296 The Semantic Web The Network of Meanings in the Network of Documents the soccer world championship for robots, where two teams of jointly acting agents each face one another. So, it is actually a question of the social structure , within which agents organize themselves. A classic organizational model is the so-called Contract Net (Smith 1981), which specifies manager and contractor roles. Agents in the Contract Net (CN) are basically built alike, but their behavior is role-specific and differs, depending on whether an agent should fulfill a task, or whether the agent itself has contracted another agent, for the fulfillment of a task. The original use scenario behind the CN involved self-regulating load distribution systems in telecommunications networks. For the Semantic Web, a role distribution suggested by Wiederhold that distinguishes between mediators and facilitators is of interest (Wiederhold 1992). Wiederhold starts from the scenario that agents have to carry out some tasks on behalf of humans, and that a rigid RPC binding would be impossible in large networks. Instead, a dynamic allocation of requests across mediators would be required, because not every agent can know everything about all other agents that could possibly process its request. Mediators are responsible for aggregating, abstracting, and integrating information to yield homogeneous information structures on top of which value-added services can be built. Facilitators are similar to directory services, knowing which services can be obtained and from where, establishing contacts between requesters and service providers. In this scenario, it is possible that a group of mediators has subscribed with a facilitator, who, in turn, is in touch with other facilitators, who manage the services. This approach allows for self-organizing work distribution in networks. 14.1.2 The Role of Semantic Markup In order for software agents to recognize whether or not a piece of information found on the WWW is usable for a given purpose, the World Wide Web Consortium (W3C) specified that Web pages have to include a meta-data record suitable for interpretation by software in order to be useful for the Semantic Web. One of the first languages for semantic markup was SHOE (Simple HTML Ontology extension, Luke et al. 1997). DAML+OIL (DARPA Agent Markup Language with the Ontology Inference Layer) was developed later on, and led to a joint initiative by the name of OWL (Web Ontology Language) in 2002. Section 14.2 introduces OWL. However, the original language SHOE is still useful because its structure is simple, thus offering a better insight into what is to be achieved by semantic markup. Figure 14-2 shows how SHOE can be used for the semantic description of a university professor s Web page (http://www.cs.umd.edu/users/hendler/sciam/step2.html). The example in Figure 14-2 describes an instance (Dr. Hendler, the university professor), referencing an ontology (cs-dept-ontology) in a structured way, so that it is possible, for instance, to express where the professor obtained his academic title (). An agent that understands SHOE can now find the university where Mr. Hendler obtained his doctorate, and could perhaps communicate with an agent of that university to find out whether this information is correct. The use of a standardized language for semantic markup is important, as we can understand from the above discussion. But the real challenge is to develop generally acceptable and binding ontologies upon which the agents semantic understanding will be based.
Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services
14.1 Fundamentals of the Semantic Web 295 benevolence (the assumption that every agent will always try to do what is asked of it), rationality (the assumption that an agent will always act in order to achieve its goals), and adaptivity (an agent s ability to adjust itself to its user s habits, working methods, and preferences). Consequently, agents have to have a considerable functionality to be able to meet these requirements. In particular, they should have certain patterns of action and communicative abilities. In addition, agents should have limited cognitive abilities to perceive changes in their environment . One of the early agent architectures called Icarus shows the functionalities that should interact in an agent (Langely et al. 1991). Figure 14-1 shows Icarus as an example of agent architectures. ARGUS (perception) DAEDALUS (planning) MEANDER (action) Active Memory LABYRINTH (memory) Figure 14-1 The classic Icarus agent architecture (1991). We can see in this figure that Argus, the perceptual module, parses and transforms the environment into qualitative states, which it writes to the active memory area of Labyrinth. Daedalus, the planning module, is responsible for creating plans to solve problems posed by Labyrinth. Meander, the effector module, produces an action according to the plan constructed in active memory by Daedalus, and informs the memory of the status, while the planning module can use the memory to think about the next steps. A methodically excellent and systematic introduction to the modeling of intelligent agents can be found in Russel and Norvig s textbook on Artificial Intelligence (Russel and Norvig 2002) (2nd Ed.). Agent systems are actually meaningful only if there are plenty of agents, and if they are grouped in different ways, thus developing a discernable social behavior. One example is
Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services
294 The Semantic Web The Network of Meanings in the Network of Documents about SHOE, an HTML-based ontology description language (Luke et al. 1997). In their seminal article published in the Scientific American, Tim Berners-Lee, James Hendler, and Ora Lassila eventually formulated this thesis for a broader public in 2001 (Berners-Lee et al. 2001). They said that current technologies are barriers hindering the Web s evolution, and that three ingredients would help to make a quantum leap: first, the use of software agents, which can scan the Web for useful information on behalf of a human contractor; second, the use of new description languages for semantic markup of knowledge spaces for these software agents, which don t understand the human language yet, so they can communicate based on formal logics at best; and third, the creation and use of widely accepted standards for knowledge structures, systematized in ontologies. 14.1.1 The Role of Software Agents The use of software agents is motivated by the wealth of information, which makes a manual search increasingly difficult and slow. Though we could imagine search engines that develop a more exact image of users informational needs, there is an inherent risk of becoming a transparent society, since they require the private details of individuals to be stored in a central location. So, this approach does not represent an attractive business model from the users perspective. In contrast, the idea of private soft-bots , which have to account to their owners only, seems to be much more attractive, provided their right for non-violation is legally secured and supported by technology (e.g., encryption). A possible and meaningful synthesis of search engines and agent technologies could consist in that personal agents register their owners anonymously with search engines, so that both the personalization need in e-business (to collect customer needs) and the individual s privacy could be taken into account. Wooldridge (2002) uses the term agent to denote a software-based computer system that has the following properties: 1. Autonomy: Agents operate without the direct intervention of humans, and have some kind of control over their actions and internal states. 2. Social ability: Agents interact with other agents and humans in some kind of agent communication language. 3. Reactivity: Agents perceive their environment and respond in a timely fashion to changes that occur in it. This could mean that an agent spends most of its time in a kind of sleep state from which it will awake if certain changes in its environment give rise to it. 4. Proactivity: Agents do not simply act in response to their environment; they are able to exhibit goal-directed behavior by taking the initiative. 5. Temporal continuity: Agents are continuously running processes (either active in the foreground or sleeping/passive in the background), not once-only computations or scripts that map a single input to a single output and then terminate. 6. Goal orientedness: Agents are capable of handling complex, high-level tasks. The agent itself should make the decision how such a task is best split up into smaller sub-tasks, and in which order and in what way these sub-tasks should be best performed. Other desirable agent properties include mobility (an agent s ability to move around in a network), veracity (the assumption that an agent will not deliberately distribute misinformation),
Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services
14 The Semantic Web The Network of Meanings in the Network of Documents Wernher Behrendt, Nitin Arora Many see the Semantic Web as a logical evolution of the World Wide Web. The idea is based on the fact that nowadays, there is far too much content online on the Web for humans to find relevant information without the help of intelligent machines. The advocates for the development toward the Semantic Web led by Tim Berners-Lee identify three important supporting pillars (Berners-Lee et al. 2001). First, semantic mark-up -information suppliers, i.e., those who produce Web contents, will have to supply semantically marked up Web pages in the future. Second, intelligent software agents (that are capable of drawing inferences from the content) should be developed to search for and process such semantically marked up Web pages. And third, computational ontologies -the producers of Web contents and the software agents have to commit themselves to a mutually agreed understanding of things, commonly known as ontology, to make the contents also understandable for machines. According to this task sharing, we can identify three core technologies: The semantic markup uses XML as the carrier format and RDF (Resource Description Framework) as a first-level semantic encoding format to find and describe Web contents. The semantics of our agreed ontology is encoded within the RDF-code by use of a special (second-level) description language, the Web Ontology Language (OWL). So, our OWL-based semantic mark-up is embedded in RDF, which in turn is encoded in XML. The software agents must understand at least one ontology, can search or ask for Web contents that may likely be of interest for end-users according to the agent ontology and the search terms, lastly forming the active component of the Semantic Web. Altogether, the Semantic Web is undoubtedly still in its infancy, but many researchers and technologists from the industrial environment think that it is a promising technology for the future which will have a massive influence, particularly on the way that knowledge workers will use the WWW in their work, in the years to come. 14.1 Fundamentals of the Semantic Web The term Semantic Web was coined at the latest in 1998 (Bernstein 1998). But the issue had been discussed in 1996 and 1997, and its basic characteristics had been described in an article
Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services
13.6 Service Provider Security Issues 291 can also make use of the previously discussed code injection techniques, e.g., SQL injection to compromise underlying database systems, or buffer overflow attacks to crash the whole system. Buffer overflow attacks The so-called buffer overflow problem arises when the application programmer makes assumptions about the length of user input. If the input is larger than the pre-allocated memory, the program crashes in the best case. In the worst case, the input overwrites code in main memory with new code, which is used by advanced hackers to gain control of the system. The following code extract illustrates a C program that uses a statically allocated character array to read from standard input. #include #include static char query string [1024]; char* POST() { int query size; query size=atoi(getenv(”CONTENT LENGTH”)); fread(query string,query size,1,stdin); return query string; } In the example, the pre-allocated array query string is restricted to 1024 characters. If a user intentionally or unintentionally provides a larger input the program terminates abnormally. This flaw can be solved by either allocating memory dynamically, i.e., using malloc() or calloc() in C, and asserting that space allocation was successful before continuing computation, or by restricting the length to the maximum length expected. 13.6.5 Host Security We have presented some of the most prevalent attacks on Web applications and Web server stability. New attack techniques regularly emerge that misuse until-then unknown flaws of the operating system, third party software or the application itself. Thus, providing a high level of security for a Web application is a continuous process that demands the system be up-to-date . That is, disclosed bugs of third party software have to be fixed using patches and self-developed applications have to be monitored and security holes have to be detected and fixed. Firewalls provide a solution for preventing unauthorized access to private information, i.e., information that is available within an organization s Intranet but should not be accessible over the Internet. By the use of firewalls, incoming and outgoing traffic via HTTP (port 80) and HTTPS (port 443) can be supervised and unrequired protocols or suspicious connections can be prohibited. With Web Services programs can be invoked over standard HTTP and HTTPS, bringing about new security issues, which standard firewalls cannot cope with sufficiently. SOAP firewalls operate as addenda to classical firewalls to check SOAP requests. A SOAP firewall s policy specifies which services are accessible over the Internet. Furthermore, parameter checks can be performed to prevent code injection attacks.
Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services
Security for Web Applications 13.7 Outlook Just as we cannot talk about the Web application , there is no (single) golden way to provide security for Web applications. Web applications can be realized in various ways, can be written with various programming languages, and can be provided on different software and hardware architectures. Thus, the aspects of security are manifold and affect all facets of the design of a Web application. Recently, considering Web application security, most attention has focused on the transport and implementation layer. In the discussion about privacy, legal aspects of Web applications were also discussed. In the future, the application semantic and logic is supposed to gain more impact on security issues (Schreiber 2005). Currently, research and industry focus on new technology for the standardized and ubiquitous provisioning of Web applications: Web Services. Substantial efforts have been made and are still in progress to provide security for Web Services, like the WS-Security framework (Nadalin et al. 2004). With more and more organizations tending to realize inter-organizational business processes based on Web Service federations, e.g., in the areas of e-government, e-commerce or e-science, technologies supporting decentralized authorization, authentication, and auditing will gain even more importance for providing the necessary security and at the same time flexibility and scalability.
Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services
Security for Web Applications In the following we discuss aspects for the reliable implementation of CGI applications and elaborate on the prevention of typical attacks. Storage Location of CGI Programs CGI programs can be deployed arbitrarily on the Web server. In order to keep track of all programs and to reduce security threats it is recommended to use a dedicated central directory for them. Typically, these programs are stored in the cgi bin directory on the Web server. In order to prevent unintended information flow, the CGI directory should not contain superfluous files like prior program versions, which attackers can analyze to detect flaws in the implementation that might enable certain attacks. Additionally, access control should be configured as tightly as possible. In the ideal case only system administrators and service developers should have write access to the CGI directory. Most important, the CGI directory should not contain any further executables or interpreters. Otherwise, attacks might succeed in sniffing information about the host system (e.g., system calls might be performed to acquire information about the operating system version, which might enable attacks on unpatched security leaks) or in executing arbitrary script commands. Preventing Unauthorized Command Calls Code injection is also a security threat for CGI scripts. This relies on the fact that CGI programs like interpreted Perl scripts allow to run shell commands. Such commands can be posted using system(), exec(), piped(), eval() or open(). First of all, it is good coding practice to examine whether shell commands are required at all. Second, as always when code injection has to be avoided, user input should never be trusted. If shell commands are required, at least the user input should be scanned to see whether it contains shell meta-characters. Another wide-spread attack technique is to alter the PATH environment variable. This aims at the execution of a program other than the one intended by the application developer. This risk can be subverted by using absolute paths when calling programs or by explicitly setting the PATH variable before making program calls. As described in (Syroid 2002), security for CGI program execution can be enhanced by employing wrappers like suEXEC or CGIWrap. Wrappers perform certain security checks prior to execution. They allow changing the account under which CGI processes are executed, so that system privileges can be restricted as required. 13.6.4 Service Availability Denial of service attacks Denial of service (DoS) attacks aim at compromising the system or the Web application, so that normal user requests can no longer be served (Auger et al. 2004). DoS attacks can be performed by starving the system of critical resources like CPU, memory or disk space. A possible attack scenario can be the overloading of an application or an underlying resource like a database system by use of costly requests that consume most of the system s computational power. DoS attacks
Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services
Security for Web Applications The table usersin the book.store.com database stores all user information. $nameand $password are the input variables of the respective Web form. The input parameters are inserted in the above SQL statement surrounded by quotation marks. An attacker can exploit this by entering appropriate input. Let s assume that a malicious user enters OR = into the password field. The following SQL statement will be sent to the database system. SELECT * FROM users WHERE name = ‘Alice’ AND password = ” OR “=” Regarding the priorities of the boolean operators AND and OR, the expression is equivalent to the following with brackets: WHERE (name = ‘Alice’ AND password = “) OR ‘=”.Inthis case the WHERE clause will always evaluate to true. Thus, if the login process simply checks whether a non-empty result set is returned, access would be granted. Apart from this simple example, attackers might even acquire access with administrative privileges, e.g., by posting ‘ OR name=’admin’ into the input field under the assumption that an administrative account with name admin exists. In this case, they are able to create new user profiles with administrative privileges or to establish separate connections with full privileges onto the database. We give one further example showing the threats of SQL injection. Let s assume that book.store.comoffers a search option, where customers can enter a search string into a text box and receive a list of matching books. The following SQL statement will be used: SELECT * FROM books WHERE title like ‘%$searchcriterion%’ This can be misused by malicious users entering a search criterion that terminates the genuine SQL statement and executes another statement. For example, if the query is executed with the following search item ‘; drop table books - first the table books is scanned with no specific title being stated. Afterwards, the second command leads to the deletion of the books table. The two slashes –introduce comments in SQL and are used to skip the remaining part of the original query. Obviously, attackers can perform almost any SQL operation on the book.store.comdatabase in this way restricted only by the privileges of the database account under which these statements are executed (see below). We have only presented statements with string parameters so far. That s why we used the -quotation mark for string termination. Depending on the data types of the parameters, e.g., integers, this is not required. Additionally, we have shown SQL queries with the input parameters at the end of the statements, which simplifies attacks. If SQL queries are written within one line, the end of the statement can be ignored by the use of comments. Otherwise, attacks are more difficult. Anyway, you might argue that malicious users have to know the SQL statements to be able to perform attacks. Apart from the simple trial-and-error method, they can enter requests that lead to syntax errors when the statement is executed. If the Web application is not equipped with thoughtful error handling (which from a software engineering perspective should always
Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services
13.6 Service Provider Security Issues 289 be the case) the error code produced by the database might be passed to the requestor, i.e., the attacker. Depending on the database system, the error text might include the executed query. Prevention Parameter verification: One possibility to hinder SQL injection is to verify the syntax of the input parameters, i.e., to check whether they are of the format that the service developer expected. This obviously brings about an additional burden for the application programmer who has to be aware of all possible SQL injection attack types to build appropriate verification methods. Prepared statements: Using prepared statements is the best practice. Most database systems support prepared statements for the purpose of query optimization. Prepared statements are parameterizable, which means that statements and parameters are sent to the database separately. The database (or database connectivity driver) checks the type of the parameters. Thus, strings are quoted accordingly. Exception handling: When implementing database-based Web applications a concise exception handling should be realized. Database errors that are displayed to the client instead of being caught, not only bear the impression of low implementation quality, but also provide attackers with helpful information. Principle of least privilege: Typically, Web applications access underlying database systems via a dedicated database account. Depending on the privileges that are granted to this account, SQL injection attacks vary with regard to the damage they can cause. Suppose that book.store.com s search functionality is run under an account with database administration privileges. Then the above attack of dropping the table would succeed. The same does not hold if the least privilege principle is followed: this means that a database account is used that is only granted the required privileges, i.e., select on the table books. 13.6.3 Security of CGI Programs The Common Gateway Interface (CGI) is a standard for the communication between programs or scripts and a Web server (Castro 2001). CGI constitutes a possibility for creating dynamic Web content. CGI programs, i.e., compiled executables or interpretable scripts, receive input parameters via the standard input and write their output on the standard output. A Web server can process the respective output and present it to the client, e.g., as HTML. CGI programs offer a very flexible way of creating dynamic Web applications, but their flexibility comes along with some security holes that have to be considered: CGI programs can leak information about the host system they are executed on. This can enable malicious users to break into the system. Thus, information hiding is a necessity to prevent attacks. CGI programs can be victims to code injection. If user input is passed unchecked to CGI programs, service availability may be endangered or commands and system applications (other than the CGI programs) may be executed.
Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services
13.6 Service Provider Security Issues 287 Prevention Whether a site is vulnerable to XSS attacks can be verified through passing the alert command as parameter, as shown in the above example. If this test succeeds, i.e., the message window pops up, then in most cases any other XSS attack would be possible, too. How can XSS attacks be avoided? (Klein 2002) lists three categories of techniques for the prevention of XSS: Input filtering: Ingoing requests are checked to see whether they contain potential XSS attacks. For example HTML tags can be prohibited and symbols like < can be replaced by < . Input validation requires further programming effort from an application programmer who is aware of possible security threats. Output filtering is quite similar to input filtering, but the user data are checked before the HTTP-response is sent to the client. Application firewalls intercept HTTP traffic and can detect and prohibit XSS attacks before being sent to the Web server. 13.6.2 SQL Injection SQL is a standardized query language for relational database systems. Many Web applications rely on the interaction with (relational) database systems by passing user requests to databases. That is, based on user input, SQL query statements are generated and sent to database systems in order to retrieve or modify data. SQL injection means that attackers are able to execute malicious SQL code by exploiting flaws in the implementation of the Web application. SQL injection as well as cross-site scripting (XSS) belongs to the category of generic code injection attacks, but the attack characteristics differ. XSS involves three parties a victim user, an attacked service provider and the attacker. In contrast to this, an attacker using SQL injection can undermine the security of service providers and their customers by directly attacking a Web application. SQL injection is one of the most prominent representatives of code injection attacks. Depending on the underlying database system, e.g., an XML database, other attacks like XPath or XQuery injection can take place as well (Auger et al. 2004). In the following, we focus on the security threats of SQL injection and provide possibilities for their prevention. Service developers employing non-relational database systems like XML databases are encouraged to apply analogue security considerations for their respective service implementations. Example Let s consider the previous example of book.store.com providing personalized sites for its customers once again. Users are redirected to their personalized mybookstore pages after having entered their username and password in a Web form. Before being redirected, the submitted account information is validated using the subsequent SQL query: SELECT * FROM users WHERE name = '$name' AND password = '$password'
Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services