CYBER TIMES INTERNATIONAL JOUjournal.cybertimes.in/sites/default/files/journal/vol5.pdf · reduce leaks. Terms like navigation, navigational structures, usability, complexity and

ISSN: 2278-7518®

®

Cyber Times International Journal of Technology & Management

Vol. 5, No.1, October 2011 – March 2012

ISSN: 2278-7518

Editor-in-Chief Anup Girdhar Editorial Office & Administrative Address: The Editor, 310 Suneja Tower-II, District Centre, Janak Puri, New Delhi-110058. Ph: 011-25595729, +91-9312903095 Website: www.cybertimes.in Email: [email protected]

EDITORIAL ADVISORY BOARD

Dr. Sushila Madan

Dr. A.K. Saini

Mukul Girdhar

EXECUTIVE EDITORS

Ms. Kanika Trehan

Mr. Rakesh Laxman Patil

Cyber Times International Journal of Technology & Management, Bi-Annually, Vol.5, Issue No.1, has been Published, Printed and Edited by Anup Girdhar, on behalf of Cyber Times, at 310 Suneja Tower-II, District Centre, Janak Puri, New Delhi-110058.

From the Editor’s Desk

At the outset, I take this opportunity to thank all the contributors and readers for making “Cyber Times – International Journal of Technology & Management” an outstanding success. The response that we have received from the Researchers, Authors, and Industry Professionals for sending their research-based articles for publication and from the readers is duly acknowledged across the globe.

We are pleased to present the Volume 5th, Issue No.1, of our International Journal. This issue incorporates the following Articles/Research Papers mentioned as below;

Analysis And Security Testing of Websites Using P3R2 Model……………..………01 Er. Rajiv Chopra and Dr. Sushila Madan

A survey on Issues Related with Data Security in Cloud computing………….……19 Dinesh C. Verma and A.K.Mohapatra

Categorical Classification of Trust Factors in E-Commerce ………………………..28 Baljeet kaur and Dr. Sushila Madan

Obviating Code Injection Attacks Through Preventive Framework ...……………..39 Supriya Madan and Dr. Sushila Madan

I am sure that this issue will generate different aspects of Technology & Management and also create immense interest amongst Academicians, Research Scholars, Corporate Practitioners, Policy Makers, and Students.

We look forward to receive your valuable comments and future contributions to make this journal a joint endeavor.

With Warm Regards,

Editor-in-Chief

General Information

“Cyber Times International Journal of Technology & Management” is published bi-annually. All editorial and administrative correspondence for publication should be addressed to the Editor, Cyber Times, 310 Suneja Tower-II, District Centre, Janak Puri, New Delhi-110058.

The Abstracts received for the final publication are screened by the Evaluation Committee for approval and only the selected Papers/ Abstracts will be published in each edition. Further information is available in the “Guidelines for paper Submission” section.

Annual Subscription details for obtaining the journal are provided separately and the interested persons may avail the same accordingly after filling the Annual subscription form.

Views and information expressed in the Research Papers or Articles are those of the respective authors. “Cyber Times International Journal of Technology & Management”, its Editorial Board, Editor and Publisher (Cyber Times) disclaim the Responsibility and Liability for any statement of fact or option made by the contributors. The content of the papers are written by their respective authors. The originality and authenticity of the papers and the explanation of information and views expressed therein are the sole responsibility of the authors. However, effort is made to acknowledge source material relied upon or referred to, however; “Cyber Times International Journal of Technology & Management” does not accept any responsibility for any unintentional mistakes & errors.

This journal is meant for education, reference and learning purposes. The author(s) of this of the book has/have taken all reasonable care to ensure that the contents of the book do not violate any existing copyright or other intellectual property rights of any person/ company/ institution in any manner whatsoever. In the event the author(s) has/have been unable to track any source and if any copyright has been inadvertently infringed, please notify the publisher in writing for the corrective action.

Copyright © “Cyber Times International Journal of Technology & Management”. All rights reserved. No part of this journal may be reproduced, republished, stored, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior permission of the publisher in writing. Any person who does any unauthorized act in relation to this journal publication may be liable to criminal prosecution and civil claims for damages.

Other Publications:

Cyber Times Newspaper (English) – RNI No: DELENG/2008/25470 Cyber Times Newspaper (Hindi) – RNI No. DELHIN/1999/00462

Printed & Published by: Anup Girdhar

310 Suneja Tower-II, District Centre, Janak Puri, New Delhi-110058

Printed at: Cyber Times

310 Suneja Tower-II, District Centre, Janak Puri, New Delhi-110058


Vol.5 No.1, October 2011 – March 2012

1

ANALYSIS AND SECURITY TESTING OF WEBSITES

USING P3R2 MODEL By

Er. Rajiv Chopra1 Dr. Sushila Madan2

1Assistant Professor 2Associate Professor Department of CSE/IT Department of Computer Science Guru Teg Bahadur Institute of Technology LSR COLLEGE, University of Delhi Delhi. Delhi.

ABSTRACT Cyber espionage has increased dramatically over the last few years at the government, corporate and individual levels. The cyberspace has become the latest domain of belligerence. There is a crying need for a cohesive global arrangement to address the emerging issues of cyberspace. Apart from trying to cull out information on internet traffic and content usage, many are also trying to secure sensitive data. Even at the corporate level, such activities have increased. The primary target seems to be the data leaks and an access to monitor content. The rate of digital theft growth appears exponential. There are links between leaks and usability of websites. A more usable application will reduce leaks. Terms like navigation, navigational structures, usability, complexity and security are all inter-related. More complex web software will have a complex navigational structure, so poor usability and hence more security flaws. The need is to thoroughly test these websites .Various techniques of black-box, white-box and gray-box testing of websites have been proposed in the literature for extensive and thorough testing of websites. Still the errors escape out. This paper aims to analyze various security threats that are faced due to insufficient testing and proposes an alternative solution for thorough testing of websites. It also compares various web testing CASE tools and proposes a new P3R2 MODEL and a P3R2 tool to test websites more thoroughly.

KEYWORDS : Cyber Security Testing, CASE tools, Page-Test-Trees, Path Testing, Reusability.



2

1. INTRODUCTION AND ANALYSIS OF RECENT WEB THREATS

In recent years, cyber espionage has become the topic of primary discussion among security experts and software testers. The survey results carried out by M. Eric Johnson and Nicholas D. Willey of Dartmouth College shows that there were data leaks throughout the healthcare chain [1]. They found out that many recent security breaches weren’t break-ins but rather inadvertent data leaks. Even OWASP- Open Web Application Security Project [2] lists data leakage as one of the top ten web vulnerabilities. This vulnerability is not a technical security hole in operating system or server software but rather depends on the way a website is tested. Rate of digital theft growth appears exponential. Verizon’s data breach investigation report shows that three quarters of all data breaches aren’t discovered by the breached firm [4]. In December 2010, CBI’s website was hacked. More recent data from the NASA’s research shows that the attackers compromised the pages of NASA’s website. Pentagon (USA) receives 6 million hacking and security threats every year. About 60% of health organizations suffer a US $6 billion loss annually. A recent survey of European Internet users [3] says that they are concerned about the total loss by 2020. 10,000 people (approx.) in 12 European countries participated in an MSN online poll about “Internet’s Future”. The reports are as follows:

• 45% respondents were worried

about lack of online privacy, • 60% said that they were

concerned about business tracking everything on net,

• 52% predicted that Cyber Crime will continue to increase,

• 46% say that the world will become Internet-centric,

• 33% say that in next 9 years or so, all books, magazines, newspapers will disappear as the material is online available on websites.

A recent survey report as cited in IEEE journal, Privacy and Security, Dec. 2011 issue [4] summarizes the following losses in year 2010 alone:

• Total Internet crime loss = $560 million.

• Loss due to Phishing alone = $120 million/ quarter.

• Symantec reports = 65% users have spent 28 hrs. and $300 dealing with Cyber Crime.

• McAfee reports = $1 trillion global cost.

• UK government reports = $210 billion loss due to Cyber Crime.

• The Washington Post reports = $105 billion loss/year.

• Cyber Crime defense costs = $67 billion/ year.

• Tech Excess says government is spending $2 to $8 billion per year.

• Computing Research Association spends $79 billion to prevent Cyber Crimes.

• Deloitte reports that financial services companies spend 6 to 7% of their IT budget on security.



3

• Cloud vendors like Amazon, employ a much larger and more experienced Cyber-security staff.

• Moore suggests that laws requiring disclosure of security breaches have reduced the fraud rate.

• Verizon’s Data Breach Investigations Report showed that three quarters of all data breaches aren’t discovered by the breached firm.

Modern cyber security theory and practices must expand. However, perfect security is impossible to attain [4].

2. LITERATURE REVIEW This world has moved from Component-based Software Engineering (CBSE) to Object-Oriented Software Engineering (OOSE) and now to Web-based Software Engineering. But the need of automated tools for carrying out various tasks of SDLC has always been a deep desire for software professionals. Be it any phase of Software Development Life Cycle (SDLC), CASE tools are available. CASE stands for Computer Aided Software Engineering Tools that assist Software Engineers to automate various SDLC tasks. This paper aims to compare various tools that perform Web based basis path testing and proposes a new model for path based regression testing of websites. Many researchers have also developed their own tools and models that are available in the literature. Since this paper focuses on tools for path testing of websites hence we analyze various tools for path testing along with the other tools as follows:- SELENIUM TOOL Selenium was developed by Jason

Huggins at ThoughtWorks. It is open source software [11, 12] that is freely available on Internet. It is basically used for regression testing of websites. Selenium is set of different software tools each with a different approach to supporting test automation. Most Selenium QA Engineers focus on the one or two tools that most meet the needs of their project, however learning all the tools will give you many different options for approaching different test automation problems. The entire suite of tools results in a rich set of testing functions specifically geared to the needs of testing of web applications of all types. These operations are highly flexible, allowing many options for locating UI elements and comparing expected test results against actual application behavior. One of Selenium’s key features is the support for executing one’s tests on multiple browser platforms. It is compatible with all the leading browsers using web drivers.

LoadRunner TOOL

This tool, developed by Mercury [10], is used to measure end-to-end performance, diagnose application and system bottlenecks and tune for better performance. It supports a wide range of enterprise environments including Web services, j2ee and .net. It is an industry standard load testing solution. Its functionality is good. It is easy to learn tool. But it is not an open source tool.

WEBSCARAB TOOL It is a tool that is used for security testing of websites [11, 12]. It is an open source tool available freely on Internet. It offers many flexible and automatable features to record, generate, edit, store



4

and retrieve HTTP requests and responses, well as searching websites, visualize session ids and a few auxiliary functions for character encoding. It runs on Windows, Linux, MacOS or any other OS supporting Java. WATIR (RUBY) TOOL WatiR stands for Web Application Testing in Ruby. It is an open source tool [11, 12] for functional testing of web applications. It supports both visible and invisible running of test cases. It supports file uploads, saving images in a page, waits for page to be loaded and also supports capturing of screens. It has test script recording facility like all other tools but can’t record all of the actions that a user performs on a website. So many recorded scripts will require editing or further coding. TELERIK WEBAII TOOL Telerik [11, 12] is a leading vendor of development tools and has introduced Webaii testing framework to write functional tests for AJAX (Asynchronous JavaScript and XML) based applications. Its framework includes one consistent API (Application Programming Interface) that allows users to automate the user interface of web applications as part of regression testing. It does not support the applications that run under HTTPS (‘S’ stands for Secure). PartCover, FireBug, FindBugs Tools

All of these three are code coverage tools [11, 12] that basically perform three functions-

a) Identifying the dead code (functions not being called, untouched code).

b) Identifying missing test cases.

c) Function and line coverage.

PartCover tool is an open source tool used for unit testing. It has a command prompt option and generates report as xml. FireBug inspects HTML and modifies style and layout in real-time, accurately analyzes network usage and performance also. It is very quick in reporting errors in detail. FindBug is an open source tool that uses static analysis to look for bugs in java byte-code. It has been developed by The University of Maryland. It requires JDK 1.5.0 or later to run but will analyze programs compiled for any version. Its current version is FindBugs 1.3.9. But code coverage does not mean that the tests are good. There is no 100% code coverage. RETAST TOOL Dazhi Zhang, Wenhua Wang, Donggang Liu, Ye Lei and David Kung [5] reuse existing test cases for security testing of component based applications. They believe that most of the security vulnerabilities are included in the execution traces of existing test cases. They developed a RETAST tool using Java.

Although this tool effectively detects software vulnerabilities but its input is only a Java program. It doesn’t consider the web structures to do testing.

It doesn’t consider the socket initialization codes too. This tool cannot test websites as it never considers websites and web pages to test.



5

VERIWEB TOOL M. Benedikt [6] built a VeriWeb tool. It is a dynamic navigation test tool for testing web applications. It explores sequences of links in web applications (starting from a given URL) in form of a graph. But graphs are problematic as they contain cycles and thus our websites will grow unwieldy. PATHTESTER TOOL T.K. Wijayasiriwardhane, P.G. Wijayarathna and D. D. Karunarathna [7] have built a tool named as PathTester to automate the test cases generation process for performing basis path testing. This tool takes program flowchart as the input and converts it to its corresponding flowgraph. It has Test Case Generator module which is invoked for each path stored in the basis set data structure. But it has some limitations too. This tool is applicable for a program with a single entry and single exit points only. It does not consider website or its navigational structure at all. McCabeIQ TOOL McCabe [8] and his associates have developed another toolset named as McCabeIQ tool. This tool draws the flowgraph, finds its cyclomatic complexity and generates test paths too. But it doesn’t consider website testing as they are not able to establish whether this is applicable to websites or not.

ReWeb and TestWeb Tool Fillippo Ricca and Paolo Tonella [9] have developed ReWeb and TestWeb tools that perform their operations based on the abstraction of the web application. ReWeb uses UML to build this abstraction model. TestWeb uses path expressions to compute the testing path from this model. But the test paths and hence the test cases produced here are enormous. These models/tools don’t reduce the number of test paths and test cases. The following table-1 compares various CASE tools for website testing:-



6

TOOL NAME CATEGORY OF TESTING

OPEN SOURCE OR COMMERCIAL

APPLIED TO WEBSITES

FEATURES WEAKNESSES

1. ReWeb and TestWeb tool

Static and dynamic testing of web applications.

Paid Yes 1. Graph for expressing relationships among web pages is made by ReWeb tool. 2. tests are executed with TestWeb tool.

1. Many candidates of test cases get extracted. 2. Inside of a web page is not fully tested.

2. WebTest 1. Takes XML file having test specifications as input. 2. Test Engine reads this file and generates a test report as output.

Paid

Yes Test Report contains- number of test cases tested, time taken by each test case and result of each test case.

1. Input is an XML file. 2. large and complex websites cannot be dealt with.

3. Visual Test from Rational softwares.

Hyperlink Testing

Paid

Yes

1. Verifies syntax in HTML document. 2. Checks for hyperlink integrity.

Limited to hyperlink testing only.

4. Web Analyst from Softbridge Inc. 5. SunTest Suit From Sun Microsystems

Both test software paid Yes Applets and ActiveX Limited GUI Components like objects are mainly testing only. JAVA Applets and tested. ActiveX objects that are embedded in the web pages.

6. Visual Website management (Mercury Inter. Corp.

Visual Testing paid yes Justifies results GUI shown on web management Browser’s window only. by matching text patterns or pixel-level comparisons.



7

7. VeriWeb Navigation Testing paid yes It explores sequences graphs have Of links in web cycles. Applications using URL sequence Cannot Followed by handle users. Dynamically generated web pages.

8. Symbolic model verifier (SMV)

To check the correctness paid yes uses statechart statecharts Of navigational Model have limitations

9. TIVT (Tool for Input Validation Testing) by Hui Liu, Hee beng and Kaun Tan.

Input validation tool

Paid

No

Contains pathConstructor module that constructs the input paths through Control flow graph of a program

Not applied to web applications.

10. PathCrawler by Patricia Mony, Bruno Marre, Nicky Willaims.

Unit testing for C functions

Paid

No

1. Path testing method for structured C programs. 2. It is a structural test data generation tool for all-paths criterion.

1. Used only for the source code of called functions. 2. Lesser Coverage of source code. 3. Graph-based approach and graphs have cycles.

11. Mc CabeIQ Tool

Path testing tool

Paid (trial version available)

No Draws flowgraphs, finds cyclomatic complexity and test paths for the program under test.

Not yet applied to websites.

12. PathTester

Path testing tool

Paid

No

It takes flowchart as an input, converts it into corresponding flowgraph and generates test cases.

Not yet applied to websites.

13. RETAST tool

Security testing

Paid

No

Reuses existing test cases for testing java programs

1. No consideration of java- sockets initializations 2. Not yet used with web applications.



8

14. Selenium

Regression testing

Open source

Yes

1. Used for GUI testing. 2. Performs regression testing of websites.

Not useful for path testing.

15. LoadRunner

Load testing

Paid

Yes

Used for load testing of web applications

Costly software

16. WEBSCARAB

Security testing

Open source Yes 1. It offers many flexible and automatable features to record, generate, edit, store and retrieve HTTP requests and responses, well as searching websites, visualize session ids and a few auxiliary functions for character encoding. 2. It runs on Windows, Linux, MacOS or any other OS supporting Java.

17. WatiR(Ruby tool)

Functional testing of websites

Open source Yes 1. It supports both visible and invisible running of test cases. 2. It supports file uploads, saving images in a page, waits for page to be loaded and also supports capturing of screens. 3. It has test script recording facility like all other tools.

It can’t record all of the actions that a user performs on a website. So many recorded scripts will require editing or further coding.



9

18. WEBAII TOOL

Regression testing

Open source Yes 1. It supports testing of AJAX based applications. 2. Its framework includes one consistent API (Application Programming Interface) that allows users to automate the user interface of web applications as part of regression testing.

It does not support the applications that run under HTTPS (‘S’ stands for Secure).



10

19. PartCover, FireBug, FindBugs Tools

Code Coverage tools.

Open source Yes 1. PartCover tool is an open source tool used for unit testing. It has a command prompt option and generates report as xml. 2. FireBug inspects HTML and modifies style and layout in real-time, accurately analyzes network usage and performance also. It is very quick in reporting errors in detail. 3. FindBug is an open source tool that uses static analysis to look for bugs in java byte-code. It has been developed by The University of Maryland. It requires JDK 1.5.0 or later to run but will analyze programs compiled for any version. Its current version is FindBugs 1.3.9.

But code coverage does not mean that the tests are good. There is no 100% code coverage.



11

20. Abbot (SEGUE BORLAND)

GUI/ Functional testing tool

Free, open source No 1. Java GUI Test Framework of this tool helps to test the Java UI. 2. Users can also record actions directly into a script, which controls event playback and testing.

1. No comparison reports are generated. 2. No support for AJAX and .NET applications. 3. No test documentations, no test plans, no test scheduling and no automated periodic runs.

Table 1- Compares various web testing tools- both open source and paid tools

But none of the tools mentioned above relates the basis paths for –

a) Regression testing of websites. b) Reusability testing of websites. c) Reducing testing cost, time and

effort (manpower). These tools develop test paths, test cases and test suites but they don’t reuse the test paths for both black box and white box testing together. From the table -1, it is clear that none of the above mentioned tools are the best. One CASE tool is better in one dimension while lacks in another dimension. So, the CASE tools that are

available for website testing are not the silver bullet. Inspite of the fact that we use these CASE tools in our organizations, even then the errors escape out. The need is of a new tool/methodology to accomplish the objective of extensive testing of websites. Our paper proposes a new web security test P3R2 MODEL and hence an automated P3R2test tool support that improves website security, reduces testing costs, time and manpower by reusing test suites, generates test reports as per OWASP vulnerability report [2]:-



12

Figure 1: The P3R2 MODEL This model is explained in the following steps:- Step-1: Page Flow Diagram (PFD) for website-under-test is drawn. For any website, it is proposed to draw its web navigational structure which is essentially called as Page-Flow-Diagram (PFD) of that website. It may be drawn manually or with the help of CASE tool like VeriWeb. Each page is represented as a node and an edge represents a link between two or more pages [14]. But this control flow graph is not a strongly connected graph as there is no edge connecting exit node to the entry node. It becomes a strongly connected graph

only if a virtual edge (VE) is added that connects exit node to the entry node. For a strongly connected graph, the cyclomatic complexity is computed using formulas as follows:-

a) V (G) = e-n+1 ( e- number of

edges, n- number of nodes) b) V (G) = P +1 (P represents

predicate nodes, without degree as 2)

c) V (G) = Number of enclosed regions in the graph.

This cyclomatic complexity, V(G) is

a number that indicates the complexity of the program and hence the total number of paths to test. Both cyclomatic

2.PFD is converted into Page-Test-Tree

1.Page-Flow diagram (PFD) for WUT is

3.Paths for black box testing are derived from PTT

4.Reuse these paths for white box testing of websites

5.Reports are generated.



13

complexity and web security are inter-related. A higher value of V (G) means a complex website and hence lesser security [8].

Step-2: Page Flow Diagram (PFD) is converted to Page-Test-Tree (PTT). The Page Flow Diagram is then converted to its equivalent Page Test Tree (PTT). This step is mandatory as graphs contain cycles which makes traversing difficult. So, it is converted into Page Test Tree. In the tree form, each node represents a webpage and each edge represents a link between the web pages [14]. Trees overcome the problem of cycles. All-path strategy [14] covers all minimum number of paths.

Step-3: Paths (basis independent paths) are identified for black box testing. From the PTT, the basis, independent paths are obtained for black box testing of websites. These paths are minimized by removing those paths whose nodes have already been traversed in other paths. Since the paths are taken from root-link to tail-link so it is All-links-coverage strategy. Also, since all the nodes underlined and the corresponding edges pointing to them are removed from the tree, so we get the minimum number of test paths that cover all pages under consideration. This is All-pages-coverage strategy. It tests whether or not all pages can be accessed. Note that the

test paths of All-links-coverage pass the test paths of All-pages-coverage [14]. Step-4: Reuse these paths for white-box testing. These test paths are reused to test the source code at these nodes. Thus, same set of test paths are reused for white box testing of websites. Reusability has been in the roots of object-oriented analysis process too. Reusability is used by the web process models also like Spiral model by Dr. Berry Boehm and Rapid Application Development (RAD) model by IBM. The test paths so obtained in step-3 are reused here to test web source code at these specific nodes only. Thus, web structural testing is done at this step. Step-5: Reports (testing reports) are generated. Test cases, Test suites and hence Test Reports are finally generated, based on the test paths obtained in step-3 and step-4. Manual or Automated tool or the proposed P3R2 tool may be used here.

When a website becomes too complex, the need is to divide the website into smaller and more manageable sub websites. This is essentially a divide-and-conquer strategy. The P3R2 model may be recursively applied on the websites navigational structure if it is very complex site.



14

AUTOMATED P3R2 TOOL SUPPORT (BASED ON P3R2 MODEL)

Figure-2: Proposed Tool Architecture The approach cited in this paper is used to translate the web navigational structure model that may be generated from navigational tools ,like VeriWeb, into the Page-Flow-Diagram (PFD), convert PFD to page-Test-Tree (PTT), get paths (black box generated paths) and then reuse them for white box testing of websites. The proposed tool in figure-2 is used to verify the proposed P3R2 MODEL (figure-1) of website testing. The main objective of this paper is to delineate various web security threats, analyze various CASE tools used for website testing and to propose a new model and hence tools to path test the websites. The proposed work has many significant benefits. The proposed technique saves time, cost as the test cases and test suites

may be reused, newer test cases may be added or deleted as needed. A lot of manpower (effort) is also reduced as the test paths already available from Page Test Trees (during black box testing) are being reused again for white box testing.

3. CASE STUDY

Consider an example website to test. The navigational structure for this Website Under Test (WUT) is shown in Figure 3.1. This website has four web pages that are linked as shown in figure-3.1. Each arrow represents a link between the web pages and each node shows a web page. These pages have traversal costs/weights associated with them as a, b, c, d and e. We apply the proposed P3R2 MODEL to this web structure as follows-

P3R2 Model PFDs PTTs Navigational structure Trees

Test Criteria All-path-coverage Minimization of paths Basis Paths Source code checking

Test Generation Paths from PTT Reusing paths for WBT of websites Test case generation



15

b a

c

e d e d

Figure-3.1: Web Navigational Structure.

CASE tool like VeriWeb may be used to get this structure.

Step-1: Page Flow Diagram (PFD) for website-under-test is drawn.

a c d

b e

Figure- 3.2: Page Flow Diagram (PFD) of figure-3.1. Step-2: Page Flow Diagram (PFD) is converted to Page-Test-Tree using the algorithm in [14]. T1 and T2 represent two tables that store nodes during the

exploration process and node that has been explored respectively.

STEP FIRST (T1) SECOND (T2) COMMENTS

1 P1 Φ Start with P1

2 P2, P1 P1 P1 is explored

3 P3, P1 P1,P2 P2 is explored

4 P4,P3,P1 P1,P2,P3 P3 is explored

5 P3,P3,P1 P1,P2,P3,P4 P4 is explored

P1 (login.asp)

P2 (home.asp)

P3 (calc.asp)

P4 (logout.asp)

P1 P2 P3 P4



16

6 Φ P1,P2,P3,P4 Del P3 and P1 as they

are already in T2

Table 2- PFD to PTT conversion table The underlined pages are those that have already been traversed but are reached again while traversal of page-flow-diagrams. From Figure 3.2, it is observed that there are five (5) links. Hence, total number of steps required to convert PFD to its equivalent PTT are

(5+1) 6 steps as is evident from table-2 above. Step-3: Paths (basis independent paths) are identified for black box testing. It’s Page-Test-Tree is, thus, drawn as follows-

a

b c

d

e

Figure 3.3: PTT for figure-3.2

Therefore, its path expression is (acde) + b. In figure-3.3, there are 2 tail links and hence there are 2 test paths. The minimum numbers of paths to test are as follows:- Path-1: a-b Path-2: a-c-d-e

From figure-3.2, it is observed that this PFD is not a strongly connected graph but if a virtual edge (VE) is added from exit to source node then it becomes a strongly connected graph. That is,

P1

P2

P3

P4

P3

P1



17

a d R1 c R2

b e R3

virtual edge(VE)

Figure 3.4: Strongly connected graph But for strongly connected graph (as in figure-3.4), Cyclomatic Complexity, V (G), [13] is calculated by different methods:-

a) V(G) = e-n+1 = 6-4+1 = 2+1 = 3

b) V(G) = P +1 = 2+1=3 (P2 and P4 are predicate nodes, without degree as 2)

c) V(G) = Number of enclosed regions = 3

Therefore, V (G) = 3. This means that the website under test is simple. There are at least three paths in this tree that must be executed at least once in order to test this website thoroughly. These paths are independent paths and form a set of paths called as basis path set. Therefore, the three test paths are as follows- Path-1: a-c-d Path-2: a-c-d-e Path-3: a-c-d-e-VE

Path-4: a-b But path-1 is covered in paths 2 and 3. So, Path-1 is not desired as nodes a, c, and d are already covered in other paths. Hence, out of these 4, only 3 paths are necessary and sufficient to test WUT thoroughly. These paths are as follows:- Path-1: a-c-d-e Path-2: a-c-d-e-VE Path-3: a-b Now the source code can be tested at the specific nodes of these paths obtained above. This performs websites white-box testing too. These paths can be reused for white box (source-code based) testing. Test cases can be derived for both black box and white box testing without any need of performing white-box testing alone. This saves time, cost and lot of manpower. This combined approach tests websites extensively, more thoroughly and adequately which is the prime test criterion.

P1 P2 P3 P4



18

4. CONCLUSIONS Website path testing and hence security of websites can be further improved by the proposed P3R2 MODEL as well as the automated P3R2 TOOL to verify this model. We can thus reduce the testing time, cost and effort of testing websites using this model. Future directions involve developing code for P3R2 MODEL , using this tool for Ajax-based applications and generating test cases and test reports. REFERENCES [1] M. Eric Johnson and Nicholas D. Willey, “Usability Failures and Healthcare Data Hemorrhages”, IEEE Journal, March-April 2011. [2]www.owasp.org/documentation/topten.html [3] Lee Garber, “Cyberwarfare: Security and Privacy”, IEEE Journal September/October 2011. [4] “Living with Insecurity: Security and Privacy”, IEEE Journal September/October 2011. [5] Dazhi Zhang, Wenhua Wang, Donggang Liu, Yu Lei, David Kung, “Reusing Test Cases for Security Testing”, 19th International Symposium on Software Reliability Engineering, IEEE , 323-324(2008). [6] M. Benedikt, J. Freire and P. Godefroid, “VeriWeb: Automatically Testing Dynamic Websites”, Proceedings of 11th International

WWW Conference, Honolulu, HI, May (2002). [7] T.K. Wijayasiriwardhane, P.G. Wijayarathna and D. D. Karunarathna, “ An Automated Tool to Generate Test Cases for Performing Basis Path Testing”, The International Conference on Advances in ICT for Emerging Regions- IEEE, 95-101 (2011). [8] www.mccabe.com/ Path Insensitive Insecurity. [9] Fillippo Ricca and Paolo Tonella, “Analysis and Testing of Web Applications”, ITC-irst, Centro per la Ricerca Scientifica e technologica , Italy, IEEE (25-34) 2001. [10]www.mercury.com/us/products/quality-center/functional-testing/loadrunner/ [11] Rahul Shende, “Testing in 30+ Open Source Tools”, Shroff Publishers, First Edition, September 2010. [12] Rahul Shende, “Software Automation Testing Tools-for Beginners”, Shroff Publishers, First Edition, February 2012. [13] Zhang Zhonglin, Mei Lingxia, “An improved Method of Acquiring Basis Path for Software Testing”, 5th International Conference on Computer Science and Education, 2010, IEEE. [14] Zhongsheng Qian, Huaikou Miao, Hongwei Zeng, “A Practical Web Testing Model for Web Application Testing”, Third International IEEE conference on Signal-Image Technologies and Internet-Based System, 2008.



19

A Survey on Issues Related with Data Security in Cloud Computing

By

Dinesh C. Verma A.K. Mohapatra N.C. Institute of Computer Sciences, Indira Gandhi Institute of Technology, Israna (Panipat) New Delhi Associate Professor Associate Professor

ABSTRACT Cloud computing has recently emerged as a new paradigm for hosting and delivering services over the Internet. Data security and confidentiality issues are the main obstacles that make the cloud user reluctant towards the cloud services. Confidentiality can be achieved by encrypted outsourced content before outsourcing to cloud servers. While cryptographic storage provides strong security, database operation like searching, querying and indexing of data become a difficult task. Searches on this huge (i.e. terabytes) amount of encrypted data demands high computational as well as communicational cost. Another performance bottleneck with cloud storage is their distributed natures that demand the parallel operation on cloud servers. In this distributed nature of cloud servers an efficient conjunctive keyword search over encrypted data can greatly enhance the user’s confidence in cloud computing. Thus, there is a need to explore the issues related with the searchable encryption technique for further improvements.

KEYWORDS : Distributed computing, Cloud computing, Encryption, Software as a service (SaaS), Data security.

1. INTRODUCTION

Cloud computing is emerging as a key computing platform for sharing resources that include infrastructure, software, application, and business process. Cloud computing has recently emerged as a new paradigm for hosting and delivering services

over the Internet. It allows enterprises to start from the small and increase resources only when there is a rise in service demand [1,20]. Thus, a cloud model promotes availability and is composed of five essential characteristics as follows [2,3,4]: • On-demand self-service • Ubiquitous network access



20

• Location-independent resource pooling

• Rapid elasticity • Measured service

Cloud is designed to be available everywhere, all the time. By using redundancy and geo-replication, cloud is so designed that services be available even during hardware failures including full data centre failures [12]. Cloud infrastructure offers three types of deployment models which are as follows [9]: Public Cloud: Public clouds or hosted clouds are external or publicly available environments that are accessible to multiple tenants. Private Cloud: Private clouds are typically tailored with dedicated virtualized resources for the particular organizations. Hybrid Cloud: Hybrid clouds are the combination of both Public as well as private cloud and tailored for a particular group of customers. As cloud computing brings with it new deployment and associated adversarial models and vulnerabilities, it is imperative that security takes center stage [1]. This is especially true as cloud computing services are being used for e-commerce applications, medical record services, and back-office business applications, all of which require strong confidentiality guarantees with secure and efficient retrieval mechanism. 2. TYPES OF CLOUD DELIVERY

MODEL

Although there’s a lack of standardization, several IT experts have classified cloud computing vendors into three broad categories based on the fundamental nature

of the cloud-based solution they provide: infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), or software-as-aservice (SaaS) [13][7]. Software-as-a-Service (SaaS): In this type of a cloud computing model, a provider’s specialized software runs on a hardware cloud infrastructure and is accessible to the customer through a thin client interface such as a Web browser. Some examples are Customer Relationship Management (CRM) software, Salesforce.com’s human-resource applications. Plateform-as-a-Service (PaaS): PaaS enables programming environments to ac-cess and utilize additional application building blocks. Infrastructure-as-a-Service (IaaS): When a vendor rents out infrastructure components on demand—such as servers, storage components, file systems, virtualization technologies, and network hardware—the vendor is delivering an IaaS service. 3. CLOUD DATA STORAGE

TECHNIQUES

Cloud computing is a typical example of distributed computing paradigm where the data are stored on cloud servers. In cloud data storage, a user stores his data through a Cloud Service Provider (CSP) into a set of cloud servers, which are running in a simultaneous, cooperated and distributed manner. Instead of storing information to computer's hard drive or other local storage device, user saves it to a remote database. Cloud storage has several advantages over traditional data storage. For example, data stored on a cloud storage system, user can get that data from any location that has Internet access. Searching over the



21

distributed nature of data is not an easy task and requires special attention. It may be stored in multiple computers located in the same physical location, or may be dispersed over a network of interconnected computers. In such a system, responsibility for data management is delegated to the distributed file system such as NFS, Netware, Lan-Manager, and (Andrew File System) AFS and its operational staff. 4. DATA SECURITY

Data security is the core of cloud computing security problems. Data security is mainly about the data confidentiality, integrity, availability and so on. The infrastructure provider, in this context, must achieve the following objectives [20] [21]: (1) Confidentiality: A significant barrier to the adoption of cloud services is the users’ fear of confidential data (particularly financial and health data) leakage and loss of privacy in the cloud. Confidentiality is usually achieved using cryptographic techniques. (2) Auditability: Auditability is used for attesting whether security setting of applications has been tampered or not. Auditability can be achieved using remote attestation techniques.

Confidentiality alone can be achieved by encrypting the outsourced content before outsourcing to potentially access curious servers [8]. However, the encrypted data cannot be easily processed by servers [23]. In particular encryption of data limits the data uses, like searching and indexing becomes a challenging task [16]. 5. ARCHITECTURE OF A

CRYPTOGRAPHIC STORAGE SERVICE

To ensure the privacy and confidentiality of sensitive data from, a user herself may encrypt the sensitive data before uploading the data into cloud data storage [11]. In order to store user’s encrypted data, cryptographic storage required in a cloud environment. The advantage of cryptographic storage is that no unauthorized users would be able to access the data until some kind of permission is granted by the owner of data [2, 24]. Cryptographic cloud architecture is illustrated in Figure 1. In the given architecture three parties are considered: Alice that store her data in the cloud; a user Bob with whom Alice wants to share her data; and a cloud storage provider that stores Alice’s data.

Figure 1: Consumer cryptographic architecture [8]

The architecture consists of three components: a Data Processor (DP), that processes data before it is sent to the cloud; a Data Verifier (DV), that checks whether the data in the cloud has been tampered with; and a Token Generator (TG), that generates tokens that enable the cloud storage provider to retrieve segments of customer data; and a credential generator that implements an access control policy by issuing credentials to the various parties in the system (these credentials will enable the

Cloud Provider

Data

Data Verifier

Token generator

5 4

3

2

1

?

Alic

Bob



22

parties to decrypt encrypted files according to the policy). Cryptographic storage is an important aspect of cloud services for building trust in cloud vendors. Secure encryption and distributed data makes documents random, unreadable and difficult to search by users of cloud [27]. 6. DATA SECURITY AND

SEARCHING ON ENCRYPTED DATA IN CLOUD

Data security is stated in terms of Service level agreements (SLAs), that are an industry standard approach for controlling risk, and so is a more natural starting point [22]. SLA is assurance about the security of data but merely documental assurances are not sufficient to achieve high level security. In order to achieve high level security encryption techniques are practiced. To keep user data confidential against an untrusted Cloud Service Provider (CSP), a natural way is to apply cryptographic approaches, by disclosing the data decryption key only to authorized users. However, such a simple encryption does not support searching facility on encrypted data and may introduce following problems: • It depletes too much CPU capability and

memory power of the client during the encryption and decryption.

• The CSP cannot determine which emails or files contain keywords specified by a user if the encryption is not searchable, and can only return all the encrypted emails [18].

Generally, a legitimate client has only limited bandwidth, CPU, and memory, therefore improper and excessive encryption

of the data degrades the performance of the cloud application [5]. So there is a need of encryption technique which allows users to search over encrypted data.

Qin Liu et al. investigate the characteristics of cloud storage services and propose a secure and privacy preserving keyword searching (SPKS) scheme, which allows the CSP to participate in the decipherment, and to return only files containing certain keywords specified by the users, so as to reduce both the computational and communication overhead in decryption for users, on the condition of preserving user data privacy and user querying privacy [18]. Craig Gentry describes the first fully homomorphic encryption (FHE) scheme, where “fully" means that there are no limitations on what manipulations can be performed. This encryption technique allows general computation on encrypted data. Homomorphic encryption is useful whenever it is acceptable if a response (e.g., to a search engine query) is encrypted [25]. Jin Wook Byun et al. proposed conjunctive keyword search which finds documents containing each of several keyword. Before this only few conjunctive keyword search have been proposed in the literature. They have also considered the trapdoor security based on a practical relational database [27]. Ik Rae Jeong et al. proposed PEKS (public-key encryption with keyword search) and discussed the possible keyword guessing attacks. Their result shows that consistency implies insecurity to keyword guessing attacks in PEKS. They had a given negative result about the open problem to construct a secure PEKS scheme against keyword guessing [3].



23

Bo Zhang et al. [4] proposed an efficient Public Key Encryption with Conjunctive-Subset Keywords Search (PECSK) scheme, in which they considered the conjunctive-keyword search over encrypted data. They pointed out the mistakes of proof in anonymous of the cipher text by Wang et. al, then discussed the PECSK definition, security requirement and construction in detail. Hyun Sook Rhee et al. [14] Enhance the existing security model to incorporate the realistic abilities of public-key encryption with designated tester schemes (dPEKS) attackers. They also introduced the concept of ‘‘trapdoor in-distinguishability” and shown that trapdoor in-distinguishability is a sufficient condition for thwarting keyword-guessing attacks. This security of a trapdoor guarantees that the trapdoor does not reveal any information on any keyword without the server’s private key. Jin Li, Qian Wang et al. [10] focus on enabling effective yet privacy- preserving fuzzy keyword search in Cloud Computing. They formalize for the first time the problem of effective fuzzy keyword search over encrypted cloud data while maintaining keyword privacy. Fuzzy keyword search greatly enhances system usability by returning the matching files when users’ searching inputs exactly match the predefined keywords or the closest possible matching files based on keyword similarity semantics, when exact match fails.

S. Kamara et al. [19] described some searchable encryption with their pros and cons are as follows: Symmetric searchable encryption (SSE): SSE is suitable for the scenario where the party that searches over the data is also the one who generates it. This type of scenarios is known as single writer/single reader (SWSR). Asymmetric searchable encryption (ASE): ASE schemes are suitable in any setting where the party searching over the data is different from the party that generates it (many writers/ single reader (MWSR)). Efficient ASE (ESE): ESE schemes are appropriate in any setting where the party that searches over the data is different from the party that generates it and where the keywords are hard to guess. This falls into the MWSR scenario as well. Multi-user SSE (mSSE): mSSE schemes are appropriate in any setting where many parties wish to search over data that is generated by a single party (SWMR). Comparison of different existing searchable encryption techniques based on literature survey has been mentioned in Table 2 [5, 26, 27].



24

Table 2: Comparison of searchable encryption techniques in cloud computing

From the above literature review it is clear that data security and database operations like searching, querying and indexing over encrypted data are open issues in a cloud environment and need to be addressed. 7. EXISTING SEARCHABLE

ENCRYPTION WITH RELATED ISSUES

A keyword-searchable encryption scheme allows a user with a “trapdoor” for a keyword to efficiently retrieve some of encrypted data containing the specific keyword over a Cloud server. The search for specific keywords over encrypted documents is never an easy problem because secure encryption makes documents look random and unreadable to anyone other than

the user holding the corresponding secret key. In order to resolve these issues extensive research on keyword search over encrypted data are being carried out for constructing an improved searching technique. Based on the literature survey following observations have come out: • Searching Capability: Most existing schemes, however, have a limitation in the sense that they support only a single keyword for searching, but do not allow for boolean combinations of keywords [15]. • Cost: Some existing schemes are more efficient in terms of communication cost, but they have higher computational cost for the encryption of each document by requiring as many pairing operations as the number of the associated total keywords

Encryption technique Appropriate for Advantages Disadvantages Symmetric searchable encryption (SSE) Single writer/single reader

(SWSR) Efficiency and security Complex functionality

Asymmetric searchable encryption (ASE) Many writers/single readers (MWSR).

Functionality are very good Inefficiency and weaker security.

Efficient ASE (ESE) Searches over the data are different from the party that generates it.

Efficient Vulnerable to dictionary attacks

SSE-Multi user setting Single writer/multiple reader Granting and revoking searching privileges to other users

Not suitable for real world queries.

Public key cryptography (PKC) – based searchable encryption

Multiple user scheme Efficient in general Limited to single-keyword queries which are inadequate real world queries.

Authorized Private Keyword Search over Encrypted data in Cloud Computing (APKS)

Multiple writers / Multiple users

Supports Multidimensional queries with equality, subset and a class of simple range query

Slower in setup and encryption

PEKS Many writers/Many readers Less communicational cost High computational cost of decryption, insecure against off-line keyword guessing attack.

Secure and privacy preserving keyword searching ( SPKS)

Many writers/Many readers Efficient and Practical, Less computational cost

More communicational cost



25

[15]. • Subset Keyword Search: Very few encryption schemes support the subset keyword search. Bo Zhang et. al worked on subset keyword search property. The scheme they proposed could be explained as a conjunctive keyword with subset search. In other words, the target cipher text includes a keyword set K, the user could generate a trapdoor which consists a keyword set K’. Subset keywords search means that if K’ is a subset of K, trapdoor and cipher text were matched. One flaw that has been observed in their scheme is that the extra content cipher text. • Keyword-Attacks: Most of PEKS is insecure against off-line keyword-guessing attack. That is, given a trapdoor, an attacker can learn which keyword is used to generate the trapdoor. Since a user usually queries commonly-used keywords with low entropy, the keyword-guessing attacks are meaningful. Hyun Sook Rhee et al. [14] worked on the security of trapdoor against off-line keyword-guessing attack. • Consistency and Keyword-Attacks: Ik Rae Jeong et al. [3] suggested a notion ‘‘consistency” and analyzed some PEKS schemes with respect to consistency. In a consistent PEKS scheme, any algorithm cannot find two different keywords such that the test algorithm says that an encryption for one keyword and a trapdoor for the other keyword contain the same keyword. They have shown a negative result and shows that consistency implies insecurity to keyword guessing attacks. This means constructing secure and consistent PEKS schemes against keyword guessing attack is impossible, when the number of possible keywords is bounded by some polynomial.

• Reduced Overhead: G. Russello et al. [6] guarantee tuple confidentiality because retrieval operations are performed without having the data space to decrypt the data. Whereas Qin Liu et al. SPKS scheme, which allows the CSP to participate in the decipherment, so as to reduce both the computational and communication overhead in decryption for users, on the condition of preserving user data privacy and user querying privacy [18]. • Query Capability: Prior work on searchable encryption considered the setting where only the owner of the data is capable of submitting search queries [26]. 8. CONCLUSION AND FUTURE

WORK

In order to achieve the confidentiality, encryption techniques are used in cloud environment. While cryptographic storage provides strong security, database operation like searching, querying and indexing of data become a difficult task. Searches on this huge (i.e. terabytes) amount of encrypted data demands high computational as well as communicational cost. Some searchable encryption techniques are efficient in terms of computation like SPKS (secure and privacy preserving keyword searching) and some are efficient in terms of communication cost like PEKS. In this paper, the security issues over the cloud environment have been reviewed. The distributed nature of cloud computing is a major hurdle in the construction of an efficient subset keyword search scheme and it’s still a challenge for the cloud environment. In the future, we will focus to design a security scheme for cloud computing which will be more efficient with



26

respect to computational and communicational cost.

9. REFERENCES

[1] Mehmet Yildiz et. al., “A Layered Security Approach for Cloud Computing Infrastructure”, 10th IEEE International Symposium on Pervasive Systems, Algorithms, and Networks, pp 763-767.

[2] Anthony T. Velte, Toby J. Velte Robert Elsenpeter “Cloud Computing A Practical Approach” Tata McGRAW-HILL EDITION, pp 35.

[3] Ik Rae Jeong et al., “Constructing PEKS schemes secure against keyword guessing attacks is possible?”, Elsevier Computer Communications 32 (2009) 394–396.

[4] Bo Zhang et al., “An efficient public key encryption with conjunctive-subset keywords search”, Elsevier Journal of Network and Computer Applications 34 (2011) 262–267.

[5] Ji Hu, Andreas Klein, “A Benchmark of Transparent Data Encryption for Migration of Web Applications in the Cloud”, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, IEEE Computer Spciety, pp 735-740.

[6] G. Russello et al., “providing data confidentiality against malicious hosts in shared data spaces”, Elsevire Science of computer programming 75(2010) 426-439

[7] S. Subashini, V.Kavitha, “A survey on security issues in service delivery models of cloud computing”, Elsevier Journal of Network and Computer Applications 34, 2011, pp 1-11

[8] Weichao Wang et. al., “Secure and Efficient Access to Outsourced Data”, CCSW’09, November 13, 2009, ACM, pp. 55-64.

[9] L. Grossman, “The case for cloud

computing”, IEEE Journal computer.org/ITPro, March/April 2009, pp 23-27

[10] Jin Li, Qian Wang et al., “Fuzzy Keyword Search over Encrypted Data in Cloud Computing”, IEEE INFOCOM 2010 proceedings

[11] Patrick McDaniel, Sean W. Smith, “Outlook: Cloudy with a Chance of Security Challenges and Improvements” IEEE computer and reliability societies, January/February 2010, pp 77-80

[12] Shyam Kumar Doddavula, Amit Wasudeo Gawande, “SETLabs briefings on business innovation through technology”, Infosys Research, Vol 7 No.7, pp 14.

[13] Michael Armbrust, Armando Fox et. al., “A View of Cloud Computing”, communications of the ACM April 2010, vol. 53 no. 4, pp 50-58.

[14] Hyun Sook Rhee et al., “Trapdoor security in a searchable public-key encryption schemewith a designated tester” , Elsevier, The Journal of Systems and Software 83 (2010) 763–771

[15] Eun-Kyung Ryu et al., “Efficient Conjunctive Keyword-Searchable Encryption”, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07)

[16] Richard Chow at. Al., “Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control”, CCSW’09, ACM, November 13, 2009, pp 85-90

[17] William Stallings,”Cyptography and Network Security: Principal and Practices”, Forth Edition, Pearsons Prentice Hall.

[18] Qin Liu et al., “Secure and privacy preserving keyword searching for cloud storage services” Journal of



27

Network and Computer Applications, Elsevier, 2011.

[19] Seny Kamara and Kristin Lauter,

“Cryptographic Cloud Storage”, LNCS 6054, Springer, 2010, pp. 136-149.

[20] Qi Zhang, Lu Cheng, Raouf Boutaba,” Cloud computing: state-of-the-art and research challenges”, J Internet Serv Appl (2010) 1, Springer, pp 7–18

[21] Dan Lin, Anna Squicciarini, “Data Protection Models for Service Provisioning in the Cloud”, SACMAT’10, June 9–11, 2010, ACM, pp 183-192.

[22] S. Creese et al., “Data Protection-Aware Design for Cloud Services”, CloudCom 2009, Springer LNCS 5931, pp. 119–130, F009.

[23] Yao Chen, Radu Sion, “On Securing Untrusted Clouds with Cryptography”, WPES’10, October 4, 2010, Chicago, ACM, pp 109-114.

[24] Christian Henrich et el., “Brief Announcement: Towards Secure Cloud Computing” Springer, SSS 2009, LNCS 5873, pp. 785–786, 2009.

[25] Craig Gentry, “Computing Arbitrary Functions of Encrypted Data”, IBM T.J. Watson Research Center, STOC 2009.

[26] Reza Curtmola et al., “Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions” 13th ACM Conference on Computer and Communications Security (CCS '06)

[27] Jin Wook Byun et al., “On a security model of conjunctive keyword search over encrypted relational database”, The Journal of Systems and Software 84 (2011) 1364–1372.

[28] Dong Yuan et al., “A data placement strategy in scientific cloud workflows”, Elsevier Future Generation Computer Systems 26 (2010) 1200-1214.



28

Categorical Classification of Trust Factors in E-Commerce

By

Baljeet Kaur Dr. Sushila Madan Research Scholar Associate Professor Banasthali University, Delhi University

ABSTRACT E-Commerce worldwide, and particularly in growing economies like India and China, is growing at an astronomical rate. Thanks to the ever increasing reach of the telecommunication companies, each day, thousands of Internet users and shoppers from all over India, are joining the ranks of digitally connected. Given the speedy growth of E-Commerce in India, the importance of trust in E-Commerce exchange deserves special attention. Trust is a very important factor for any exchange to take place. In an e-commerce environment where characters like uncertainty, anonymity, lack of control and potential opportunism exists very prominently, Trust becomes all the more important for any transaction to take place. Consumers are really concerned about the security and privacy of their information, product quality, credit card fraud and product delivery. Consumers also worry about the availability of returns in case they don’t like or get the product they ordered. These concerns arise because of lack of face to face interaction with the seller, inability to touch or feel the product and not being familiar with the online merchant because of online mode of conducting business. This paper discusses different types of trust, its attributes and also explores various trust factors which has significant effect on ecommerce operations in India from the customer’s perspective. In this paper, we identify various trust elements at the organizational level (like brand reputation, order fulfillment, return policies, direct relationship with the customer, etc.), website level (presentation, security, navigation, availability, certification and meta branding, etc.) and the consumer level (ability to take risks, awareness).

KEYWORDS : Ecommerce Trust; Trust; Trust Factors; Customer’s Trust; Online Trust.



29

1. INTRODUCTION The era of 1990’s witnessed the advent and proliferation of Internet. Since then, Internet is becoming part of more and more human activities. It has changed the way people interact, socialize, search information, purchase products / services and do numerous other things. Today, Internet has become an important medium for many of the business activities including advertising, brand building, sales, client servicing etc. Hence arrived the very popular concept of E-Commerce. E-Commerce has gained popularity and thousands of people are transacting online each minute. Indian ecommerce has not lagged behind. According to ASSOCHAM (The Associated Chambers of Commerce and Industry of India) report, the current Indian online retail market stands at Rs 2,000 crore and is growing at an annual rate of 35 percent. The report also suggests that the market size of online retail industry in India is likely to touch Rs 7,000 crore by 2015. According to a study by Neilsen Global Online Survey[20], about 875 million consumers across the world shopped on the web in 2011. As per that survey, India ranked third (much above US which is at the eighth position) in online shopping after South Korea at first and Japanese, German and UK consumers at the second place. The study also suggests that the current number of online shoppers in India is estimated to be around 50 million. A growth of 70 percent is recorded in the number of online buyers since last year. The study further concludes that e-shopping has become the second most popular online activity after emailing in India. According to another study titled India Online Landscape 2011 by JuxtConsult[14], 4 out of 5 internet users shop online. Ebay India’s

latest numbers indicate the website is selling one product every minute.

2. L ITERATURE REVIEW This section discusses the theoretical background of the present research. The first section discusses different definitions of trust as proposed by various researchers to gain insight into what exactly the trust is. The second section describes various attributes of trust and the third section gives different types of trust.

A. TRUST Various definitions of trust have been given by different people. Trust in everyday life is a mix of feeling and rational thinking (Lewis and Weigert, 1985). Mayer et. Al (1995) defines trust as “The willingness of a party to be vulnerable to the actions of another party based on the expectation that the other will perform a particular action important to the trustor, irrespective of the ability to monitor or control that other party.” J.B. Rotter, an American psychologist thinks trust as a personality characteristic of an individual that influences that person’s interactions with the world at large. Trust can be defined as a property of the recipient, such as dependability or reliability [1,24]. Trust is also referred as an attitude, such as expectation or confidence that is directed toward a specific other [22, 19].Trust can also be defined as the belief of one party about another party that the latter will behave in a predictable manner (Luhmann 1979)

B. ATTRIBUTES OF TRUST Trust has various attributes. Some of them are as follows:

• Trust is a significant indicator of consumer action[7]

• Trust is limited in scope • It is related to a particular purpose



30

• Trust is contextual • Trust is conditional • It is fragile • It is not reducible to information[23] • Trust is accruable[25] • It is explicit • It is contractual • Trust is multidimensional[8] • It is dynamic • It is subjective • Trust is affected by actions that

cannot be always monitored[10]

C. TYPES OF TRUST Various authors have independently identified different types of trust which may be used when assessing ecommerce. The three main types of trust which come into picture are:- Institutional, Interpersonal and Dispositional[18].

1) Institutional Trust

Institutional Trust is the belief that the conditions required (in the web) are present so that the result of an ecommerce transaction is successful. It is the faith in the intermediary which will ensure safe and secure transactions. The intermediary, in case of ecommerce, is the Web itself. For the online customer, it is very important that the transactions are technically safe.

2) Interpersonal Trust

Interpersonal trust is the belief that one person has in other, that latter, would not do anything that harms former’s interest. In case of ecommerce, it is buyer’s interest in the seller that the seller will honour its commitments made to the buyer.

It is the faith of the customer that the seller will not take advantage of the customer’s vulnerability.

3) Dispositional Trust

Dispositional trust is the willingness of a person to trust others irrespective of the situation, context or people involved. Dispositional trust varies widely from person to person.

3. TRUST IN ECOMMERCE

Online shopping has great potential in India. This holds true especially when real estate costs are sky rocketing in India. More and more websites are being launched on daily basis offering various products and services. On the other hand, there is a constant rise in online credit card frauds. Also, there have been reports of misuse of customer’s personal information (which is generally acquired during online transactions). Customer’s information exchanges many hands during an online transaction and there is multi-level risk of it being misused. A CSI/FBI Computer Crime and Security Survey (2008) results indicate that internal security breaches are much easier to accomplish and are more costly in terms of what is stolen and the resultant repercussions than external security breaches. So, the main concern for the customers while shopping online is to decide which website to trust.

From various definitions proposed for trust, we can define trust in terms of ecommerce, as “A feeling of reliability, confidentiality, effectiveness and efficiency in a brand which results in customer satisfaction, brand recognition, increased return on investment, better conversions, repeat customer, etc.”. Trust is a very important factor for any exchange to take place. Lack of face to face



31

interaction between buyer and seller, buyer’s inability to touch or feel the merchandise, and the overall environment of perceived insecurity on the Internet pose a big challenge for the E-marketers. E-businesses’ might end up booking losses if it fails to gain trust of consumers. According to a new Harris Interactive survey commissioned by McAfee [31], 84% of consumers say they are at least somewhat concerned about providing their personal information when shopping online. And less than 33% of shoppers believe most web sites are safe for shopping. According to a study on computer users done by IT security expert Avira, just 30 percent of respondents felt secure enough to be worry free as they shop online. That clearly means that seven out of ten consumers are scared to shop online [2]. The story of India is not different from this. Studies indicate that 23% of the Indian customers quit the website even before registering themselves as they are hesitant to register on any site they lack trust in. This clearly shows that still there is a good percentage of people who do not trust online businesses. According to the study by Neilsen Global Online Survey [20], Indians do not shop online because they are scared about fraud, delivery and customer service. They are also reluctant to use net banking or online shopping with the fear that their bank/credit card details might get stolen. A report on ecommerce initiatives in India titled ‘India: Country Report On E-Commerce Initiatives’ by Department of Information Technology, Ministry of Communication and Information Technology cites multiple issues of trust and lack of payment gateways (privacy of personal and business data connected over the Internet not assured; security and confidentiality of data not in place) as a major barrier to e-commerce adoption in India. A report by CERT-In about phishing

incidents trends shows that maximum hijacked brands belong to country India with 40% incidents of the total reported. This is a clear indication of inadequate security measures adopted by Indian brands. With such reports in picture, lack of trust relating to ecommerce operations in consumers is unavoidable. A joint study by NASSCOM and the Boston Consulting Group to evaluate the opportunities in e-commerce in India revealed multiple issues of trust as a factor impeding e-commerce adoption in India. Lots of online Indian malls believe that the biggest barrier is lack of trust. Lack of consumer trust often results in an unrecoverable loss of reputation and revenues. Lack of trust leads to financial losses of an E-business organization as the organization will not be able to generate the expected revenues with lesser number of customers in hand. They will lose upon their chance to strike a deal with prospective customers due to the customer’s fear of shopping online. In case of existing customer also, if the customer loses trust in the online set-up of exchange due to any reason, he/she will not go for online shopping on any website. Ever more cautious consumer will restrict their behavior online. So, this will hamper the business continuity of a genuine E-marketer also. So, it is very important for the E-marketers to address the trust issues of their prospective and existing customers in order to make profits and also to keep their customers happy. Lack of consumer’s trust in online set up also has an adverse effect on a brand’s reputation. E-Businesses would not be able to get a good return on their investment if consumers don’t trust online shopping. Also, lack of trust affects consumers also as they would not be able to buy products/ services with ease. Though they can just click and



32

buy products/services, they will have to take the pain of going to the physical stores specially for buying goods because of lack of their trust in an online set up. They will also lose the advantage of comparing prices from various stores online with just a few clicks as it would not be possible for them to physically go to n number of stores just to compare prices. Hence, it is very important for both the vendor and the consumer to generate trust in online transactions. It is important for online sellers to develop a trustworthy relationship with the prospective customers in order to make that initial sale. The development of this trust evolves over time as relationship grows between both parties.

4. TRUST FACTORS Trust in an e-vendor is based on various factors. Various trust factors have been proposed by different researchers. Some of them have focused only on the technical factors while others have focused on the seller. Broadly, all the factors can be combined to fall into one of the three major categories: - Organizational Factors, Website Factors and the Consumer Factors. We will discuss each one of them in detail.

1) ORGANIZATIONAL FACTORS Organizational factors basically deals with the trust elements based on the characteristics of the web based seller or the brand which is selling its products/ services online. These factors range from brand recognition to post delivery service to the customer. BRAND RECOGNITION: Brand recognition refers to the likelihood

that the customers will be able to recognize a brand and connect to the company’s name, logo, tag lines and other things related to that brand. With the help of brand recognition, customers are able to know what are the products and services that a brand deals with and which of their needs are catered by that brand. Brand recognition is critically important if a brand wants to be one of the choices of the customer. Virtual nature of online transactions makes brand recognition even more important in the world of ecommerce than in the real world. Various researchers have established that brand awareness has a positive impact on the E-shoppers’ mind. It is also a potential indicator of a brand’s growth. SOCIAL PRESENCE: Social presence deals with the degree to which a communicator experiences the psychological presence of the communication partners. If a B2C website intentionally avoids having social interaction mechanism embedded in it, it is a clear indication that the customer is being deprived of social presence in this buyer-seller relationship [3]. This reduces the trust of the customer in the vendor. In contrast to this, higher perceived social presence may increase a customers’ trust in an E-business[12] .Though it is difficult to achieve complete social presence in an online environment as there is no actual interaction among people, but still there are ways in which this dimension can be incorporated in an online set up. It can be achieved by putting photos of people on the website to convey a sense of



33

personal, social and sensitive human contact. Greeting the customer by his/her name or sending them personalized communication is the other way of embedding social presence in the websites [7].

WORD OF MOUTH: Word of mouth has a significant impact on the level of trust a customer has on e-vendor. Word of mouth generally spreads through personal experiences. The decision to buy or not to buy from a particular website also depends on the source of information. Generally, people trust their friends and so the information provided by them is also trusted. While there are high chances of customers’ evaluating the information from not so trusted sources. Many people also rely solely on word of mouth for their online purchases. This category of individuals will not do a single transaction on a website, for which, they do not have positive feedback from any of their trusted friends. Various forums, blogs and other review websites like mouthshut.com and burrp.com also serve as the source of information and feedbacks for the online customers. RETURN POLICY: Return policy is considered to be one of the parameters to judge the competence and professionalism of a company by a customer [9]. It is very important to have a clear and unambiguous return policy in order to win customer’s trust. Any customer willing to do transaction on a website for the first time would definitely like to know, in advance, what if he does not get the quality expected or wishes to

return the product for any other genuine reason. Return policies should be displayed where it is easier for the customer to locate. Hassle free return may encourage the customer to make that initial purchase. Generally, the customers will not be willing to pay any extra money for the returns. Any additional cost posed on return may annoy the customer and force him to think twice before coming back to that website for some other purchase. ORDER FULFILLMENT: Order fulfilment refers to the steps involved from processing the customer order to the delivery of the product to the customer. It is an important trust factor at the organisational level. Customers should be aware of how their orders will be processed, what will be the steps involved, what problems can be encountered during order fulfilment and what the customer can do to rectify them. Time to time notifications either through emails or through sms about the order status would be appreciated by the customer. Such notifications will also have a positive impact on the perceived professionalism of the e-business’. Order fulfilment is one of the most influential determinant of trust for websites for which both the information risk and involvement are high, particularly the travel sites[30].

2) WEBSITE FACTORS Website factors basically deals with the trust elements based on the features of the website. These factors will majorly influence the customers’ shopping experience in an online environment. These factors range from the look and feel of the website



34

to the presence of trust seals. PRESENTATION: Presentation of a website is an important trust factor. It refers to the appearance of the website or, we can say, it refers to the look and feel of the website. It includes factors like graphics and layout. Presentation has been identified as one of the six important components in enhancing customers’ trust in a website [5]. Visual presentation plays a significant role in determining trust [4]. NAVIGATION: Easy Navigation is one of the essential components in building online trust. Good navigation enables customers’ to concentrate on the website content rather than worrying about how to get around on the website. With bad navigation, customer will be spending more time pressing back button rather than anything else. While good design rules on navigation include self-explained and descriptive text on the links or buttons and links to the exact product page instead of the homepage of a site when linking to another product related website[29]; vague, broken, duplicate or conflicting links leading nowhere and creating confusions constitute bad navigation. Cheskin and SA(1999) also mentioned ease of navigation as an important feature in increasing e-seller’s trustworthiness[5]. SECURITY AND PRIVACY: Security can be defined as the protection of data against accidental or intentional disclosure to unauthorized persons, or unauthorized modifications or

destruction. Privacy refers to the rights of individuals and organizations to determine for themselves when, how, and to what extent information about them is to be transmitted to others [11][17] . A security threat has been defined as a “circumstance, condition, or event with the potential to cause economic hardship to data or network resources in the form of destruction, disclosure, modification of data, denial of service, and/or fraud, waste, and abuse” [15]. So, security is safeguard against these kind of threats using various mechanisms like encryption and authentication tools to ensure safety of data passwords and other sensitive data like credit card numbers, etc. Privacy should focus on preserving customer’s personal details from falling into wrong hands. Security and privacy are very important factors for establishing online trust as a customer who doesn’t perceive a website as secure will never try to do even a small transaction on it. WEBSITE USABILITY: As the name implies, web usability deals with making websites more easy to use for a customer. Customer should be able to perform the actions on the website intuitively without any special training. Design problems like ineffective communication about where and how to add items to the shopping cart or requirement to register/log in before placing an order result in bad usability. Usability of a website can be improved by providing persistent view of the shopping cart, using drop downs only where they are meaningful and would add value and



35

studying how users want the products to be organized[27]. A website which is difficult to use would annoy the customer and discourage the customer trust. DOWNLOAD DELAY: Web pages taking too long to download is one of the major problems reported with Internet reported by users[13].It becomes difficult for a website to hold the customer if the download speed is slow as the customer considers it as waste of his time[28]. A study by Paula Selvidge(2003) suggests that older adults can wait longer for download of webpages while younger adults leave sites early specially if the home page takes too long to download[21]. INFORMATION CONTENT: It is very important for websites to provide sufficient, accurate and grammatically correct information about the services/products they are offering. Customer loses trust in a website which has typographical errors. THIRD PARTY SEALS: Trust seal or a third party seal is a seal granted by an organisation to the website. It indicates the customer that the website has incorporated good mechanisms for security and privacy of their data. Presence of third party seals influences the customer to consider a particular website safe because a third party endorser is ensuring that the e-seller will behave in ethical and competent ways [5].

3) CUSTOMER FACTORS Customers’ trust on a website is also influenced by their behavioural

characteristics, psychographics and demographics. Consumer characteristics which have an impact on their trust formation for a website include Internet savvy, past site experience, Internet shopping experience and use of Internet[26] PAST SITE EXPERIENCE: It takes time to develop trust in some entity. Trust is developed through experience and interaction [16]. If a customer has had a bad experience with a website regarding any issue, the customer would not return to that site in future. So, a customer’s past experience with a website is a significant determinant of trust. KNOWLEDGE OF INTERNET: If a person is not much comfortable with Internet and uses less of it, he would not go for online shopping easily. People who use Internet more and surf various websites, chat a lot, do blogging tend to trust websites more for their shopping experience. SHOPPING EXPERIENCE WITH OTHER WEBSITES: If a person has been deceived on some website, he would not easily trust other sites also. One bad experience on a website shakes customers confidence in online shopping.

5. CONCLUSION The area of trust in ecommerce has wide scope of study especially in developing countries like India. Trust is being given much attention as it is an important factor which has significant impact on website sales. In this paper we outlined the three major categories in which all the trust factors can fall. The trust factors can be



36

classified into Organisational Factors, Website Factors and Consumer Factors. Brand Recognition, Social Presence, Word Of Mouth, Return Policy and Order Fulfilment constitute the organisational factors. Website Factors include Presentation, Navigation, Security and Privacy, Website Usability, Download Delay, Information Content and Third Party Seals. Consumer’s behaviour and psychology also have an impact on online trust. Past Site Experience, knowledge of Internet and Shopping Experience with Other Sites influence customers’ buying behaviour online.

6. REFERENCES 1. A. Giddens, “The Consequences of

Modernity”, Stanford: Stanford University Press, 1990.

2. Avira Survey,” Seven Out Of Ten

Consumers Are Scared To Shop Online “, http://www.darkreading.com/cloud-security/167901092/security/client- security/231602087/seven-out-of-ten-consumers-are-scared-to-shop-online- according-to-avira-survey.html

3. Blau PM. Exchange and power in

social life. New York:Wiley; 1964.

4. Carl W. Turner, ”The Online Experience and Consumers' Perceptions of E-Commerce Security”, Proceedings of the Human Factors and Ergonomics Society Annual Meeting September 2002 vol. 46 no. 14 1246-1250

5. Cheskin Research & Studio

Archetype Sapient. ”eCommerce

Trust Study”. Sapient, http://www.sapient.com/checkin/, 1999.

6. Clarke,R.(2002).” Trust in the context of Ebusiness”, Internet Law Bulletin 4, 5 (February 2002) 56-59

7. David Gefen, Detmar W. Straub.”

Consumer trust in B2C e-Commerce and the importance of social presence: experiments in e-Products and e-Services”, Networking and Digital Society (ICNDS), 2010 2nd International Conference on 30-31 May 2010,Volume: 1 ,Pages: 195 – 198

8. David Zejda. ”Characteristics Of Trust In Online Social Networks And Community Of Trust As A Special Case Of Online Community”,www.scitepress.org/DigitalLibrary/

9. Egger, F.N. (2001). “Affective

Design of E-Commerce User Interfaces: How to Maximise Perceived Trustworthiness”. In: Helander, M., Khalid, H.M. & Tham (Eds.), Proceedings of CAHD2001: Conference on Affective Human Factors Design, Singapore, June 27-29, 2001: 317-324.

10. Emil Scarlat, Iulia Maries.

“Increasing Collective Intelligence Within Organizations Based On Trust And Reputation Models”, ICCCI '09 Proceedings of the 1st International Conference on Computational Collective Intelligence. Semantic Web, Social Networks and Multiagent Systems, Pages 140 – 151



37

11. Grandinetti, M. ``Establishing and

maintaining security on the Internet’’, Sacramento Business Journal,1996 Vol. 13 No. 25,p. 22.

12. Gefen D, Straub DW. “Gender

differences in perception and adoption of E-mail: an extension to the technology acceptance model”, MIS Quarterly 1997;21(4):389–400.

13. Graphic, Visualization, & Usability Center (GVU) (1998), GVU's 10th WWW user survey.

14. JuxtConsult, “ India Online

Landscape 2011”

15. Kalakota, R., Whinston, A.B., 1996. Frontiers of Electronic Commerce, Addison-Wesley, Reading,MA

16. Lee, Matthew K.O. and Efraim Turban (2001), “A Trust Model for Consumer Internet Shopping,” International Journal of Electronic Commerce, 6 (1), 75-91.

17. Martin, J. (1973).Security, Accuracy, and Privacy in Computer Systems. Prentice-Hall,Englewood Cliffs, NJ.

18. McKnight, D.H.., Chervany,

N.L.(2002). “What Trust Means In Ecommerce Customer Relationships: An Interdisciplinary Conceptual Typology”, International Journal of Electronic Commerce , Volume 6 Issue 2, Number 2/Winter 2001/02 , Pages 35-59

19. N. Luhmann. Trust and Power, Chichester, England: John Wiley & Sons, 1979.

20. Nargis Namazi,” E-Shopper 2012”,://www.businessreviewindia.in/marketing/web/e--shopper-2012.

21. Paula Selvidge ,”Examining

Tolerance for Online Delays”, Usability News, February 2003, Vol. 5 Issue 1

22. R. C. Mayer, F. D. Schoorman, and J. Davis, "An integrative model of organizational trust," Academy of Management Review, vol. 20, pp. 709-34, 1995.

23. Rutter, J. “From the Sociology of Trust Towards a Sociology of E-Trust” ,International Journal of New Product Development & Innovation Management (2:4), 2001, pp. 371-385

24. S. Tseng and B. J. Fogg,

"Credibility and computing technology," Communications of the ACM, vol. 42, pp. 39-44, 1999.

25. Shneiderman, B. (2000). “Designing Trust into Online Experiences”, Communications ofthe ACM, 43(12), 57-59.

26. Sultan,F.,Urban, G.L., Shankar,V., Bart, I.Y.(2002).” Determinants and Role Of Trust In Ebusiness: A Large Sacle Empirical Study”, MIT Sloan School of Management Working Paper No.4282-02.

27. Tilson, R., Dong, J., Martin, S., and

Kieke, E., 1998.” Factors and principles affecting the usability of



38

four e-commerce sites”, Proceedings of the 4th Conference on Human Factors & the Web, Basking Ridge, New Jersey.

28. Tsuang Kuo, Iuan-Yuan Lu,

Chiung-Hui Huang & Guo-Chiang Wu,”Measuring Users’ Perceived Portal Service Quality – an Empirical Study”,Total Quality Management,Vol. 16, No. 3, 309 –320, May 2005

29. Xiaowen Fang and Gavriel Salvendy , “Customer-Centered Rules for Design of E-Commerce Web Sites”, Communications of the ACM - Mobile computing opportunities and challenges ,

Volume 46, Issue 12, December 2003 , Pages 332 - 336

30. Yakov Bart, Venkatesh Shankar, Fareena Sultan, & Glen L. Urban, ”Are the Drivers and Role of Online Trust the Same for All Web Sites and Consumers? A Large-Scale Exploratory Empirical Study”, Journal of Marketing, Vol 69(October 2005), 133-152

31. Zak Stambor, “Consumers are more worried about the safety of shopping online”, http://www.internetretailer.com/2011/08/24/consumers-are-more-worried-about-safety-shopping-online



39

Obviating Code Injection Attacks Through Preventive Framework

By

Supriya Madan Dr. Sushila Madan Head of Dept. Dept. of IT Associate Professor Vivekananda Institute of Professional Studies, Delhi University

ABSTRACT Code Injection attack a major concern for web security, occurs when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or when user input is not strongly typed and thereby unexpectedly executed, causing an error due to improper setup or coding such that the system fails to handle or properly respond to exceptional or unexpected data or conditions, which results in a situation wherein user credentials can be captured by injecting exceptional data. In spite of many tools and techniques, attacks on web application especially through SQL Injection Attacks are at a rise. Threat modeling is an important risk assessment and mitigation practice that provides the capability to secure a web application. A comprehensively designed threat model can provide a better understanding of the risks and help determine the extent of mitigation action. This paper aims to obviate code injection attacks by espousing the prevention framework which is a comprehensive structured approach that would help to identify and mitigate Code Injections attacks and shield the database lying in the database servers, which may be unauthorized accessed for malafide reasons from the web applications.

KEYWORDS : Code Injection, Security, SQL Injection, Threat modeling, Vulnerability, Web Application.



40

1. INTRODUCTION This is the age of information technology; growth of e-governance, e-banking and e-commerce are inevitable and cannot exist without effective use of web applications and its underlying databases. The database with the power of computing, which generates specific and relevant queries, are highly significant and need of the hour of today’s applications. The web applications coupled with the communication technology, provides an interface between the user and the database that results in user centric information which is very valuable and confidential. It is precisely for this reason, that web application security has become a primary topic of discussion for security experts, as attacks on application layer are constantly on rise. No matter how strong the firewall rule sets are or how diligent the patching mechanism may be, if the web application developers do not follow secured coding practices, attackers will gain easy unauthorized access to systems through port 80. 2. CODE INJECTION

VULNERABILITY Code Injection attacks are a top threat to today's Internet [i]. Code Injection derives from a software vulnerability, that allows a malicious user to inject custom code into the server engine by taking advantage of the unchecked assumptions the system makes about the inputs [ii].With this kind of attacks, a malicious user can view sensitive information, destroy or modify protected data or even crash the entire application [iii]. These attacks have proliferated in recent years causing severe security problems in systems and applications. Most web applications are typically developed in a General Purpose Language (GPL) for example PHP, ASP, along with a Domain

Specific Language (DSL) which is used to address the needs of specific tasks. Hence language like SQL plays a very important role in the development of every modern web application. A Code Injection attack that exploits the vulnerabilities of these interfaces is called ‘SQL Injection Attack’. SQL Injection vulnerability is a type of security hole that is found in a multi-tiered application. An attacker can trick a database server into running an arbitrary, unauthorized, unintended SQL query by piggybacking extra SQL elements on top of an existing, predefined query that was intended to be executed by the application. The web application accepts user input and embeds this input inside an SQL query. This query is sent to the application’s database server where it is executed. Also by providing certain malformed input, an attacker can manipulate the SQL query in such a way that its execution could have unintended consequences. Another emerging kind of DSL driven injection attacks are XPATH Injection attacks. With the proliferation of simple XML API’s, web services and Rich Internet Applications, more organizations have adopted XML as a data format for configuration files to remote procedure calls. Some people have even used XML documents instead of more traditional flat files or relational databases, but like any other application or technology that allows outside user submission of data, XML applications can be susceptible to XPATH Injection attacks. If user inputs used in an XPATH query are not sanitized then a malicious user can turn a useful XPATH expression into a big security hole. In the application security world, XPATH Injection is the unpopular little sibling of SQL Injection [iv]. XPATH Injection is an attack technique used to exploit web sites



41

that construct XPATH queries from user-supplied input [v]. The syntax of XPATH bears some resemblance to an SQL query, and indeed, it is possible to form SQL-like queries on an XML document using XPATH.

Another attack similar to SQL injection attacks is the Lightweight Directory Access protocol Injection attack (LDAP) [vi]. LDAP is an open-standard protocol for both querying and manipulating X.500 directory services. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it’s possible to modify LDAP statements using a local proxy. This could result in the execution of arbitrary commands such as granting permissions to unauthorized queries, and content modification inside the LDAP tree[ vii].

According to the research carried out, a substantial number of websites that have been vulnerable to Code Injection attacks. These vulnerabilities, if not identified and fixed could adversely impact the business processes and the reputation of the organization. Thus it is very essential that the software development, team leaders and others should be aware of such facts. These attacks still remain unabated.

3. THE PREVENTIVE FRAMEWORK Application security can be defined as set of security mechanisms around an application that protect its confidentiality, integrity, availability and accountability. Application security is the use of software, hardware, and procedural methods to protect applications from external threats. Application security encompasses measures taken to prevent exceptions in the security

policy of an application or the underlying system (vulnerabilities) through flaws in the design, development or deployment of the web application. The security of data and information is one of the most important elements of application security. We process and access data on the system, thus, it is important to prevent unauthorized access and to protect the system from harm. The objective is to make sure that the system and its resources are available when needed, that the integrity of the processing of data and the data itself is ensured, and that the confidentiality of the data is protected. Security measures built into applications and a sound application security routine minimize the likelihood of vulnerabilities and threats to sensitive data. It is now essential to consider security through the software development lifecycle rather than as an afterthought. Security in web application design should be encompassing in the whole of the development life cycle, from initial strategy and planning through to deployment, operation and management. The Preventive Framework is based on the threat model for assessing and documenting a system’s security risk. The framework enables one to understand a system’s threat profile by examining it through the eyes of the potential foe. With techniques such as entry point identification, privilege boundaries and threat tree, one can identify strategies to mitigate potential threats to the system. This framework also enables the team to justify security features within a system, or security practices for using the system, to protect the corporate assets. The Framework can be applied at any phase of the Software Development Life Cycle. Although ideally it should be integrated at the requirement stage itself, during which it



42

helps capture overall security requirements of the project. At the design phase application architects can analyze security requirements enabling them to take decision regarding development of countermeasures

into the solution. During application development and testing the threats identified can be translated to security test cases or code review guidelines specific to the solution.

Figure 1 : Structured Preventive Framework The foundation of this Preventive Framework as shown in Figure 1 is based on a structured approach for countering Code Injection attacks. The three pillars depicted are namely (i) Securing Input (ii) Securing Output and (iii) Securing Data and Algorithm. The first two concerns—input and output—are related to the environment in which applications execute. The last algorithms and computation is related to an application’s awareness of its own internal secrets. All three issues relate to awareness: secure software must always be aware of what is going on, both inside its perimeter and out to respond effectively to malicious threats.

4. SECURING INPUTS – FIRST PILLAR OF THE PREVENTIVE FRAMEWORK

Inputs are the mechanism that software employs to communicate with its users. Malicious input often cause software to fail (resulting in denial of service) or to execute foreign instructions (letting a remote user execute code on another person’s computer). Inputs must be carefully checked for validity before they are processed, or the application could cause undesirable and insecure behavior. Securing input interfaces requires a series of checks on inputs and their sources to ensure that users are who they say they are and that their input will not compromise the system on which the application resides. The first line of defense is user authentication—software must identify a user as a valid entity with which it is authorized to communicate. Malicious users who gain access through or around

Divide the application

and

Mark the vulnerabilities

Identify the threats Eliminate the Threats



43

authentication code are particularly dangerous because the application will trust them. Techniques for authenticating users range from challenge– response password entry to biometric devices that read hand geometry, fingerprints, or retinal patterns. The idea of communication with only legitimate, friendly users is appealing, but authentication schemes are imperfect and subject to counterfeiting and forgery. Therefore, a more complete authentication scheme is often required. A second line of defense is guarding against authenticated users applying inputs that would cause their privilege level to escalate or let them access restricted functionality. This means that even trusted users must be monitored and any unauthorized behaviors must be stopped. Good security is not achieved through perimeter defense; it requires knowing who a user is as well as what that user is doing. A third line of defense comes with the realization that input validation and user authentication are not tasks that are performed only once. A malicious user might try to assume a legitimate user’s identity after the authentication process has succeeded; alternatively, they might try to add malicious content to a data file after the file has been validated. These “bait and switch” attacks are common and require software to be constantly vigilant against users and inputs that are not what they seem to be. In the event that inputs come from inherently untrustworthy sources such as the Internet, each attribute of such inputs must be validated. To ensure security, inputs must be the correct type, of acceptable length (to avoid buffer overflow), and have content that the application can securely process. Executable content must be used cautiously. Secure applications should be paranoid about with whom they are communicating and what information they convey through that communication. Applications that process security-critical data must be

vigilant against both users (whether they are trusted or not) and the input that they supply. It is very vital to take into account the identification of the information as an asset that needs to be protected. In fact they represent the value the attacker is looking for. In this case the principal asset that we want to protect is the data stored in the database. Data protection involves satisfying three main requirements namely the integrity (to prevent unauthorized changes) of the stored data, the availability (to prevent unauthorized access) and their confidentiality (to prevent unauthorized disclosure) In addition to data the second fundamental asset that needs to be protected is the data management service for which availability is crucial, the database should always be able to provide the data required by authorized users that is accountability.

5. SECURING OUTPUT – SECOND PILLAR OF THE PREVENTIVE FRAMEWORK

An application’s secrets are often delivered to intended recipients by transmitting a file or displaying output on a monitor. Authenticating the output’s recipients is just as difficult as authenticating users who supply input—and just as important. For secrets that are transmitted over a network, it is crucial that we use strong, well-implemented encryption, which could well be the most studied aspect of modern computer security. Indeed, many strong ciphers are impossible to crack in a reasonable time; however, shoddy implementations of strong ciphers are readily cracked. If an encryption key is inadvertently stored in a conspicuous place (such as the system registry or a file), then the cipher’s strength has little effect. Likewise, the cipher will be weak and the information likely exposed if poor, random number-selection algorithms encrypt it.



44

Secret information should always be encrypted when transmitted over a network or at rest on a file system. Copy protection might also be necessary for certain data types. However, the information eventually must be decrypted and displayed for user consumption. This is when protection is at its most difficult—because information stored in memory can be available to other processes and is subject to being copied or even captured via something as innocuous as a screen dump, hence it is important that securing outputs are available to only legitimate users. Application developers must be aware of and constantly vigilant against potential threats. Without awareness of the ways and means that an attacker can use to access an application’s secrets, there is little chance that those secrets will be adequately protected. Security is concerned with the protection of assets from threats, where threats are categorized as the potential for abuse of protected assets. In order to identify the threats in correlation to their targets one or more threat tree for each threat target needs to be deployed. Threat trees allow composition of separate security sectors to a comprehensive model

of whole system's security. While identifying threats it is necessary to examine the application tier by tier, layer by layer, and feature by feature. In order to protect the application, it is very vital that one should think like an attacker, hence the potential threats and the actions that an attacker might try to use to exploit the application need to be identified. The process of developing threat trees begins with the identification of the root threats to the system, then identifying sub-threats, which detail exactly how an adversary may execute the root threat. The level below the sub-threat is known as the atomic threat. An atomic threat is the specific step that facilitates the successful execution of the sub-threat. Finally, the lowest level in a threat tree is the threat vector. This level identifies the vulnerabilities that allow the previous levels to be executed. Figure 2 shows a threat tree to identify the SQL injection attack. A motivated attacker scrutinizes the web applications which have database connections and hence can be susceptible to SQL Injection attack (L0 of Figure 2).



45

Figure 2: Threat Tree for SQL Injection Attack A SQL command with malicious intent is injected through the login page (L1 of Figure 2). The various threat entry points for SQL Injection attacks are scrutinized (L2 of Figure 2). The L3 of Figure 2 depicts the security requirements and their objectives emanating from L2. The threat is that the malicious user, through the SQL injection error knows the name and fields within the database which contains confidential customer information thereby affecting confidentiality. The malicious user could alter the information affecting integrity, or delete all the information there by affecting availability of data for others. Depending upon the customer, this could significantly violate the organization’s reputation and mission.

6. SECURING DATA AND ALGORITHMS – THIRD PILLAR OF THE PREVENTIVE

FRAMEWORK There are two aspects to securing an application’s internal code. The first is to secure data. Securing internal data is much the same as securing external outputs. Sensitive data should be encrypted when at rest and validated when used. Data in use should be minimally exposed to potential attackers. The biggest exposure point is data in memory. All data must eventually hit a memory location at some time; if the data is used in some computation or sent to an output device, then it must be stored in memory unencrypted. This is when it is most vulnerable. Techniques to obfuscate memory usage, flush memory, and lock inter process memory access are an application’s best defense against exploitation of its secret data. Developers must be aware of when, and for how long, sensitive data remains in the memory’s unprotected state. They must also be aware of the ways in which they can protect such data and the protection

Attacker may be able to access data from the database

Software system susceptible to SQL injection attack

Data validation may fail

Error message revealing vital

data

Uses of over privileged account to connect to the

database

Database server runs operating

system commands

Sanitize

data

Implement

data validation

Use generic error

messages

Give low privileged

account to client

System commands like xp_cmdshell

should not be allowed

L1

L2

L3

L0



46

mechanisms’ technical limitations. If an algorithm is proprietary and perceived as at risk of being reverse engineered, then it should be encrypted when at rest and protected from debugging while being executed. This includes simple, operating system-provided anti debugging APIs and more complicated obfuscation and memory protection mechanisms. The second aspect of code security is preventing code from performing insecure behavior. Secure coding is the practice of writing programs that are resistant to attack by malicious or mischievous people or programs. Secure coding helps protect a user's data from theft or corruption. In addition, an insecure program can provide access for an attacker to take control of a server or a user's computer, resulting in anything from a denial of service to a single user to the compromise of secrets, loss of service, or damage to the systems of thousands of users. With secure coding, this may take the form of layered based validation, centralized auditing controls, and requiring users to be logged on all pages. For example, a flawed administrative interface is unlikely to be vulnerable to anonymous attack if it correctly gates access to production management networks, checks for administrative user authorization, and logs all access. The third aspect of code security is to adopt a secure storage mechanism which is important to maintain the integrity of the application and the data stored within it. Data in web applications are often held persistently in databases and file systems, and non-persistently in sessions (cookies/hidden fields). Depending on the functionality of the application, sensitive data can range from proprietary information like passwords, account statements, medical history, to top secret information help by government or military groups. To prevent against data leakage applications should

limit the amount of data retrieved and the amount of sensitive data stored by the application. The use of encryption along with strong key protection mechanisms can afford secure storage within web applications. Layering security defenses in an application can reduce the chance of a successful attack. Incorporating redundant security mechanisms requires an attacker to circumvent each mechanism to gain access to a digital asset. Defending an application with multiple layers can prevent a single point of failure that compromises the security of the application. Hence the Defense in Depth Approach should be incorporated to ensure the web application is impregnable to Code injection attacks. The principle of defense in depth suggests that where one control would be reasonable, more controls that approach risks in different fashions are better. Controls, when used in depth, can make severe vulnerabilities extraordinarily difficult to exploit and thus unlikely to occur. The software written should not only be secured by design but also secured in development and secured by default. The cyber security has defied a permanent solution as the attacks are varied and based on different strategies of stealth penetration. Thus, the problem has to be dealt with comprehensively and not restricted or limited to any piece meal approach [viii,ix, x, xi]. As the Chinese adage goes, a journey of a thousand miles begins with a single step. The journey to develop secure software begins with the first step of identifying what makes up insecure code. Security breaches are merely the symptoms of insecure design and programming and unless developers are trained to architect secure software and identify what constitutes insecure code, the trend of software rampant with security weakness is likely to continue.



47

7. CONCLUSION Unless a web application has strong, centralized mechanism for validating all input from HTTP requests, vulnerabilities based on malicious inputs are very likely to exist. Securing computer systems should be a very important part of system design, development and deployment. The difficult part of building software is the specification, design and testing of this conceptual construct, not the implementation and testing of the implementation. Syntax errors will be made, but they are fuzz compared to the conceptual errors in most systems. Software flaws are caused because complexity makes software entities hard to design and to manage their development, and increasing complexity makes errors more probable. New software functions result in side effects that are difficult to predict, increasing the complexity rapidly as the software size grows. Software cannot be simplified by redesign because it has to conform with old programs which add to complexity. Software is subject to pressures for change all the time. Constant introduction of new features augment the pool of vulnerabilities. A single unprotected query statement can result in compromising the security of the application, data or database server. Developers must be disciplined enough to apply the security methods to every web accessible procedure and function. Every dynamic query must be protected. It is apparent that safeguarding of security is becoming more difficult because the possible attack technologies are becoming increasingly sophisticated. Software rooted vulnerabilities like SQL Injections can be prevented, if the developers seriously incorporate the rule of validation while developing web applications. In spite the fact that the concept of validation is deep rooted and

widely covered in almost all the International standards guidelines yet attacks are at a rise due to SQL Injection vulnerabilities. There is an urgent need to make the developers and users aware about the security standards and to encourage them to implement the standards meticulously, so as to minimize such attacks. It is also imperative to make these standards easily available, so that, their usage percolates down even to smaller organizations. 8. REFERENCES

1. Xuxian Jiang; Wang, H.J.; Dongyan Xu; Yi-Min Wang; RandSys: Thwarting Code Injection Attacks with System Service Interface Randomization; Reliable Distributed Systems, 2007. SRDS 2007. 26th IEEE International Symposium on 10-12 Oct. 2007 Page(s):209 – 218

2. Barrantes E, Ackley D, Forrest S, Palmer T, Stefanovic D and Zovi D, Randomized instruction set emulation to disrupt binary code injection attacks in CCS 2003”, Proceedings of the 10th ACM Conference on Computer and Communication Security, pp281-289

3. Anley C, Advance SQL Injection in SQL Server Applications, Next Generation Security Software Ltd.

4. http://www.webmasterworld.com/xml/3882399.htm

5. http://www.webappsec.org/projects/threat/classes/XPATH_injection.shtml

6. Alonso, J.M.; Bordon, R.; Beltran, M.; Guzman, A; LDAP injection techniques; Communication Systems,. 11th IEEE Singapore International Conference on 19-21 Nov. 2008 Page(s):980 - 986

7. http://www.owasp.org/index.php/LDAP_injection



48

8. R. Pethia. Cyber security growing

risk from growing 9. Robert Bragg, Mark R Ousley, Keith

Strassberg, Network Security: Complete Reference, Tata McGrawHill

10. Gallaghe Tom, Jeffries Bryan, Landaver Lawrence “Hunting SecurityBugs Secure Software Development Series “ Microsoft 2006

11. Scambray Joel, McClure Stuart, “Hacking windows Exposed Windows Security Secreted Solution”, Tata McGraw Hills - 2008

Office:

Ph: Email:

310 Suneja Tower-II, District Centre, Janak Puri, New Delhi-110058.+91-9312903095, [email protected]

Documents

CYBER TIMES INTERNATIONAL JOUjournal.cybertimes.in/sites/default/files/journal/vol5.pdf · reduce leaks. Terms like navigation, navigational structures, usability, complexity and