IEEE 2009-J2EE

Advance Computing Conference

COMBINATORIAL APPROACH FOR PREVENTING SQL INJECTION ATTACKS

A combinatorial approach for protecting Web applications against SQL injection is discussed in this paper, which is a novel idea of incorporating the uniqueness of Signature based method and auditing method. The major issue of web application security is the SQL Injection, which can give the attackers unrestricted access to the database that underlie Web applications and has become increasingly frequent and serious. From signature based method standpoint of view, it presents a detection mode for SQL injection using pair wise sequence alignment of amino acid code formulated from web application form parameter sent via web server. On the other hand from the Auditing based method standpoint of view, it analyzes the transaction to find out the malicious access. In signature based method It uses an approach called Hirschberg algorithm, it is a divide and conquer approach to reduce the time and space complexity. This system was able to stop all of the successful attacks and did not generate any false positives.

PARALLEL AND DISTRIBUTED SYSTEMS

A FAITHFUL DISTRIBUTED MECHANISM FOR SHARING THE COST OF MULTICAST TRANSMISSIONS

The problem of sharing the cost of multicast transmissions was studied in the past, and two mechanisms, Marginal Cost (MC) and Shapley Value (SH), were proposed to solve it. Although both of them are strategy proof mechanisms, the distributed protocols implementing them are susceptible to manipulation by autonomous nodes. We propose a distributed Shapley Value mechanism in which the participating nodes do not have incentives to deviate from the mechanism specifications. We show that the proposed mechanism is a faithful implementation of the Shapley Value mechanism. We experimentally investigate the performance of the existing and the proposed cost-sharing mechanisms by implementing and deploying them on PlanetLab. We compare the execution time of MC and SH mechanisms for the Tamper-Proof and Autonomous Node models. We also study the convergence and scalability of the mechanisms by varying the number of nodes and the number of users per node. We show that the MC mechanisms generate a smaller revenue compared to the SH mechanisms, and thus, they are not attractive to the content provider. We also show that increasing the number of users per node is beneficial for the systems implementing the SH mechanisms from both computational and economic perspectives.

SOFTWARE ENGINEERING

ATOMICITY ANALYSIS OF SERVICE COMPOSITION ACROSS ORGANIZATIONS

Atomicity is a highly desirable property for achieving application consistency in service compositions. To achieve atomicity, a service composition should satisfy the atomicity sphere, a structural criterion for the backend processes of involved services. Existing analysis techniques for the atomicity sphere generally assume complete knowledge of all involved backend processes. Such an assumption is invalid when some service providers do not release all details of their backend processes to service consumers outside the organizations. To address this problem, we propose a process algebraic framework to publish atomicity-equivalent public views from the backend processes. These public views extract relevant task properties and reveal only partial process details that service providers need to expose. Our framework enables the analysis of the atomicity sphere for service compositions using these public views instead of their backend processes. This allows service consumers to choose suitable services such that their composition satisfies the atomicity sphere without disclosing the details of their backend processes. Based on the theoretical result, we present algorithms to construct atomicity-equivalent public views and to analyze the atomicity sphere for a service composition. Two case studies from the supply chain and insurance domains are given to evaluate our proposal and demonstrate the applicability of our approach.

COMPUTERS

COLLUSIVE PIRACY PREVENTION IN P2P CONTENT DELIVERY NETWORKS

Collusive piracy is the main source of intellectual property violations within the boundary of a P2P network. Paid clients (colluders) may illegally share copyrighted content files with unpaid clients (pirates). Such online piracy has hindered the use of open P2P networks for commercial content delivery. We propose a proactive content poisoning scheme to stop colluders and pirates from alleged copyright infringements in P2P file sharing. The basic idea is to detect pirates timely with identity-based signatures and time stamped tokens. The scheme stops collusive piracy without hurting legitimate P2P clients by targeting poisoning on detected violators, exclusively. We developed a new peer authorization protocol (PAP) to distinguish pirates from legitimate clients. Detected pirates will receive poisoned chunks in their repeated attempts. Pirates are thus severely penalized with no chance to download successfully in tolerable time. Based on simulation results, we find 99.9 percent prevention rate in Gnutella, KaZaA, and Freenet. We achieved 85-
98 percent prevention rate on eMule, eDonkey, Morpheus, etc. The scheme is shown less effective in protecting some poison-resilient networks like BitTorrent and Azureus. Our work opens up the low-cost P2P technology for copyrighted content delivery. The advantage lies mainly in minimum delivery cost, higher content availability, and copyright compliance in exploring P2P network resources