Towards secure web services: Performance analysis, decision making and steganography approaches

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.Web services provide a platform neutral and programming language independent technology that supports interoperable machine-to-machine interaction over a network. Clients and other systems interact with Web services using a standardised XML messaging system, such as the Simple Object Access Protocol (SOAP), typically conveyed using HTTP with an XML serialisation in conjunction with other related Web standards. Nevertheless, the idea of applications from different parties communicating together raises a security threat. The challenge of Web services security is to understand and consider the risks of securing a Web-based service depending on the existing security techniques and simultaneously follow evolving standards in order to fill the gap in Web services security. However, the performance of the security mechanisms is fraught with concerns due to additional security contents in SOAP messages, the higher number of message exchanges to establish trust, as well as the extra CPU time to process these additions. As the interaction between service providers and requesters occurs via XML-based SOAP messages, securing Web services tends to make these messages longer than they would be otherwise and consequently requires interpretation by XML parsers on both sides, which reduces the performance of Web services. The work described in this thesis can be broadly divided into three parts, the first of which is studying and comparing the performance of various security profiles applied on a Web service tested with different initial message sizes. The second part proposes a multi-criteria decision making framework to aid Web services developers and architects in selecting the best suited security profile that satisfies the different requirements of a given application during the development process in a systematic, manageable, and effective way. The proposed framework, based on the Analytical Hierarchy Process (AHP) approach, incorporates not only the security requirements, but also the performance considerations as well as the configuration constraints of these security profiles. The framework is then validated and evaluated using a scenario-driven approach to demonstrate situations where the decision making framework is used to make informed decisions to rank various security profiles in order to select the most suitable one for each scenario. Finally, the last part of this thesis develops a novel steganography method to be used for SOAP messages within Web services environments. This method is based on changing the order of XML elements according to a secret message. This method has a high imperceptibility; it leaves almost no trail because it uses the communication protocol as a cover medium, and keeps the structure and size of the SOAP message intact. The method is empirically validated using a feasible scenario so as to indicate its utility and value

Towards secure web services : performance analysis, decision making and steganography approaches

Web services provide a platform neutral and programming language independent technology that supports interoperable machine-to-machine interaction over a network. Clients and other systems interact with Web services using a standardised XML messaging system, such as the Simple Object Access Protocol (SOAP), typically conveyed using HTTP with an XML serialisation in conjunction with other related Web standards. Nevertheless, the idea of applications from different parties communicating together raises a security threat. The challenge of Web services security is to understand and consider the risks of securing a Web-based service depending on the existing security techniques and simultaneously follow evolving standards in order to fill the gap in Web services security. However, the performance of the security mechanisms is fraught with concerns due to additional security contents in SOAP messages, the higher number of message exchanges to establish trust, as well as the extra CPU time to process these additions. As the interaction between service providers and requesters occurs via XML-based SOAP messages, securing Web services tends to make these messages longer than they would be otherwise and consequently requires interpretation by XML parsers on both sides, which reduces the performance of Web services. The work described in this thesis can be broadly divided into three parts, the first of which is studying and comparing the performance of various security profiles applied on a Web service tested with different initial message sizes. The second part proposes a multi-criteria decision making framework to aid Web services developers and architects in selecting the best suited security profile that satisfies the different requirements of a given application during the development process in a systematic, manageable, and effective way. The proposed framework, based on the Analytical Hierarchy Process (AHP) approach, incorporates not only the security requirements, but also the performance considerations as well as the configuration constraints of these security profiles. The framework is then validated and evaluated using a scenario-driven approach to demonstrate situations where the decision making framework is used to make informed decisions to rank various security profiles in order to select the most suitable one for each scenario. Finally, the last part of this thesis develops a novel steganography method to be used for SOAP messages within Web services environments. This method is based on changing the order of XML elements according to a secret message. This method has a high imperceptibility; it leaves almost no trail because it uses the communication protocol as a cover medium, and keeps the structure and size of the SOAP message intact. The method is empirically validated using a feasible scenario so as to indicate its utility and value.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Mott transition and collective charge pinning in electron doped Sr2IrO4

We studied the in-plane dynamic and static charge conductivity of electron doped Sr2IrO4 using optical spectroscopy and DC transport measurements. The optical conductivity indicates that the pristine material is an indirect semiconductor with a direct Mott-gap of 0.55 eV. Upon substitution of 2% La per formula unit the Mott-gap is suppressed except in a small fraction of the material (15%) where the gap survives, and overall the material remains insulating. Instead of a zero energy mode (or Drude peak) we observe a soft collective mode (SCM) with a broad maximum at 40 meV. Doping to 10% increases the strength of the SCM, and a zero-energy mode occurs together with metallic DC conductivity. Further increase of the La substitution doesn't change the spectral weight integral up to 3 eV. It does however result in a transfer of the SCM spectral weight to the zero-energy mode, with a corresponding reduction of the DC resistivity for all temperatures from 4 to 300 K. The presence of a zero-energy mode signals that at least part of the Fermi surface remains ungapped at low temperatures, whereas the SCM appears to be caused by pinning a collective frozen state involving part of the doped electrons

Metabolic effects of dialyzate glucose in chronic hemodialysis: results from a prospective, randomized crossover trial

Background. There is no agreement concerning dialyzate glucose concentration in hemodialysis (HD) and 100 and 200 mg/dL (G100 and G200) are frequently used. G200 may result in diffusive glucose flux into the patient, with consequent hyperglycemia and hyperinsulinism, and electrolyte alterations, in particular potassium (K) and phosphorus (P). This trial compared metabolic effects of G100 versus G200. Methods. Chronic HD patients participated in this randomized, single masked, controlled crossover trial (www.clinicaltrials.gov: #NCT00618033) consisting of two consecutive 3-week segments with G100 and G200, respectively. Intradialytic serum glucose (SG) and insulin concentrations (SI) were measured at 0, 30, 60, 120, 180, 240 min and immediately post-HD; P and K were measured at 0, 120, 180 min and post-HD. Hypoglycemia was defined as an SG <70 mg/dL. Mean SG and SI were computed as area under the curve divided by treatment time. Results. Fourteen diabetic and 15 non-diabetic subjects were studied. SG was significantly higher with G200 as compared to G100, both in diabetic {G200: 192.8 ± 48.1 mg/dL; G100: 154.0 ± 27.3 mg/dL; difference 38.8 [95% confidence interval (CI): 21.2-56.4] mg/dL; P < 0.001} and non-diabetic subjects [G200: 127.0 ± 11.2 mg/dL; G100 106.5 ± 10.8 mg/dL; difference 20.6 (95% CI: 15.3-25.9) mg/dL; P < 0.001]. SI was significantly higher with G200 in non-diabetic subjects. Frequency of hypoglycemia, P and K serum levels, interdialytic weight gain and adverse intradialytic events did not differ significantly between G100 and G200. Conclusion. G200 may exert unfavorable metabolic effects in chronic HD patients, in particular hyperglycemia and hyperinsulinism, the latter in non-diabetic subject

Direct Role for the Replication Protein Treslin (Ticrr) in the ATR Kinase-mediated Checkpoint Response

TopBP1 (topoisomerase IIβ-binding protein 1) is a dual replication/checkpoint protein. Treslin/Ticrr, an essential replication protein, was discovered as a binding partner for TopBP1 and also in a genetic screen for checkpoint regulators in zebrafish. Treslin is phosphorylated by CDK2/cyclin E in a cell cycle-dependent manner, and its phosphorylation state dictates its interaction with TopBP1. The role of Treslin in the initiation of DNA replication has been partially elucidated; however, its role in the checkpoint response remained elusive. In this study, we show that Treslin stimulates ATR phosphorylation of Chk1 both in vitro and in vivo in a TopBP1-dependent manner. Moreover, we show that the phosphorylation state of Treslin at Ser-1000 is important for its checkpoint activity. Overall, our results indicate that, like TopBP1, Treslin is a dual replication/checkpoint protein that directly participates in ATR-mediated checkpoint signaling

Mott transition and collective charge pinning in electron doped Sr_2IrO_4

We studied the in-plane dynamic and static charge conductivity of electron doped Sr_2IrO_4 using optical spectroscopy and DC transport measurements. The optical conductivity indicates that the pristine material is an indirect semiconductor with a direct Mott gap of 0.55 eV. Upon substitution of 2% La per formula unit the Mott gap is suppressed except in a small fraction of the material (15%) where the gap survives, and overall the material remains insulating. Instead of a zero energy mode (or Drude peak) we observe a soft collective mode (SCM) with a broad maximum at 40 meV. Doping to 10% increases the strength of the SCM, and a zero-energy mode occurs together with metallic DC conductivity. Further increase of the La substitution doesn't change the spectral weight integral up to 3 eV. It does however result in a transfer of the SCM spectral weight to the zero-energy mode, with a corresponding reduction of the DC resistivity for all temperatures from 4 to 300 K. The presence of a zero-energy mode signals that at least part of the Fermi surface remains ungapped at low temperatures, whereas the SCM appears to be caused by pinning a collective frozen state involving part of the doped electrons

Noise Induced Intermittency in a Superconducting Microwave Resonator

We experimentally and numerically study a NbN superconducting stripline resonator integrated with a microbridge. We find that the response of the system to monochromatic excitation exhibits intermittency, namely, noise-induced jumping between coexisting steady-state and limit-cycle responses. A theoretical model that assumes piecewise linear dynamics yields partial agreement with the experimental findings

Midgut microbiota of the malaria mosquito vector Anopheles gambiae and Interactions with plasmodium falciparum Infection

The susceptibility of Anopheles mosquitoes to Plasmodium infections relies on complex interactions between the insect vector and the malaria parasite. A number of studies have shown that the mosquito innate immune responses play an important role in controlling the malaria infection and that the strength of parasite clearance is under genetic control, but little is known about the influence of environmental factors on the transmission success. We present here evidence that the composition of the vector gut microbiota is one of the major components that determine the outcome of mosquito infections. A. gambiae mosquitoes collected in natural breeding sites from Cameroon were experimentally challenged with a wild P. falciparum isolate, and their gut bacterial content was submitted for pyrosequencing analysis. The meta-taxogenomic approach revealed a broader richness of the midgut bacterial flora than previously described. Unexpectedly, the majority of bacterial species were found in only a small proportion of mosquitoes, and only 20 genera were shared by 80% of individuals. We show that observed differences in gut bacterial flora of adult mosquitoes is a result of breeding in distinct sites, suggesting that the native aquatic source where larvae were grown determines the composition of the midgut microbiota. Importantly, the abundance of Enterobacteriaceae in the mosquito midgut correlates significantly with the Plasmodium infection status. This striking relationship highlights the role of natural gut environment in parasite transmission. Deciphering microbe-pathogen interactions offers new perspectives to control disease transmission.Institut de Recherche pour le Developpement (IRD); French Agence Nationale pour la Recherche [ANR-11-BSV7-009-01]; European Community [242095, 223601]info:eu-repo/semantics/publishedVersio