NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 2
  • 2
  • 1
  • 1
  • Tagged with
  • 6
  • 6
  • 6
  • 6
  • 6
  • 5
  • 3
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 1 to 6 of 6 (0.172 seconds)

Spelling suggestions: "subject:"world wide eeb asecurity measures"" "subject:"world wide eeb 2security measures""

1

An information security perspective on XML web services.

Chetty, Jacqueline 29 May 2008 (has links)
The Internet has come a long way from its humble beginnings of being used as a simple way of transporting data within the US army and other academic organizations. With the exploding growth of the Internet and the World Wide Web or WWW more and more people and companies are not only providing services via the WWW but are also conducting business transactions. In today’s Web-based environment where individuals and organizations are conducting business online, it is imperative that the technologies that are being utilized are secure in every way. It is important that any individual or organization that wants to protect their data in one form or another adhere to the five (5) basic security services. These security services are Identification and Authentication, Authorization, Confidentiality, Integrity and Non-repudiation This study looks at two Web-based technologies, namely XML and XML Web services and provides an evaluation of whether or not the 5 security services form part of the security surrounding these Web-based technologies. Part 1 is divided into three chapters. Chapter 1, is an Introduction and roadmap to the dissertation. This chapter provides an introduction to the dissertation. Chapter 2 provides an Overview of XML. The reader must not view this chapter as a technical chapter. It is simply a chapter that provides the reader with an understanding of XML so that the reader is able to understand the chapter surrounding XML security. Chapter 3 provides an Overview of Web services. Again the reader must not view this chapter as a technical chapter and as in chapter 2 this chapter must be seen as an overview providing the reader with a broad picture of what Web services is. A lot of technical background and know how has not been included in these two chapters. Part 2 is divided into a further three chapters. Chapter 4 is titled Computer Security and provides the reader with a basic understanding surrounding security in general. The 5 security services are introduced in more detail and the important mechanisms and aspects surrounding security are explained. Chapter 5 looks at how XML and Web services are integrated. This is a short chapter with diagrams that illustrate how closely XML and Web services are interwoven. Chapter 6 is the most important chapter of the dissertation. This chapter is titled XML and Web services security. This chapter provides the reader with an understanding of the various XML mechanisms that form part of the Web services environment, thus providing security in the form of the 5 security services. Each XML mechanism is discussed and each security service is discussed in relation to these various mechanisms. This is all within the context of the Web services environment. The chapter concludes with a table that summarizes each security service along with its corresponding XML mechanism. Part 3 includes one chapter. Chapter 7 is titled Mapping XML and Web services against the 5 security services. This chapter makes use of the information from the previous chapter and provides a summary in the form of a table. This table identifies each security service and looks at the mechanisms that provide that service within a Web services environment. Part 4 provides a conclusion to the dissertation. Chapter 8 is titled Conclusion and provides a summary of each preceding chapter. This chapter also provides a conclusion and answers the question of whether or not the 5 information security services are integrated into XML and Web services. / von Solms, S.H., Prof.
Computer security
World Wide Web security measures
2

On web security: a trusted notification system.

January 2011 (has links)
Tse, Kai Shun Scottie. / "December 2010." / Thesis (M.Phil.)--Chinese University of Hong Kong, 2011. / Includes bibliographical references (p. 52-54). / Abstracts in English and Chinese. / Abstract --- p.ii / Acknowledgements --- p.iii / List of Figures --- p.vi / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Web 2.0 --- p.2 / Chapter 1.2 --- Research Motivation --- p.2 / Chapter 2 --- Background Study on Web Attacks --- p.4 / Chapter 2.1 --- Cross Site Scripting (XSS) --- p.5 / Chapter 2.2 --- Cross Channel Scripting (XCS) --- p.6 / Chapter 2.3 --- Cross Site Request Forgery (CSRF) --- p.6 / Chapter 2.4 --- Click Jacking --- p.7 / Chapter 2.5 --- Extension and plugins vulnerabilities --- p.8 / Chapter 2.6 --- Privacy Issue --- p.10 / Chapter 2.7 --- Network security --- p.12 / Chapter 2.8 --- Developer implementation flaw --- p.13 / Chapter 2.9 --- Chapter Summary --- p.15 / Chapter 3 --- Defenses on Web Attacks --- p.17 / Chapter 3.1 --- Same Origin Policy --- p.17 / Chapter 3.2 --- Filtering mechanism --- p.18 / Chapter 3.2.1 --- Client-side filtering --- p.18 / Chapter 3.2.2 --- Server-side filtering --- p.19 / Chapter 3.3 --- XSS Defenses --- p.20 / Chapter 3.4 --- CSRF Defenses --- p.22 / Chapter 3.5 --- Browser warnings --- p.23 / Chapter 3.6 --- Chapter Summary --- p.24 / Chapter 4 --- On web communication --- p.26 / Chapter 4.1 --- On cross domain communication --- p.26 / Chapter 4.1.1 --- HTML5 --- p.26 / Chapter 4.1.2 --- Flash 10 --- p.28 / Chapter 4.1.3 --- Extended studys crossdomain.xml of Flash --- p.29 / Chapter 4.2 --- On cross frame communication --- p.32 / Chapter 4.3 --- Trusted Notification System --- p.35 / Chapter 4.3.1 --- Assumptions --- p.35 / Chapter 4.3.2 --- Implementation Issues --- p.35 / Chapter 4.3.3 --- Information flow --- p.37 / Chapter 4.3.4 --- Features --- p.38 / Chapter 4.3.4.1 --- Counter fake --- p.38 / Chapter 4.3.4.2 --- Plug and play --- p.38 / Chapter 4.3.4.3 --- Mitigate future attacks --- p.39 / Chapter 4.3.4.4 --- Session persist after logout --- p.39 / Chapter 4.3.4.5 --- Follow the standards --- p.40 / Chapter 4.3.5 --- Related works --- p.40 / Chapter 4.4 --- Chapter Summary --- p.41 / Chapter 5 --- Conclusion --- p.43 / Chapter 5.1 --- Contributions --- p.43 / Chapter 5.2 --- Discussions and future work --- p.44 / Chapter A --- Non-persistent XSS attack on Horde --- p.45 / Chapter B --- Data tampering attack on facebook application --- p.50 / Bibliography --- p.52
Web sites--Security measures
World Wide Web--Security measures
Computer security
3

End-to-End Security of Information Flow in Web-based Applications

Singaravelu, Lenin 25 June 2007 (has links)
Web-based applications and services are increasingly being used in security-sensitive tasks. Current security protocols rely on two crucial assumptions to protect the confidentiality and integrity of information: First, they assume that end-point software used to handle security-sensitive information is free from vulnerabilities. Secondly, these protocols assume point-to-point communication between a client and a service provider. However, these assumptions do not hold true with large and complex vulnerable end point software such as the Internet browser or web services middleware or in web service compositions where there can be multiple value-adding service providers interposed between a client and the original service provider. To address the problem of large and complex end-point software, we present the AppCore approach which uses manual analysis of information flow, as opposed to purely automated approaches, to split existing software into two parts: a simplified trusted part that handles security-sensitive information and a legacy, untrusted part that handles non-sensitive information without access to sensitive information. Not only does this approach avoid many common and well-known vulnerabilities in the legacy software that compromised sensitive information, it also greatly reduces the size and complexity of the trusted code, thereby making exhaustive testing or formal analysis more feasible. We demonstrate the feasibility of the AppCore approach by constructing AppCores for two real-world applications: a client-side AppCore for https-based applications and an AppCore for web service platforms. Our evaluation shows that security improvements and complexity reductions (over a factor of five) can be attained with minimal modifications to existing software (a few tens of lines of code, and proxy settings of a browser) and an acceptable performance overhead (a few percent). To protect the communication of sensitive information between the clients and service providers in web service compositions, we present an end-to-end security framework called WS-FESec that provides end-to-end security properties even in the presence of misbehaving intermediate services. We show that WS-FESec is flexible enough to support the lattice model of secure information flow and it guarantees precise security properties for each component service at a modest cost of a few milliseconds per signature or encrypted field.
Software refactoring
Web service compositions
Web service middleware
End-to-end security
World Wide Web Security measures
Internet Security measures
4

An investigation of developments in Web 3.0 : opportunities, risks, safeguards and governance

Bruwer, Hendrik Jacobus 04 1900 (has links)
Thesis (MComm)--Stellenbosch University, 2014. / ENGLISH ABSTRACT: Many organisations consider technology as a significant asset to generate income and control cost. The World Wide Web (henceforth referred to as the Web), is recognised as the fastest growing publication medium of all time, now containing well over 1 trillion URLs. In order to stay competitive it is crucial to stay up to date with technological trends that create new opportunities for organisations, as well as creating risks. The Web acts as an enabler for technological advancement, and matures in its own unique way. From the static informative characteristics of Web 1.0, it progressed into the interactive experience Web 2.0 provides. The next phase of Web evolution, Web 3.0, is already in progress. Web 3.0 entails an integrated Web experience where the machine will be able to understand and catalogue data in a manner similar to humans. This will facilitate a world wide data warehouse where any format of data can be shared and understood by any device over any network. The evolution of the Web will bring forth new opportunities as well as challenges. Organisations need to be ready, and acquire knowledge about the opportunities and risks arising from Web 3.0 technologies. The purpose of this study is to define Web 3.0, and identify new opportunities and risks associated with Web 3.0 technologies by using a control framework. Identified opportunities can mainly be characterised as the autonomous integration of data and services which increases the pre-existing capabilities of Web services, as well as the creation of new functionalities. The identified risks mainly concern unauthorised access and manipulation of data; autonomous initiation of actions, and the development of scripts and languages. Risks will be mitigated by control procedures which organisations need to implement (examples include but is not limited to encryptions; access control; filtering; language and ontology development control procedures; education of consumers and usage policies). The findings will assist management in addressing the key focus areas of opportunities and risks when implementing a new technology. / AFRIKAANSE OPSOMMING: Baie organisasies beskou tegnologie as 'n belangrike bate om inkomste te genereer en kostes te beheer. Die Wêreldwye Web (voorts na verwys as die Web), word erken as die vinnigste groeiende publikasiemedium van alle tye, met tans meer as 1 triljoen URLs. Ten einde kompeterend te bly, is dit noodsaaklik om op datum te bly met tegnologiese tendense wat nuwe geleenthede, sowel as risikos, vir organisasies kan skep. Die Web fasiliteer tegnologiese vooruitgang, en ontwikkel op sy eie unieke manier. Vanaf die statiese informatiewe eienskappe van Web 1.0, het dit ontwikkel tot die interaktiewe ervaring wat Web 2.0 bied. Die volgende fase van Web-ontwikkeling, Web 3.0, is reeds in die proses van ontwikkeling. Web 3.0 behels 'n geïntegreerde Web-ervaring waar ʼn masjien in staat sal wees om data te verstaan en te kategoriseer op ʼn soortgelyke wyse as wat ʼn mens sou kon. Dit sal lei tot 'n wêreldwye databasis waar enige vorm van data gedeel en verstaan kan word deur enige toestel oor enige netwerk. Die ontwikkeling van die Web sal lei tot die ontstaan van nuwe geleenthede, sowel as uitdagings. Dit is noodsaaklik dat organisasies bewus sal wees hiervan, en dat hulle oor genoegsame kennis sal beskik met betrekking tot die geleenthede en risikos wat voortspruit uit Web 3.0 tegnologieë. Die doel van hierdie studie is om Web 3.0 te definieer, en nuwe geleenthede en risikos wat verband hou met Web 3.0 tegnologieë, te identifiseer deur gebruik te maak van ʼn kontrole raamwerk. Geleenthede wat geïdentifiseer is, word hoofsaaklik gekenmerk deur outonome integrasie van data en dienste wat lei tot ʼn toename in die vermoëns van reeds bestaande Webdienste, sowel as die skepping van nuwe funksionaliteite. Die risikos wat geïdentifiseer is, word hoofsaaklik gekenmerk deur ongemagtigde toegang en manipulasie van data; outonome inisieering van aksies, en die ontwikkeling van programskrifte en tale. Risikos wat geïdentifiseer is, sal aangespreek word deur die implementering van voorgestelde kontroleprosedures om sodanige risikos te verminder tot ʼn aanvaarbare vlak (voorbeelde sluit in maar is nie beperk tot enkripsie; toegangkontroles; filters; programmatuur taal en ontologie ontwikkels kontroles prosedures; opleiding van gebruikers en ontwikkelaars en beleide ten op sigte van gebruik van tegnologië). Die bevindinge sal bestuur in staat stel om die sleutelfokus-areas van geleenthede en risikos te adresseer gedurende die implementering van 'n nuwe tegnologie.
Dissertations -- Accountancy
Theses -- Accountancy
Dissertations -- Computer auditing
Theses -- Computer auditing
World Wide Web
World Wide Web -- Security measures
Risk assessment
UCTD
5

Internet payment system--: mechanism, applications & experimentation.

January 2000 (has links)
Ka-Lung Chong. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2000. / Includes bibliographical references (leaves 80-83). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgments --- p.iii / Chapter 1 --- Introduction & Motivation --- p.1 / Chapter 1.1 --- Introduction --- p.1 / Chapter 1.2 --- Internet Commerce --- p.3 / Chapter 1.3 --- Motivation --- p.6 / Chapter 1.4 --- Related Work --- p.7 / Chapter 1.4.1 --- Cryptographic Techniques --- p.7 / Chapter 1.4.2 --- Internet Payment Systems --- p.9 / Chapter 1.5 --- Contribution --- p.16 / Chapter 1.6 --- Outline of the Thesis --- p.17 / Chapter 2 --- A New Payment Model --- p.19 / Chapter 2.1 --- Model Description --- p.19 / Chapter 2.2 --- Characteristics of Our Model --- p.22 / Chapter 2.3 --- Model Architecture --- p.24 / Chapter 2.4 --- Comparison --- p.30 / Chapter 2.5 --- System Implementation --- p.30 / Chapter 2.5.1 --- Acquirer Interface --- p.31 / Chapter 2.5.2 --- Issuer Interface --- p.32 / Chapter 2.5.3 --- Merchant Interface --- p.32 / Chapter 2.5.4 --- Payment Gateway Interface --- p.33 / Chapter 2.5.5 --- Payment Cancellation Interface --- p.33 / Chapter 3 --- A E-Commerce Application - TravelNet --- p.35 / Chapter 3.1 --- System Architecture --- p.35 / Chapter 3.2 --- System Features --- p.38 / Chapter 3.3 --- System Snapshots --- p.39 / Chapter 4 --- Simulation --- p.44 / Chapter 4.1 --- Objective --- p.44 / Chapter 4.2 --- Simulation Flow --- p.45 / Chapter 4.3 --- Assumptions --- p.49 / Chapter 4.4 --- Simulation of Payment Systems --- p.50 / Chapter 5 --- Discussion of Security Concerns --- p.54 / Chapter 5.1 --- Threats to Internet Payment --- p.54 / Chapter 5.1.1 --- Eavesdropping --- p.55 / Chapter 5.1.2 --- Masquerading --- p.55 / Chapter 5.1.3 --- Message Tampering --- p.56 / Chapter 5.1.4 --- Replaying --- p.56 / Chapter 5.2 --- Aspects of A Secure Internet Payment System --- p.57 / Chapter 5.2.1 --- Authentication --- p.57 / Chapter 5.2.2 --- Confidentiality --- p.57 / Chapter 5.2.3 --- Integrity --- p.58 / Chapter 5.2.4 --- Non-Repudiation --- p.58 / Chapter 5.3 --- Our System Security --- p.58 / Chapter 5.4 --- TravelNet Application Security --- p.61 / Chapter 6 --- Discussion of Performance Evaluation --- p.64 / Chapter 6.1 --- Performance Concerns --- p.64 / Chapter 6.2 --- Experiments Conducted --- p.65 / Chapter 6.2.1 --- Description --- p.65 / Chapter 6.2.2 --- Analysis on the Results --- p.65 / Chapter 6.3 --- Simulation Analysis --- p.69 / Chapter 7 --- Conclusion & Future Work --- p.72 / Chapter A --- Experiment Specification --- p.74 / Chapter A.1 --- Configuration --- p.74 / Chapter A.2 --- Experiment Results --- p.74 / Chapter B --- Simulation Specification --- p.77 / Chapter B.1 --- Parameter Listing --- p.77 / Chapter B.2 --- Simulation Results --- p.77 / Bibliography --- p.80
Electronic commerce--Security measures
Electronic funds transfers
Internet--Security measures
World Wide Web--Security measures
Computer security
6

Secure web applications against off-line password guessing attack : a two way password protocol with challenge response using arbitrary images

Lu, Zebin 14 August 2013 (has links)
Indiana University-Purdue University Indianapolis (IUPUI) / The web applications are now being used in many security oriented areas, including online shopping, e-commerce, which require the users to transmit sensitive information on the Internet. Therefore, to successfully authenticate each party of web applications is very important. A popular deployed technique for web authentication is the Hypertext Transfer Protocol Secure (HTTPS) protocol. However the protocol does not protect the careless users who connect to fraudulent websites from being trapped into tricks. For example, in a phishing attack, a web user who connects to an attacker may provide password to the attacker, who can use it afterwards to log in the target website and get the victim’s credentials. To prevent phishing attacks, the Two-Way Password Protocol (TPP) and Dynamic Two-Way Password Protocol (DTPP) are developed. However there still exist potential security threats in those protocols. For example, an attacker who makes a fake website may obtain the hash of users’ passwords, and use that information to arrange offline password guessing attacks. Based on TPP, we incorporated challenge responses with arbitrary images to prevent the off-line password guessing attacks in our new protocol, TPP with Challenge response using Arbitrary image (TPPCA). Besides TPPCA, we developed another scheme called Rain to solve the same problem by dividing shared secrets into several rounds of negotiations. We discussed various aspects of our protocols, the implementation and experimental results.
Web Security
Web sites -- Security measures
World Wide Web -- Security measures
Computer network protocols -- Standards
Computer hackers
Computers -- Access control -- Passwords
Internet -- Security measures
Phishing -- Security measures

Page generated in 0.1756 seconds