gas conserves angular momentum, it will eventually form a disk. The X-ray signature of this phenomenon is a flattening of the X-ray isophotes in the inner 1-10 kpc region. This effect is observable, so we have searched for it in X-ray observations of six rotating and non-rotating early-type galaxies, obtained mainly with the ROSAT PSPC and HRI imagers. The ellipticities of the X-ray emission never increase toward the central region, nor are the X-ray ellipticities significantly greater than the ellipticities for the optical stellar emission. Central ellipticities in excess of 0.5 were expected in rotating ellipticals whereas values of 0-0.2 are measured. The failure to detect the expected signature requires a modification to the standard cooling flow picture, possibly including partial galactic winds, rapid mass drop-out, or turbulent redistribution of angular momentum.Comment: 34 postscript pages; ApJ, in press (Feb 10,2000

Graceful Termination -- Graceful Resetting

Correct — let alone graceful — termination of parallel systems is sometimes thought to be a difficult problem. This is particularly imagined to be so under the pure message-passing MIMD discipline of occam and transputer networks, where global operations (like setting a shared flag or abortions) are not allowed and where time-outs cannot be set for every communication. This paper describes some common, but erroneous, occam approaches to this problem and contrasts them with what can be done in Ada [0, 1, 2]. These methods are all rejected on the grounds of insecurity and performance overheads. A simple, legal, secure and efficient occam method is then presented. This method also solves a much more important problem — the general (or partial) resetting of a parallel system (or sub-system). The resetting mechanism is quite independent of the parallel application algorithm, which can therefore be developed without worrying about such matters. This separation of concerns is good software engineering and is fully supported by the occam philosophy. Finally, an application of this resetting mechanism is described that permits the dynamic reconstruction of occam network topologies

Counter Attack on Byzantine Generals: Parameterized Model Checking of Fault-tolerant Distributed Algorithms

We introduce an automated parameterized verification method for fault-tolerant distributed algorithms (FTDA). FTDAs are parameterized by both the number of processes and the assumed maximum number of Byzantine faulty processes. At the center of our technique is a parametric interval abstraction (PIA) where the interval boundaries are arithmetic expressions over parameters. Using PIA for both data abstraction and a new form of counter abstraction, we reduce the parameterized problem to finite-state model checking. We demonstrate the practical feasibility of our method by verifying several variants of the well-known distributed algorithm by Srikanth and Toueg. Our semi-decision procedures are complemented and motivated by an undecidability proof for FTDA verification which holds even in the absence of interprocess communication. To the best of our knowledge, this is the first paper to achieve parameterized automated verification of Byzantine FTDA

Harbor Security System

Harbors and ports provide the infrastructure for commercial trade and naval facilities. It is vital to ensure the safety of these locations. The Harbor Security System provides an optical ‘gate’ using underwater lasers and photodetectors. This system allows monitoring of both surface and submarine vessels traveling into and out of the harbor. Also, the system provides real time alerts when unauthorized vessels enter the harbor. This project provides a proof of concept for a Harbor Security System to be implemented in Portsmouth Harbor. A scaled model of the detection system was constructed and tested. This detection system is capable of detecting surface and submarine vessels along with their velocity and length. Results of the study showed that the average error of the size estimate was 15% and the average error of the velocity estimation ratio(slope) was 9%

Optimal and fast detection of spatial clusters with scan statistics

We consider the detection of multivariate spatial clusters in the Bernoulli model with $N$ locations, where the design distribution has weakly dependent marginals. The locations are scanned with a rectangular window with sides parallel to the axes and with varying sizes and aspect ratios. Multivariate scan statistics pose a statistical problem due to the multiple testing over many scan windows, as well as a computational problem because statistics have to be evaluated on many windows. This paper introduces methodology that leads to both statistically optimal inference and computationally efficient algorithms. The main difference to the traditional calibration of scan statistics is the concept of grouping scan windows according to their sizes, and then applying different critical values to different groups. It is shown that this calibration of the scan statistic results in optimal inference for spatial clusters on both small scales and on large scales, as well as in the case where the cluster lives on one of the marginals. Methodology is introduced that allows for an efficient approximation of the set of all rectangles while still guaranteeing the statistical optimality results described above. It is shown that the resulting scan statistic has a computational complexity that is almost linear in $N$.Comment: Published in at http://dx.doi.org/10.1214/09-AOS732 the Annals of Statistics (http://www.imstat.org/aos/) by the Institute of Mathematical Statistics (http://www.imstat.org

Network simulation using the simulation language for alternate modeling (SLAM 2)

The simulation language for alternate modeling (SLAM 2) is a general purpose language that combines network, discrete event, and continuous modeling capabilities in a single language system. The efficacy of the system's network modeling is examined and discussed. Examples are given of the symbolism that is used, and an example problem and model are derived. The results are discussed in terms of the ease of programming, special features, and system limitations. The system offers many features which allow rapid model development and provides an informative standardized output. The system also has limitations which may cause undetected errors and misleading reports unless the user is aware of these programming characteristics