IDL - International Digital Library Of Technology & Research Volume 1, Issue 5, May 2017
Available at: www.dbpublications.org
International e-Journal For Technology And Research-2017
Information Flow Control as a Service on Cloud System Mr. Ahmad Faheem Raheme
*1
, Mr. R Rajkumar *2
M.Tech*1 , Department of Information Science and Engineering Assistant Professor∗2 , Department of Information Science and Engineering RNS Institute of Technology, Bengaluru, Karnataka, India
as a Service for cloud system are
IFCaaS has been designed in such a way that every
increasing in every prospect since the beginning of the Cloud.
application that has been developed in different
Applications on cloud or internet are available everywhere and
programming language will have a specific
Abstract-Security
its access able to anyone who has internet accessibility, there for security for such applications are required there for security
dictionary so that the source code of that
maintainers are available from anti-virus, security event
application will be tested and matched with the
management
and
dictionary that has been provided if the source code
intrusion detection. These security applications maintain the
has any vulnerability then the third party service
services,
authentication,
anti-malware
security of such applications but those security solutions will come at a cost which are mostly costly not all internet or cloud
will give a low rating point on how much the
users can afford. Hence Information Flow Control as a Services
specific application is vulnerable. Hence these
on Cloud Systems has been introduced which will bring a
services can help in nurturing the efficiency of
solution for any vulnerability in applications which are
security resolutions.
available on cloud.Information Flow Control as a Service on
Cloud computing a service which is
cloud System basically based on third party which is trusted party for checking and searching applications’ metadata or
provided through internet everywhere in the world
source code for vulnerability if any application that is designed
It provides different types of service for clients or
or developed in any particular programming language IFCaaS
consumer. Clients and consumers could be anyone
will check that particular application and match them with specific programming language dictionary which has been provided for different types of programming language.
1. INTRODUCTION
just a common person who use cloud services as a storage or it could be software developer, big multinational organization, public and private companies, who use cloud services for different
Information Flow Control as a Service on Cloud
proposes.
System a web based application that provide services for Application as a Service and for users. It’s based on vulnerability checking on source code of specific application. The vulnerability checking is done by third trusted party which all the applications’ metadata will be sent to third party server, when the application arrived in third party
Cloud computing has three models or categories which are Software as a Service, Application as a Service and Infrastructure as a Service. These services provide different types of service for user. Since this project is based on Software as a service the concentration would be on Software as a Service.
server’s storage it will immediately open the source code and check that with the specific dictionary. IDL - International Digital Library
Software as a Service (SaaS) it provides application or software licensing for clients upon 1 |P a g e
Copyright@IDL-2017
IDL - International Digital Library Of Technology & Research Volume 1, Issue 5, May 2017
Available at: www.dbpublications.org
International e-Journal For Technology And Research-2017 their request that is why it also called on-demand
It provides different types of service for clients or
software, which is a third party service it is being
consumer. Clients and consumers could be anyone
provided on internet. Hosts provide such service
just a common person who use cloud services as a
and application and those will be available on
storage or it could be software developer, big
internet hence users can have access to such
multinational organization, public and private
services from internet. Advantages or benefits of
companies, who use cloud services for different
using SaaS is that users don’t need hardware for
proposes.Cloud computing has three models or
installing their required application or software, not
categories which are Software as a Service,
only hardware there is no need for installing the
Application as a Service and Infrastructure as a
software into the system users can have access to
Service. These services provide different types of
such software just by having access to internet
service for user. Since this project is based on
connection and some registration to specific cloud
Software as a service the concentration would be
service provider in order to have access to desire
on Software as a Service.
application or software which is needed or which is provide from
cloud service provider
under
Software as a service categories.
Software as a Service (SaaS) it provides application or software licensing for clients upon their request that is why it also called on-demand
Introduction to Information Flow Control as a
software, which is a third party service it is being
Service on Cloud System
provided on internet. Hosts provide such service
In This generation where technology is used in every aspect of our life from personal to professional from private to public each and every organization
whether
it’s
private
or
public
somehow connected to technology and computer network which interconnect all the public and
and application and those will be available on internet hence users can have access to such services from internet. Advantages or benefits of using SaaS is that users don’t need hardware for installing their required application or software, not only hardware there is no need for installing the software into the system users can have access to
private networks together.
such software just by having access to internet Since the technology is developing rapidly
connection and some registration to specific cloud
every month every year new services are being
service provider in order to have access to desire
produced
application or software which is needed or which is
by
programmer
software and
developer
hardware
application
inventors,
these
development and invention has brought new phenomena
which
is
now
being
used
provide from
under
Software as a service categories.
in 2.RELATED WORK
everywhere, which is called Cloud computing, that provide services for user and developers. Cloud computing a service which is provided through internet everywhere in the world
In This generation where technology is used in every aspect of our life from personal to professional from private to public each and every organization
IDL - International Digital Library
cloud service provider
2 |P a g e
whether
it’s
private
or
public
Copyright@IDL-2017
IDL - International Digital Library Of Technology & Research Volume 1, Issue 5, May 2017
Available at: www.dbpublications.org
International e-Journal For Technology And Research-2017 somehow connected to technology and computer
providers or cloud application providers. As the
network which interconnect all the public and
cloud services are provided by multi tenants and
private networks together.
are very easily accessible by clients or users the
Since the technology is developing rapidly
data or information which are provided for those
every month every year new services are being
user can be harmful if the applications which are
produced
developed by programmers and put into the cloud
by
programmer
software and
developer
hardware
application these
has any harmful codding or if those application got
development and invention has brought new
infected from other application or programs the
phenomena
detecting leakage between cloud service would find
which
is
now
inventors,
being
used
in
everywhere, which is called Cloud computing, that
any issue.
provide services for user and developers.
In paper [3], which is based on Intrusion
Cloud computing a service which is
detection authors explained how Intrusion detection
provided through internet everywhere in the world
system as a service can find and eliminate the
It provides different types of service for clients or
possibility of threat to the public cloud the authors
consumer. Clients and consumers could be anyone
suggest that all the user or cloud service providers
just a common person who use cloud services as a
put an intrusion detection to their system for
storage or it could be software developer, big
detecting any intrusion which could be from either
multinational organization, public and private
side from client or service user or from service
companies, who use cloud services for different
providers with the help of intrusion detection if any
proposes.
party service provider or user violate or attempt to
Authors discussed in paper [1], about Security
concerns
which
are
extensively
compromise the system with the help of Intrusion Detection.
comprehended as an obstacle to the implementation
This paper based on cloud services and authors
of cloud computing solutions. Information Flow
described on [4] how cloud services should be
Control (IFC) is a well understood Compulsory
provided and avoid any threats the authors
Access Control methodology. Technology which is
basically
available
system
Information Flow Control in Service Cloud which
management of distributed computing can solve
is provide a service chain to provide protection
security concerns which are wildly seen these days
against any threat to the cloud.
for
cloud
computing
and
on networking or internet. These security issues
introduced,
In
[5],
the
Rule-Based
authors have
Run-Time
proposed
which are mostly based on cloud networking can
Enforcing Secure Information Flow at the Cloud
be fixed with the help of decentralized IFC which
Edge which is based in data processing on Platform
the authors have discussed and issued for
as a Service with use proposed system the
controlling the cloud security and cloud network
applications which flows through the cloud
management.
services can be checked line by line for
Authors have explained in paper [2],
vulnerability and any malicious coding when buy
Detecting Data Leakage between Cloud service
IDL - International Digital Library
3 |P a g e
Copyright@IDL-2017
IDL - International Digital Library Of Technology & Research Volume 1, Issue 5, May 2017
Available at: www.dbpublications.org
International e-Journal For Technology And Research-2017 checking a java application line by line any vulnerability can be spotted or detected.
3.5 System Requirement Any project which is being developed or modified has requirements which must be considered. The
3.PROPOSED WORK
main idea or goal of system requirement is to
Application or software which are provided for
develop an independent project which is more
users or clients on cloud or internet for any propose
efficient and the propose of system requirement is
which could be commercial or non-commercial
to meet the software requirement specification.
must be verified by third party which should be a
Software has their own requirement specification
trusted party.
with the help of system analysis, which also called
Third party should not be in favor of
requirements engineering those requirements can
anyone software as a service provider, cloud
be solved, whiten this process the user determines
service provider or users who are intent to use
expectations for a new or modified product. These
applications or software from cloud. The third
features,
party with use of Information Flow Control (IFC)
computable, related and comprehensive.
can detect any vulnerability to the source code of
Software requirement specification describe the
the application or software which has been sent.
behavior of the project and it’s development which
After the source code is verified for
includes
called requirements,
the
functional
that
and
must
be
nonfunctional
vulnerability the third party will provide details
necessities for the project or software to be
information of specific application for users into
developed. The functional requirements contain
the logbook then users can download or use those
that
specific verified application.
compatibility which needs to be considered while
3.4 Advantages in proposed system
developing any project and software. None
the
software
compatibility
and
none
functional requirements include the control on the
Application and software can be trusted.
Detection of vulnerabilities.
Verified source code of application.
project which is going to be developed which
Users can see how much an application
includes
has vulnerability.
availability of services, configuration of services.
strategy or operation of the project or software. Requirements must meet all the functionality of
performance,
services,
platforms,
For providing a services which is available on the cloud from any location and at any time the project must be designed and implemented in web based that is accessible from any operating system with internet connection. Servers are required for providing such web based services those servers Figure 3.1: Proposed Architecture
must be configured in a way that could hand Flow of Data in different timeline since the data will
IDL - International Digital Library
4 |P a g e
Copyright@IDL-2017
IDL - International Digital Library Of Technology & Research Volume 1, Issue 5, May 2017
Available at: www.dbpublications.org
International e-Journal For Technology And Research-2017
flow from cloud to cloud between software
Output
functionality:
With
output
developers. The main requirement of IFCaaS is that
functionality the user can have access to
it has to be available on the system and it needs to
IFCaaS database for downloading the
be accessed from different part of the world at any
application. Descriptions of work-flows
time.
performed by the scheme (it explains the control flow of the project)
3.5.1 Functional Requirements
Descriptions of the user credentials: How
Product functional requirement is review or
users create their database how the system
exploration of the product which is being
stores all that information.
developed or being modified, this analysis shows
how the product is carried out is the product fake or
Accessibility:
How the services are
accessible though the network.
real since the project is being developed whiten server and client environment it should contain all
Server
the requirement for both server and client which
Upload files and store
later on each functionality of service is explained
Download graded file
throughout the report. All the functionality of the
Stabs and Skeleton
project which are going to be implemented are explained in this section. For every new project or
Alert System
software which is going to be developed its
important to determine the functionality of that project or software that how it works and what are
Communication devices.
Inform the stabs communicating with server
Trusted Server
the requirements.
Track record of stabs.
All the system functionality and system design
Only Access will be given cloud server
which has been implemented to IFCaaS project is essential and it’s important to be considered while
Analysis Objects
developing the project in order to not face any
Analysis objects are used to described object and
failure during the execution of the project.
provided detailed information about objects which
The Functional requirements of the IFCaaS project are include the following.
Functionality for data input to be used: it indicates the type of data that needs to be uploaded or select for transferring to the third party (here user can choose java file /C sharp/ and Spring browsing data as input)
are used in the project. It’s important to define each objects since deferent types of objects has been used in this project graphic and text base object that define the whole objects which has been used in IFCaaS. Different types of object has been used during the project development each and every object has its own independent objective that gives the project ability to work as it was designed there are several types of object that have been used, which are explained in the following section.
IDL - International Digital Library
5 |P a g e
Copyright@IDL-2017
IDL - International Digital Library Of Technology & Research Volume 1, Issue 5, May 2017
Available at: www.dbpublications.org
International e-Journal For Technology And Research-2017 Interface Objects The interface objects are used and responsible for controlling the web based services and java application throughout interface object users can have access and use the provided services. Interface objects includes server outlet and clients which are developed under NetBeans.
Table 1shows the name of application which is
Java and JSP are also used for web
being tested platform of application in which
services such as web pages and controlling the
programming language the application has been
server for maintaining connection between server
developed the next last column indicate the grading
and client.
of coding the application which means it shows that specific application which is coded in specific
Control Objects
language how much of the codding is from same Control objects are used to provide accessibility for
programming language and how much of the
users since it’s not a command line project or
coding not relate to specific language
service it’s an object oriented project each services 5. CONCLUSION
which are used in this project required objects, those objects needs to be control by users and
With recent development and rapidly increasing of
server’s objects are provided by SOAP.
the cloud service providers and application which are available on the cloud it is very important to
Entity Objects
maintain security and integrity for applications Entity objects used to provide access to the
which are delivered to users from Software as a
database of the system this project contain a
Service provider through cloud service providers.
database which hold all the information and data
When the applications are put on the cloud for
for users and developers who are trying to use the
users to download or use online those application
services.
might have some vulnerability, which may compromise all the system or individual system in
4.EXPERIMENTAL RESULTS After developing the project implementation to
which that application is being used.
validate the effectiveness of IFCaaS the project has
Since there are multi software providers
been tested on source code of targeted applications
and service and applications which are provided
(java, C# and Spring). The testing on targets
through cloud service providers all those service
demonstrating
for
providers might be insecure without any valid and
detecting vulnerabilities in cloud SaaS applications.
none-venerable applications. The IFCaaS project
the
precision
of
IFCaaS
has shown that it can be very effective for maintaining and providing security for cloud application. Through third party services for
IDL - International Digital Library
6 |P a g e
Copyright@IDL-2017
IDL - International Digital Library Of Technology & Research Volume 1, Issue 5, May 2017
Available at: www.dbpublications.org
International e-Journal For Technology And Research-2017 checking vulnerability and insecurity in coding of
Annual International Computers, Software & Applications
applications
Conference, 2015. [10] Ramegowda, A unidirectional data-flow model for
REFERENCES
cloud data security with user involvement during data transit, International Conference on Communication, 2014.
[1]
Jean Bacon, David Eyers, IEEE, Thomas F. J.-M.
[11]Safwan Mahmud Khan, Kevin W. Hamlen and Murat
Pasquier, Jatinder Singh, IoannisPapagiannis, and Peter
Kantarcioglu, Silver Lining: Enforcing Secure Information
Pietzuch, Information Flow Control for Secure Cloud
Flow at the Cloud Edge, IEEE International Conference on
Computing, IEEE Transactions On Network And Service
Cloud Engineering, 2014.
Management, 2014.
[12] Jatinder Singh, Jean Bacon, Cloud Safety Net:
[2] Thuy D. Nguyen, Mark A. Gondree, David J. Shifflett,
Detecting Data Leakage between Cloud Tenants, IEEE
Jean Khosalim, Timothy E. Levin, A Cloud-Oriented
18th International Conference on High Performance
Cross-Domain
Computing and Communications, 2013.
Security
Architecture,
Military
Communications Conference Unclassified Program Cyber
[13]Shih-Chien Chou, Controlling information flows in
Security and Network Management, 2010.
SaaS cloud services, IEEE international Conference on A
[3]Thomas F. J.-M. Pasquier, Julia E. Powles, Intrusion
Break in the Clouds Towards a Cloud Definition, 2012.
detection system as a service in public clouds Intrusion.
[14] Thuy D. Nguyen, Mark A. Gondree, David J. Shifflett,
IEEE International Conference on Cloud Engineering,
Jean Khosalim, A cloud oriented multilayer access control
2015.
system for logic virtual domain, IET Information Security,
[4] Wei She, I-Ling Yen, BhavaniThuraisingham,San-Yih
2012.
Huang, Rule-Based Run-Time Information Flow Control in
[15] Chih-Hung Lin and Zhi-Wei Chen, A Decentralized
Service Cloud, IEEE International Conference on W eb
Information Flow Model for SaaS Applications Security,3rd
Services, 2011.
International Conference on Intelligent System Design and
[5]Thuy D. Nguyen, Mark A. Gondree, David J. Shifflett,
Engineering Applications, 2012.
Jean Khosalim, Timothy E. Levin, Cynthia E. Irvine, A
[16] QuratulainAlam, SaherTabbasum, Saif U. R. Malik,
Cloud-Oriented Cross-Domain Security Architecture, IEEE
MasoomAlam, Tamleek Ali, Adnan Akhunzada, Samee U.
international Conference on Cyber Security and Network
Khan, Formal Verification of the xDAuth Protocol, IEEE
Management, 2010.
Transactions On Information Forensics And Security,
[6]
R.K.Shyamasundar,
N.V.Narendra
2016.
Control
[17]Mahbub Ahmed,Yang Xiang,Shawkat Ali, Above the
for Building Security and Privacy Preserving Hybrid
Trust and Security in Cloud Computing: A Notion Towards
Clouds, IEEE 2nd International Conference on Data
Innovation,
Science and Systems, 2016.
Embedded and Ubiquitous Computing, 2010.
[7] Jatinder Singh, Julia Powles, Thomas Pasquier, and
[18] Olivier Hermant,Managing Big Data with Information
Jean Bacon,Cloud Filter: practical control of sensitive data
Flow Control, IEEE 8th International Conference on Cloud
propagation
Computing, 2010.
Kumar,MuttukrishnanRajarajan,Information-Flow
to
the
cloud,
IEEE
14th
International
IEEE/IFIP
International
Conference
on
Conference on Smart City, 2016.
[19] AbdulatifAlabdulatif, Ibrahim Khalil, Vu Mai, Protection
[8] Jedidiah Yanez-Sierra, Arturo Diaz-Perez, Victor Sosa-
of Electronic Health Records in Cloud, 35th Annual
Sosa and J.L.Gonzalez,Towards Secure and Dependable
International Conference of the IEEE EMBS, 2013.
Cloud Storage Based on User-Defined Workflows, IEEE
[20] Yu Jia Chen, Feng Yi, A Dynamic Security Traversal
2nd International Conference on Cyber Security and
Mechanism for Providing Deterministic Delay Guarantee in
Cloud Computing, 2015.
SDN, IEEE Signal and Information Processing Association
[9]Nidhiben Solanki, Timothy Hoffman,Stephen S. Yau, An
Annual Summit and Conference, 2012.
Access and Information Flow Control Paradigm for Secure
[21] Purva Grover, Rahul Johari,BigData,Cloud Computing
Information Sharing in Service-Based Systems, IEEE 39th
and Distributed Computing, Proceedings of Conference
IDL - International Digital Library
7 |P a g e
on
Communication
Global
Technologies,2015.
Copyright@IDL-2017