Reviewing the Security Features in Contemporary Security Policies and Models for Multiple Platforms

Numerous vulnerabilities have a tendency to taint modern real-world web applications, allowing attackers in retrieving sensitive information and exploiting genuine web applications as a platform for malware activities. Moreover, computing techniques are evolved from the large desktop computer systems to the devices like smartphones, smart watches and goggles. This needs to be ensure that these devices improve their usability and will not be utilized for attacking the personal credentilas (such as credit card numbers, transaction passwords, etc.) of the users. Therefore, there is a need of security architecture over the user's credentials so that no unauthorized user can access it. This chapter summarizes various security models and techniques that are being discovered, studied and utilized extensively in order to ensure computer security. It also discusses numerous security principles and presents the models that ensure these security principles. Security models (such as access control models, information flow models, protection ring, etc.) form the basis of various higher level and complex models. Therefore, learning such security models is very much essential for ensuring the security of the computer and cyber world.

Review of Link Structure Based Ranking Algorithms and Hanging Pages

In this era of Web computing, Cyber Security is very important as more and more data is moving into the Web. Some data are confidential and important. There are many threats for the data in the Web. Some of the basic threats can be addressed by designing the Web sites properly using Search Engine Optimization techniques. One such threat is the hanging page which gives room for link spamming. This chapter addresses the issues caused by hanging pages in Web computing. This Chapter has four important objectives. They are 1) Compare and review the different types of link structure based ranking algorithms in ranking Web pages. PageRank is used as the base algorithm throughout this Chapter. 2) Study on hanging pages, explore the effects of hanging pages in Web security and compare the existing methods to handle hanging pages. 3) Study on Link spam and explore the effect of hanging pages in link spam contribution and 4) Study on Search Engine Optimization (SEO) / Web Site Optimization (WSO) and explore the effect of hanging pages in Search Engine Optimization (SEO).

Security Issues and Countermeasures of Online Transaction in E-Commerce

Nowadays, e-commerce is one of the most growing sectors in the field of internet. It gives the flexibility to shop online, transact online, transfer money online and many more feature to its internet users. As the growth of e-commerce increases, e-commerce security also comes out a major concern to ensure its user a secure transaction without any fear over the network. Banking sector is one of the most prominent sectors of growth in world of e-commerce, but as its demand increases the security and risks along with it also increases. E-commerce security must ensure major security features of cryptography: privacy, authentication, access control, confidentiality and protect data from un-authorized access. In this chapter, all aspects regarding e-commerce describes from its introduction to its security, countermeasures and an example of doing secure payment from any website.

Auditing Defense against XSS Worms in Online Social Network-Based Web Applications

Nowadays, users of Online Social Network (OSN) are less familiar with cyber security threats that occur in such networks, comprising Cross-Site Scripting (XSS) worms, Distributed Denial of Service (DDoS) attacks, Phishing, etc. Numerous defensive methodologies exist for mitigating the effect of DDoS attacks and Phishing vulnerabilities from OSN. However, till now, no such robust defensive solution is proposed for the complete alleviation of XSS worms from such networks. This chapter discusses the detailed incidences of XSS attacks in the recent period on the platforms of OSN. A high level of taxonomy of XSS worms is illustrated in this article for the precise interpretation of its exploitation in multiple applications of OSN like Facebook, Twitter, LinkedIn, etc. We have also discussed the key contributions of current defensive solutions of XSS attacks on the existing platforms of OSN. Based on this study, we identified the current performance issues in these existing solutions and recommend future research guidelines.

Secure and Privacy Preserving Keyword Search over the Large Scale Cloud Data

Cloud computing has attracted a lot of interests from both the academics and the industries, since it provides efficient resource management, economical cost, and fast deployment. However, concerns on security and privacy become the main obstacle for the large scale application of cloud computing. Encryption would be an alternative way to relief the concern. However, data encryption makes efficient data utilization a challenging problem. To address this problem, secure and privacy preserving keyword search over large scale cloud data is proposed and widely developed. In this paper, we make a thorough survey on the secure and privacy preserving keyword search over large scale cloud data. We investigate existing research arts category by category, where the category is classified according to the search functionality. In each category, we first elaborate on the key idea of existing research works, then we conclude some open and interesting problems.

Discovering Periodicity in Network Flows for Security Monitoring

Increasingly system software and user applications are becoming automated and thus many of inter machine communications are not user action driven. Some of these automated communications like OS updates, database synchronization will not pose security threats, while others can have malicious behavior. Automated communications pose a threat to the security of systems if initiated by unwanted programs like keyloggers and Botnets. As these applications are programmed to contact a peer host regularly, most of these communications are periodic in nature. In this chapter we describe a method for detecting periodic communications by analyzing network flows for security monitoring. In particular we use a clustering technique to identify periodic communications between hosts. We experiment with both simulated and real world data to evaluate the efficacy of method.

Threats Classification

Information systems are frequently exposed to various types of threats which can cause different types of damages that might lead to significant financial losses. Information security damages can range from small losses to entire information system destruction. The effects of various threats vary considerably: some affect the confidentiality or integrity of data while others affect the availability of a system. Currently, organizations are struggling to understand what the threats to their information assets are and how to obtain the necessary means to combat them which continues to pose a challenge. To improve our understanding of security threats, we propose a security threat classification model which allows us to study the threats class impact instead of a threat impact as a threat varies over time. This chapter deals with the threats classification problem and its motivation. It addresses different criteria of information system security risks classification and gives a review of most threats classification models. We present as well recent surveys on security breaches costs.

Audio Stego Intrusion Detection System through Hybrid Neural Tree Model

Steganography and steganalysis in audio covers are significant research topics since audio data is becoming an appropriate cover to hide comprehensive documents or confidential data. This article proposes a hybrid neural tree model to enhance the performance of the AQM steganalyser. Practically, false negative errors are more expensive than the false positive errors, since they cause a greater loss to organizations. The proposed neural model is operating with the cost ratio of false negative errors to false positive errors of the steganalyser as the activation function. Empirical results show that the evolutionary neural tree model designed based on the asymmetric costs of false negative and false positive errors proves to be more effective and provides higher accuracy than the basic AQM steganalyser.

Data Security in Wired and Wireless Systems

The issues related to network data security were identified shortly after the inception of the first wired network. Initial protocols relied heavily on obscurity as the main tool for security provisions. Hacking into a wired network requires physically tapping into the wire link on which the data is being transferred. Both these factors seemed to work hand in hand and made secured communication somewhat possible using simple protocols. Then came the wireless network which radically changed the field and associated environment. How do you secure something that freely travels through the air as a medium? Furthermore, wireless technology empowered devices to be mobile, making it harder for security protocols to identify and locate a malicious device in the network while making it easier for hackers to access different parts of the network while moving around. Quite often, the discussion centered on the question: Is it even possible to provide complete security in a wireless network? It can be debated that wireless networks and perfect data security are mutually exclusive. Availability of latest wideband wireless technologies have diminished predominantly large gap between the network capacities of a wireless network versus a wired one. Regardless, the physical medium limitation still exists for a wired network. Hence, security is a way more complicated and harder goal to achieve for a wireless network (Imai, Rahman, & Kobara, 2006). So, it can be safely assumed that a security protocol that is robust for a wireless network will provide at least equal if not better level of security in a similar wired network. Henceforth, we will talk about security essentially in a wireless network and readers should assume it to be equally applicable to a wired network.

Secure Key Establishment in Wireless Sensor Networks

Over the last two decades, advancement in pervasive sensing, embedded computing and wireless communication has lead an attention to a new research area of engineered systems termed as Cyber-Physical Systems (CPS). CPS has bridged the gap between the physical world to the cyber world. It is envisioned that Wireless Sensor Networks (WSN) plays an important role in the actuality of CPS. Due to wireless communication in WSN, it is more vulnerable to security threats. Key establishment is an approach, which is responsible for establishing a session between two communicating parties and therefore, a lightweight key establishment scheme is essential. In this chapter, we review the state of the art of these solutions by discussing key establishment in WSN. Also, a discussion has been carried out to capture few challenges in implementing them in real and future research directions in this area are explored to transport the field to an improved level.