Authors: J. P. Dubois, P. G. Jreije

Abstract:

In this paper, a framework is presented trying to make the most secure web system out of the available generic and web security technology which can be used as a guideline for organizations building their web sites. The framework is designed to provide necessary security services, to address the known security threats, and to provide some cover to other security problems especially unknown threats. The requirements for the design are discussed which guided us to the design of secure web system. The designed security framework is then simulated and various quality of service (QoS) metrics are calculated to measure the performance of this system.

Keywords: Web Security, Internet Voting, Firewall, QoS, Latency, Utilization, Throughput.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1072994

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1298

References:

[1] Netcraft, "Netcraft Web Server Survey," 2005. Available http://www.netcraft.com/survey
[2] D. Hanson, "ARIS Top Ten 2005 Threats," Security Focus, 2005. Available http://www.securityfocus.com/corporate/research.
[3] R. Power, "CSI/FBI Computer Crime and Security Survey," Computer Security Issues & Trends, vol. 8, no.1, 2002.
[4] AusCERT, "Australian Computer Crime and Security Survey," 2002. Available http://www.auscert.org.au.
[5] Microsoft, "E-Commerce Security," 2000. Available microsoft.com/technet/itsolutions/ecommerce/maintain/operate/ecomsec. asp
[6] L. Ganci, "Firewall and Network Configuration," Websphere Commerce V5.4 Handbook, Architecture and Integration Guide, Appendix A, IBM Redbooks, 2002, p. 790.
[7] Oracle, "Deploying CRM Applications on the ECO Structure Architecture," 2001. Available http://www.eecostructure.com/crmwp.pdf
[8] R. Zalenski, "Firewall Technologies," IEEE Potentials, vol. 21, no. 1, 2002, pp. 24-29.
[9] AusCERT, Windows NT Configuration Guidelines, 2002. Available http://www.auscert.org.au/render.html?it=1970&cid=1920.
[10] AusCERT, UNIX Security Checklist, v2.0, 2001. Available http://www.auscert.org.au/render.html?it=1935&cid=1920.
[11] R. Sandhu and S. Samarati, "Authentication, Access Control, and Audit," ACM Computing Surveys, vol. 28, no. 1, 1996, pp. 241-243.
[12] J. Ellis and T. Speed, The Internet Security Guidebook: from Planning to Deployment. San Diego: Academic Press, 2001.
[13] R. Duncan, "An Overview of Different Authentication Methods and Protocols", 2001, unpublished. Available http://rr.sans.org/authentic/overview.php
[14] E. Spafford, "Observing Reusable Password Choices," UNIX Security Symposium III Proceedings, 1992.
[15] J. Franks, "RFC-2617 HTTP Authentication: Basic and Digest Access Authentication," 1999, unpublished.
[16] K. Fu, "Dos and Don'ts of Client Authentication on the Web," Proceedings of the 10th USENIX Security Symposium, 2001.
[17] S. Hada and H. Maruyama, "Session Authentication Protocol for Web Services," Proceedings Symposium on Applications and the Internet Workshops, Nara, Japan, 2002.
[18] T. Verschure, "Smart Access: Strong Authentication on the Web, Computer Networks and ISDN Systems, vol. 30, 1998, pp. 1511-1519.
[19] J. Joshi, "Security Models for Web-Based Applications," Communications of the ACM, vol. 44, no.2, 2001, pp. 38-44.
[20] J. Park, R. Sandhu, and A. Joon, "Role-Based Access Control on the Web," ACM Transactions on Information and Systems Security, vol. 4, no. 1, 2001, pp. 37-71.
[21] Publications and Web Services OWASP, A Guide to Building Secure Web Applications, 2001. Available http://www.owasp.org/
[22] R. Peteanu, Best Practices for Secure Development, 2001. Available http://members.rogers.com/razvan.peteanu