A NOVEL FRAMEWORK TO ALLEVIATE DISSEMINATION OF XSS WORMS IN ONLINE SOCIAL NETWORK (OSN) USING VIEW SEGREGATION

In this paper, we propose a client-server based framework that alleviates the dissemination of XSS worms from the OSN. The framework initially creates the views corresponding to retrieved request on the server-side. Such views indicate that which part of the generated web page on the server can be a...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Neural Network World Ročník 27; číslo 1; s. 5 - 25
Hlavní autoři: Chaudhary, Pooja, Gupta, B. B.
Médium: Journal Article
Jazyk:angličtina
Vydáno: Prague Institute of Information and Computer Technology 01.01.2017
Czech Technical University in Prague, Faculty of Transportation Sciences
Témata:
Acceptability
Access control
Applications programs
Client server computing
Java (programming language)
Network security
Neural networks
Platforms
Repositories
Segregations
Social networks
Cross-Site Scripting (XSS) worms
online social network security
URI links
ISSN:1210-0552, 2336-4335
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:In this paper, we propose a client-server based framework that alleviates the dissemination of XSS worms from the OSN. The framework initially creates the views corresponding to retrieved request on the server-side. Such views indicate that which part of the generated web page on the server can be accessed by user depending on the generated Access Control List (ACL). Secondly, JavaScript attack vectors are retrieved from the HTTP response by referring the blacklist repository of attack vectors. Finally, injection of sanitization primitives will be done on the client-side in place of extracted JavaScript attack vectors. The framework will perform the sanitization on such attack vectors strictly in a context-aware manner. The experimental testing of our framework has performed on the two platforms of open source OSN-based web applications. The observed detection rate of JavaScript attack vectors was effective and acceptable as compared to other existing XSS defensive methodologies. The proposed framework has optimized the method of auto-context-aware sanitization in contrast to other existing approaches and hence incurs a low and acceptable performance overhead.
Bibliografie:SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
ObjectType-Article-1
ObjectType-Feature-2
content type line 23
ISSN:1210-0552
2336-4335
DOI:10.14311/NNW.2017.27.001