Aljawarneh, Shadi (2008) An investigation into server-side static and dynamic web content survivability using a web content verification and recovery (WVCR) system. Doctoral thesis, Northumbria University.
|
PDF (PhD thesis)
aljawarneh.shadi_phd.pdf Download (11MB) | Preview |
Abstract
A malicious web content manipulation software can be used to tamper with any type of web content (e.g., text, images, video, audio and objects), and as a result, organisations are vulnerable to data loss. In addition, several security incident reports from emergency response teams such as CERT and AusCERT clearly demonstrate that the available security mechanisms have not made system break-ins impossible. Therefore, ensuring web content integrity against unauthorised tampering has become a major issue. This thesis investigates the survivability of server-side static and dynamic web content using the Web Content Verification and Recovery (WCVR) system. We have developed a novel security system architecture which provides mechanisms to address known security issues such as violation of data integrity that arise in tampering attacks. We propose a real-time web security framework consisting of a number of components that can be used to verify the server-side static and dynamic web content, and to recover the original web content if the requested web content has been compromised. A conceptual model to extract the client interaction elements, and a strategy to utilise the hashing performance have been formulated in this research work. A prototype of the solution has been implemented and experimental studies have been carried out to address the security and the performance objectives. The results indicate that the WCVR system can provide a tamper detection, and recovery to server-side static and dynamic web content. We have also shown that overhead for the verification and recovery processes are relatively low and the WCVR system can efficiently and correctly determine if the web content has been tampered with.
Item Type: | Thesis (Doctoral) |
---|---|
Uncontrolled Keywords: | Integrity, Internet-Security measures |
Subjects: | G400 Computer Science |
Department: | Faculties > Engineering and Environment > Computer and Information Sciences University Services > Graduate School > Doctor of Philosophy |
Related URLs: | |
Depositing User: | EPrint Services |
Date Deposited: | 22 Mar 2010 09:41 |
Last Modified: | 17 Dec 2023 13:33 |
URI: | https://nrl.northumbria.ac.uk/id/eprint/1595 |
Downloads
Downloads per month over past year