ADDING SECURITY INFORMATION IN XML DOCUMENTS

XML\u27s popularity in the last few years has made this mark-up language a de facto standard for the web data interchange. DTD\u27s (or Schemas) definition associated with XML documents introduces data modelling in XML\u27s world, allowing the specification of a hierarchy of concepts or elements that constitute the XML document. Taking into account that the purpose of these data models is the highly structured information exchange among several systems, it is required to incorporate security mechanisms that allow a secure interchange. The World Wide Web Consortium (W3C) is working in the recommendations of several XML security standards. Between them, we emphasize in the XML-Signature Syntax and Processing, which allows the insertion and information processing of authentication and digital signature. Once the XML security standards have been approved as recommendations, the following step will be to include them completely or just certain parts in future or new versions of the DTD\u27s or existing Schemas, but at present many DTD’s exists that do not consider these security components within their definition. This is the case of the NewsML DTD, standard for the press news electronic interchange. The XML security standards are characterized by high flexibility and extensibility, because of that it is necessary to make an exhaustive study of the domain where it is intended to be applied and define a specific application upon the domain DTD or Schema. What we propose in this paper is a way to include information of authentication and digital signature in the NewsML DTD. In order to indicate a possible application, we carry on a joint study of XML-Signature Syntax and Processing and NewsML, analysing in what elements and how authentication and digital signature might be included

On mitigating distributed denial of service attacks

Denial of service (DoS) attacks and distributed denial of service (DDoS) attacks are probably the most ferocious threats in the Internet, resulting in tremendous economic and social implications/impacts on our daily lives that are increasingly depending on the wellbeing of the Internet. How to mitigate these attacks effectively and efficiently has become an active research area. The critical issues here include 1) IP spoofing, i.e., forged source lIP addresses are routinely employed to conceal the identities of the attack sources and deter the efforts of detection, defense, and tracing; 2) the distributed nature, that is, hundreds or thousands of compromised hosts are orchestrated to attack the victim synchronously. Other related issues are scalability, lack of incentives to deploy a new scheme, and the effectiveness under partial deployment. This dissertation investigates and proposes effective schemes to mitigate DDoS attacks. It is comprised of three parts. The first part introduces the classification of DDoS attacks and the evaluation of previous schemes. The second part presents the proposed IP traceback scheme, namely, autonomous system-based edge marking (ASEM). ASEM enhances probabilistic packet marking (PPM) in several aspects: (1) ASEM is capable of addressing large-scale DDoS attacks efficiently; (2) ASEM is capable of handling spoofed marking from the attacker and spurious marking incurred by subverted routers, which is a unique and critical feature; (3) ASEM can significantly reduce the number of marked packets required for path reconstruction and suppress false positives as well. The third part presents the proposed DDoS defense mechanisms, including the four-color-theorem based path marking, and a comprehensive framework for DDoS defense. The salient features of the framework include (1) it is designed to tackle a wide spectrum of DDoS attacks rather than a specified one, and (2) it can differentiate malicious traffic from normal ones. The receiver-center design avoids several related issues such as scalability, and lack of incentives to deploy a new scheme. Finally, conclusions are drawn and future works are discussed

Segurança no desenvolvimento de sistemas de comércio eletrônico

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Ciência da Computação.Atualmente, o comércio eletrônico está emergindo no mercado e, como conseqüência, surge uma grande oportunidade de novos e inovadores negócios. Nessa nova forma de negociação, surgem várias questões que necessitam ser resolvidas para que o comércio eletrônico possibilite um mercado global. Um dos pontos em questão nos últimos anos se refere a segurança. Nesta dissertação é fornecida uma avaliação sobre os assuntos de segurança que envolve o comércio eletrônico e suas aplicações. São discutidos os processos e requisitos de segurança em aplicações de comércio eletrônico, os quais geralmente vão além das exigências tradicionais de segurança de redes. Apresentada também uma visão geral dos projetos de pesquisa que tem sido feitos sobre segurança no comércio eletrônico. É proposto um programa de trabalho de pesquisa para segurança em aplicações de comércio eletrônico e uma metodologia para a agregação de segurança nos sistemas de comércio eletrônic

Jikzi – A New Framework for Security Policy, Trusted Publishing and Electronic Commerce

In this paper, we describe a thread of research which we have followed off and on at Cambridge for about three years. Our topic is the security of electronic documents, in the broad sense: how can we be sure of the authenticity of things that are published electronically? This started off as a relatively small project, which we thought would take only a few weeks. The goal was to help our medical informatics department publish information such as drug formularies and treatment protocols on the hospital LAN or PC diskettes in an appropriately dependable way. It rapidly became clear that the problem was much larger and more complex; a general solution would not only cope with ‘content ’ – text, audio, video, software, whatever – but also with objects such as public key certificates. If done properly, it would give us a systematic way to deal with security policy on the web. Our goal now is to let people build integrated publishing and e-commerce services using simple, uniform and appropriate mechanisms. Our proposed solution is a single transparent markup language that allows us to support multiple security policies, plus supporting material ranging from a test implementation to an authentication logic.