Title :
Model-based system architecture for preventing XPath injection in database-centric web services environment
Author :
Asmawi, A. ; Affendey, Lilly Suriani ; Udzir, Nur Izura ; Mahmod, Ramlan
Author_Institution :
Fac. of Comput. Sci. & Inf. Technol., Univ. Putra Malaysia, Serdang, Malaysia
Abstract :
Web services have become a powerful interface for back-end database systems. It is a self-describing component that can be used by other applications in a platform-independent manner. However, along the benefit of Web services, comes a serious risk of security breaches. Most web services are deployed with security flaws and these vulnerabilities make them exposed to XPath (XML Path Language) injection. This kind of attack can cause serious damage to the database at the backend of web services. This paper proposes a system architecture for prevention mechanism against XPath injection attacks within web services. The prevention mechanism employs the model-based approach to detect malicious queries and prevent them before they are executed on the web services backend database. This approach uses runtime monitoring to check on the dynamically-generated queries and compares them against the statistically-built model.
Keywords :
Web services; XML; database management systems; finite automata; open systems; program diagnostics; query processing; security of data; software architecture; Internet interoperation; XML path language injection; XPath injection attacks; XPath injection prevention; back-end database systems; database-centric Web services environment; malicious query detection; model-based system architecture; nondeterministic finite automata; prevention mechanism; security breaches; security flaws; static analysis; Web services; XPath injection; database security; non-deterministic finite automata; static analysis; stored procedures;
Conference_Titel :
Computing and Convergence Technology (ICCCT), 2012 7th International Conference on
Conference_Location :
Seoul
Print_ISBN :
978-1-4673-0894-6
