HSM-Based Architecture to Detect Insider Attacks on Server-Side Data

被引:0
|
作者
Dib, Marc [1 ]
Pierre, Samuel [1 ]
机构
[1] Polytech Montreal, Dept Comp & Software Engn, Mobile Comp & Networking Res Lab LARIM, Montreal, PQ H3T 1J4, Canada
来源
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY | 2025年 / 20卷
基金
加拿大自然科学与工程研究理事会;
关键词
Computer architecture; Security; Databases; Cryptography; Servers; Data models; Organizations; Stability analysis; Prevention and mitigation; Encryption; confidentiality; hardware security module; insider attacks; integrity;
D O I
10.1109/TIFS.2025.3544485
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
In this paper, we propose an HSM-based architecture to detect insider attacks on server-side data. Our proposed architecture combines four cryptography-based defense mechanisms: Nonce-Based Process Authentication (NBPA), Hash-Based Field Integrity (HBFI), Hash-Based Field Availability (HBFA), and Hash-Based Row Availability (HBRA). This novel architecture is designed to detect a predefined comprehensive attack model on server-side data tailored for an HSM-based architecture. The implementation results show that the throughput decrease is mostly manageable (14% for NBPA, 30-50% for HBFI, 25% for HBFA, and 43.74% for the combination of all mechanisms), with the indication that some mechanisms are more or less appropriate depending on the situation. Moreover, the HBRA mechanism performed well regarding the attack detection time (5 minutes for a database of 1000 entries).
引用
收藏
页码:2538 / 2549
页数:12
相关论文
共 50 条
  • [21] XSS-SAFE: A Server-Side Approach to Detect and Mitigate Cross-Site Scripting (XSS) Attacks in Java']JavaScript Code
    Gupta, Shashank
    Gupta, B. B.
    ARABIAN JOURNAL FOR SCIENCE AND ENGINEERING, 2016, 41 (03) : 897 - 920
  • [22] Node.fz: Fuzzing the Server-Side Event-Driven Architecture
    Davis, James
    Thekumparampil, Arun
    Lee, Dongyoon
    PROCEEDINGS OF THE TWELFTH EUROPEAN CONFERENCE ON COMPUTER SYSTEMS (EUROSYS 2017), 2017, : 145 - 160
  • [23] On the validity of client-side vs server-side web log data analysis
    Yun, Gi Woong
    Ford, Jay
    Hawkins, Robert P.
    Pingree, Suzanne
    McTavish, Fiona
    Gustafson, David
    Berhe, Haile
    INTERNET RESEARCH, 2006, 16 (05) : 537 - 552
  • [24] A Software Development Course Based on Server-Side Java']Javascript
    Holliday, Mark A.
    Scott, Andrew S.
    2016 IEEE FRONTIERS IN EDUCATION CONFERENCE (FIE), 2016,
  • [25] A Study of a Server Selection Model for Selecting a Replicated Server based on Downstream Measurement in the Server-side
    Kim, Seung-Hae
    Lee, Won-Hyuk
    Cho, Gi-Hwan
    JOURNAL OF INFORMATION PROCESSING SYSTEMS, 2006, 2 (02): : 130 - 134
  • [26] Efficient clustered server-side data analysis workflows using SWAMP
    Daniel L. Wang
    Charles S. Zender
    Stephen F. Jenks
    Earth Science Informatics, 2009, 2 : 141 - 155
  • [27] Efficient clustered server-side data analysis workflows using SWAMP
    Wang, Daniel L.
    Zender, Charles S.
    Jenks, Stephen F.
    EARTH SCIENCE INFORMATICS, 2009, 2 (03) : 141 - 155
  • [28] Enabling geovisual analytics of health data using a server-side approach
    Turdukulov, Ulanbek
    Moncrieff, Simon
    CARTOGRAPHY AND GEOGRAPHIC INFORMATION SCIENCE, 2016, 43 (01) : 16 - 29
  • [29] Server-Side Image Segmentation and Patient-Related Data Storage
    Virag, Ioan
    Stoicu-Tivadar, Lacramioara
    Crisan-Vida, Mihaela
    Amaricai, Elena
    SOFT COMPUTING APPLICATIONS, (SOFA 2014), VOL 1, 2016, 356 : 259 - 266
  • [30] Client-side versus server-side geographic data processing performance comparison: Data and code
    Kulawiak, Marcin
    DATA IN BRIEF, 2019, 26
12345