scholarly journals Anticipated Security Model for Session Transfer and Services Using OTP

2019 ◽  
pp. 414-418
Author(s):  
J. Jose Merlin ◽  
A. Prathipa ◽  
G. Ramyadevi ◽  
P. Radhika
Keyword(s):  
Access Control ◽  
Web Application ◽  
Early Stage ◽  
Quality Standard ◽  
Web Security ◽  
Internet Security ◽  
Security Model ◽  
Application Development ◽  
Internet Applications ◽  
Browser Security

Internet security is a branch of computer sciences often involving browser security, network security, applications and operating systems to keep the internet as a secure channel to exchange information by reducing the risk and attacks. There are a number of studies that have been conducted in this field resulting in the development of various security models to achieve internet security. However, periodic security reports and previous studies prove that the most secure systems are not immune from risk and much effort is needed to improve internet security. This paper proposed a simple security model to improve internet applications security and services protections, specified access control, cryptographic, cookies and session managements, defense programing practices, care for security from early stage on development life cycle, use hardware authentication techniques in access control, then propose cryptographic approach by mix MD5 with Based64, consider session and cookies types and ways to keep it secure. Additionally, these practices discussed the most important web security vulnerability and access control weakness and how to overcome such weaknesses, proposed an approach to measure, analyze and evaluate security project according to software quality standard ISO 25010 by using Liker scale, finally ended by case study. The effort of this paper represents a set of techniques and tips that should be applied within each web application development process to maintain its security.

scholarly journals Probable Defense Representation for Session Transfer and Network Services Using OTP

2019 ◽  
pp. 360-364
Author(s):  
A. Thamizhiniyal
Keyword(s):  
Network Security ◽  
Access Control ◽  
Web Application ◽  
Early Stage ◽  
Quality Standard ◽  
Web Security ◽  
Internet Security ◽  
Security Model ◽  
Application Development ◽  
Internet Applications

Internet network security is a branch of computer sciences often involving browser security, network security, applications and operating systems to keep the internet as a secure channel to exchange information by reducing the risk and attacks. There are a number of studies that have been conducted in this field resulting in the development of various security models to achieve internet security. However, periodic security reports and previous studies prove that the most secure systems are not immune from risk and much effort is needed to improve internet security. This paper proposed a simple security model to improve internet applications security and services protections, specified access control, cryptographic, cookies and session managements, defense programming practices, care for security from early stage on development life cycle, use hardware authentication techniques in access control, then propose cryptographic approach by mix MD5 with Based64, consider session and cookies types and ways to keep it secure. Additionally, these practices discussed the most important web security vulnerability and access control weakness and how to overcome such weaknesses, proposed an approach to measure, analyze and evaluate security project according to software quality standard ISO 25010 by using Liker scale, finally ended by case study. The effort of this paper represents a set of techniques and tips that should be applied within each web application development process to maintain its security.

scholarly journals Gaining Hands-on Experience via Collaborative Learning: Interactive Computer Science Courses

2015 ◽  
Vol 10 (3) ◽  
pp. 34
Author(s):  
Anna Danielewicz-Betz ◽  
Tatsuki Kawaguchi
Keyword(s):  
Collaborative Learning ◽  
Web Application ◽  
Resource Constraints ◽  
Collaborative Teaching ◽  
Added Value ◽  
Application Development ◽  
Internet Applications ◽  
Science Courses ◽  
Computer Science Courses ◽  
Hands On

In this paper we report on the practical outcomes of Software Studio (SS) undergraduate course, but also on a graduate Software Engineering for Internet Applications (SEIA) course, both of which are taught collaboratively by IT and non-IT faculty members. In the latter, students are assigned to projects proposed by actual customers and work together in teams to deliver quality results under time and resource constraints. We are interested in the learning results, such as skills acquired, e.g. by analysing the interaction between students and customers to determine how and to what degree the students transform through project based collaborative learning. As for the SEIA course, the primary goal is to allow students to manage a relatively large number of tools with little prior knowledge and having to work out how to obtain detailed information about given features, when required. In other words, students have to understand the key ideas of web application development in order to be able not only to apply technical knowledge, but also to successfully interact with all the stakeholders involved. In the process, we look for the added value of collaborative teaching, aiming at equipping the participants with both technical and non-technical skills required for their prospective jobs.

scholarly journals Model-Driven Approach to develop Rich Web Applications

2018 ◽  
Vol 21 (2) ◽  
Author(s):  
Guido Nuñez ◽  
Daniel Bonhaure ◽  
Magalí González ◽  
Nathalie Aquino ◽  
Luca Cernuzzi
Keyword(s):  
Code Generation ◽  
Web Application ◽  
Web Applications ◽  
Application Development ◽  
Internet Applications ◽  
Architecture Model ◽  
Model Driven ◽  
Rich Internet Applications ◽  
Preliminary Validation ◽  
Model Driven Approach

Many Web applications have among their features the possibility of distributing their data and their business logic between the client and the server, also allowing an asynchronous communication between them. These features, originally associated with the arrival of Rich Internet Applications (RIA), remain particularly relevant and desirable. In the area of RIA, there are few proposals that simultaneously consider these features, adopt Model-Driven Development (MDD), and use implementation technologies based on scripting. In this work, we start from MoWebA, an MDD approach to web application development, and we extend it by defining a specific architecture model with RIA functionalities, supporting the previously mentioned features. We have defined the necessary metamodels and UML profiles, as well as transformation rules that allow you to generate code based on HTML5, Javascript, jQuery, jQuery Datatables and jQuery UI. The preliminary validation of the proposal shows positive evidences regarding the effectiveness, efficiency and satisfaction of the users with respect to the modeling and code generation processes of the proposal.

scholarly journals A Secured System for Internet Enabled Host Devices

2020 ◽  
Vol 5 (1) ◽  
pp. 26
Author(s):  
Aderonke F. Thompson ◽  
Oghenerukevwe E. Oyinloye ◽  
Matthew T. David ◽  
Boniface K. Alese
Keyword(s):  
Access Control ◽  
Web Application ◽  
Cyber Attacks ◽  
Context Aware ◽  
Security Model ◽  
Term Evolution ◽  
Public Keys ◽  
Network Topologies ◽  
The Right

In the world of wireless communication, heterogeneous network topologies such as Wi-Fi and Long-Term Evolution (LTE) the topologies authentication service delivery forms a major challenge with access control; which is sought to be addressed. In this paper, we propose a security model by adapting Capability-based Context Aware Access Control (CCAAC) model for internet-enabled devices for defense against hacking or unauthorized access. The steps applied during the programming of this web application was followed through using the Elliptic-Curve Diffie–Hellman (ECCDH) algorithm so that the initiation of a random prime number between a range, the encryption and exchange of the devices public keys to the decryption are interpreted the right way to the machine making use of it. The results established a security model that has a good chance of being effective against present cyber-attacks other security loopholes.

scholarly journals RBAC+: Protecting Web Databases With Access Control Mechanism

2012 ◽  
Vol 2 (1) ◽  
pp. 24-30
Author(s):  
Archna Arudkar ◽  
Vimla Jethani
Keyword(s):  
Control System ◽  
Access Control ◽  
Web Application ◽  
Internet Security ◽  
End User ◽  
User Requirement ◽  
Web Databases ◽  
Database Server ◽  
Access Control System ◽  
Application Aware

With the wide adoption of Internet, security of web database is a key issue. In web-based applications, due to the use of n-tier architecture, the database server has no knowledge of the web application user and hence all authorization decisions are based upon execution of specific web application. Application server has full access privileges to delegate to the end user based upon the user requirement. The identity of the end user is hidden , subsequently database server fails to assign proper authorizations to the end user. Hence, current approaches to access control on databases do not fit for web databases because they are mostly based on individual user identities. To fill this security gap, the definition of application aware access control system is needed. In this paper, RBAC+ Model, an extension of NIST RBAC provides a application aware access control system to prevent attacks with the notion of application, application profile and sub-application session.

Managing Security in the World Wide Web

2011 ◽  
pp. 106-139 ◽  
Author(s):  
Fredj Dridi ◽  
Gustaf Neumann
Keyword(s):  
World Wide Web ◽  
Access Control ◽  
World Wide ◽  
New Technologies ◽  
Web Security ◽  
Internet Security ◽  
The Internet ◽  
Security Attacks ◽  
The World ◽  
Role Based

Advances in the World Wide Web technology have resulted in the proliferation of significant collaborative applications in commercial environments. However, the World Wide Web as a distributed system, which introduces new technologies (like Java applets and ActiveX) and uses a vulnerable communication infrastructure (the Internet), is subject to various security attacks. These security attacks violate the confidentiality, integrity, and availability of Web resources. To achieve a certain degree of Web security and security management, different protocols and techniques have been proposed and implemented. This is still a hot topic in the current research area and still requires more ambitious efforts. We give an overview of the Internet security issues with special emphasis on the Web security. We describe an architecture built up by the means of security services to shield against these threats and to achieve information security for networked systems like the WWW. We focus on the authentication and access control services (like role-based access control) and their administration aspects. We discuss several elementary techniques and Internet standards which provide state-of-the-art of Web security.

Spring Framework for Testing

2020 ◽  
Author(s):  
Darshak Mota ◽  
Neel Zadafiya ◽  
Jinan Fiaidhi
Keyword(s):  
Web Application ◽  
Application Development ◽  
Spring Framework ◽  
Java Application ◽  
Development Framework ◽  
Development Life Cycle ◽  
Form Model ◽  
Project Structure ◽  
Model View ◽  
The Web

Java Spring is an application development framework for enterprise Java. It is an open source platform which is used to develop robust Java application easily. Spring can also be performed using MVC structure. The MVC architecture is based on Model View and Controller techniques, where the project structure or code is divided into three parts or sections which helps to categorize the code files and other files in an organized form. Model, View and Controller code are interrelated and often passes and fetches information from each other without having to put all code in a single file which can make testing the program easy. Testing the application while and after development is an integral part of the Software Development Life Cycle (SDLC). Different techniques have been used to test the web application which is developed using Java Spring MVC architecture. And compares the results among all the three different techniques used to test the web application.

scholarly journals Modeling advanced security aspects of key exchange and secure channel protocols

2020 ◽  
Vol 62 (5-6) ◽  
pp. 287-293
Author(s):  
Felix Günther
Keyword(s):  
Building Blocks ◽  
Key Exchange ◽  
Internet Security ◽  
Streaming Data ◽  
Transport Layer ◽  
Security Model ◽  
Secret Key ◽  
Multi Stage ◽  
Key Exchange Protocols ◽  
Secure Channel

AbstractSecure connections are at the heart of today’s Internet infrastructure, protecting the confidentiality, authenticity, and integrity of communication. Achieving these security goals is the responsibility of cryptographic schemes, more specifically two main building blocks of secure connections. First, a key exchange protocol is run to establish a shared secret key between two parties over a, potentially, insecure connection. Then, a secure channel protocol uses that shared key to securely transport the actual data to be exchanged. While security notions for classical designs of these components are well-established, recently developed and standardized major Internet security protocols like Google’s QUIC protocol and the Transport Layer Security (TLS) protocol version 1.3 introduce novel features for which supporting security theory is lacking.In my dissertation [20], which this article summarizes, I studied these novel and advanced design aspects, introducing enhanced security models and analyzing the security of deployed protocols. For key exchange protocols, my thesis introduces a new model for multi-stage key exchange to capture that recent designs for secure connections establish several cryptographic keys for various purposes and with differing levels of security. It further introduces a formalism for key confirmation, reflecting a long-established practical design criteria which however was lacking a comprehensive formal treatment so far. For secure channels, my thesis captures the cryptographic subtleties of streaming data transmission through a revised security model and approaches novel concepts to frequently update key material for enhanced security through a multi-key channel notion. These models are then applied to study (and confirm) the security of the QUIC and TLS 1.3 protocol designs.

Sign in / Sign up

Export Citation Format

Share Document