Abstract
Secured access to Web contents and the interaction with Web application are becoming one of the most important issues in the context of Internet. HTTP protocol which uses plain text transmission is employed for data communication over Internet. Secure Socket Layer (SSL) certificates over HTTP evolve into HTTPS protocol which is one of most used solutions that provide security. However the same certificate has been used for all the pages irrespective of sensitivity of the data. Moreover, data with different security requirements have been secured using the same algorithm which could either reduce the performance of the Web application or do not provide the appropriate security according to the nature of each data item. In order to compensate the degradation in the quality of service, it is proposed to use appropriate encryption and integrity algorithms for each page, based on the sensitivity of information and security requirements for the data. A gradation of security levels namely high, medium, and low has been proposed. A combination of different algorithms are considered to provide confidentiality and integrity for each level of security. The proposed approach is experimented with a prototype in healthcare domain.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Stallings W (2002) Cryptography and network security-principles and practice, 3rd edn. Prentice Hall, Engle-wood Cliffs
Ben G, Whitney H, Andre H, Murali J, Prasad DV, Ravi T, David W (2002) Professional Web Services Security. Shroff Publishers and Distributors, Professional
Luo Q, Lin Y (2009) Analysis and comparison of several algorithms in SSL/TLS handshake protocol. In: IEEE international conference on information technology and computer science, pp 613–617
Huawei Z, Ruixia L (2009) A scheme to improve security of SSL. In: Proceedings of the 2009 pacific-asia conference on circuits communications and system, pp 401–404
Masaru T (2009) An HTTP extension for secure transfer of confidential data. In: IEEE international conference on networking architecture and storage, pp 101–108
Fisher T (2008) Ruby on rails bible. Wiley Publishing Inc, New York
Model-view-controller architecture. http://www.jcorporate.com/expresso/doc/edg/edgWhatIsMVC.htmls
Openssl security implementation. http://www.ruby-forum.com/topic
Openssl algorithms. http://stackoverow.com/questions/2043557/des3-decryption-in-ruby-on-rails
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Science+Business Media New York
About this paper
Cite this paper
Maheswaran, A., Kanchana, R. (2013). Pasic: A Novel Approach for Page-Wise Web Application Security. In: Chaki, N., Meghanathan, N., Nagamalai, D. (eds) Computer Networks & Communications (NetCom). Lecture Notes in Electrical Engineering, vol 131. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-6154-8_43
Download citation
DOI: https://doi.org/10.1007/978-1-4614-6154-8_43
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-6153-1
Online ISBN: 978-1-4614-6154-8
eBook Packages: EngineeringEngineering (R0)