Detection and Prevention of Insider Threats in Database Driven Web Services
This paper take the first step to address the gap between the security needs in outsourced hosting services and the protection provided in the current practice. The authors consider both insider and outsider attacks in the third-party web hosting scenarios. This paper present SafeWS, a modular solution that is inserted between server side scripts and databases in order to prevent and detect website hijacking and unauthorized access to stored data. To achieve the required security, SafeWS utilizes a combination of lightweight cryptographic integrity and encryption tools, software engineering techniques, and security data management principles.