A NOVEL FRAMEWORK TO ALLEVIATE DISSEMINATION OF XSS WORMS IN ONLINE SOCIAL NETWORK (OSN) USING VIEW SEGREGATION

In this paper, we propose a client-server based framework that alleviates the dissemination of XSS worms from the OSN. The framework initially creates the views corresponding to retrieved request on the server-side. Such views indicate that which part of the generated web page on the server can be a...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Neural Network World Jg. 27; H. 1; S. 5 - 25
Hauptverfasser: Chaudhary, Pooja, Gupta, B. B.
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Prague Institute of Information and Computer Technology 01.01.2017
Czech Technical University in Prague, Faculty of Transportation Sciences
Schlagworte:
Acceptability
Access control
Applications programs
Client server computing
Java (programming language)
Network security
Neural networks
Platforms
Repositories
Segregations
Social networks
Cross-Site Scripting (XSS) worms
online social network security
URI links
ISSN:1210-0552, 2336-4335
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper, we propose a client-server based framework that alleviates the dissemination of XSS worms from the OSN. The framework initially creates the views corresponding to retrieved request on the server-side. Such views indicate that which part of the generated web page on the server can be accessed by user depending on the generated Access Control List (ACL). Secondly, JavaScript attack vectors are retrieved from the HTTP response by referring the blacklist repository of attack vectors. Finally, injection of sanitization primitives will be done on the client-side in place of extracted JavaScript attack vectors. The framework will perform the sanitization on such attack vectors strictly in a context-aware manner. The experimental testing of our framework has performed on the two platforms of open source OSN-based web applications. The observed detection rate of JavaScript attack vectors was effective and acceptable as compared to other existing XSS defensive methodologies. The proposed framework has optimized the method of auto-context-aware sanitization in contrast to other existing approaches and hence incurs a low and acceptable performance overhead.
Bibliographie:SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
ObjectType-Article-1
ObjectType-Feature-2
content type line 23
ISSN:1210-0552
2336-4335
DOI:10.14311/NNW.2017.27.001