Dynamic Scoping for Browser Based Access Control System

Nadipelly, Vinaykumar

25 May 2012

We have inorganically increased the use of web applications to the point of using them for almost everything and making them an essential part of our everyday lives. As a result, the enhancement of privacy and security policies for the web applications is becoming increasingly essential. The importance and stateless nature of the web infrastructure made the web a preferred target of attacks. The current web access control system is a reason behind the victory of attacks. The current web consists of two major components, the browser and the server, where the effective access control system needs to be implemented. In terms of an access control system, the current web has adopted the inadequate same origin policy and same session policy for the browser and server, respectively. The current web access control system policies are sufficient for the earlier day's web, which became inadequate to address the protection needs of today's web. In order to protect the web application from un-trusted contents, we provide an enhanced browser based access control system by enabling the dynamic scoping. Our security model for the browser will allow the client and trusted web application contents to share a common library and protect web contents from each other, while they still get executed at different trust levels. We have implemented a working model of an enhanced browser based access control system in Java, under the Lobo browser.

Web security

Web application

Browser enhancement

Web protection models

Web vulnerabilities

Computer Sciences

Databases and Information Systems

A Views-Based Design Framework for Web Applications

Brown, David

January 2002

Web application design is a broad term that refers to any aspect of designing a Web application, including designing Web interfaces to data. There are a number of commercial software tools available that employ various techniques for implementing Web access to databases. However, these techniques apply only to portions of Web application implementation and lack a common design paradigm. We believe that defining an approach to designing and implementing Web applications based on views, frameworks, and patterns allows us to extend an object-oriented design representation and develop reusable and extensible design solutions for a class of Web applications in which the concerns are separated. The major contribution of this thesis is the development of a new approach to designing Web applications, producing the following visible contributions: a model for Web applications based upon a separation of concerns using views; a framework for system elements so that object-oriented design patterns can be used to build the application; a reusable design approach so that many Web applications can be built around the same framework; a coherent and organized framework representation using extended UML; and an implementation approach that can be implemented on a number of different platforms using a range of software and tools. In support of this solution, this thesis shows the design and implementation of a proof-of-concept Web application using this design technique. We believe that the approach to Web application design promoted in this thesis has proven itself useful in a practical way for the case studies discussed herein and points the way to a wider range of design and implementation possibilities.

Computer Science

web application

views

framework

design pattern

repository

separation of concerns

UML

WAE

A Views-Based Design Framework for Web Applications

Brown, David

January 2002

Web application design is a broad term that refers to any aspect of designing a Web application, including designing Web interfaces to data. There are a number of commercial software tools available that employ various techniques for implementing Web access to databases. However, these techniques apply only to portions of Web application implementation and lack a common design paradigm. We believe that defining an approach to designing and implementing Web applications based on views, frameworks, and patterns allows us to extend an object-oriented design representation and develop reusable and extensible design solutions for a class of Web applications in which the concerns are separated. The major contribution of this thesis is the development of a new approach to designing Web applications, producing the following visible contributions: a model for Web applications based upon a separation of concerns using views; a framework for system elements so that object-oriented design patterns can be used to build the application; a reusable design approach so that many Web applications can be built around the same framework; a coherent and organized framework representation using extended UML; and an implementation approach that can be implemented on a number of different platforms using a range of software and tools. In support of this solution, this thesis shows the design and implementation of a proof-of-concept Web application using this design technique. We believe that the approach to Web application design promoted in this thesis has proven itself useful in a practical way for the case studies discussed herein and points the way to a wider range of design and implementation possibilities.

Computer Science

web application

views

framework

design pattern

repository

separation of concerns

UML

WAE

Creating Application Security Layer Based On Resource Access Decision Service

Metin, Mehmet Ozer

01 September 2003

Different solutions have been used for each security aspects (access control, application security) to secure enterprise web applications. However combining &quot / enterprise-level&quot / and &quot / application-level&quot / security aspects in one layer could give great benefits such as reusability, manageability, and scalability. In this thesis, adding a new layer to n-tier web application architectures to provide a common evaluation and enforcement environment for both enterprise-level and application level policies to bring together access controlling with application-level security. Removing discrimination between enterprise-level and application-level security policies improves manageability, reusability and scalability of whole system. Resource Access Decision (RAD) specification has been implemented and used as authentication mechanism for this layer. RAD service not only provides encapsulating domain specific factors to give access decisions but also can form a solid base to apply positive and negative security model to secure enterprise web applications. Proposed solution has been used in a real life system and test results have been presented.

Analysis and improvement of a publication System : New approaches on Web Applications

Rodriguez Fernandez, Angel

January 2008

<p>The aim of this thesis is the research in modern web development tools to demonstrate in which ways can this raised technologies help to make a real application more user friendly, easy to maintain and extend, and more reliable.</p><p>Some new approaches to Web applications will be presented in comparison with the traditional way, and a real application will be redesigned for including the lasts advances in Web technologies.</p> / Analysis and improvement of a publication System

Web application

Web development

Publication system

AJAX

Google Web Toolkit

Java

TECHNOLOGY

TEKNIKVETENSKAP

Software engineering

Programvaruteknik

Cross-platform testing and maintenance of web and mobile applications

Roy Choudhary, Shauvik

08 June 2015

Modern software applications need to run on a variety of web and mobile platforms with diverse software and hardware-level features. Thus, developers of such software need to duplicate the testing and maintenance effort on a wide range of platforms. Often developers are not able to cope with this increasing demand and release software that is broken on certain platforms, thereby affecting a class of customers using such platforms. Hence, there is a need for automating such duplicate activities to assist the developer in coping with the ever increasing demand. The goal of my work is to improve the testing and maintenance of cross-platform web and mobile applications by developing automated techniques for comparing and matching the behavior of such applications across different platforms. To achieve this goal, I have identified three problems that are relevant in the context of cross-platform testing and maintenance: 1) automated identification of inconsistencies in the same application's behavior across multiple platforms, 2) detecting features that are present in the application on one platform, but missing on another platform version of the same application, and, 3) automated migration of test suites and possibly other software artifacts across platforms. I present three different scenarios for the development of {cross-platform} web and mobile applications, and formulate each of the three problems in the scenario where it is most relevant. To address and mitigate these problems in their corresponding scenarios, I present the principled design, development and evaluation of the two techniques, and a third preliminary technique to highlight the research challenges of test migration. The first technique, X-pert identifies inconsistencies in a web application running on multiple web browsers. The second technique, FMAP matches features between the desktop and mobile versions of a web application and reports any features found missing on either of the platform versions. The final technique, MigraTest attempts to automatically migrate test cases from a mobile application on one platform to its counterpart on another platform. To evaluate these techniques, I implemented them as prototype tools and ran these tools on real-world subject applications. The empirical evaluation of X-pert shows that it is accurate and effective in detecting real-world inconsistencies in web applications. In the case of FMAP, the results of my evaluation show that it was able to correctly identify missing features between desktop and mobile versions of the web applications considered, as confirmed by my analysis of user reports and software fixes for these applications. The third technique, MigraTest was able to efficiently migrate test cases between two mobile platform versions of the subject applications.

Cross-platform testing

Mobile testing

Test migration

Web application testing

Cross-browser testing

Ομαδοποιημένη οπτικοποίηση γεωγραφικών δεδομένων με χρήση web τεχνολογιών

Χαρπαντίδης, Βασίλειος

05 February 2015

Στις μέρες μας ο κόσμος αναζητά συνεχώς νέες πληροφορίες. Η αναζήτηση αυτή πολλές φορές εξαρτάται ή/και βασίζεται σε γεωγραφικά δεδομένα. Για αυτόν το σκοπό η αποτύπωση της πληροφορίας στο χάρτη είναι μια κλασική μέθοδος που ακολουθείται. Αυτή η διπλωματική ξεκίνησε από την παρατήρηση ότι ενώ από τη μία υπάρχει μεγάλος όγκος πληροφορίας, η αποτύπωσή της στο χάρτη είναι πολύ φτωχή. Σχεδόν όλες οι εφαρμογές με εξαίρεση τους κολοσσούς της πληροφορικής (Microsoft και Google) αναπαριστούν περιορισμένη ποσότητα πληροφορίας. Αυτή η παρατήρηση προήλθε από λεπτομερή έρευνα των πρακτικών που ακολουθούνται τόσο από εμπορικές εφαρμογές, όσο και από αντίστοιχες ερευνητικές δραστηριότητες. Έτσι, χρησιμοποιώντας κάποιος αυτές τις υπηρεσίες δυσκολεύεται να κατανοήσει τη συνολική πληροφορία της γεωγραφικής περιοχής που εξετάζει. Σε αυτήν την εργασία προσπαθούμε να δώσουμε λύση στο παραπάνω πρόβλημα, δηλαδή στην αποτύπωση της συνολικής πληροφορίας σε κάποια μη ορισμένη εξ αρχής γεωγραφική περιοχή. Το σύνολο της πληροφορίας, επίσης, δεν είναι στατικό, αλλά αλλάζει σύμφωνα με διάφορα κριτήρια που μπορεί να επιλέξει ο χρήστης. Η εργασία θα κινηθεί σε δύο βασικούς πυλώνες. Αρχικά, θα δοθεί λύση στο απλούστερο πρόβλημα της παρουσίασης στο χρήστη της ποσότητας της πληροφορίας στις αντίστοιχες γεωγραφικές περιοχές. Στη συνέχεια, αφού χρησιμοποιηθεί η λύση αυτού του προβλήματος θα γίνει μια προσπάθεια να λυθεί το πιο σύνθετο πρόβλημα της ομαδοποίησης της εμφανιζόμενης στοιχείων πληροφορίας στις γεωγραφικές περιοχές που εξετάζονται από το χρήστη. Οι λύσεις των δύο αυτών προβλημάτων θα βασιστούν στην ομαδοποίηση. Το πρώτο πρόβλημα θα λυθεί με τη χρήση του αλγορίθμου ομαδοποίησης σε πλέγμα και το δεύτερο θα βασιστεί στη χρήση μερικών παραλλαγών του αλγορίθμου Minimum Description Length (MDL). Παρόλο που φαίνεται ότι θα ακολουθηθούν κλασικοί αλγόριθμοι η διπλωματική αυτή θα τους χρησιμοποιήσει με πρωτοφανή τρόπο (δε βρέθηκε αντίστοιχη χρήση στη βιβλιογραφία) και σε πολλά λεπτά σημεία θα δοθούν καινοτόμες λύσεις. Οι δύο αυτές λύσεις δε θα υλοποιηθούν απλά σε ένα εργαστηριακό σύστημα, όπου κάποιος έμπειρος χρήστης (ο ερευνητής) θα μπορεί να πραγματοποιεί πειράματα, αλλά σε μία σύγχρονη web εφαρμογή. Απόρροια αυτής της επιλογής είναι η εφαρμογή που θα παραχθεί από την υλοποίηση αυτής της διπλωματικής να είναι άμεσα προσπελάσιμη από όλον τον κόσμο. Αυτό είναι ένα ακόμη προτέρημα αυτής της εργασίας. Συνοψίζοντας η εργασία θα ολοκληρωθεί με ένα συνοπτικό σχολιασμό των λύσεων και των αποτελεσμάτων τους σε ένα πραγματικό σύνολο δεδομένων. Σε αυτά τα αποτελέσματα θα παρατηρηθεί η λογική συσχέτιση των αποτελεσμάτων των ομαδοποιημένων σημείων σε σχέση με τις γεωγραφικές περιοχές. / Nowadays information is produced everywhere. So a great amount of data exists. Spatial data analysis and visualization is a hot trend and a dynamic map like google maps is the best so far solution. The problem is that the combination of the massive amount of data and the limited size of the map instead of helping the user may confuse him/her. Now, consider a web application with a dynamic map, presenting the whole information of each place without confusing the user with the huge amount of information. This paper proposes some techniques to present the quantity and the quality of information in any place of the dynamic map. The common factor of all the proposed techniques is the grouping via some algorithms like grid clustering.

Ομαδοποίηση

Οπτικοποίηση

Γεωγραφικά δεδομένα

001.422

Spatial data

Clustering

Visualization

Web application

Interneto paslaugas teikiančios įmonės informacinė sistema / IS of internet provider

Varanavičius, Darius

11 January 2005

In this work was analyzed IS of UAB “Dokeda”, weighing all the positive and negative qualities. Also was discussed all additional functions which haven’t been included to the existing IS but could be useful. After have been finished analyzing of existing IS, was come to the conclusion that old system needs to be change. So in this work I did formed requirements for new IS, created new job’s models for it, explained means of technical realization, principles of new system creation and after all I did coding new IS and write new user and administrator manual. Final product was successfully introducing in enterprises UAB “Dokeda”. When new IS was introduced, in short time was carry out questionnaire between enterprise’s workers that to get opinion and to see how it works. Also I did make a suggestions how can be gain that new IS would more satisfy the enterprise’s needs and where could be adapted new IS in other areas.

Informatics

Interneto paslaugos

web application

Internet provider

Informacinė sistema

Softvare

ERP

Creating a Secure Server Architecture and Policy for Linux-based Systems

Kourtesis, Marios

January 2015

Creating and maintaining servers for hosting services in a secure and reliable way is an important but complex and time-consuming task. Misconfiguration and lack of server maintenance can potentially make the system vulnerable. Hackers can exploit these vul­nerabilities in order to penetrate into the system internals and cause damage. Having a standard architecture/configuration supporting the needed services saves time and re­sources while it reduces security risks. A server architecture protected by a security policy can secure the integrity and quality of the overall services. This research demon­strates building a secure server architecture protected by a security policy. To achieve this a security policy and a checklist was designed and combined with a host based IDPS, a NMS and a WAF.

IDS

secure environments

Linux

network management systems

server security

web application firewall

server security

Supporting loose forms of collaboration : Using Linked Data to realize an architecture for collective knowledge construction

Ebner, Hannes

January 2014

This thesis is driven by the motivation to explore a way of working collaboratively that closely reflects the World Wide Web (WWW), more specifically the potential of the Web architecture built on Semantic Web technologies and Linked Data. The goal is to describe a generic approach and architecture that satisfies the needs for loose collaboration and collective knowledge construction as exemplified by the applications described in this thesis. This thesis focuses on a contribution-centric architecture which allows for flexible applications that support loose forms of collaboration. The first research question deals with how Web-based collective knowledge construction can be supported. The second research question explores the characteristics of collective knowledge construction with respect to the Open World Assumption (OWA). The OWA implies that complete knowledge about a subject cannot be assumed at any time, which is one of the most fundamental properties of the WWW. The third research question investigates how Semantic Web technologies be used in order to support such a contribution-centric architecture. The thesis and its underlying publications are of a technical character and are always grounded in theoretical models and considerations that have led to functional implementations. The research has evolved in iterative development processes and was explicitly directed at building applications that can be used in collaborative settings and that are based on standardized Web technologies. One of the main outcomes, an information model, was developed together with such an application and provides a number of novel approaches in the context in which it was designed. The validity of the presented research is supported by evaluations from different perspectives: a list of implemented applications and showcases, results from structured interviews that have investigated the suitability for various resource annotation processes, as well as scalability aspects. The thesis concludes that it is ultimately up to the application how "loose" the collaboration should be and to which extent the OWA is incorporated. The presented architecture provides a toolkit to support the development of loosely collaborative applications. The showcased applications allow the construction of collaborative conceptual models and to collaboratively annotate educational resources. They show the potential of the used technology stack and the introduced contribution-centric architecture that sits on top if it. / <p>QC 20140417</p>

linked data

collaboration

information model

contribution

application architecture

web application

web standards

www

open world assumption