The Research On Web Application And Data Security

The world wide web has evolved to become the predominant sevice of the contemporary Internet. It is rapidly improving as a platform for deploying sophisticated interactive applications, propelling a shift from traditional desktop-centric computing to Web-based computing. Web applications have become one of the most important communication channels between various kinds of service providers and clients on the Internet. The use of web-based services (such as online shops, news pages, and online banking) has become a wide-spread routine in today's economic and social life. It is now becoming a powerful, versatile and largely democratic platform for application delivery and information dissemination. Although the shift to Web-based computing brings many benefits, such as new classes of services with ubiquitous access and availability, it has also disrupted the traditional security landscape with new Web-borne threats and Web-related security problems. In this dissertation, we examine how the security landscape is changing with the emergence of Web-borne threats. We have proposed several novel approach necessary to analyze and detect threats on the Web, which can help security practitioner to identify various attack for the purpose of subverting application and data stealing. Overall, this work improves our understanding of the new threats that have emerged alongside the Web and demonstrates new techniques to better defend against Web-borne attacks.In particular, drive-by-download attacks have emerged as a new threat to the integrity of computer systems. We have presents a hybrid system that is more cost effective in detecting web pages that launch drive-by download attacks than existing system. It consists of a rule-based classification system using static analysis and an execution based verification system running on a lightweight virtual machine. The rule based classification system inspect web pages at high speed and forward only suspicious malicious web pages to the verification system for a final classification. We improved a number of machine-learning techniques to establish the characteristics of malicious web content. In addition to identifying malicious code, the system is able to support the analysis of obfuscated code and to generate detection signatures for signature-based systems. The proposed techniques have been implemented and evaluated on real-world examples, demonstrating their feasibility, effectiveness, and usefulness. We have shown the hybrid system exhibits characteristics that allow deployment on a large scale to inspect large portions of the Internet.We present the design, implementation, and evaluation of LeakProber, a framework that leverages the whole system dynamic instrumentation and the inter-procedural analysis to enable data propagation path profiling in the production system. We integrate both the static analysis and runtime tracking to establish a holistic and practical approach to generating the sensitive data propagation graph (sDPG) with minimum runtime overhead. We evaluate our system on several data stealing attacks scenario for generating sDPG. The sDPG generated by our system captures multiple aspects of data accessing patterns and provides clear insights into the data leakage path. We also measure the performance of our system and find that it degrades the production system about 6% in the trace-on mode. When our prototype works in the trace-on mode, the runtime overhead is even lower, on an average of 1.5% across each benchmark we run. We believe that it is feasible to directly apply our prototype into production system environment...