ebook img

Security Enhanced Applications for Information Systems PDF

233 Pages·2012·10.771 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Security Enhanced Applications for Information Systems

SECURITY ENHANCED  APPLICATIONS FOR  INFORMATION SYSTEMS  Edited by Christos Kalloniatis SECURITY ENHANCED  APPLICATIONS FOR  INFORMATION SYSTEMS    Edited by Christos Kalloniatis Security Enhanced Applications for Information Systems Edited by Christos Kalloniatis Published by InTech Janeza Trdine 9, 51000 Rijeka, Croatia Copyright © 2012 InTech All chapters are Open Access distributed under the Creative Commons Attribution 3.0 license, which allows users to download, copy and build upon published articles even for commercial purposes, as long as the author and publisher are properly credited, which ensures maximum dissemination and a wider impact of our publications. After this work has been published by InTech, authors have the right to republish it, in whole or part, in any publication of which they are the author, and to make other personal use of the work. Any republication, referencing or personal use of the work must explicitly identify the original source. As for readers, this license allows users to download, copy and build upon published chapters even for commercial purposes, as long as the author and publisher are properly credited, which ensures maximum dissemination and a wider impact of our publications. Notice Statements and opinions expressed in the chapters are these of the individual contributors and not necessarily those of the editors or publisher. No responsibility is accepted for the accuracy of information contained in the published chapters. The publisher assumes no responsibility for any damage or injury to persons or property arising out of the use of any materials, instructions, methods or ideas contained in the book. Publishing Process Manager Romina Skomersic Technical Editor Teodora Smiljanic Cover Designer InTech Design Team First published May, 2012 Printed in Croatia A free online edition of this book is available at www.intechopen.com Additional hard copies can be obtained from [email protected] Security Enhanced Applications for Information Systems, Edited by Christos Kalloniatis p. cm. ISBN 978-953-51-0643-2 Contents   Preface IX Chapter 1 Web and Database Security 1 Jiping Xiong, Lifeng Xuan, Jian Zhao and Tao Huang Chapter 2 Cyber Security 19 Barry Lunt, Dale Rowe and Joseph Ekstrom Chapter 3 Development of an e-Learning Recommender System Using Discrete Choice Models and Bayesian Theory: A Pilot Case in the Shipping Industry 35 Amalia Polydoropoulou and Maria A. Lambrou Chapter 4 Intrusion Detection and Prevention in High Speed Network 53 Kuo Zhao and Liang Hu Chapter 5 Challenges in Building Trusted Information Systems 87 Serena Chan and Gregory N. Larsen Chapter 6 Construction of Effective Database System for Information Risk Mitigation 111 Kiyoshi Nagata Chapter 7 Quality Model – Master Plan and DNA of an Information System 131 Finne Auvo Chapter 8 Services for the Digital Citizen 151 Seppo Sirkemaa Chapter 9 The Requirements for the Legal Regulation of Commercial Relations in Cloud Computing 161 Ivan Pogarcic, Marko Pogarcic and Matej Pogarcic VI Contents Chapter 10 Developing a Theoretical Framework for the Adoption of Biometrics in M-Government Applications Using Grounded Theory 183 Thamer Alhussain and Steve Drew Chapter 11 Building Expert Profiles Models Applying Semantic Web Technologies 209 Valentina Janev and Sanja Vraneš Preface   One of the main challenges that modern Information Systems are dealing with is the  protection of security for both the external users that take advantage of the various  services offered as well as the stakeholders and internal users. Security is dealt in  every  level  of  system  development  from  the  analysis  stage  through  the  implementation  and  testing  stages.  In  every  stage  a  number  of  methods  and  techniques have been proposed trying to fulfill the basic security concerns namely  confidentiality, integrity and availability.  Nowadays the rapid development of new information infrastructures increases users’  dependability on Information Systems and this can lead to a vulnerable information  society based on insecure technologies. Indeed, more and more users access services  and electronically transmit information which is usually disseminated over insecure  networks  and  processed  by  websites  and  databases,  which  lack  proper  security  protection mechanisms and tools. This may have an impact on both the users’ trust as  well as the reputation of the system’s stakeholders. Designing and implementing  security enhanced systems is of vital importance.  Therefore,  this  book  aims  to  present  a  number  of  innovative  security  enhanced  applications, it is titled “Security Enhanced Applications for Information Systems” and  includes 11 chapters. This book is a quality guide for teaching purposes as well as for  young  researchers  since  it  presents  leading  innovative  contributions  on  security  enhanced applications on various Information Systems. It involves cases based on the  standalone, network and Cloud environments.  Christos Kalloniatis  Department of Cultural Technology and Communication,   University of the Aegean,   Greece 1 Web and Database Security Jiping Xiong, Lifeng Xuan, Jian Zhao and Tao Huang Zhejiang Normal University, China 1. Introduction In recent years, with the frequent occurrence of security incidents, enterprises and organizations have now realized the importance of designing a safety information system. Today, information systems are heavily relied on web and database technologies, thus the risks and threats those technologies faced will also affect the security of information systems. Web and database security technologies can ensure the confidentiality, integrity and usability of data in information system, and can effectively protect the security and reliability of information system. Therefore, in order to better secure the information systems, we need to learn Web and database security-related knowledge. This chapter covers extensively practical and useful knowledge of web and database security. This chapter can be divided into three parts: advanced security threats, the principles of safety design and safety audit; Advanced security threats section contains cross-site scripting (XSS) attacks, AJAX and SQL injection attacks and other security threats, which will be presented in detail; the principles of safe design section describe the general safety design principles to help design information systems security; last section describes the manual and automatically audit methods, and general security audit framework to help readers to understand more clearly. 2. Advanced security threats 2.1 Web security threats 2.1.1 AJAX security As Web applications become increasingly complex, it is required for the performance of Web services is also increasing. AJAX (Asynchronous JavaScript and XML) (Garrett, 2005) technology is mainstream technology of Web2.0 that enables the browser to provide users with more natural browsing experience. With asynchronous communication, user can submit, wait and refresh mode freely, update partial page dynamically. So it allows users to have a smooth experience similar in desktop applications. However, a variety of Web applications has brought us countless convenience, produced a series of security problems. When the introduction of AJAX technology, because of its inability to solve the security problems, the traditional Web security problems still exist, along with elements of the composition and structure of AJAX features, will lead to new

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.