Intent-based extensible real-time PHP supervision framework
Date
2016
Authors
Prokhorenko, V.
Choo, K.
Ashman, H.
Editors
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Journal article
Citation
IEEE Transactions on Information Forensics and Security, 2016; 11(10):2215-2226
Statement of Responsibility
Victor Prokhorenko, Kim-Kwang Raymond Choo and Helen Ashman
Conference Name
Abstract
Protecting Web applications is increasingly important due to their high popularity and wide adoption. Therefore, a multitude of protection techniques emerged in effort to secure Web applications, specifically considering valuable and private data commonly processed by such applications. Based on an overview of currently existing protection techniques, a generic and extensible PHP-oriented protection framework is proposed. The concept of application developer intent is introduced and compared with other concepts such as enforced security policies commonly used in existing protection approaches. The proposed framework is mainly focused on application developer intention understanding. Supervising the application execution in real-time makes it possible to detect deviations from the intended behavior and prevent potentially malicious activity. The additional aspects of application behavior, such as database-related communications or generated Web page structure, can be analyzed due to the extensible architecture of the framework.
School/Discipline
Dissertation Note
Provenance
Description
Access Status
Rights
© 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.