Personalized Pseudonyms for Servers in the Cloud

Abstract A considerable and growing fraction of servers, especially of web servers, is hosted in compute clouds. In this paper we opportunistically leverage this trend to improve privacy of clients from network attackers residing between the clients and the cloud: We design a system that can be deployed by the cloud operator to prevent a network adversary from determining which of the cloud’s tenant servers a client is accessing. The core innovation in our design is a PoPSiCl (pronounced “popsicle”), a persistent pseudonym for a tenant server that can be used by a single client to access the server, whose real identity is protected by the cloud from both passive and active network attackers. When instantiated for TLS-based access to web servers, our design works with all major browsers and requires no additional client-side software and minimal changes to the client user experience. Moreover, changes to tenant servers can be hidden in supporting software (operating systems and web-programming frameworks) without imposing on web-content development. Perhaps most notably, our system boosts privacy with minimal impact to web-browsing performance, after some initial setup during a user’s first access to each web server.

Download Full-text

ANÁLISIS DE ATAQUES RANSOMWARE EN SERVIDORES WEB, LINUX Y WINDOWS

UNESUM-Ciencias. Revista Científica Multidisciplinaria. ISSN 2602-8166 ◽

10.47230/unesum-ciencias.v2.n3.2018.106 ◽

2019 ◽

Vol 2 (3) ◽

pp. 89-100

Author(s):

Ingrid Chilán González ◽

Francisco Bolaños Burgos ◽

Navira Angulo Murillo ◽

Gabriel Rodolfo García Murillo

Keyword(s):

Operating Systems ◽

Early Warning ◽

Web Server ◽

Vulnerability Analysis ◽

Web Servers ◽

Database Structure ◽

Application Servers ◽

La Red

El presente trabajo realiza un análisis de revisión bibliográfica de ataques ransomware en Servidores Web basados en Sistemas Operativos Linux y Windows. Por ello se realizó un análisis comparativo de vulnerabilidad de los Servidores de aplicaciones JBoss, Apache y estructura de base de datos Redis. Los resultados evidencian que los ataques con mayor frecuencia están dirigidos a los Hospitales teniendo en cuenta que los cibercriminales suelen pedir entre $200 y $500 dólares para restaurar los archivos, para el caso del ransomware Samsam para Windows, el atacante interviene la red de la organización vía SSH se autentica al Servidor JBoos. A partir del estudio realizado se puede concluir con una matriz de análisis, de ataques ransomware de varias familias CTB-loker, SamSam, CryptoWall 4.0, Linux.Enconder y FairWare y un listado de herramientas de alerta temprana contra ataques ransomware visto que cifran los directorios de los Sitios Web, por ende permite plantear trabajos futuros de nuevos tipos de ransomware por medio de herramientas de simulación.PALABRAS CLAVE: Ransomware; Servidor Web; Linux; Windows.ANALYSIS OF RANSOMWARE ATTACKS ON WEB SERVERS, LINUX AND WINDOWSABSTRACTThe present work performs an analysis of bibliographic review of ransomware attacks in Web Servers based on Linux and Windows Operating Systems. Therefore, a comparative vulnerability analysis of the JBoss Application Servers, Apache and Redis database structure was carried out. The results show that the most frequent attacks are directed to Hospitals taking into account that cybercriminals usually request between $ 200 and $ 500 dollars to restore the files, for the Samsam for Windows ransomware case, the attacker intervenes the organization's network via SSH authenticates to the JBoos Server. From the study carried out it can be concluded with a matrix of analysis, ransomware attacks of several families CTB-loker, SamSam, CryptoWall 4.0, Linux. Enconder and FairWare and a list of tools for early warning against ransomware attacks seen that encrypt the directories of the Websites, therefore allows to propose future works of new types of ransomware by means of simulation tools.KEYWORDS: Ransomware; Web Server; Linux; Windows.

Download Full-text

After you, please: browser extensions order attacks and countermeasures

International Journal of Information Security ◽

10.1007/s10207-019-00481-8 ◽

2019 ◽

Vol 19 (6) ◽

pp. 623-638 ◽

Cited By ~ 1

Author(s):

Pablo Picazo-Sanchez ◽

Juan Tapiador ◽

Gerardo Schneider

Keyword(s):

User Experience ◽

Private Information ◽

Web Content ◽

The Core ◽

Browser Extension ◽

Number Of Factors ◽

The Web ◽

Browser Extensions

AbstractBrowser extensions are small applications executed in the browser context that provide additional capabilities and enrich the user experience while surfing the web. The acceptance of extensions in current browsers is unquestionable. For instance, Chrome’s official extension repository has more than 63,000 extensions, with some of them having more than 10M users. When installed, extensions are pushed into an internal queue within the browser. The order in which each extension executes depends on a number of factors, including their relative installation times. In this paper, we demonstrate how this order can be exploited by an unprivileged malicious extension (i.e., one with no more permissions than those already assigned when accessing web content) to get access to any private information that other extensions have previously introduced. We propose a solution that does not require modifying the core browser engine, since it is implemented as another browser extension. We prove that our approach effectively protects the user against usual attackers (i.e., any other installed extension) as well as against strong attackers having access to the effects of all installed extensions (i.e., knowing who did what). We also prove soundness and robustness of our approach under reasonable assumptions.

Download Full-text

Energy, Environment, and Sustainable Development Knowledge Center

Advances in Library and Information Science - Collaboration in International and Comparative Librarianship ◽

10.4018/978-1-4666-4365-9.ch011 ◽

2014 ◽

pp. 111-124

Author(s):

Reeta Sharma ◽

Shantanu Ganguly

Keyword(s):

Climate Change ◽

Sustainable Development ◽

Core Competency ◽

Research Community ◽

Web Content ◽

Energy And Environment ◽

The Core ◽

Content Development ◽

Energy Environment ◽

Acquisition Management

This chapter explore how TERI, being a research organization, emphasizes knowledge creation and global dissemination of its research on sustainable development. Knowledge Management division was created to meet the challenges of the knowledge acquisition, management, and outreach demands of the research community. The Library and Information Centre (LIC) caters to the knowledge needs of both institutional and external professionals by collecting, collating, and disseminating knowledge products and services documented in a wide array of resources, including books, reports, periodicals, and e-resources. Besides providing research assistance to users, the core competency of the LIC professionals includes providing innovative services, Web content development, contributions to publications, and setting up specialized information centres on contemporary themes like transport, renewable energy and environment, mycorrhiza, and climate change. The Institute runs the only specialized library on climate change (SLCC) supported by the Norwegian Government.

Download Full-text

“It’s the Same World through Different Eyes”: A CLIL Project for EFL Young Learners.

Colombian Applied Linguistics Journal ◽

10.14483/calj.v18n1.9305 ◽

2016 ◽

Vol 18 (1) ◽

pp. 116 ◽

Cited By ~ 1

Author(s):

Eleni Korosidou ◽

Eleni Griva

Keyword(s):

Primary School ◽

English Language ◽

Project Evaluation ◽

Target Language ◽

Integrated Learning ◽

School Grade ◽

Young Learners ◽

The Core ◽

Teaching Context ◽

Content Development

This paper presents the design, implementation and evaluation of a project entitled "It's the same world through different eyes", which was based on the principles of Content and Language Integrated Learning (CLIL) approach and was piloted with 4th primary school grade students. More specifically, we employed a dual-focused approach, focusing equally on English language and content development. For the purpose of the project, we designed a mini-syllabus with the stories being at the core of the design. The objectives of the project were to: a) develop the students’ skills in EFL, b) develop their sensitivity towards diversity, c)enhance their citizenship awareness. Students were provided with opportunities to express themselves verbally and non-verbally, and participate in a variety of creative activities in a multimodal teaching context. The findings of project evaluation indicated students’ improvement regarding both their receptive and productive skills in the target language, and the development of children’s citizenship awareness and their sensitivity towards diversity.

Download Full-text

Web Server Performance Improvement Using Dynamic Load Balancing Techniques: A Review

Asian Journal of Research in Computer Science ◽

10.9734/ajrcos/2021/v10i130234 ◽

2021 ◽

pp. 47-62

Author(s):

Ibrahim Mahmood Ibrahim ◽

Siddeeq Y. Ameen ◽

Hajar Maseeh Yasin ◽

Naaman Omar ◽

Shakir Fattah Kak ◽

...

Keyword(s):

Load Balancing ◽

Response Time ◽

Performance Improvement ◽

Web Server ◽

Dynamic Load Balancing ◽

The Internet ◽

Web Servers ◽

Web Server Performance ◽

Server Clusters ◽

The Web

Today, web services rapidly increased and are accessed by many users, leading to massive traffic on the Internet. Hence, the web server suffers from this problem, and it becomes challenging to manage the total traffic with growing users. It will be overloaded and show response time and bottleneck, so this massive traffic must be shared among several servers. Therefore, the load balancing technologies and server clusters are potent methods for dealing with server bottlenecks. Load balancing techniques distribute the load among servers in the cluster so that it balances all web servers. The motivation of this paper is to give an overview of the several load balancing techniques used to enhance the efficiency of web servers in terms of response time, throughput, and resource utilization. Different algorithms are addressed by researchers and get good results like the pending job, and IP hash algorithms achieve better performance.

Download Full-text

Research on Security Management in Active Network Node Operating Systems

Web Information Systems and Mining - Lecture Notes in Computer Science ◽

10.1007/978-3-642-33469-6_35 ◽

2012 ◽

pp. 254-263

Author(s):

Yongchun Cao ◽

Yabin Shao ◽

Zhengqi Cai

Keyword(s):

Operating Systems ◽

Security Management ◽

Active Network ◽

Network Node

Download Full-text

Client-Side Handheld Computing and Programming

Internet-Enabled Handheld Devices, Computing, and Programming ◽

10.4018/978-1-59140-769-0.ch010 ◽

2011 ◽

pp. 261-285

Author(s):

Wen-Chen Hu

Keyword(s):

Video Games ◽

Personal Information ◽

Weekly Schedule ◽

Web Content ◽

Server Side ◽

Handheld Computing ◽

Business Meetings ◽

Wide Range ◽

On Line ◽

Client Side

There are two kinds of handheld computing and programming, namely client- and server- side handheld computing and programming. The most popular applications of the latter are used with database-driven mobile web content, whose construction steps were described in the previous section. The remainder of this book will be devoted to client-side handheld computing and programming, whose applications do not need the support of server-side programs. Client-side handheld applications are varied and numerous, covering a wide range of everyday activities. Popular application examples include: • address books, which store personal information such as addresses, telephone numbers, and email addresses in an accessible format, • appointments, which allow users to edit, save, and view times reserved for business meetings and visits to the doctor, • calculators, which may be a standard 4-function pocket calculator or a multifunction scientific calculator, • datebooks/calendars, which allow users to enter hourly activities and show a daily or weekly schedule, or a simple monthly view, • expenses, which allow users to track and record common business expenses such as car mileage, per diems, air fees, and hotel bills, • mobile office functions, which include viewing and processing documents, spread sheets, presentations, and inventory. • multimedia, which includes playing music and videos, photography, and personal albums. • note pads, which allow users to save, view, and edit text notes, • to-do lists, which allow users to enter a list of tasks to be performed, and • video games, in addition to those on-line video games that require the support of server-side programs.

Download Full-text

Performance Analysis of a Web Server

Software Applications ◽

10.4018/978-1-60566-060-8.ch025 ◽

2009 ◽

pp. 366-379

Author(s):

Jijun Lu ◽

Swapna S. Gokhale

Keyword(s):

Rapid Development ◽

Web Server ◽

Web Servers ◽

Software Infrastructure ◽

Software Configuration ◽

Performance Requirements ◽

Use Of The Internet ◽

Stringent Performance ◽

Source Of Information ◽

Selection Of

With the rapid development and widespread use of the Internet, Web servers have become a dominant source of information and services. The use of Web servers in business and critical application domains imposes stringent performance requirements on them. These performance requirements cast a direct influence on the choice of the configuration options of the hardware and the software infrastructure on which a Web server is deployed. In addition to the selection of configuration options, for a given level of load and a particular hardware and software configuration, it is necessary to estimate the performance of a Web server prior to deployment.

Download Full-text

p2pWeb: An open, decentralized infrastructure of Web servers for sharing ephemeral Web content

Computer Networks ◽

10.1016/j.comnet.2010.03.021 ◽

2010 ◽

Vol 54 (12) ◽

pp. 1968-1985 ◽

Cited By ~ 2

Author(s):

Marc Sànchez-Artigas ◽

Jordi Pujol-Ahulló ◽

Lluis Pamies-Juarez ◽

Pedro García-López

Keyword(s):

Web Content ◽

Web Servers

Download Full-text

Web Application Vulnerability Detection Using Hybrid String Matching Algorithm

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i3.6.14950 ◽

2018 ◽

Vol 7 (3.6) ◽

pp. 106

Author(s):

B J. Santhosh Kumar ◽

Kankanala Pujitha

Keyword(s):

Web Application ◽

False Negative ◽

String Matching ◽

False Negative Rate ◽

Web Server ◽

Web Pages ◽

Matching Algorithm ◽

White List ◽

Client Side ◽

The Web

Application uses URL as contribution for Web Application Vulnerabilities recognition. if the length of URL is too long then it will consume more time to scan the URL (Ain Zubaidah et.al 2014).Existing system can notice the web pages but not overall web application. This application will test for URL of any length using String matching algorithm. To avoid XSS and CSRF and detect attacks that try to sidestep program upheld arrangements by white list and DOM sandboxing techniques (Elias Athanasopoulos et.al.2012). The web application incorporates a rundown of cryptographic hashes of legitimate (trusted) client side contents. In the event that there is a cryptographic hash for the content in the white list. On the off chance that the hash is discovered the content is viewed as trusted or not trusted. This application makes utilization of SHA-1 for making a message process. The web server stores reliable scripts inside div or span HTML components that are attribute as reliable. DOM sandboxing helps in identifying the script or code. Partitioning Program Symbols into Code and Non-code. This helps to identify any hidden code in trusted tag, which bypass web server. Scanning the website for detecting the injection locations and injecting the mischievous XSS assault vectors in such infusion focuses and check for these assaults in the helpless web application( Shashank Gupta et.al 2015).The proposed application improve the false negative rate.

Download Full-text