Model-based system architecture for preventing XPath injection in database-centric web services environment
Web services have become a powerful interface for back-end database systems. It is a self-describing component that can be used by other applications in a platform-independent manner. However, along the benefit of Web services, comes a serious risk of security breaches. Most web services are deploye...
| Main Authors: | , , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
IEEE
2012
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/47685/ http://psasir.upm.edu.my/id/eprint/47685/2/Model-based%20system%20architecture%20for%20preventing%20XPath%20injection%20in%20database-centric%20web%20services%20environment.pdf |
| _version_ | 1848850878541332480 |
|---|---|
| author | Asmawi, Aziah Affendey, Lilly Suriani Udzir, Nur Izura Mahmod, Ramlan |
| author_facet | Asmawi, Aziah Affendey, Lilly Suriani Udzir, Nur Izura Mahmod, Ramlan |
| author_sort | Asmawi, Aziah |
| building | UPM Institutional Repository |
| collection | Online Access |
| description | Web services have become a powerful interface for back-end database systems. It is a self-describing component that can be used by other applications in a platform-independent manner. However, along the benefit of Web services, comes a serious risk of security breaches. Most web services are deployed with security flaws and these vulnerabilities make them exposed to XPath (XML Path Language) injection. This kind of attack can cause serious damage to the database at the backend of web services. This paper proposes a system architecture for prevention mechanism against XPath injection attacks within web services. The prevention mechanism employs the model-based approach to detect malicious queries and prevent them before they are executed on the web services backend database. This approach uses runtime monitoring to check on the dynamically-generated queries and compares them against the statistically-built model. |
| first_indexed | 2025-11-15T10:13:17Z |
| format | Conference or Workshop Item |
| id | upm-47685 |
| institution | Universiti Putra Malaysia |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-15T10:13:17Z |
| publishDate | 2012 |
| publisher | IEEE |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | upm-476852016-07-14T04:40:18Z http://psasir.upm.edu.my/id/eprint/47685/ Model-based system architecture for preventing XPath injection in database-centric web services environment Asmawi, Aziah Affendey, Lilly Suriani Udzir, Nur Izura Mahmod, Ramlan Web services have become a powerful interface for back-end database systems. It is a self-describing component that can be used by other applications in a platform-independent manner. However, along the benefit of Web services, comes a serious risk of security breaches. Most web services are deployed with security flaws and these vulnerabilities make them exposed to XPath (XML Path Language) injection. This kind of attack can cause serious damage to the database at the backend of web services. This paper proposes a system architecture for prevention mechanism against XPath injection attacks within web services. The prevention mechanism employs the model-based approach to detect malicious queries and prevent them before they are executed on the web services backend database. This approach uses runtime monitoring to check on the dynamically-generated queries and compares them against the statistically-built model. IEEE 2012 Conference or Workshop Item PeerReviewed application/pdf en http://psasir.upm.edu.my/id/eprint/47685/2/Model-based%20system%20architecture%20for%20preventing%20XPath%20injection%20in%20database-centric%20web%20services%20environment.pdf Asmawi, Aziah and Affendey, Lilly Suriani and Udzir, Nur Izura and Mahmod, Ramlan (2012) Model-based system architecture for preventing XPath injection in database-centric web services environment. In: 7th International Conference on Computing and Convergence Technology (ICCCT 2012), 3-5 Dec. 2012, Seoul, Korea. (pp. 621-625). http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6530409&queryText=universiti%20putra%20malaysia&pageNumber=3&newsearch=true |
| spellingShingle | Asmawi, Aziah Affendey, Lilly Suriani Udzir, Nur Izura Mahmod, Ramlan Model-based system architecture for preventing XPath injection in database-centric web services environment |
| title | Model-based system architecture for preventing XPath injection in database-centric web services environment |
| title_full | Model-based system architecture for preventing XPath injection in database-centric web services environment |
| title_fullStr | Model-based system architecture for preventing XPath injection in database-centric web services environment |
| title_full_unstemmed | Model-based system architecture for preventing XPath injection in database-centric web services environment |
| title_short | Model-based system architecture for preventing XPath injection in database-centric web services environment |
| title_sort | model-based system architecture for preventing xpath injection in database-centric web services environment |
| url | http://psasir.upm.edu.my/id/eprint/47685/ http://psasir.upm.edu.my/id/eprint/47685/ http://psasir.upm.edu.my/id/eprint/47685/2/Model-based%20system%20architecture%20for%20preventing%20XPath%20injection%20in%20database-centric%20web%20services%20environment.pdf |