Al-Sakib Khan Pathan

Al-Sakib Khan Pathan

This article analyzes trust and security in computing and communications systems. While in human-life, trust usually has some kind of commonly understood meaning, in the realm of computing and communications systems, it could be interpreted differently in different environments and settings. On the other hand, security is about making sure that the participating entities are legitimate in a communication event or incident so that the core requirements of privacy, integrity, and authenticity are maintained. This notion is also true for our human life, even for example entering a house needs legitimacy of a person. Some boundary lines preserve the security; otherwise an unwanted access is called a 'security breach'. The intent of this article is to compare and discuss these two terms with our societal behavior and understanding amongst entities. To illustrate these issues especially in computing and communications world, some of the innovating and recent technologies are discussed which demand trust and security within their core operational structures. Alongside presenting generally established ideas, some critical points are mentioned that may be sometimes debatable within the research community.

Diallo Abdoulaye Kindy, Al-Sakib Khan Pathan

In today's world, Web applications play a very important role in individual life as well as in any country's development. Web applications have gone through a very rapid growth in the recent years and their adoption is moving faster than that was expected few years ago. Now-a-days, billions of transactions are done online with the aid of different Web applications. Though these applications are used by hundreds of people, in many cases the security level is weak, which makes them vulnerable to get compromised. In most of the scenarios, a user has to be identified before any communication is established with the backend database. An arbitrary user should not be allowed access to the system without proof of valid credentials. However, a crafted injection gives access to unauthorized users. This is mostly accomplished via SQL Injection input. In spite of the development of different approaches to prevent SQL injection, it still remains an alarming threat to Web applications. In this paper, we present a detailed survey on various types of SQL Injection vulnerabilities, attacks, and their prevention techniques. Alongside presenting our findings from the study, we also note down future expectations and possible development of countermeasures against SQL Injection attacks.

Hassen Mohammed Alsafi, Wafaa Mustafa Abduallah, Al-Sakib Khan Pathan

Today, many organizations are moving their computing services towards the Cloud. This makes their computer processing available much more conveniently to users. However, it also brings new security threats and challenges about safety and reliability. In fact, Cloud Computing is an attractive and cost-saving service for buyers as it provides accessibility and reliability options for users and scalable sales for providers. In spite of being attractive, Cloud feature poses various new security threats and challenges when it comes to deploying Intrusion Detection System (IDS) in Cloud environments. Most Intrusion Detection Systems (IDSs) are designed to handle specific types of attacks. It is evident that no single technique can guarantee protection against future attacks. Hence, there is a need for an integrated scheme which can provide robust protection against a complete spectrum of threats. On the other hand, there is great need for technology that enables the network and its hosts to defend themselves with some level of intelligence in order to accurately identify and block malicious traffic and activities. In this case, it is called Intrusion prevention system (IPS). Therefore, in this paper, we emphasize on recent implementations of IDS on Cloud Computing environments in terms of security and privacy. We propose an effective and efficient model termed as the Integrated Intrusion Detection and Prevention System (IDPS) which combines both IDS and IPS in a single mechanism. Our mechanism also integrates two techniques namely, Anomaly Detection (AD) and Signature Detection (SD) that can work in cooperation to detect various numbers of attacks and stop them through the capability of IPS.