Empirically Driven Investigation of Dependability and Security Issues in Internet-Centric Systems

Huynh, Toan Nguyen Duc

doi:doi:10.7939/R30P7D

View

Download

Communities and Collections

Graduate and Postdoctoral Studies (GPS), Faculty of / Theses and Dissertations

Usage

171 views
402 downloads

Empirically Driven Investigation of Dependability and Security Issues in Internet-Centric Systems

Author / Creator

Huynh, Toan Nguyen Duc
The Web, being the most popular component of the Internet, has been transformed from a static information-serving medium into a fully interactive platform. This platform has been used by developers to create web applications rivaling traditional desktop systems. Designing, developing and evaluating these applications require new or modified methodologies, techniques and tools because of the different characteristics they exhibit. This dissertation discusses two important areas for developing and evaluating these applications: security and data mining.

In the security area, a survey using a process similar to the Goal Question Metric approach examines the properties of web application vulnerabilities. Using results from the survey, a white-box approach to identify web applications’ vulnerabilities is proposed. Although the approach eliminates vulnerabilities during the development process, it does not protect existing web applications that have not utilized the approach. Hence, an Anomaly-based Network Intrusion Detection System, called AIWAS, is introduced. AIWAS protects web applications through the analysis of interactions between the users and the web applications. These interactions are classified as either benign or malicious; malicious interactions are prevented from reaching the web applications under protection.

In the data mining area, the method of reliability estimation from server logs is examined in detail. This examination reveals the fact that the session workload is currently obtained using a constant Session Timeout Threshold (STT) value. However, each website is unique and should have its own STT value. Hence, an initial model for estimating the STT is introduced to encourage future research on sessions to use a customized STT value per website. This research on the STT leads to a deeper investigation of the actual session workload unit. More specifically, the distributional properties of the session workload are re-examined to determine whether the session workload can be described as a heavy-tailed distribution.
Subjects / Keywords
Graduation date

Spring 2010
Type of Item

Thesis
Degree

Doctor of Philosophy
DOI

https://doi.org/10.7939/R30P7D
License

This thesis is made available by the University of Alberta Libraries with permission of the copyright owner solely for non-commercial purposes. This thesis, or any portion thereof, may not otherwise be copied or reproduced without the written consent of the copyright owner, except to the extent permitted by Canadian copyright law.

Language

English
Institution

University of Alberta
Degree level

Doctoral
Department
- Department of Electrical and Computer Engineering
Supervisor / co-supervisor and their department(s)
- Miller, James (Electrical and Computer Engineering)
Examining committee members and their departments
- Hoover, H. James (Computing Science)
- Gaudet, Vincent (Electrical and Computer Engineering)
- Aycock, John (Computer Science, University of Calgary)
- Hu, Yu (Bryan) (Electrical and Computer Engineering)