International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395 -0056
Volume: 04 Issue: 07 | July-2017
p-ISSN: 2395-0072
www.irjet.net
Effective Information Flow Control as a Service: EIFCAAS SUNIL A PG Student, Department Of Computer Science and Engineering, Acharya Institute of Technology, Karnataka, India ---------------------------------------------------------------------***---------------------------------------------------------------------
Abstract – In an environment of cloud ecosystem, web
services have becoming critical aspects as the use of web technologies and software oriented architecture (SOA) are expanded. In order to process and keep acuteness of data, most of the SaaS applications will have the multiple accesses to the data. Even having the maximum benefits from these technologies, they put SaaS applications to the risk of attacks. This may leads to the loss of control and security enforcement over confidential data. In order to fulfill these disadvantages, an effective solution is needed. By taking the reference of security as a service(SecaaS) model, this paper introduces “An Effective Information Flow Control as a Service (EIFCaaS)”. EIFCaaS lays a foundation of clouddelivered IFC-based security analysis and monitoring services. This paper presenting the framework with EIFCaaS to detect the vulnerabilities in the information flow in SaaS applications. To achieve data integrity and confidentiality, this framework is the viable solution.
Key Words: Vulnerability Detection, SecaaS, SOA. 1. INTRODUCTION Cloud computing is a web based application that provides shared computer resources and different services on request. It is a model, which provides a pool of processing resources such as servers, applications and administrations which can be quickly divided and distributed with less effort from management. Cloud computing supports the user to store and process their data in many ways such as privately owning or storing in third party datacenters to access their data from far distance or from anywhere in the world. The resources provided by cloud computing are shared among multiple users their by reducing the cost and improving the economic growth. Cloud computing aims to allow the user to utilize all the technologies provided even without having much knowledge about them. In a recent development, it has been observed that some attacks of applications are targeting the particular type of cloud environment. While developing the SaaS applications, some technologies used in the application development allows the novel attack to the services as existing ones. Thereafter, the research of number of applications running on different cloud (privatecloud, public, hybridcloud) has recorded that, 96% of the applications that are tested with more than one vulnerability. With this aspect, injection of NoSQL, © 2017, IRJET
|
Impact Factor value: 5.181
|
injection of SQL(SQLI) and information ejaculation, they consist of weak security of 55% as recorded, since the exposed security of data towards threats of serious type due to intents of malicious and neglected vulnerabilities. These vulnerabilities can be caused by improper validation of input. The security towards the application can be provided by the various service providers, third parties and other public repositories. The information hacked by the unauthorized user may cause the loss of integrity and confidentiality of the data. Author[1] examine about the security vulnerabilities that can emerge when programming designers make applications or modules for use with JavaScript-based server applications, for example, NoSQL database motors or Node.js web servers. In the worst case situation, an aggressor can misuse these vulnerabilities to transfer and execute discretionary paired records on the server machine, viably allowing him full control over the server. JavaScript has been broadly utilized on web application customer side levels (i.e. in code executing in the userʼs program) for a considerable length of time with a specific end goal to give a wealthier, more "desktoplike" client encounter. In any case, as of late, there has been a surge of enthusiasm for JavaScript not only for customer side code, but rather for server-side code also. There are currently server-side JavaScript (or SSJS) includes in database servers (CouchDB for instance), document servers (Opera Unite), and web servers (Node.js). Absolutely quite a bit of this new intrigue can be ascribed to the huge execution changes that JavaScript motor designers have made as of late. Rivalry between Microsoft, Mozilla, Apple, Google, and Opera to assemble the speediest program has brought about JavaScript motors that run requests of extent quicker than their forerunners of only a couple discharges past. While it might not have been possible from an execution point of view to manufacture a completely working web server in light of JScript around. By the use of speed, volume and assortment of big data it is possible to amplify the security and protection issues such as expanded cloud scale foundation, information sources and arrangement differences, discharging nature of information collection and cloud relocation with high volume. Accordingly, conventional security components, which are custom fitted to securing little scale, static (instead of spilling) information, are deficient. Here the
ISO 9001:2008 Certified Journal
|
Page 3107