Building resilient web applications helps mitigate risks due to server hardware failure, cyberattacks or loss of connectivity.
The advantages of web applications over native applications, such as the ease of distribution and platform independence, attract
developers and businesses. Traditional web application design requires at least two separate machines, client and server, to work and be
connected at any given time. Keeping client and server connected is becoming a challenging task with the recent increase of cyberattacks
[1]. With new browser capabilities, it is possible to create resilient web applications that can handle loss of connectivity or cyberattacks
on the server. Developing such applications will improve cyber resilience and help reduce disaster recovery time and cost.
Existing and new APIs such as Web Cryptography and Web Storage implemented in modern browsers were explored and evaluated for
the dependability in creating a resilient application design. The experiment suggests a development of a new design and implementation
framework. The result application is resilient to bad Internet connections, server failures, cyber-attacks on servers, and security problems
in the browser environment.
Published In:IJCSN Journal Volume 7, Issue 5
Date of Publication : October 2018
Pages : 311-319
Figures :11
Tables : --
Jebreel Alamari :
Computer Science Department, University of Colorado at Colorado Springs
Colorado Springs, CO 80918, United States.
C. Edward Chow :
Computer Science Department, University of Colorado at Colorado Springs
Colorado Springs, CO 80918, United States.
Web Browser, Web Cryptography, IndexedDB, JavaScript
In this research we built a resilient web application design
that can handle multiple threat scenarios, such as
connection loss, cyber attacks on the back-end machines,
or hardware failure at server level. It also includes an
efficient synchronization pattern to transfer data securely
between client database and server database in about 20
milliseconds in average, taking into account the
differences between the databases in the way they store
data. Additionally, the design has a unique authentication
model that can work either in online or offline mode. Also,
in this design we put the user in charge of his/her data
security by encrypting it at rest, either in the browser or on
the server. Last, we came up with a mechanism to generate
cryptographic keys from user credentials using Web
Crypto API in reasonable time.
[1] "Cyber security: global incidents 2015
statistic."[Online]. Available:
https://www.statista.com/statistics/387857/numbercyber-
security-incidents-worldwide/
[2] T. F. S. LIVRAMENTO, E. A. Q. DE OLIVEIRA, M.
S. RODRIGUES, and M. B. MORAES,
"Scientific production analysis of resilient enterprises,"
in Conference Proceedings in International Association
for Management of Technology-IAMOT, 2015, pp.
2253-2264.
[3] Z. Yang, Y. Gou, Y. Zhu, and H. Zheng, "Availability
modeling and simulation of satellite navigation system
based on integration of pdop and reliability
maintainability supportability," in China Satellite
Navigation Conference. Springer, 2018, pp. 241-256.
[4] W. West and S. M. Pulimood, "Analysis of privacy and
security in html5 web storage," Journal of Computing
Sciences in Colleges, vol. 27, no. 3, pp. 80-87, 2012.
[5] "Jquery," https://jquery.com/.
[6] Offlinefirst, "offlinefirst." [Online]. Available:
http://offlinefirst.org/
[7] J. Justin and J. Jude, "Go offline," in Learn Ionic 2.
Springer, 2017, pp. 79-97.
[8] N. Foundation, "Node.js." [Online]. Available:
https://nodejs.org/
[9] S. Z. Naseem and F. Majeed, "Extending html5 local
storage to save more data; efficiently and in more
structured way," in Digital Information Management
(ICDIM), 2013 Eighth International Conference on.
IEEE, 2013, pp. 337-340.
[10] T. Wahlberg, P. Paakkola, C. Wieser, M. Laakso, and J.
Ršoning, "Kepler-raising browser security awareness,"
in Software Testing, Verification and Validation
Workshops (ICSTW), 2013 IEEE Sixth International
Conference on. IEEE, 2013, pp. 435-440.
[11] "Superheroic javascript mvw framework." [Online].
Available: https://angularjs.org/
[12] "Ember.js: Homepage." [Online]. Available:
https://www.emberjs.com/
[13] [Online]. Available: https://www.mysql.com/
[14] "Indexed database api 2.0." [Online]. Available:
https://www.w3.org/TR/IndexedDB-2/
[15] "Web sql database." [Online]. Available:
https://www.w3.org/TR/webdatabase/
[16] "Same origin policy." [Online]. Available:
https://www.w3.org/Security/wiki/Same Origin Policy
[17] C. Bansal, K. Bhargavan, A. Delignat-Lavaud, and S.
Maffeis, "Keys to the cloud: formal analysis and
concrete attacks on encrypted web storage," in
International Conference on Principles of Security and
Trust. Springer, 2013, pp. 126-146.
[18] "Web crypotography." [Online]. Available:
https://www.w3.org/TR/WebCryptoAPI/
[19] "crypto.js." [Online]. Available:
https://code.google.com/archive/p/crypto-js/
[20] "polycrypt.js a web crypto polyfill." [Online]. Available:
http://polycrypt.net/
[21] "Nfwebcrypto." [Online]. Available:
https://github.com/Netflix/NfWebCrypto
[22] C. Reis, A. Barth, and C. Pizano, "Browser security:
lessons from google chrome," Communications of the
ACM, vol. 52, no. 8, pp. 45-49, 2009.
[23] S. Adee, "Chrome the conqueror," IEEE Spectrum, vol.
47, no. 1, 2010.