Enhancing the Browser-Side Context-Aware Sanitization of Suspicious HTML5 Code for Halting the DOM-Based XSS Vulnerabilities in Cloud

2017 ◽  
Vol 7 (1) ◽  
pp. 1-31 ◽  
Author(s):  
B.B. Gupta ◽  
Shashank Gupta ◽  
Pooja Chaudhary
Keyword(s):  
Real World ◽  
Experimental Evaluation ◽  
Web Application ◽  
Web Applications ◽  
Virtual Machines ◽  
Context Aware ◽  
Cloud Environment ◽  
Cloud Platform ◽  
Dom Tree

This article presents a cloud-based framework that thwarts the DOM-based XSS vulnerabilities caused due to the injection of advanced HTML5 attack vectors in the HTML5 web applications. Initially, the framework collects the key modules of web application, extracts the suspicious HTML5 strings from the latent injection points and performs the clustering on such strings based on their level of similarity. Further, it detects the injection of malicious HTML5 code in the script nodes of DOM tree by detecting the variation in the HTML5 code embedded in the HTTP response generated. Any variation observed will simply indicate the injection of suspicious script code. The prototype of our framework was developed in Java and installed in the virtual machines of cloud environment on the Google Chrome extension. The experimental evaluation of our framework was performed on the platform of real world HTML5 web applications deployed in the cloud platform.

Enhancing the Browser-Side Context-Aware Sanitization of Suspicious HTML5 Code for Halting the DOM-Based XSS Vulnerabilities in Cloud

2018 ◽  
pp. 216-247
Author(s):  
B. B. Gupta ◽  
Shashank Gupta ◽  
Pooja Chaudhary
Keyword(s):  
Real World ◽  
Experimental Evaluation ◽  
Web Application ◽  
Web Applications ◽  
Virtual Machines ◽  
Context Aware ◽  
Cloud Environment ◽  
Cloud Platform ◽  
Dom Tree

This article presents a cloud-based framework that thwarts the DOM-based XSS vulnerabilities caused due to the injection of advanced HTML5 attack vectors in the HTML5 web applications. Initially, the framework collects the key modules of web application, extracts the suspicious HTML5 strings from the latent injection points and performs the clustering on such strings based on their level of similarity. Further, it detects the injection of malicious HTML5 code in the script nodes of DOM tree by detecting the variation in the HTML5 code embedded in the HTTP response generated. Any variation observed will simply indicate the injection of suspicious script code. The prototype of our framework was developed in Java and installed in the virtual machines of cloud environment on the Google Chrome extension. The experimental evaluation of our framework was performed on the platform of real world HTML5 web applications deployed in the cloud platform.

scholarly journals eTPM: A Trusted Cloud Platform Enclave TPM Scheme Based on Intel SGX Technology

Sensors ◽  
2018 ◽  
Vol 18 (11) ◽  
pp. 3807 ◽  
Author(s):  
Haonan Sun ◽  
Rongyu He ◽  
Yong Zhang ◽  
Ruiyun Wang ◽  
Wai Hung Ip ◽  
...  
Keyword(s):  
Virtual Machines ◽  
Trusted Computing ◽  
Information Leakage ◽  
Research Topic ◽  
Cloud Environment ◽  
Cloud Platform ◽  
Computing Technology ◽  
Security Issues ◽  
Runtime Environment ◽  
Cloud Users

Today cloud computing is widely used in various industries. While benefiting from the services provided by the cloud, users are also faced with some security issues, such as information leakage and data tampering. Utilizing trusted computing technology to enhance the security mechanism, defined as trusted cloud, has become a hot research topic in cloud security. Currently, virtual TPM (vTPM) is commonly used in a trusted cloud to protect the integrity of the cloud environment. However, the existing vTPM scheme lacks protections of vTPM itself at a runtime environment. This paper proposed a novel scheme, which designed a new trusted cloud platform security component, ‘enclave TPM (eTPM)’ to protect cloud and employed Intel SGX to enhance the security of eTPM. The eTPM is a software component that emulates TPM functions which build trust and security in cloud and runs in ‘enclave’, an isolation memory zone introduced by SGX. eTPM can ensure its security at runtime, and protect the integrity of Virtual Machines (VM) according to user-specific policies. Finally, a prototype for the eTPM scheme was implemented, and experiment manifested its effectiveness, security, and availability.

A Two-Phase Load Balancing Algorithm for Cloud Environment

2021 ◽  
Vol 13 (1) ◽  
pp. 38-55
Author(s):  
Archana Singh ◽  
Rakesh Kumar
Keyword(s):  
Load Balancing ◽  
Data Center ◽  
Virtual Machines ◽  
Second Phase ◽  
Cloud Environment ◽  
Cloud Platform ◽  
Efficient Utilization ◽  
Two Phase ◽  
Excessive Load ◽  
Load Balancing Algorithm

Load balancing is the phenomenon of distributing workload over various computing resources efficiently. It offers enterprises to efficiently manage different application or workload demands by allocating available resources among different servers, computers, and networks. These services can be accessed and utilized either for home use or for business purposes. Due to the excessive load on the cloud, sometimes it is not feasible to offer all these services to different users efficiently. To solve this excessive load issue, an efficient load balancing technique is used to offer satisfactory services to users as per their expectations also leading to efficient utilization of resources and applications on the cloud platform. This paper presents an enhanced load balancing algorithm named as a two-phase load balancing algorithm. It uses a two-phase checking load balancing approach where the first phase is to divide all virtual machines into two different tables based on their state, that is, available or busy while in the second phase, it equally distributes the loads. The various parameters used to measure the performance of the proposed algorithm are cost, data center processing time, and response time. Cloud analyst simulation tool is used to simulate the algorithm. Simulation results demonstrate superiority of the algorithm with existing ones.

scholarly journals Failure Detection Algorithm for Testing Dynamic Web Applications

2017 ◽  
pp. 37-41
Author(s):  
J. Vijaya Sagar Reddy ◽  
G. Ramesh
Keyword(s):  
Web Sites ◽  
Experimental Evaluation ◽  
Web Application ◽  
Web Applications ◽  
Failure Detection ◽  
Detection Algorithm ◽  
The Internet ◽  
Test Cases ◽  
Dynamic Web ◽  
The Web

Web applications are the most widely used software in the internet. When a web application is developed and deployed in the real environment, It is very severe if any bug found by the attacker or the customer or the owner of the web application. It is the very important to do the proper pre-analysis testing before the release. It is very costly thing if the proper testing of web application is not done at the development location and any bug found at the customer location. For web application testing the existing systems such as DART, Cute and EXE are available. These tools generate test cases by executing the web application on concrete user inputs. These tools are best suitable for testing static web sites and are not suitable for dynamic web applications. The existing systems needs user inputs for generating the test cases. It is most difficult thing for the human being to provide dynamic inputs for all the possible cases. This paper presents algorithms and implementation, and an experimental evaluation that revealed HTML Failures, Execution Failures, Includes in PHP Web applications.

scholarly journals Serverless Computing: An Investigation of Deployment Environments for Web APIs

Computers ◽  
2019 ◽  
Vol 8 (2) ◽  
pp. 50
Author(s):  
Ivan ◽  
Vasile ◽  
Dadarlat
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Virtual Machines ◽  
Response Times ◽  
Application Programming Interface ◽  
Resource Provisioning ◽  
Dynamic Scaling ◽  
Application Programming ◽  
Test Scenarios ◽  
Additional Labor

Cloud vendors offer a variety of serverless technologies promising high availability and dynamic scaling while reducing operational and maintenance costs. One such technology, serverless computing, or function-as-a-service (FaaS), is advertised as a good candidate for web applications, data-processing, or backend services, where you only pay for usage. Unlike virtual machines (VMs), they come with automatic resource provisioning and allocation, providing elastic and automatic scaling. We present the results from our investigation of a specific serverless candidate, Web Application Programming Interface or Web API, deployed on virtual machines and as function(s)-as-a-service. We contrast these deployments by varying the number of concurrent users for measuring response times and costs. We found no significant response time differences between deployments when VMs are configured for the expected load, and test scenarios are within the FaaS hardware limitations. Higher numbers of concurrent users or unexpected user growths are effortlessly handled by FaaS, whereas additional labor must be invested in VMs for equivalent results. We identified that despite the advantages serverless computing brings, there is no clear choice between serverless or virtual machines for a Web API application because one needs to carefully measure costs and factor-in all components that are included with FaaS.

scholarly journals Data Service Trust Measurement in Cloud Environment

2019 ◽  
Author(s):  
Lin Shi ◽  
Zilong Wang ◽  
Ning Chen ◽  
Jie Chen
Keyword(s):  
Cloud Computing ◽  
Web Application ◽  
Virtual Machines ◽  
Management Service ◽  
Cloud Environment ◽  
Computing Environment ◽  
Optimization Scheme ◽  
Processing Scheme ◽  
Cloud Computing Environment ◽  
Cloud Data

Abstract Highly trusted issues will be one of the main obstacles to a new era of highly trusted cloud computing. In the cloud computing environment, because sensitive applications and user data are put into the cloud, they run in virtual machines in the data center. Among them, due to the existence of access vulnerability, virtualization vulnerability, web application vulnerability, etc., high trust issues arise from data control, identity authentication, lack of information and other related issues. The introduction of trust mechanisms can be very facilitate the solution of related issues, achieve highly trusted quantification, analysis, and modeling of cloud data centers, meet high trust requirements, and provide users with a highly trusted cloud computing environment. This article mainly studies the trust measure of data services in cloud environment. In this paper, the optimization scheme is verified through experiments, and the traditional big data processing scheme, the original Sahara and the optimization scheme are compared in six cases. Overall, the optimization scheme has a significant performance improvement. Compared with the default configuration of Sahara, the configuration of the new interface has increased the throughput in DFSIO by 120%. Using the design of the unified cache management service, Tachyon can reach 13 in specific situations. In the execution time of Sort workloads, the optimization scheme generally decreased by about 50% compared to the original Sahara, and the memory utilization increased from 80% to 96% in our experiments, but in the cache isolation and other areas need to be improved. The results are basically in line with expectations, which also confirms the rational thinking and value of this article on BDAaS performance research.

Multi-Device Complementary View Adaptation with Liquid Media Queries

2020 ◽  
Author(s):  
Andrea Gallidabino ◽  
Cesare Pautasso
Keyword(s):  
Real World ◽  
Web Application ◽  
Web Applications ◽  
Algorithmic Complexity ◽  
Liquid Media ◽  
Liquid Component ◽  
Adaptation Policies ◽  
Polymer Framework ◽  
The Web

The design of responsive Web applications is traditionally based on the assumption that they run on a single client at a time. Thanks to CSS3 media queries, developers can declaratively specify how the Web application UI adapts to the capabilities of specific devices. As users own more and more devices and they attempt to use them to run Web applications in parallel, we propose to extend CSS media queries so that they can be used to adapt the UI of liquid Web applications while they are dynamically deployed across multiple devices.In this paper we present our extension of CSS media queries with liquid-related types and features, allowing to detect the number of devices connected, the number of users running the application, or the role played by each device. The liquid media query types and features defined in this paper are designed and suitable for liquid component-based Web architectures, and they enable developers to control the deployment of individual Web components across multiple browsers. Furthermore we show the design of liquid media queries in the Liquid.js for Polymer framework and propose our adaptation algorithms. We describe multiple adaptation policies and discuss the implications of the multi-device adaptation from the perspective of the developers and users of a Web application. Finally we showcase the expressiveness of the liquid media queries to support real-world examples and evaluate the algorithmic complexity of our approach.

scholarly journals Analysis of Data Oriented Web Application Systems

2021 ◽  
Vol 23 (05) ◽  
pp. 636-649
Author(s):  
Anubhav Dinkar ◽  
◽  
Prakash Biswagar
Keyword(s):  
Operating Systems ◽  
Web Application ◽  
Web Applications ◽  
Virtual Machines ◽  
Application Systems ◽  
The Right ◽  
Almost All ◽  
Better Than

The purpose of this paper is to study and analyse the various tools that are used in modern day web application systems, which include but are not limited to Flask, Django, PostgreSQL, MongoDB, Docker containers, virtual machines, and so on. The main aim is to allow users of these technologies to be able to choose the right technology based on their needs and the scale of their applications. This is done with the help of sysbench and Docker and Linux based containers, along with basic Flask and Django web applications. Flask could be preferred for simpler web applications over Django. Docker and LXD do perform similarly for the most part, but due to its low storage footprint (only essential libraries are installed in the container, not an entire OS), and its ease of configurability in almost all operating systems, Docker is generally preferred over the others. PostgreSQL seemed to perform 2 times better than MongoDB in terms of the number of queries it handled.

scholarly journals Teasy: A domain-specific language to reduce time and facilitate the creation of tests in web applications

2021 ◽  
Author(s):  
Yury Alencar Lima ◽  
Elder de Macedo Rodrigues ◽  
Fabio Paulo Basso ◽  
Rafael A. P. Oliveira
Keyword(s):  
Real World ◽  
Web Application ◽  
Web Applications ◽  
Domain Specific Language ◽  
Test Cases ◽  
Proof Of Concept ◽  
Domain Specific ◽  
Real World Application ◽  
Support Software ◽  
Software Development Environments

Software testing automation is one of the most challenging activities in Software Engineering scenarios. Moden-Based Testing (MBT) is a feasible strategy to alleviate efforts on automating testing activities. Trough a model that specifies the behavior of the Software Under Testing (SUT), MBT approaches are useful strategies to generate test cases and run them. However, some domains such as, web applications require extra efforts on applying MBT approaches. Due to this, in this study we propose and validate Teasy a Domain Specification Language (DSL) that makes MBT feasible for web application. Through the conduction of a Proof-of-Concept on testing a real-world web application, we noticed Teasy has potential to evolve to effectively support software development environments. Using a real-world application and projects with manually seeded faults, Teasy testing scenarios have detected 78,57% of the functional inconsistencies.

scholarly journals Containerization of Server Services

2020 ◽  
Vol 3 (1) ◽  
pp. 320-330
Author(s):  
Adam Muc ◽  
Tomasz Muchowski ◽  
Albert Zawadzki ◽  
Adam Szeleziński
Keyword(s):  
Operating System ◽  
Virtual Machine ◽  
Web Application ◽  
Web Applications ◽  
Virtual Machines ◽  
Network Services ◽  
Network Configuration ◽  
Network Infrastructure ◽  
The Cost ◽  
The Way

AbstractBusinesses are increasingly confronted with server-related problems. More and more, businesses are enabling remote working and need to rely on network services. The provision of network services requires rebuilding the network infrastructure and the way employees are provided with data. Web applications and server services use common dependencies and require a specific network configuration. This often involves collisions between network ports and common dependencies’ configuration. This problem can be solved by separating the conflicting applications into different servers, but this involves the cost of maintaining several servers. Another solution may be to isolate applications with virtual machines, but this involves a significant overhead on server resources, as each virtual machine must be equipped with an operating system. An alternative to virtual machines can be application containerization, which is growing in popularity. Containerization also allows to isolate applications, but operates on the server’s native operating system. This means eliminating the overhead on server resources present in virtual machines. This article presents an example of web application containerization.

Sign in / Sign up

Export Citation Format

Share Document