Qualification: 
M.Tech
kp_jevitha@cb.amrita.edu

Jevitha K. P. currently serves as Assistant Professor at Department of Computer Science and Engineering, School of Engineering, Coimbatore Campus. Her areas of research include Web Security, Android Security, Web and Mobile Application Development. She also serves as Assistant Professor at TIFAC-CORE in Cyber Security, Coimbatore Campus. 

Publications

Publication Type: Journal Article

Year of Publication Publication Type Title

2017

Journal Article

P. K. Akshay Dev and Jevitha, K. P., “Stride based analysis of the chrome browser extensions API”, Advances in Intelligent Systems and Computing, vol. 516, pp. 169-178, 2017.[Abstract]


Chrome browser extensions have become very popular among the users of Google Chrome and hence they are used by attackers to perform malicious activities which lead to loss of user’s sensitive data or damage to the user’s system. In this study, we have done an analysis on the security of the Chrome extension development APIs. We have used the STRIDE approach to identify the possible threats of the Chrome specific APIs which are used for extension development. The analysis results show that 23 out of the 63 Chrome specific APIs are having various threats as per the STRIDE approach. Information disclosure is the threat faced by many APIs followed by tampering. This threat analysis result can be used as reference for a tool which can detect whether the extension is malicious or not by deeply analysing the ways in which the APIs having threats are used in the extension code. © Springer Nature Singapore Pte Ltd. 2017.

More »»

2016

Journal Article

Ya Kaladharan, Mateti, Pb, and Jevitha, K. P., “An encryption technique to thwart android binder exploits”, Advances in Intelligent Systems and Computing, vol. 385, pp. 13-21, 2016.[Abstract]


Binder handles the interprocess communication in Android. Whether the communication is between the components of the same application or different applications, it happens through Binder. Hence captivating it can expose all the communications. Man-in-the-Binder is one such exploit that can subvert the Binder mechanism. In this paper, we propose an encryption mechanism that can provide confidentiality to app communications to prevent such exploits. © Springer International Publishing Switzerland 2016. More »»

2016

Journal Article

S. P and Jevitha, K. P., “Static analysis of Firefox OS privileged applications to detect permission policy violations”, International Journal of Control Theory and Applications, vol. 9, no. 7, pp. 3085-3093, 2016.[Abstract]


There is an emerging trend to use web browsers as mobile operating systems initiated by big market players such as Mozilla Firefox and Google Chrome. The applications for Firefox OS are basically web applications developed using HTML, CSS, JavaScript and other technologies. Firefox OS uses a Linux kernel and boots into Gecko runtime engine. It provides security features like sandboxed execution for applications, Content Security Policy and permission management system. In this paper, we present a study on the permission management system in Firefox OS through static analysis of its applications. The results of the study on 16 privileged applications downloaded from Firefox OS marketplace shows that about 7% of the permissions accessed by these applications are unauthorised. 13% of the permissions were requested but not used, 14% of the permissions were never requested but the equivalent WebAPI calls were being made in the application source code. Finally 66% of permissions were requested and used. The results reveal that many code reviewed privileged applications hosted on the Firefox marketplace do not conform to the Firefox OS permission policies and could cause potential threats to the system.

More »»

2015

Journal Article

S. Joseph and Jevitha, K. P., “An automata based approach for the prevention of NOSQL injections”, Communications in Computer and Information Science, vol. 536, pp. 538-546, 2015.[Abstract]


The eminent web-applications of today are data-intensive. The data generated is of the order of petabytes and zetabytes. Using relational databases for storing them only complicates the storage and retrieval in the DB and degradation of its performance. The big data explosion demanded the need for a more flexible, high-performance storage concept the NoSQL movement. The NoSQL databases were designed to overcome the flaws of the relational databases including the security aspects. The effective performance and efficient storage criteria were satisfied by the non-relational databases. The attackers, as usual found their way into the NoSQL databases that were considered to be secure. The injection attacks, one of the top-listed attack type of the relational databases poses threat to the non-relational databases as well. MongoDB is one of the prominent NoSQL databases to which the application development trends are shifting. In this paper, we present the different injection attacks on the leading NoSQL database and an automata based detection and prevention technique for this attack. We also evaluate the effectiveness on different subjects with a number of legitimate as well as illegitimate inputs. Our results show that our approach was able to detect all the attacks. © Springer International Publishing Switzerland 2015.

More »»

2014

Journal Article

V. R. Mouli and Jevitha, K. P., “Web Services Attacks and Security- A Systematic Literature Review”, Procedia Computer Science, vol. 93, pp. 870-877, 2014.[Abstract]


Web Services allow applications to communicate with each other independent of platform and/or language. They are prone to attacks in the form of Denial-Of-Service, XML, XPath, SQL injection and spoofing, making implementation of web service security vital. Though many solutions are proposed for minimizing attacks, there is no single solution for mitigating all the attacks on web services. The objective of this paper is to present a systematic review on the studies of web service security. It is identified that there is lot of research going on in web services, dealing mostly with attack detection as well as identification of vulnerabilities in the services. Denial-of-service attack is found to be the most addressed of all attacks. Solutions were mainly proposed using dynamic analysis, closely followed by static analysis.

More »»

Publication Type: Book Chapter

Year of Publication Publication Type Title

2016

Book Chapter

S. Joseph and Jevitha, K. P., “Evaluating the Effectiveness of Conventional Fixes for SQL Injection Vulnerability”, in Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics: ICACNI 2015, Volume 2, A. Nagar, Mohapatra, P. Durga, and Chaki, N. New Delhi: Springer India, 2016, pp. 417–426.[Abstract]


The computer world is definitely familiar with SQL as it plays a major role in the development of web applications. Almost all applications have data to be stored for future reference and most of them use RDBMS. Many applications choose its backend from the SQL variants. Large and important applications like the bank and credit-cards will have highly sensitive data in their databases. With the incredible advancement in technology, almost no data can survive the omniscient eyes of the attackers. The only thing that can be done is to make the attackers work difficult. The conventional fixes help in the prevention of attacks to an extent. However, there is a need for some authentic work about the effectiveness of these fixes. In this paper, we present a study of the popular SQL Injection Attack (SQLIA) techniques and the effectiveness of conventional fixes in reducing them. For addressing the SQLIA’s in depth, a thorough background study was done and the mitigation techniques were evaluated using both automated and manual testing. We took the help of a renowned penetration testing tool, SQLMap, for the automated testing. The results indicate the importance of incorporating these mitigation techniques in the code apart from going for complex fixes that require both effort and time.

More »»

2016

Book Chapter

J. Arunagiri, Rakhi, S., and Jevitha, K. P., “A Systematic Review of Security Measures for Web Browser Extension Vulnerabilities”, in Proceedings of the International Conference on Soft Computing Systems: ICSCS 2015, , vol. 2, P. L. Suresh and Panigrahi, K. Bijaya New Delhi: Springer India, 2016, pp. 99–112.[Abstract]


Web browser is a software application using which we can perform most of the internet-based activities. The commonly used browsers are Mozilla Firefox, Google Chrome, Safari, Opera Mini, and Internet Explorer. Many web applications provide extensions to these browsers to enhance their functionality, while some of the extensions perform malicious activities to get access to the sensitive data without the user’s knowledge. This paper presents a review of the research done on the browser extension vulnerabilities. We found that the most of the researches were done for Firefox and Chrome extensions. Static analysis technique was used in most of the solutions proposed by various researchers. There is no ready to use tool for evaluating the vulnerable behavior of an extension. Hence there is need for more research to evaluate and eliminate the vulnerabilities in web browser extensions.

More »»

2009

Book Chapter

A. K. Talukder, Maurya, V. K., Santhosh, B. G., Jangam, E., Muni, S. V., Jevitha, K. P., Saurabh, S., and Pais, A. R., “Security-aware Software Development Life Cycle (SaSDLC) - Processes and tools”, in International Conference on Wireless and Optical Communications Networks IFIP , 2009, pp. 1- 5.[Abstract]


Today an application is secured using invitro perimeter security. This is the reason for security being considered as nonfunctional requirement in Software Development Life Cycle (SDLC). In Next Generation Internet (NGI), where all applications will be networked, security needs to be in-vivo; security must be functions within the application. Applications running on any device, be it on a mobile or on a fixed platform - need to be security-aware using Securityaware Software Development Life Cycle (SaSDLC), which is the focus of this paper. We also present a tool called Suraksha that comprises of Security Designers' Workbench and Security Testers' Workbench that helps a developer to build Security-aware applications.

More »»

Publication Type: Conference Proceedings

Year of Publication Publication Type Title

2014

Conference Proceedings

K. P. Jevitha and Vishnu, B. A., “Prediction of Cross-Site Scripting Attack Using Machine Learning Algorithms”, Proceedings of the 2014 International Conference on Interdisciplinary Advances in Applied Computing ICONIAAC '14 , 55 vol. ACM, New York, NY, USA, 2014.[Abstract]


Dynamic web pages are widely used by web applications to provide better user experience and to attract more web users. The web applications use the client side and server side scripts to provide dynamic behavior to the web pages. Cross-Site Scripting (XSS) attack uses malicious scripts and links injected into the trusted web pages to steal sensitive data from the victims. In this paper, we present the experimental results obtained using three machine learning algorithms (Naïve Bayes, Support Vector Machine and J48 Decision Tree) for the prediction of Cross-site scripting attack. This is done using the features based on normal and malicious URLs and JavaScript. J48 gave better results than Naïve Bayes and Support Vector Machine based on the features extracted from URL and Java Script code. All the algorithms gave comparatively better results with discretized attributes but noticeable difference in performance was seen only in the case of SVM.

More »»

Publication Type: Conference Paper

Year of Publication Publication Type Title

2009

Conference Paper

A. K. Talukder, Maurya, V. K., Santhosh, B. G., Jangam, E., Muni, S. V., Jevitha, K. P., Saurabh, S., and Pais, A. R., “Security-aware Software Development Life Cycle (SaSDLC) - Processes and tools”, in 2009 IFIP International Conference on Wireless and Optical Communications Networks, 2009.

207
PROGRAMS
OFFERED
6
AMRITA
CAMPUSES
15
CONSTITUENT
SCHOOLS
A
GRADE BY
NAAC, MHRD
8th
RANK(INDIA):
NIRF 2018
150+
INTERNATIONAL
PARTNERS
  • Amrita on Social Media

  • Contact us

    Amrita Vishwa Vidyapeetham,
    Amritanagar,
    Coimbatore - 641 112,
    Tamil Nadu, India.
    • Fax                 : +91 (422) 268 6274
    • Coimbatore   : +91 (422) 268 5000
    • Amritapuri    : +91 (476) 280 1280
    • Bengaluru     : +91 (080) 251 83700
    • Kochi              : +91 (484) 280 1234
    • Mysuru          : +91 (821) 234 3479
    • Chennai         : +91 (44 ) 276 02165
    • Contact Details »