SlideShare a Scribd company logo

Research paper

P
Pavan Muralidhara
1 of 4
Download to read offline
International Journal of Scientific & Engineering Research, Volume 4, Issue 10, October-2013 1686 ISSN 2229-5518 IJSER © 2013 http://www.ijser.org Security issues in cloud computing and its countermeasures Pavan Muralidhara Abstract- Cloud computing is a technology of delivering resources such as hardware, software (virtual too) and bandwidth over the network to the consumers worldwide. All the services are requested and accessed through a web browser or web service. The main advantage that cloud is provided to the nation worldwide is that it is not so easily affordable to one and all. Multi-conglomerate companies invest a lot of money on the cloud and let people access it for a smaller cost and even free at the lowest level of the consumer chain. In this paper we address to the problems that the cloud technology faces and how it can be overcome. Keywords- Cloud computing, Security issues, Cloud security, Denial of Service, Xml signature element wrapping, Brower security, Cloud malware injection ——————————  —————————— 1 INTRODUCTION Cloud computing name suggests that it’s a cloud of services. It was also named “cloud” because you can view cloud from everywhere be it from India or from Amsterdam. Similarly you can access the cloud from anywhere, from whichever part of the world from an array of devices right from computers, laptops, pda’s, mobiles, etc. Companies or even direct consumers can access the services present in cloud through a web server or a web browser. Advantage of cloud is that it reduces the cost of hardware deployment, software license and system maintenance. But as they say, nothing comes without a price to pay. Hence this paper illustrates some of the security issues in cloud technology and how to overcome those. Figure 1: Real definition of cloud (accessible from anywhere from many devices) 2 CLOUD COMPUTING SECURITY ISSUES AND ITS COUNTERMEASURES 2.1 DoS Attack Denial of Service is one of the attacks on the cloud that prevents the consumer from receiving the service from the cloud. The attacker usually floods the cloud with excessive requests to the target server and the actual consumer might not be able to receive the service since the server is busy servicing the attacker. There are many methods to perform a DoS attack such as SYN flood. A SYN flood exploits the TCP 3-way handshake by requesting connections to the target server and ignoring the acknowledgement (ACK) from the server. This makes the server to wait for the ACK from the attacker, wasting time and resources. Eventually, the server does not have enough resources to provide services to clients. This attack can be prevented by authorizing strict access to the cloud and using cryptographic protocols to ensure that the right personnel are accessing the cloud. IJSER
International Journal of Scientific & Engineering Research, Volume 4, Issue 10, October-2013 1687 ISSN 2229-5518 IJSER © 2013 http://www.ijser.org Figure 2: Denial of service to the customer by the attacker 2.2 Xml signature element wrapping Due to the fact that clients are typically able to connect to cloud computing via a web browser or web service, web service attacks also affect cloud computing. XML signature element wrapping is the well-known attack for web service. Although Cloud security uses XML signature in order to protect an element’s name, attributes and value from unauthorized parties, it is unable to protect the particulars in the document. An attacker is able to manipulate a SOAP message by copying the target element and inserting whatever value the attacker would like and moving the original element to somewhere else on the SOAP message. This technique can trick the web service to process the malicious message created by the attack. Figures 3 and 4 illustrate an example of an XML signature element wrapping attack. According to the figure 3, the client requests a picture called “me.jpg”. However, if the attacker intercepts and alters the SOAP message by inserting the same element as the client but the attackers requests a document called “cv.doc” instead of the picture shown as the figure 4. After the web service receives the message, the web service will send the cv document back to the client. Another potential scenario attack may be in the case of the e-mail web service application. If an attacker intercepts the SOAP message and changes the receiver’s e-mail address to the attacker’s e- mail address, the web service will forward the e-mail to the attacker. In 2008, Amazon’s EC2, which is the public cloud computing system of Amazon, was discovered that it was vulnerable to XML signature element wrapping attack .The possible countermeasure would be using a combination of WSSecurity with XML signature to sign particular element and digital certificated such as X.509 issued by trusted Certificate Authorities (CAs). Furthermore, the web service server side should create a list of elements that is used in the system and reject any message which contains unexpected messages from clients. Figure 3: Soap message before the attack Figure 4: Soap message after the attack 2.3 Cloud malware injection attack Cloud malware injection is the attack that attempts to inject a malicious service, application or even virtual machine into the cloud system depending on the cloud service models (SaaS, PaaS and IssA) [5]. In order to perform this attack, an intruder is required to create his own malicious application, service or virtual machine instance and then the intruder has to add it to the cloud system. Once the malicious software has been added to the cloud system, the attacker has to trick the cloud system to treat the malicious software as a valid instance. If it is successful, normal users are able to request the malicious service instance, and then the malicious is executed. Another scenario of this attack might be an attacker try to upload a virus or trojan program to the cloud system. Once the cloud system treats it as a valid service, the virus program is automatically executed IJSER
International Journal of Scientific & Engineering Research, Volume 4, Issue 10, October-2013 1688 ISSN 2229-5518 IJSER © 2013 http://www.ijser.org and the cloud system infects the virus which can cause damage to the cloud system. In the case of the virus damages the hardware of the cloud system, other cloud instances running on the same hardware may affect to the virus program because they share the same hardware. In addition, the attacker may aim to use a virus program to attack other users on the cloud system. Once a client requests the malicious program instance, the cloud system sends the virus over to the internet to the client and then executes on the client’s machine. The client’s computer then is infected by the virus. The possible countermeasure for this type of attack could be performing a service instance integrity check for incoming requests. A hash value can be used to store on the original service instance’s image file and compare this value with the hash values of all new service instance images. As a result of using the hash values, an attacker is required to create a valid hash value comparison in order to trick the cloud system and inject a malicious instance into the cloud system. 2.4 Browser security In a cloud computing system, the computational processes are completed in the cloud server whereas the client side just sends a request and waits for the result. Web browser is a common method to connect to the cloud systems. Before a client can request for services on the cloud system, the client is required to authenticate himself whether he has an authority to use the cloud system or not. In the security point of view, these days, web browsers rely heavily upon SSL/TLS process. They are not able to apply WS-Security concept (XML Signature and XML Encryption) to the authentication process. As a consequence, when a web browser requests a service from the web service in a cloud system, it cannot use XML Signature to sign the client’s credentials (e.g. username and password) in order to authenticate the user and XML Encryption to encrypt the SOAP message in order to protect data from unauthorised parties. The web browser has to use SSL/TLS to encrypt the credential and use SSL/TLS 4-way handshake process in order to authenticate the client. Nevertheless, SSL/TLS only supports point-to-point communications, meaning that if there is a middle tier between the client and the cloud server, such as a proxy server or firewall, the data has to be decrypted on the intermediary host. If there is an attacker sniffing packages on that host, the attacker may gain the credentials and use the credentials in order to log in to the cloud system as a valid user. In addition, SSL/TLS has been broken by Marlinspike in July 2009. Marlinspike used the technique called “Null Prefix Attack” in order to perform undetected man-in-the-middle- attack attacks against SSL/TLS implementation. As a result of this, attackers are able to perform this technique in order to requests services from cloud systems without a valid authentication. It seems that SSL/TLS is still limited in its capacities as an authentication for cloud computing. The potential countermeasure for this is that the vendors that create web browsers apply WS-Security concept within their web browsers. The reason why WS-Security appears to be more suitable than SSL/TLS is WS-Security works in message level. As a result of this, web browsers are able to use XML Encryption in order to provide end-to-end encryption in SOAP messages. Unlike point-to-point encryption, end-to-end encryption does not have to be decrypted at intermediary hosts. Consequently, attackers are unable to sniff and gain plain text of SOAP messages at the intermediary hosts illustrated. 3 CONCLUSIONS In this paper, a selection of issues of cloud computing security, DoS attack, XML Signature Element Wrapping, Cloud Malware Injection Attack and Browser Security, and its potential countermeasures are mentioned. Due to Dos attack, the attacker can flood messages to the cloud which results in denying services to the actual customer. The attacker can also alter the soap message to change the requested data by the customer and possibly even change whom the service has to be delivered to which could be ridiculously dangerous. The attacker could also install a malicious software or a program on to the cloud which can cause havoc as the malicious software controlled by the attacker would be servicing the customer and getting a lot of details from the host .Last, but not the least browser security is another issue in cloud security as all services will be requested either through web server or web browser. 4 REFERENCES [1]Amazon Web Services. (2009) Amazon Elastic Compute Cloud (Amazon EC2). http://aws.amazon.com/ec2/csrc.nist.gov/groups/SNS/cloudc omputing/ cloud-def-v15.doc [2]Cloud Security Alliance. (2009) Security guidance for critical areas of focus in cloud computing V2.1. http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1. pdf [3] M. Jensen. et. al. (2009) “On Technical Security Issues in Cloud Computing” IEEE International Conference in Cloud Conouting, pp.109-116, Sep 2009. [4]M. Marlinspike. (2009) Null Prefix Attacks Against SSL/TLS Certificates. http://www.thoughtcrime.org/papers/null-prefix- attacks.pdf [5] M. McIntosh and P. Austel. “XML Signature Element Wrapping Attack and CounterMeasures” Workshop on Secure Web Service, pp.20-27, 2005. IJSER
International Journal of Scientific & Engineering Research, Volume 4, Issue 10, October-2013 1689 ISSN 2229-5518 IJSER © 2013 http://www.ijser.org [6] N. Gruschka and L. L. Iacono. “Vulnerable Cloud: SOAP Message Security Validation Revisited” IEEE International Conference on Web Service, pp.635-631, Jul 2009. [7]US-CERT. (2004) Understanding Denial-of-Service Attacks. [Online]. Available: http://www.us-cert.gov/cas/tips/ST04- 015.html IJSER

Recommended

Network as a Service Model in Cloud Authentication by HMAC Algorithm
Network as a Service Model in Cloud Authentication by HMAC AlgorithmNetwork as a Service Model in Cloud Authentication by HMAC Algorithm
Network as a Service Model in Cloud Authentication by HMAC AlgorithmEswar Publications
 
Report on xss and do s
Report on xss and do sReport on xss and do s
Report on xss and do smehr77
 
W4502140150
W4502140150W4502140150
W4502140150IJERA Editor
 
Double guard: Detecting Interruptions in N- Tier Web Applications
Double guard: Detecting Interruptions in N- Tier Web ApplicationsDouble guard: Detecting Interruptions in N- Tier Web Applications
Double guard: Detecting Interruptions in N- Tier Web ApplicationsIJMER
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksChema Alonso
 
Lecture #1: Access Control : Various Cyber attacks and Latest Statistics
Lecture #1: Access Control : Various Cyber attacks and Latest StatisticsLecture #1: Access Control : Various Cyber attacks and Latest Statistics
Lecture #1: Access Control : Various Cyber attacks and Latest StatisticsDr. Ramchandra Mangrulkar
 
Securing the cloud computing systems with matrix vector and multi-key using l...
Securing the cloud computing systems with matrix vector and multi-key using l...Securing the cloud computing systems with matrix vector and multi-key using l...
Securing the cloud computing systems with matrix vector and multi-key using l...eSAT Publishing House
 
Nimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudNimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudAlert Logic
 

Recommended

Network as a Service Model in Cloud Authentication by HMAC Algorithm
Network as a Service Model in Cloud Authentication by HMAC AlgorithmNetwork as a Service Model in Cloud Authentication by HMAC Algorithm
Network as a Service Model in Cloud Authentication by HMAC AlgorithmEswar Publications
 
Report on xss and do s
Report on xss and do sReport on xss and do s
Report on xss and do smehr77
 
W4502140150
W4502140150W4502140150
W4502140150IJERA Editor
 
Double guard: Detecting Interruptions in N- Tier Web Applications
Double guard: Detecting Interruptions in N- Tier Web ApplicationsDouble guard: Detecting Interruptions in N- Tier Web Applications
Double guard: Detecting Interruptions in N- Tier Web ApplicationsIJMER
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksChema Alonso
 
Lecture #1: Access Control : Various Cyber attacks and Latest Statistics
Lecture #1: Access Control : Various Cyber attacks and Latest StatisticsLecture #1: Access Control : Various Cyber attacks and Latest Statistics
Lecture #1: Access Control : Various Cyber attacks and Latest StatisticsDr. Ramchandra Mangrulkar
 
Securing the cloud computing systems with matrix vector and multi-key using l...
Securing the cloud computing systems with matrix vector and multi-key using l...Securing the cloud computing systems with matrix vector and multi-key using l...
Securing the cloud computing systems with matrix vector and multi-key using l...eSAT Publishing House
 
Nimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudNimbo/Alert Logic - Azure in the Cloud
Nimbo/Alert Logic - Azure in the CloudAlert Logic
 
D do s_white_paper
D do s_white_paperD do s_white_paper
D do s_white_paperFrancisco Terrones Ramos
 
Smart cloud - single to multi cloud
Smart cloud - single to multi cloud Smart cloud - single to multi cloud
Smart cloud - single to multi cloud Abdul Rasheed Feroz Khan
 
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...IJECEIAES
 
Single Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingSingle Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingRahul Roshan
 
Application DoS In Microservice Architectures
Application DoS In Microservice ArchitecturesApplication DoS In Microservice Architectures
Application DoS In Microservice ArchitecturesScott Behrens
 
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARINGSURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARINGEditor IJMTER
 
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATION
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATIONFRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATION
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATIONijiert bestjournal
 
Computer security Description about SQL-Injection and SYN attacks
Computer security Description about SQL-Injection and SYN attacksComputer security Description about SQL-Injection and SYN attacks
Computer security Description about SQL-Injection and SYN attacksTesfahunegn Minwuyelet
 
A Novel Mutual Authentication Algorithm using Visual Cryptography with Novel ...
A Novel Mutual Authentication Algorithm using Visual Cryptography with Novel ...A Novel Mutual Authentication Algorithm using Visual Cryptography with Novel ...
A Novel Mutual Authentication Algorithm using Visual Cryptography with Novel ...IRJET Journal
 
Penetration testing is a field which has experienced rapid growth over the years
Penetration testing is a field which has experienced rapid growth over the yearsPenetration testing is a field which has experienced rapid growth over the years
Penetration testing is a field which has experienced rapid growth over the yearsGregory Hanis
 
Common Types of DDoS Attacks | MazeBolt Technologies
Common Types of DDoS Attacks | MazeBolt TechnologiesCommon Types of DDoS Attacks | MazeBolt Technologies
Common Types of DDoS Attacks | MazeBolt TechnologiesMazeBolt Technologies
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningValdez Ladd MBA, CISSP, CISA,
 
1738 1742
1738 17421738 1742
1738 1742Editor IJARCET
 
Security Risk Assessment for Quality Web Design
Security Risk Assessment for Quality Web DesignSecurity Risk Assessment for Quality Web Design
Security Risk Assessment for Quality Web DesignTing Yin
 
PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING
PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTINGPRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING
PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTINGKayalvizhi Selvaraj
 
Preventing Web-Proxy Based DDoS using Request Sequence Frequency
Preventing Web-Proxy Based DDoS using Request Sequence Frequency Preventing Web-Proxy Based DDoS using Request Sequence Frequency
Preventing Web-Proxy Based DDoS using Request Sequence Frequency IOSR Journals
 
Cryptographic Countermeasure Against Prevention Of Dos and Distributed DOS A...
Cryptographic Countermeasure Against Prevention Of Dos and Distributed DOS A...Cryptographic Countermeasure Against Prevention Of Dos and Distributed DOS A...
Cryptographic Countermeasure Against Prevention Of Dos and Distributed DOS A...IRJET Journal
 
IRJET - Providing High Securtiy for Encrypted Data in Cloud
IRJET - Providing High Securtiy for Encrypted Data in CloudIRJET - Providing High Securtiy for Encrypted Data in Cloud
IRJET - Providing High Securtiy for Encrypted Data in CloudIRJET Journal
 
Introduction to IPR
Introduction to IPRIntroduction to IPR
Introduction to IPRBuddhi Prakash Chauhan
 
Ghana Domain Name Registry Establishment
Ghana Domain Name Registry EstablishmentGhana Domain Name Registry Establishment
Ghana Domain Name Registry Establishmentgsorkpor
 
Barrancasdelcobre1 131220121414-phpapp02
Barrancasdelcobre1 131220121414-phpapp02Barrancasdelcobre1 131220121414-phpapp02
Barrancasdelcobre1 131220121414-phpapp02Samuel Hellum
 
qualifications May 2016
qualifications May 2016qualifications May 2016
qualifications May 2016Oscar Selebogo
 

More Related Content

What's hot

ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...IJECEIAES
 
Single Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingSingle Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingRahul Roshan
 
Application DoS In Microservice Architectures
Application DoS In Microservice ArchitecturesApplication DoS In Microservice Architectures
Application DoS In Microservice ArchitecturesScott Behrens
 
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARINGSURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARINGEditor IJMTER
 
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATION
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATIONFRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATION
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATIONijiert bestjournal
 
Computer security Description about SQL-Injection and SYN attacks
Computer security Description about SQL-Injection and SYN attacksComputer security Description about SQL-Injection and SYN attacks
Computer security Description about SQL-Injection and SYN attacksTesfahunegn Minwuyelet
 
A Novel Mutual Authentication Algorithm using Visual Cryptography with Novel ...
A Novel Mutual Authentication Algorithm using Visual Cryptography with Novel ...A Novel Mutual Authentication Algorithm using Visual Cryptography with Novel ...
A Novel Mutual Authentication Algorithm using Visual Cryptography with Novel ...IRJET Journal
 
Penetration testing is a field which has experienced rapid growth over the years
Penetration testing is a field which has experienced rapid growth over the yearsPenetration testing is a field which has experienced rapid growth over the years
Penetration testing is a field which has experienced rapid growth over the yearsGregory Hanis
 
Common Types of DDoS Attacks | MazeBolt Technologies
Common Types of DDoS Attacks | MazeBolt TechnologiesCommon Types of DDoS Attacks | MazeBolt Technologies
Common Types of DDoS Attacks | MazeBolt TechnologiesMazeBolt Technologies
 
Security Risk Assessment for Quality Web Design
Security Risk Assessment for Quality Web DesignSecurity Risk Assessment for Quality Web Design
Security Risk Assessment for Quality Web DesignTing Yin
 
PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING
PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTINGPRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING
PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTINGKayalvizhi Selvaraj
 
Preventing Web-Proxy Based DDoS using Request Sequence Frequency
Preventing Web-Proxy Based DDoS using Request Sequence Frequency Preventing Web-Proxy Based DDoS using Request Sequence Frequency
Preventing Web-Proxy Based DDoS using Request Sequence Frequency IOSR Journals
 
Cryptographic Countermeasure Against Prevention Of Dos and Distributed DOS A...
Cryptographic Countermeasure Against Prevention Of Dos and Distributed DOS A...Cryptographic Countermeasure Against Prevention Of Dos and Distributed DOS A...
Cryptographic Countermeasure Against Prevention Of Dos and Distributed DOS A...IRJET Journal
 
IRJET - Providing High Securtiy for Encrypted Data in Cloud
IRJET - Providing High Securtiy for Encrypted Data in CloudIRJET - Providing High Securtiy for Encrypted Data in Cloud
IRJET - Providing High Securtiy for Encrypted Data in CloudIRJET Journal
 

What's hot (18)

D do s_white_paper
D do s_white_paperD do s_white_paper
D do s_white_paper
 
Smart cloud - single to multi cloud
Smart cloud - single to multi cloud Smart cloud - single to multi cloud
Smart cloud - single to multi cloud
 
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...
ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting at...
 
Single Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingSingle Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud Computing
 
Application DoS In Microservice Architectures
Application DoS In Microservice ArchitecturesApplication DoS In Microservice Architectures
Application DoS In Microservice Architectures
 
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARINGSURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING
 
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATION
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATIONFRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATION
FRONT END AND BACK END DATABASE SECURITY IN THREE TIER WEB APPLICATION
 
Computer security Description about SQL-Injection and SYN attacks
Computer security Description about SQL-Injection and SYN attacksComputer security Description about SQL-Injection and SYN attacks
Computer security Description about SQL-Injection and SYN attacks
 
A Novel Mutual Authentication Algorithm using Visual Cryptography with Novel ...
A Novel Mutual Authentication Algorithm using Visual Cryptography with Novel ...A Novel Mutual Authentication Algorithm using Visual Cryptography with Novel ...
A Novel Mutual Authentication Algorithm using Visual Cryptography with Novel ...
 
Penetration testing is a field which has experienced rapid growth over the years
Penetration testing is a field which has experienced rapid growth over the yearsPenetration testing is a field which has experienced rapid growth over the years
Penetration testing is a field which has experienced rapid growth over the years
 
Common Types of DDoS Attacks | MazeBolt Technologies
Common Types of DDoS Attacks | MazeBolt TechnologiesCommon Types of DDoS Attacks | MazeBolt Technologies
Common Types of DDoS Attacks | MazeBolt Technologies
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit Planning
 
1738 1742
1738 17421738 1742
1738 1742
 
Security Risk Assessment for Quality Web Design
Security Risk Assessment for Quality Web DesignSecurity Risk Assessment for Quality Web Design
Security Risk Assessment for Quality Web Design
 
PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING
PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTINGPRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING
PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD COMPUTING
 
Preventing Web-Proxy Based DDoS using Request Sequence Frequency
Preventing Web-Proxy Based DDoS using Request Sequence Frequency Preventing Web-Proxy Based DDoS using Request Sequence Frequency
Preventing Web-Proxy Based DDoS using Request Sequence Frequency
 
Cryptographic Countermeasure Against Prevention Of Dos and Distributed DOS A...
Cryptographic Countermeasure Against Prevention Of Dos and Distributed DOS A...Cryptographic Countermeasure Against Prevention Of Dos and Distributed DOS A...
Cryptographic Countermeasure Against Prevention Of Dos and Distributed DOS A...
 
IRJET - Providing High Securtiy for Encrypted Data in Cloud
IRJET - Providing High Securtiy for Encrypted Data in CloudIRJET - Providing High Securtiy for Encrypted Data in Cloud
IRJET - Providing High Securtiy for Encrypted Data in Cloud
 

Viewers also liked

Ghana Domain Name Registry Establishment
Ghana Domain Name Registry EstablishmentGhana Domain Name Registry Establishment
Ghana Domain Name Registry Establishmentgsorkpor
 
Barrancasdelcobre1 131220121414-phpapp02
Barrancasdelcobre1 131220121414-phpapp02Barrancasdelcobre1 131220121414-phpapp02
Barrancasdelcobre1 131220121414-phpapp02Samuel Hellum
 
qualifications May 2016
qualifications May 2016qualifications May 2016
qualifications May 2016Oscar Selebogo
 
From 0 to 400 GB: Confronting the Challenges of Born-Digital Photographs
From 0 to 400 GB: Confronting the Challenges of Born-Digital PhotographsFrom 0 to 400 GB: Confronting the Challenges of Born-Digital Photographs
From 0 to 400 GB: Confronting the Challenges of Born-Digital PhotographsKristen Yarmey
 
Students’ Assessment of Campus Sustainability at the University of Dammam, Sa...
Students’ Assessment of Campus Sustainability at the University of Dammam, Sa...Students’ Assessment of Campus Sustainability at the University of Dammam, Sa...
Students’ Assessment of Campus Sustainability at the University of Dammam, Sa...Ismaila Rimi Abubakar
 
Money market instruments
Money market instrumentsMoney market instruments
Money market instrumentsRENJU RAJU
 
ऊर्जा के अनवीकरणीय स्त्रोत
ऊर्जा के अनवीकरणीय स्त्रोत ऊर्जा के अनवीकरणीय स्त्रोत
ऊर्जा के अनवीकरणीय स्त्रोत krishna mishra
 
Plant poisoning
Plant poisoning Plant poisoning
Plant poisoning hodmedicine
 
paracetamol ferrous sulfate and paclitaxel
paracetamol ferrous sulfate and paclitaxelparacetamol ferrous sulfate and paclitaxel
paracetamol ferrous sulfate and paclitaxelMompati Letsweletse
 

Viewers also liked (15)

Introduction to IPR
Introduction to IPRIntroduction to IPR
Introduction to IPR
 
Ghana Domain Name Registry Establishment
Ghana Domain Name Registry EstablishmentGhana Domain Name Registry Establishment
Ghana Domain Name Registry Establishment
 
Barrancasdelcobre1 131220121414-phpapp02
Barrancasdelcobre1 131220121414-phpapp02Barrancasdelcobre1 131220121414-phpapp02
Barrancasdelcobre1 131220121414-phpapp02
 
qualifications May 2016
qualifications May 2016qualifications May 2016
qualifications May 2016
 
Resume
ResumeResume
Resume
 
Windows server 2008
Windows server 2008Windows server 2008
Windows server 2008
 
Tutorial De Excel
Tutorial De ExcelTutorial De Excel
Tutorial De Excel
 
Oleksandr sokoliuk end
Oleksandr sokoliuk endOleksandr sokoliuk end
Oleksandr sokoliuk end
 
FIBRECELL INTRO
FIBRECELL INTROFIBRECELL INTRO
FIBRECELL INTRO
 
From 0 to 400 GB: Confronting the Challenges of Born-Digital Photographs
From 0 to 400 GB: Confronting the Challenges of Born-Digital PhotographsFrom 0 to 400 GB: Confronting the Challenges of Born-Digital Photographs
From 0 to 400 GB: Confronting the Challenges of Born-Digital Photographs
 
Students’ Assessment of Campus Sustainability at the University of Dammam, Sa...
Students’ Assessment of Campus Sustainability at the University of Dammam, Sa...Students’ Assessment of Campus Sustainability at the University of Dammam, Sa...
Students’ Assessment of Campus Sustainability at the University of Dammam, Sa...
 
Money market instruments
Money market instrumentsMoney market instruments
Money market instruments
 
ऊर्जा के अनवीकरणीय स्त्रोत
ऊर्जा के अनवीकरणीय स्त्रोत ऊर्जा के अनवीकरणीय स्त्रोत
ऊर्जा के अनवीकरणीय स्त्रोत
 
Plant poisoning
Plant poisoning Plant poisoning
Plant poisoning
 
paracetamol ferrous sulfate and paclitaxel
paracetamol ferrous sulfate and paclitaxelparacetamol ferrous sulfate and paclitaxel
paracetamol ferrous sulfate and paclitaxel
 

Similar to Research paper

Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Salam Shah
 
Implementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkImplementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkSalam Shah
 
Implementation_of_User_Authentication_as
Implementation_of_User_Authentication_asImplementation_of_User_Authentication_as
Implementation_of_User_Authentication_asMasood Shah
 
Abuse_in_the_Cloud_Palani_Ashwin
Abuse_in_the_Cloud_Palani_AshwinAbuse_in_the_Cloud_Palani_Ashwin
Abuse_in_the_Cloud_Palani_AshwinAshwin Palani
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityAhmed Banafa
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computingijcnes
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIOSR Journals
 
SVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual EnvironmentSVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual EnvironmentIJTET Journal
 
The Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdfThe Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdfCraw Cyber Security
 
CMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docxCMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docxmccormicknadine86
 
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTINGA STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTINGEr Piyush Gupta IN ⊞⌘
 
Impact of Flash Crowd Attack in Online Retail Applications
Impact of Flash Crowd Attack in Online Retail ApplicationsImpact of Flash Crowd Attack in Online Retail Applications
Impact of Flash Crowd Attack in Online Retail ApplicationsIJEACS
 
Survey of uncertainty handling in cloud service discovery and composition
Survey of uncertainty handling in cloud service discovery and compositionSurvey of uncertainty handling in cloud service discovery and composition
Survey of uncertainty handling in cloud service discovery and compositionijngnjournal
 
IRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud ComputingIRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud ComputingIRJET Journal
 
fog computing provide security to the data in cloud
fog computing provide security to the data in cloudfog computing provide security to the data in cloud
fog computing provide security to the data in cloudpriyanka reddy
 
Fog computing document
Fog computing documentFog computing document
Fog computing documentsravya raju
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudKumar Goud
 

Similar to Research paper (20)

Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...
 
Implementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkImplementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud network
 
Implementation_of_User_Authentication_as
Implementation_of_User_Authentication_asImplementation_of_User_Authentication_as
Implementation_of_User_Authentication_as
 
Abuse_in_the_Cloud_Palani_Ashwin
Abuse_in_the_Cloud_Palani_AshwinAbuse_in_the_Cloud_Palani_Ashwin
Abuse_in_the_Cloud_Palani_Ashwin
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
 
A017130104
A017130104A017130104
A017130104
 
Identified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud ComputingIdentified Vulnerabilitis And Threats In Cloud Computing
Identified Vulnerabilitis And Threats In Cloud Computing
 
SVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual EnvironmentSVAC Firewall Restriction with Security in Cloud over Virtual Environment
SVAC Firewall Restriction with Security in Cloud over Virtual Environment
 
The Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdfThe Ultimate Guide For Cloud Penetration Testing.pdf
The Ultimate Guide For Cloud Penetration Testing.pdf
 
CMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docxCMST&210 Pillow talk Position 1 Why do you think you may.docx
CMST&210 Pillow talk Position 1 Why do you think you may.docx
 
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTINGA STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
A STUDY OF THE ISSUES AND SECURITY OF CLOUD COMPUTING
 
Impact of Flash Crowd Attack in Online Retail Applications
Impact of Flash Crowd Attack in Online Retail ApplicationsImpact of Flash Crowd Attack in Online Retail Applications
Impact of Flash Crowd Attack in Online Retail Applications
 
Survey of uncertainty handling in cloud service discovery and composition
Survey of uncertainty handling in cloud service discovery and compositionSurvey of uncertainty handling in cloud service discovery and composition
Survey of uncertainty handling in cloud service discovery and composition
 
Project 3
Project 3Project 3
Project 3
 
IRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud ComputingIRJET- Detection and Isolation of Zombie Attack under Cloud Computing
IRJET- Detection and Isolation of Zombie Attack under Cloud Computing
 
fog computing provide security to the data in cloud
fog computing provide security to the data in cloudfog computing provide security to the data in cloud
fog computing provide security to the data in cloud
 
Fog doc
Fog doc Fog doc
Fog doc
 
Fog computing document
Fog computing documentFog computing document
Fog computing document
 
MIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the CloudMIST Effective Masquerade Attack Detection in the Cloud
MIST Effective Masquerade Attack Detection in the Cloud
 

Research paper

  • 1. International Journal of Scientific & Engineering Research, Volume 4, Issue 10, October-2013 1686 ISSN 2229-5518 IJSER © 2013 http://www.ijser.org Security issues in cloud computing and its countermeasures Pavan Muralidhara Abstract- Cloud computing is a technology of delivering resources such as hardware, software (virtual too) and bandwidth over the network to the consumers worldwide. All the services are requested and accessed through a web browser or web service. The main advantage that cloud is provided to the nation worldwide is that it is not so easily affordable to one and all. Multi-conglomerate companies invest a lot of money on the cloud and let people access it for a smaller cost and even free at the lowest level of the consumer chain. In this paper we address to the problems that the cloud technology faces and how it can be overcome. Keywords- Cloud computing, Security issues, Cloud security, Denial of Service, Xml signature element wrapping, Brower security, Cloud malware injection ——————————  —————————— 1 INTRODUCTION Cloud computing name suggests that it’s a cloud of services. It was also named “cloud” because you can view cloud from everywhere be it from India or from Amsterdam. Similarly you can access the cloud from anywhere, from whichever part of the world from an array of devices right from computers, laptops, pda’s, mobiles, etc. Companies or even direct consumers can access the services present in cloud through a web server or a web browser. Advantage of cloud is that it reduces the cost of hardware deployment, software license and system maintenance. But as they say, nothing comes without a price to pay. Hence this paper illustrates some of the security issues in cloud technology and how to overcome those. Figure 1: Real definition of cloud (accessible from anywhere from many devices) 2 CLOUD COMPUTING SECURITY ISSUES AND ITS COUNTERMEASURES 2.1 DoS Attack Denial of Service is one of the attacks on the cloud that prevents the consumer from receiving the service from the cloud. The attacker usually floods the cloud with excessive requests to the target server and the actual consumer might not be able to receive the service since the server is busy servicing the attacker. There are many methods to perform a DoS attack such as SYN flood. A SYN flood exploits the TCP 3-way handshake by requesting connections to the target server and ignoring the acknowledgement (ACK) from the server. This makes the server to wait for the ACK from the attacker, wasting time and resources. Eventually, the server does not have enough resources to provide services to clients. This attack can be prevented by authorizing strict access to the cloud and using cryptographic protocols to ensure that the right personnel are accessing the cloud. IJSER
  • 2. International Journal of Scientific & Engineering Research, Volume 4, Issue 10, October-2013 1687 ISSN 2229-5518 IJSER © 2013 http://www.ijser.org Figure 2: Denial of service to the customer by the attacker 2.2 Xml signature element wrapping Due to the fact that clients are typically able to connect to cloud computing via a web browser or web service, web service attacks also affect cloud computing. XML signature element wrapping is the well-known attack for web service. Although Cloud security uses XML signature in order to protect an element’s name, attributes and value from unauthorized parties, it is unable to protect the particulars in the document. An attacker is able to manipulate a SOAP message by copying the target element and inserting whatever value the attacker would like and moving the original element to somewhere else on the SOAP message. This technique can trick the web service to process the malicious message created by the attack. Figures 3 and 4 illustrate an example of an XML signature element wrapping attack. According to the figure 3, the client requests a picture called “me.jpg”. However, if the attacker intercepts and alters the SOAP message by inserting the same element as the client but the attackers requests a document called “cv.doc” instead of the picture shown as the figure 4. After the web service receives the message, the web service will send the cv document back to the client. Another potential scenario attack may be in the case of the e-mail web service application. If an attacker intercepts the SOAP message and changes the receiver’s e-mail address to the attacker’s e- mail address, the web service will forward the e-mail to the attacker. In 2008, Amazon’s EC2, which is the public cloud computing system of Amazon, was discovered that it was vulnerable to XML signature element wrapping attack .The possible countermeasure would be using a combination of WSSecurity with XML signature to sign particular element and digital certificated such as X.509 issued by trusted Certificate Authorities (CAs). Furthermore, the web service server side should create a list of elements that is used in the system and reject any message which contains unexpected messages from clients. Figure 3: Soap message before the attack Figure 4: Soap message after the attack 2.3 Cloud malware injection attack Cloud malware injection is the attack that attempts to inject a malicious service, application or even virtual machine into the cloud system depending on the cloud service models (SaaS, PaaS and IssA) [5]. In order to perform this attack, an intruder is required to create his own malicious application, service or virtual machine instance and then the intruder has to add it to the cloud system. Once the malicious software has been added to the cloud system, the attacker has to trick the cloud system to treat the malicious software as a valid instance. If it is successful, normal users are able to request the malicious service instance, and then the malicious is executed. Another scenario of this attack might be an attacker try to upload a virus or trojan program to the cloud system. Once the cloud system treats it as a valid service, the virus program is automatically executed IJSER
  • 3. International Journal of Scientific & Engineering Research, Volume 4, Issue 10, October-2013 1688 ISSN 2229-5518 IJSER © 2013 http://www.ijser.org and the cloud system infects the virus which can cause damage to the cloud system. In the case of the virus damages the hardware of the cloud system, other cloud instances running on the same hardware may affect to the virus program because they share the same hardware. In addition, the attacker may aim to use a virus program to attack other users on the cloud system. Once a client requests the malicious program instance, the cloud system sends the virus over to the internet to the client and then executes on the client’s machine. The client’s computer then is infected by the virus. The possible countermeasure for this type of attack could be performing a service instance integrity check for incoming requests. A hash value can be used to store on the original service instance’s image file and compare this value with the hash values of all new service instance images. As a result of using the hash values, an attacker is required to create a valid hash value comparison in order to trick the cloud system and inject a malicious instance into the cloud system. 2.4 Browser security In a cloud computing system, the computational processes are completed in the cloud server whereas the client side just sends a request and waits for the result. Web browser is a common method to connect to the cloud systems. Before a client can request for services on the cloud system, the client is required to authenticate himself whether he has an authority to use the cloud system or not. In the security point of view, these days, web browsers rely heavily upon SSL/TLS process. They are not able to apply WS-Security concept (XML Signature and XML Encryption) to the authentication process. As a consequence, when a web browser requests a service from the web service in a cloud system, it cannot use XML Signature to sign the client’s credentials (e.g. username and password) in order to authenticate the user and XML Encryption to encrypt the SOAP message in order to protect data from unauthorised parties. The web browser has to use SSL/TLS to encrypt the credential and use SSL/TLS 4-way handshake process in order to authenticate the client. Nevertheless, SSL/TLS only supports point-to-point communications, meaning that if there is a middle tier between the client and the cloud server, such as a proxy server or firewall, the data has to be decrypted on the intermediary host. If there is an attacker sniffing packages on that host, the attacker may gain the credentials and use the credentials in order to log in to the cloud system as a valid user. In addition, SSL/TLS has been broken by Marlinspike in July 2009. Marlinspike used the technique called “Null Prefix Attack” in order to perform undetected man-in-the-middle- attack attacks against SSL/TLS implementation. As a result of this, attackers are able to perform this technique in order to requests services from cloud systems without a valid authentication. It seems that SSL/TLS is still limited in its capacities as an authentication for cloud computing. The potential countermeasure for this is that the vendors that create web browsers apply WS-Security concept within their web browsers. The reason why WS-Security appears to be more suitable than SSL/TLS is WS-Security works in message level. As a result of this, web browsers are able to use XML Encryption in order to provide end-to-end encryption in SOAP messages. Unlike point-to-point encryption, end-to-end encryption does not have to be decrypted at intermediary hosts. Consequently, attackers are unable to sniff and gain plain text of SOAP messages at the intermediary hosts illustrated. 3 CONCLUSIONS In this paper, a selection of issues of cloud computing security, DoS attack, XML Signature Element Wrapping, Cloud Malware Injection Attack and Browser Security, and its potential countermeasures are mentioned. Due to Dos attack, the attacker can flood messages to the cloud which results in denying services to the actual customer. The attacker can also alter the soap message to change the requested data by the customer and possibly even change whom the service has to be delivered to which could be ridiculously dangerous. The attacker could also install a malicious software or a program on to the cloud which can cause havoc as the malicious software controlled by the attacker would be servicing the customer and getting a lot of details from the host .Last, but not the least browser security is another issue in cloud security as all services will be requested either through web server or web browser. 4 REFERENCES [1]Amazon Web Services. (2009) Amazon Elastic Compute Cloud (Amazon EC2). http://aws.amazon.com/ec2/csrc.nist.gov/groups/SNS/cloudc omputing/ cloud-def-v15.doc [2]Cloud Security Alliance. (2009) Security guidance for critical areas of focus in cloud computing V2.1. http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1. pdf [3] M. Jensen. et. al. (2009) “On Technical Security Issues in Cloud Computing” IEEE International Conference in Cloud Conouting, pp.109-116, Sep 2009. [4]M. Marlinspike. (2009) Null Prefix Attacks Against SSL/TLS Certificates. http://www.thoughtcrime.org/papers/null-prefix- attacks.pdf [5] M. McIntosh and P. Austel. “XML Signature Element Wrapping Attack and CounterMeasures” Workshop on Secure Web Service, pp.20-27, 2005. IJSER
  • 4. International Journal of Scientific & Engineering Research, Volume 4, Issue 10, October-2013 1689 ISSN 2229-5518 IJSER © 2013 http://www.ijser.org [6] N. Gruschka and L. L. Iacono. “Vulnerable Cloud: SOAP Message Security Validation Revisited” IEEE International Conference on Web Service, pp.635-631, Jul 2009. [7]US-CERT. (2004) Understanding Denial-of-Service Attacks. [Online]. Available: http://www.us-cert.gov/cas/tips/ST04- 015.html IJSER