Showing 1-25 of 55 resultsfor "Index Terms":XML external entity
"Index Terms":XML external entity
- Sort
Get notified when new research is published matching your search criteria.
Sort By
Results
Review of web-based information security threats in smart grid
2017 7th International Conference on Power Systems (ICPS)
Year: 2017 | Conference Paper |
Cited by: Papers (4)
The penetration of digital devices in Smart Grid has created a big security issue. OWASP is an online community of security professionals that identifies the most critical web application security risk in IT domain. Smart Grid also uses client-server based web-applications to collect and disseminate information. Therefore, Smart Grid network is analogous to IT network and similar kind of risk exis...Show More
Defending Against XML External Entity (XXE) Attacks: A Review and Comparative Analysis of Prevention Mechanisms
2024 International Conference on Next Generation Computing Applications (NextComp)
Year: 2024 | Conference Paper |
With advancing technologies, Extensible Markup Language (XML) has become a popular document format that is used by a wide range of applications. This document format is used for storing, exchanging, and representing data across diverse systems and platforms thereby ensuring interoperability in various applications. However, XML parsers are susceptible to a specific vulnerability known as XML Exter...Show More
Unique renaming of Java using source transformation
Proceedings Third IEEE International Workshop on Source Code Analysis and Manipulation
Year: 2003 | Conference Paper |
Cited by: Papers (5)
We present a method for unique renaming declarations and references in Java programs using source transformation to XML markup. Each entity declaration and reference in the Java program is assigned a globally unique identifier (UID) based on its declaration scope and file. The UID serves as a key by which the entity's original declaration and all references can be found, and more importantly, by w...Show More
Towards portable source code representations using XML
Proceedings Seventh Working Conference on Reverse Engineering
Year: 2000 | Conference Paper |
One of the most important issues in source code analysis and software re-engineering is the representation of software code text at an abstraction level and form suitable for algorithmic processing. However, source code representation schemes must be compact, accessible by well defined application programming interfaces (APIs) and above all portable to different operating platforms and various CAS...Show More
Known XML Vulnerabilities Are Still a Threat to Popular Parsers and Open Source Systems
2015 IEEE International Conference on Software Quality, Reliability and Security
Year: 2015 | Conference Paper |
Cited by: Papers (13)
The Extensible Markup Language (XML) is extensively used in software systems and services. Various XML-based attacks, which may result in sensitive information leakage or denial of services, have been discovered and published. However, due to development time pressures and limited security expertise, such attacks are often overlooked in practice. In this paper, following a rigorous and extensive e...Show More
An Approach of Inconsistency Verification of Use Case in XML and the Model of Verification Tool
2010 International Conference on Multimedia Information Networking and Security
Year: 2010 | Conference Paper |
Cited by: Papers (1)
In order to solve the problems of verifying the inconsistency of the requirement specification in the natural language, and automatically transforming the requirement specification in natural language description to formal models, this paper proposes a modeling method of use case specification in XML and a method of verifying inconsistency in the specification. Furthermore, we design a correspondi...Show More
Generating Random XML Files Using DGL
2022 International Conference on Computational Science and Computational Intelligence (CSCI)
Year: 2022 | Conference Paper |
DGL is a language for specifying and generating random data for testing and simulation. Output can take many forms and can be placed in files, mysql databases and C++ internal variables. In many cases, data files containing raw input data are created. The XML feature of DGL simplifies the generation of XML output. The XML data can be stored in an XML file or can be streamed into another program. T...Show More
Using Semantics for Dynamic Access Control of XML Documents in Dynamic Coalition Environment
2008 International Conference on Intelligent Information Hiding and Multimedia Signal Processing
Year: 2008 | Conference Paper |
In a dynamic coalition environment, organizations should be able to exercise their own local fine-grained access control policies while sharing resources with external entities. At the same time, the status of XML as a standard for storing and exchanging data in Internet and XML documents is becoming a de facto standard for storing and exchanging information. So, access control of XML documents is...Show More
Secure JAVA application in SOA-based cross-border PKI mobile government systems
In this article, we describe a possible model of secure cross-border m-government system based on secure JAVA mobile application and SOA-based m-government platform. The proposed model consists of additional external entities/servers, such as: PKI, XKMS, STS, UDDI and TSA. The main parts of the proposed model are secure JAVA mobile application and secure Web Service implemented on the SOA-based pl...Show More
Designing a Credit Approval System Using Web Services, BPEL, and AJAX
Vincent C.T. Chan;Dickson K.W. Chiu;Michelle Watson;Patrick C.K. Hung;Haiyang Hu;Hua Hu;Yi Zhuang
2009 IEEE International Conference on e-Business Engineering
Year: 2009 | Conference Paper |
Cited by: Papers (2)
In the business world, financial institutions, like banks and investment firms, heavily rely on technology to manipulate daily operations and support business. Many more business processes have now become automated and require procedures to be approved. For example, when providing business services liked personal / corporate loans, mortgage, or Letter of Credit (LC), a customer is required to subm...Show More
Design and code generation of dynamic web applications
2011 Proceedings of the 34th International Convention MIPRO
Year: 2011 | Conference Paper |
This paper describes design and code generation of dynamic web application. A web application is developed by using open source frameworks. The developed application is based on the data model. The model is created by design and code generation tool. The framework transforms the model into a default web application. So, the framework makes a model alive as a web application, and that model data ma...Show More
When textual information becomes spatial information compatible with satellite images
Eric Kergosien;Hugo Alatrista-Salas;Mauro Gaio;Fábio N. Güttler;Mathieu Roche;Maguelonne Teisseire
2015 7th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management (IC3K)
Year: 2015 | Conference Paper |
With the amount of textual data available on the web, new methodologies of knowledge extraction domain are provided. Some original methods allow the users to combine different types of data in order to extract relevant information. In this context, we present the cornerstone of manipulations on textual documents and their preparation for extracting compatible spatial information with those contain...Show More
Countering DDoS and XDoS Attacks against Web Services
2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing
Year: 2008 | Conference Paper |
Cited by: Papers (16)
Cyber-criminals use distributed denial-of-service attacks (DDoS) and XML denial-of-service attacks (XDoS) to extort money from online service providers. This kind of attacks is normally targeted at a particular service provider to exhaust the network and system resources of the provider. This paper proposes a scheme for building a defense system against DDoS and XDoS attacks. The system is built o...Show More
A New Approach towards DoS Penetration Testing on Web Services
Andreas Falkenberg;Christian Mainka;Juraj Somorovsky;Jörg Schwenk
2013 IEEE 20th International Conference on Web Services
Year: 2013 | Conference Paper |
Cited by: Papers (11)
SOAP-based Web services is a middleware technology marketed as the solution to easy data exchange between heterogeneous IT architectures. The large number of scenarios, in which this technology is used, has introduced demands for new extensions raising its complexity. However, this has also introduced a large variety of new attacks. In this paper, we investigate an automatic evaluation of Web serv...Show More
The Vulnerability Testing Method and Management for Software Source Code
2022 IEEE 6th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC )
Year: 2022 | Conference Paper |
Source code security is the foundation of software security, so it is of great significance to test source code defects before the software system goes online. This paper first elaborated the causes of source code security defects, and introduced the identification methods and repair measures of source code vulnerabilities in detail. Finally, it described the testing process management of source c...Show More
ORM-ML: XML schema for ORM metamodel
2010 3rd International Conference on Computer Science and Information Technology
Year: 2010 | Conference Paper |
In order to share, exchange, and process ORM (Object Role Modeling) schemas on Internet and the open connectivity environments, some versions of ORM-ML (ORM Markup Language) have been proposed. However, there still exist some issues need to correct or improve. Based on existing works and researches about meta-model of ORM 2.0, this paper proposed a concise and complete version of ORM-ML.Show More
Tamino - a DBMS designed for XML
Proceedings 17th International Conference on Data Engineering
Year: 2001 | Conference Paper |
BioNotes: a system for biosequence annotation
14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings.
Year: 2003 | Conference Paper |
Cited by: Papers (1)
One of the most important tasks of genome projects is the implementation of experimental data in order to derive biological knowledge from the data. To achieve this goal, researchers typically search external data sources, execute analysis programs on the biosequences, analyze previous annotations and add new annotations to register their interpretation of the data. This paper elicits three functi...Show More
Service Registration and Discovery in a Domain-Oriented UDDI Registry
Jiamao Liu;Ning Gu;Yuwei Zong;Zhigang Ding;Shaohua Zhang;Quan Zhang
The Fifth International Conference on Computer and Information Technology (CIT'05)
Year: 2005 | Conference Paper |
Cited by: Papers (11)
As a part of Web services triangle architecture, UDDI registry takes on the task of service registration and discovery, which plays an important role in the open, distributed and dynamic Web services environment. However, the current UDDI registries cannot meet the needs of practical applications. This paper proposes a domain-oriented UDDI registry architecture and addresses some new concepts such...Show More
In today's hostile online environment, software must be designed to withstand malicious attacks of all kinds. Unfortunately, even security-conscious products can fall prey when designers fail to understand the threats their software faces or the ways in which adversaries might try to attack it. To better understand a product's threat environment and defend against potential attacks, Microsoft uses...Show More
A Study of XXE Attacks Prevention Using XML Parser Configuration
Ramsha Shahid;Safdar Nawaz Khan Marwat;Ala Al-Fuqaha;Ghassen Ben Brahim
2022 14th International Conference on Computational Intelligence and Communication Networks (CICN)
Year: 2022 | Conference Paper |
Cited by: Papers (4)
Online attacks are outcomes of cyber vulnerabilities. XML (eXtensible Markup Language) is a self-descriptive markup language, and XML eXternal Entity injection (XXE) is a well-recognised web security vulnerability. XXE injection can attack web applications that several popular XML parsers are unable to withstand. Most of the available literature on XXE is based on vulnerability testing, but not mu...Show More
Galaxy: a service shaping approach for addressing the hidden service problem
Second IEEE Workshop on Software Technologies for Future Embedded and Ubiquitous Systems, 2004. Proceedings.
Year: 2004 | Conference Paper |
Cited by: Papers (4)
We propose a new service modeling and lookup method based on service shaping. In existing service frameworks, assembling ubiquitous services requires application programmers to translate their requirements to the type space defined by service programmers. This translation, however, disables some of user requirements due to abstraction gap and time gap between the user tasks and service types. This...Show More
Migrating web-based applications into semantic web
28th International Conference on Information Technology Interfaces, 2006.
Year: 2006 | Conference Paper |
Cited by: Papers (2)
Until very recently, all Web sites have been built using a syntactic model. Now new semantic Web-based technologies are deployed that enable true interoperability standards. This paper describes why we should consider possibilities of migrating existing applications into semantic Web, and presents possible steps that could be taken in this challenging taskShow More
Network-centric architecture to enable secure communications and discovery
2004 IEEE Aerospace Conference Proceedings (IEEE Cat. No.04TH8720)
Year: 2004 | Conference Paper |
Cited by: Papers (2)
In organizations today there exists an amplified need for increased integration and collaboration within and across organizational boundaries. With the emergence of Web service technologies, has come a significant architectural shift in service oriented architectures (SOA). Built on pervasive technologies such as HTTP and XML, Web Services has the potential to gain broad adoption over its predeces...Show More
IEEE Account
Purchase Details
Profile Information
Need Help?
- US & Canada: +1 800 678 4333
- Worldwide: +1 732 981 0060
- Contact & Support
- About IEEE Xplore
- Contact Us
- Help
- Accessibility
- Terms of Use
- Nondiscrimination Policy
- Sitemap
- Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.