A Transaction Assurance Framework For Web Service

Trust assurances for customers of online transactions is an important, but not well implemented concept for the growth of confidence in electronic transactions. In an online world where customers do not personally know the companies they seek to do business with, there is real risk involved in providing an unknown service with personal information and payment details. The risks faced by a customer are compounded when multiple services are involved in a single transaction. This dissertation provides mechanisms that can be used to reduce the risks faced by a client involved in online transactions by allowing the him/her access to information about the services involved and control or prescribe how the transaction uses the services. The dissertation uses electronic transactions legislation to ground a trust assurance protocol and minimize the assumptions that have to be made. By basing the protocol on legislation, no information that isn’t already required by law is used in the protocol. A trust assurance protocol is presented so that the client can establish which services are involved in a transaction so that the he/she can begin to determine whether or not he/she is willing to conduct business with the services. A trust model that calculates an assurance measure for services is developed so that the client can automatically establish a measure of trust for a service based on the external perceptions of a service, and his/her own personal experience. A simulation environment was created and used to monitor the services involved in a transaction to evaluate the trust assurance protocol and gain experience with the trust calculation that the client computes. Vocabularies that simplify and standardize descriptions of personal information, business types and the legal structure imposed on Web services offering goods or services online are presented to reduce the ambiguity involved in gathering information from different online sources. The vocabularies also provide a cornerstone of the trust assurance protocol by providing information that is necessary to compute the trust value of a Web service. Results of the trust assurance protocol are obtained and evaluated against the qualitative requirements of providing assurances to clients, and confirms that the protocol is feasible to be deployed, in terms of the overhead placed on a transaction. This dissertation finds that a trust assurance protocol is necessary to provide the client with information that he/she legally has access to and that the trust model can provide a calculable measure of trust that the client can use to compare Web services

Universal Web Server: The X-Switch System

Web servers have become increasingly powerful since they were created. The services they offer have changed as computer hardware has improved, networks have sped up and people demand more interaction for their Web browsers. Web servers perform their function well. They are built purely for one purpose, namely speed. Web servers have sacrificed some functionality by prioritizing efficiency and security. Web servers take up a lot of system resources and are so efficient that they can provide their service to multiple users on the server. However, the only way users can currently use a Web server to its full potential is to own the process running the Web server. As users demand more functionality from Web servers, there is growing interest in providing additional capabilities to Web servers without affecting the efficiency that they operate at. The X-Switch system is a project dedicated to evaluating the feasibility of creating a Web server capable of providing users with all the features they need whilst maintaining the performance of current Web servers. The X-Switch system will also investigate the possibility of creating an extensible, modular system

Designing a Universal Web Application Server

Modern Web server systems typically consist of a single Web server instance capable of utilising various backend technologies. For security reasons this Web server instance is run as the unprivileged user, the user ‘nobody’. This has the implication of having users make their Web components world-accessible so that such an unprivileged Web server instance may access them. World accessible files or directories are open to many threats including modification and removal by any system user, authorised or unauthorised. The X-Switch system attempts to provide a solution to this problem by allowing Web components to be run with an identical set of privileges as the component owner, an essential feature for maintaining secure multi-user server environments. The X-Switch system is a generalisation of existing solutions but attempts to provide a higher level of performance and scalability while maintaining the benefits of being independent of the implementation language used. The X-Switch system’s experimental results demonstrated that a Web server that utilises run-time context switching can achieve a high level of performance. Furthermore it was shown that an X-Switch compatible engine can be developed to provide functionality matching that of existing Web application servers but with the added benefit of multi-user support. Finally the X-Switch system showed that it is feasible to completely separate issues of performance from the Web component code thus ensuring that the developer is free from the task of modifying his/her code to make it compatible with the deployment platform

Composite Web Services Security Considerations

Web services are modular, self describing software components that can be invoked over a distributed network. A single transaction can be composed of many individual Web services. There are many security considerations that have to be taken into account when assessing such a Web service transaction. This paper investigates the security concerns involved in composite Web services and introduces at the relevant security standards and legislation as motivation for a trust assurance protocol. In this paper, we focus on the transaction path elicitation in Web services transactions so that trust may be established in an environment where near-perfect information can be achieved

X-Switch: An Efficient, Multi-User, Multi-Language Web Application Server

Web applications are usually installed on and accessed through a Web server. For security reasons, these Web servers generally provide very few privileges to Web applications, defaulting to executing them in the realm of a guest account. In addition, performance often is a problem as Web applications may need to be reinitialised with each access. Various solutions have been designed to address these security and performance issues, mostly independently of one another, but most have been language or system-specic. The X-Switch system is proposed as an alternative Web application execution environment, with more secure user-based resource management, persistent application interpreters and support for arbitrary languages/interpreters. Thus it provides a general-purpose environment for developing and deploying Web applications. The X-Switch system's experimental results demonstrated that it can achieve a high level of performance. Furthermore it was shown that X-Switch can provide functionality matching that of existing Web application servers but with the added benefit of multi-user support. Finally the X-Switch system showed that it is feasible to completely separate the deployment platform from the application code, thus ensuring that the developer does not need to modify his/her code to make it compatible with the deployment platform

Fujisaki: A simple Apporach to Secretly Sharing a Factoring Witness in a Publically-Verifiable Manner

Modern Web server systems typically consist of a single Web server instance capable of utilising various backend technologies. For security reasons this Web server instance is run as the unprivileged user, the user ‘nobody’. This has the implication of having users make their Web components world-accessible so that such an unprivileged Web server instance may access them. World accessible files or directories are open to many threats including modification and removal by any system user, authorised or unauthorised. The X-Switch system attempts to provide a solution to this problem by allowing Web components to be run with an identical set of privileges as the component owner, an essential feature for maintaining secure multi-user server environments. The X-Switch system is a generalisation of existing solutions but attempts to provide a higher level of performance and scalability while maintaining the benefits of being independent of the implementation language used. The X-Switch system’s experimental results demonstrated that a Web server that utilises run-time context switching can achieve a high level of performance. Furthermore it was shown that an X-Switch compatible engine can be developed to provide functionality matching that of existing Web application servers but with the added benefit of multi-user support. Finally the X-Switch system showed that it is feasible to completely separate issues of performance from the Web component code thus ensuring that the developer is free from the task of modifying his/her code to make it compatible with the deployment platform

X-Switch: An Efficient Multi-User Multi-Language Web Application Server.

Web applications are usually installed on and accessed through a Web server. For security reasons, these Web servers generally provide very few privileges to Web applications, defaulting to executing them in the realm of a guest account. In addition, performance often is a problem as Web applications may need to be reinitialised with each access. Various solutions have been designed to address these security and performance issues, mostly independently of one another, but most have been language or system-specific. The X-Switch system is proposed as an alternative Web application execution environment, with more secure user-based resource management, persistent application interpreters and support for arbitrary languages/interpreters. Thus it provides a general-purpose environment for developing and deploying Web applications. The X-Switch system’s experimental results demonstrated that it can achieve a high level of performance. Furthermore it was shown that X-Switch can provide functionality matching that of existing Web application servers but with the added benefit of multi-user support. Finally the X-Switch system showed that it is feasible to completely separate the deployment platform from the application code, thus ensuring that the developer does not need to modify his/her code to make it compatible with the deployment platform