This document presents a proposed model for integrating network security and fine-grained access control to simultaneously handle security at the network and database layers for web databases. The authors implemented their model on a college database and evaluated its performance. Their model suspends unauthorized access attempts, reauthenticates the user, and reports any unauthorized data alterations to authorized users via email or SMS. The implementation results showed how their integrated model is suitable for web database security.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
In an organization specifically as virtual as cloud there is need for access control systems to constrain
users direct or backhanded action that could lead to breach of security. In cloud, apart from owner access
to confidential data the third party auditing and accounting is done which could stir up further data leaks.
To control such data leaks and integrity, in past several security policies based on role, identity and user
attributes were proposed and found ineffective since they depend on static policies which do not monitor
data access and its origin. Provenance on the other hand tracks data usage and its origin which proves the
authenticity of data. To employ provenance in a real time system like cloud, the service provider needs to
store metadata on the subject of data alteration which is universally called as the Provenance Information.
This paper presents a provenance-policy based access control model which is designed and integrated with
the system that not only makes data auditable but also incorporates accountability for data alteration
events.
INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...IJNSA Journal
Ā
Security has become paramount in modern software services as more and more security breaches emerge, impacting final users and organizations alike. Trends like the Microservice Architecture bring new security challenges related to communication, system design, development, and operation. The literature presents a plethora of security-related solutions for microservices-based systems, but the spread of information difficult practitioners' adoption of novel security related solutions. In this study, we aim to present a catalogue and discussion of security solutions based on algorithms, protocols, standards, or implementations; supporting principles or characteristics of information security, considering the three possible states of data, according to the McCumber Cube. Our research follows a Systematic Literature Review, synthesizing the results with a meta-aggregation process. We identified a total of 30 primary studies, yielding 75 security solutions for the communication of microservices.
PRIVACY-PRESERVING MACHINE AUTHENTICATED KEY AGREEMENT FOR INTERNET OF THINGSIJCNCJournal
Ā
Internet of things (IoT) is the integration of computer-based systems and the physical world in which things
interact with each other. Due to heterogeneity and resource-constrained feature of IoT devices, there are
many privacy and security challenges resulting in many threat vulnerabilities in IoT environments. After
reviewing and analyzing the recent IoT security, privacy, and authentication protocols, we will withdraw
research gaps focused on the elimination of human factors in IoT authentication. In order to fill these
research gaps, this paper proposes a privacy-preserving machine authenticated key agreement based on
IoT, denoted as IoTMAKA. IoTMAKA uses dynamic identity and machine fingerprint to provide security and
privacy. Security analysis shows that IoTMAKA provides anonymity and untraceability, provides freshness,
and is secure against passive and active attacks. IoTMAKA reduces communication overheads by 20% and
computational overheads by 25% on average as compared to the previous related works.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
In an organization specifically as virtual as cloud there is need for access control systems to constrain
users direct or backhanded action that could lead to breach of security. In cloud, apart from owner access
to confidential data the third party auditing and accounting is done which could stir up further data leaks.
To control such data leaks and integrity, in past several security policies based on role, identity and user
attributes were proposed and found ineffective since they depend on static policies which do not monitor
data access and its origin. Provenance on the other hand tracks data usage and its origin which proves the
authenticity of data. To employ provenance in a real time system like cloud, the service provider needs to
store metadata on the subject of data alteration which is universally called as the Provenance Information.
This paper presents a provenance-policy based access control model which is designed and integrated with
the system that not only makes data auditable but also incorporates accountability for data alteration
events.
INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...IJNSA Journal
Ā
Security has become paramount in modern software services as more and more security breaches emerge, impacting final users and organizations alike. Trends like the Microservice Architecture bring new security challenges related to communication, system design, development, and operation. The literature presents a plethora of security-related solutions for microservices-based systems, but the spread of information difficult practitioners' adoption of novel security related solutions. In this study, we aim to present a catalogue and discussion of security solutions based on algorithms, protocols, standards, or implementations; supporting principles or characteristics of information security, considering the three possible states of data, according to the McCumber Cube. Our research follows a Systematic Literature Review, synthesizing the results with a meta-aggregation process. We identified a total of 30 primary studies, yielding 75 security solutions for the communication of microservices.
PRIVACY-PRESERVING MACHINE AUTHENTICATED KEY AGREEMENT FOR INTERNET OF THINGSIJCNCJournal
Ā
Internet of things (IoT) is the integration of computer-based systems and the physical world in which things
interact with each other. Due to heterogeneity and resource-constrained feature of IoT devices, there are
many privacy and security challenges resulting in many threat vulnerabilities in IoT environments. After
reviewing and analyzing the recent IoT security, privacy, and authentication protocols, we will withdraw
research gaps focused on the elimination of human factors in IoT authentication. In order to fill these
research gaps, this paper proposes a privacy-preserving machine authenticated key agreement based on
IoT, denoted as IoTMAKA. IoTMAKA uses dynamic identity and machine fingerprint to provide security and
privacy. Security analysis shows that IoTMAKA provides anonymity and untraceability, provides freshness,
and is secure against passive and active attacks. IoTMAKA reduces communication overheads by 20% and
computational overheads by 25% on average as compared to the previous related works.
A systematic mapping study of security, trust and privacy in cloudsjournalBEEI
Ā
Cloud computing thrives around trust and security in the relationship between cloud providers and users of their services. The objective was the conduct of a systematic mapping study of cloud computing security, trust and privacy. The research was executed using three classes of facets, namely topic, contribution, and research based on the systematic mapping process. The result shows that privacy issues and challenges on metric had 4.76% of the publications. On cloud trust in the domain of tool, the publications were 8.75%. The publications on design within the domain of model stood at 12.38%, and publications on privacy issues and challenges in the area of process were 8.57%. Furthermore, there were more articles published on privacy issues and challenges within the domain of evaluation research with 10.43%. The publications on design based on validation research made up 7.83% of the study. More papers were also published on frameworks and techniques within the domain of solution research with 5.22% each. There were more articles published on privacy issues and challenges with regards to philosophical research with 4.35%. Shortcomings in the fields of security, trust and privacy in the cloud, were identified through this study, which should motivate further research.
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXIJNSA Journal
Ā
Nowadays, use of wireless technology in organizations is a regular act, and we can see this technology erupted in all possible different areas. Related to employing wireless technology those organizations need to apply properly security level, depend on security policy which already defined. If security system applied but not required, or security system required but not provided, leads to improper security system. In this paper we have shown the way to evaluate the data significant and their appropriate security level. Here a model to evaluate the cost of data on security point of view by consideration of some parameters like sensitivity, volume, life, frequency, etcā¦, this research makes organizations to predict and implement or understand the cost involved for security of their data by measuring the data value. We used questionnaire and survey methodologies to collect the data; and then used SPSS and SAS program to calculate and design a model. In this way regression and BOOTSTARP help us to find accurate result.
Online Social Network (OSN) sites act as a medium to spread their own views, activities and their thoughts to some camaraderie. Contents of this network are spread over web, so it was hard to determine by a human decision. Currently, they do not provide any mechanism to ensure privacy concerns towards data associated with each user. Due to this problem, number of users lacks from their ownership control. In this paper, we proposed AC2P (Activity Control-Access Control Protocol) for information control on the web. Alternatively, Tag Refinement strategy determines illegal tagging over images and send notification about particular image spread within different communities/groups. These techniques reduce risk of information flow and avoid unwanted tagging toward images.
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
Ā
Cloud computing is an emerging computing paradigm where computing resources are provided as services over Internet while residing in a large data center. Even though it enables us to dynamically provide servers with the ability to address a wide range of needs, this paradigm brings forth many new challenges for the data security and access control as users outsource their sensitive data to clouds, which are beyond the same trusted domain as data owners. The occupier need not be concerned with how the Paas system achieves expansion under high load.MAC systems differ as security policy is defined for the entire system, typically by administrators. Information flow control (IFC) is a MAC approach, developed originally from military information management methodologies. IFC can be used to enforce more general policies, using appropriate labeling and checking schemes. The labels can be used to manage both confidentiality and integrity concerns, tracking ĆĀ¢Ć¢āĀ¬Ć āsecrecyĆĀ¢Ć¢āĀ¬ĆĀ and ĆĀ¢Ć¢āĀ¬Ć āqualityĆĀ¢Ć¢āĀ¬ĆĀ of data, respectively. Decentralized Information Flow Control (DIFC) is an approach to security that allows application writers to control how data flow between the pieces of application and the outside world. As applied to privacy DIFC allows un trusted software to compute with private data while trusted security code controls the release of that data. As applied to integrity DIFC allows trusted code to protect un trusted software from unexpected inputs.
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
Ā
Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their
activities and provide E-Services for their customers. In the process, whether they know it or not, those
organizations are also opening themselves up to the risk of information security breaches. Therefore
protecting an organizationās ICT infrastructure, IT systems, and Data is a vital issue that is often
underestimated. Research has shown that one of the most significant threats to information security comes
not from external attack but rather from the system's users, because they are familiar with the
infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only
technological solutions to protect an organizationās assets is not enough; there is a need to consider the
human factor by raising usersā security awareness. Our contribution to this problem is to propose an
Information Security Awareness Program that aims at raising and maintaining the level of usersā security
awareness. This paper puts forward a general model for an information security awareness program and
describes how it could be incorporated into an organizationās website through the process of development
life cycle.
Database security is a growing concern as the amount of sensitive data collected and retained in databases
is fast growing and most of these data are being made accessible via the internet. Majority of the companies, organizations and teaching and learning institutions store sensitive data in databases .As most of these data are electronically accessed , It can therefore be assumed that , the integrity of these numerous and sensitive data is prone to different kind of threat such as{Unauthorized access, theft as well access denial}. Therefore, the need for securing databases has also increased The primary objectives of database security are to prevent unauthorized access to data, prevent unauthorized tampering or modification of
data, and to also ensure that, these data remains available whenever needed. In this paper, we developed
a database security framework by combining different security mechanism on a sensitive students information database application designed for Shehu Shagari College of Education Sokoto (SSCOE) with the aim of minimizing and preventing the data from Confidentiality, Integrity and Availability threats
Information security plays an important role in
governments. Its realm has been increased nowadays, especially
with resent virusesā attacks in different governmental
organizations. The authentication is aspect of information
security, its current scheme used nowadays in the systems is
depend on the login by user name and password in addition to
one-time password or traditional secret questions, which in turn
is usually easy to predicate. This paper proposes enhanced
knowledge based authentication solution which ensures and
provides more security and usability levels for governmental
organizations.
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSIJNSA Journal
Ā
Cloud computing is a new innovative model for enterprise in which information is permanently stored on the servers and also manage how and when different resources are allocate to the requested users. It provides distributed approach through which resources are allocated dynamically to the users without investing in the infrastructure or licensing the softwareās on the client side. Using the cloud makes processing of information is more commodious but it also present them with new security problems about reliability.This phenomenon introduces serious problems regarding access mechanism to any information stored in the database and resources in the cloud. For the successful implementation of cloud computing it is necessary that we must know different areas where the security is needed. For this there should also governess strategy needed for secure communication between multi-clouds located in different geographical areas or in different countries. In this paper we discuss how to safely utilizing the benefit of cloud computing through the network where data security, provide authentication, integration, recovery, IP spoofing and Virtual Servers are the most captiousfields in the cloud.
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...IJERA Editor
Ā
In this paper, SMCSaaS is proposed to secure email system based on Web Service and Cloud Computing
Model. The model offers end-to-end security, privacy, and non-repudiation of PKI without the associated
infrastructure complexity. The Proposed Model control risks in Cloud Computing like Insecure Application
Programming Interfaces, Malicious Insiders, Data Loss Shared Technology Vulnerabilities, or Leakage,
Account, Service, Traffic Hijacking and Unknown Risk Profile
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...IJNSA Journal
Ā
Multi-cloud is an advanced version of cloud computing that allows its users to utilize different cloud systems from several Cloud Service Providers (CSPs) remotely. Although it is a very efficient computing
facility, threat detection, data protection, and vendor lock-in are the major security drawbacks of this infrastructure. These factors act as a catalyst in promoting serious cyber-crimes of the virtual world. Privacy and safety issues of a multi-cloud environment have been overviewed in this research paper. The
objective of this research is to analyze some logical automation and monitoring provisions, such as monitoring Cyber-physical Systems (CPS), home automation, automation in Big Data Infrastructure (BDI), Disaster Recovery (DR), and secret protection. The Results of this research investigation indicate that it is possible to avoid security snags of a multi-cloud interface by adopting these scientific solutions methodically.
A systematic mapping study of security, trust and privacy in cloudsjournalBEEI
Ā
Cloud computing thrives around trust and security in the relationship between cloud providers and users of their services. The objective was the conduct of a systematic mapping study of cloud computing security, trust and privacy. The research was executed using three classes of facets, namely topic, contribution, and research based on the systematic mapping process. The result shows that privacy issues and challenges on metric had 4.76% of the publications. On cloud trust in the domain of tool, the publications were 8.75%. The publications on design within the domain of model stood at 12.38%, and publications on privacy issues and challenges in the area of process were 8.57%. Furthermore, there were more articles published on privacy issues and challenges within the domain of evaluation research with 10.43%. The publications on design based on validation research made up 7.83% of the study. More papers were also published on frameworks and techniques within the domain of solution research with 5.22% each. There were more articles published on privacy issues and challenges with regards to philosophical research with 4.35%. Shortcomings in the fields of security, trust and privacy in the cloud, were identified through this study, which should motivate further research.
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXIJNSA Journal
Ā
Nowadays, use of wireless technology in organizations is a regular act, and we can see this technology erupted in all possible different areas. Related to employing wireless technology those organizations need to apply properly security level, depend on security policy which already defined. If security system applied but not required, or security system required but not provided, leads to improper security system. In this paper we have shown the way to evaluate the data significant and their appropriate security level. Here a model to evaluate the cost of data on security point of view by consideration of some parameters like sensitivity, volume, life, frequency, etcā¦, this research makes organizations to predict and implement or understand the cost involved for security of their data by measuring the data value. We used questionnaire and survey methodologies to collect the data; and then used SPSS and SAS program to calculate and design a model. In this way regression and BOOTSTARP help us to find accurate result.
Online Social Network (OSN) sites act as a medium to spread their own views, activities and their thoughts to some camaraderie. Contents of this network are spread over web, so it was hard to determine by a human decision. Currently, they do not provide any mechanism to ensure privacy concerns towards data associated with each user. Due to this problem, number of users lacks from their ownership control. In this paper, we proposed AC2P (Activity Control-Access Control Protocol) for information control on the web. Alternatively, Tag Refinement strategy determines illegal tagging over images and send notification about particular image spread within different communities/groups. These techniques reduce risk of information flow and avoid unwanted tagging toward images.
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
Ā
Cloud computing is an emerging computing paradigm where computing resources are provided as services over Internet while residing in a large data center. Even though it enables us to dynamically provide servers with the ability to address a wide range of needs, this paradigm brings forth many new challenges for the data security and access control as users outsource their sensitive data to clouds, which are beyond the same trusted domain as data owners. The occupier need not be concerned with how the Paas system achieves expansion under high load.MAC systems differ as security policy is defined for the entire system, typically by administrators. Information flow control (IFC) is a MAC approach, developed originally from military information management methodologies. IFC can be used to enforce more general policies, using appropriate labeling and checking schemes. The labels can be used to manage both confidentiality and integrity concerns, tracking ĆĀ¢Ć¢āĀ¬Ć āsecrecyĆĀ¢Ć¢āĀ¬ĆĀ and ĆĀ¢Ć¢āĀ¬Ć āqualityĆĀ¢Ć¢āĀ¬ĆĀ of data, respectively. Decentralized Information Flow Control (DIFC) is an approach to security that allows application writers to control how data flow between the pieces of application and the outside world. As applied to privacy DIFC allows un trusted software to compute with private data while trusted security code controls the release of that data. As applied to integrity DIFC allows trusted code to protect un trusted software from unexpected inputs.
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
Ā
Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their
activities and provide E-Services for their customers. In the process, whether they know it or not, those
organizations are also opening themselves up to the risk of information security breaches. Therefore
protecting an organizationās ICT infrastructure, IT systems, and Data is a vital issue that is often
underestimated. Research has shown that one of the most significant threats to information security comes
not from external attack but rather from the system's users, because they are familiar with the
infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only
technological solutions to protect an organizationās assets is not enough; there is a need to consider the
human factor by raising usersā security awareness. Our contribution to this problem is to propose an
Information Security Awareness Program that aims at raising and maintaining the level of usersā security
awareness. This paper puts forward a general model for an information security awareness program and
describes how it could be incorporated into an organizationās website through the process of development
life cycle.
Database security is a growing concern as the amount of sensitive data collected and retained in databases
is fast growing and most of these data are being made accessible via the internet. Majority of the companies, organizations and teaching and learning institutions store sensitive data in databases .As most of these data are electronically accessed , It can therefore be assumed that , the integrity of these numerous and sensitive data is prone to different kind of threat such as{Unauthorized access, theft as well access denial}. Therefore, the need for securing databases has also increased The primary objectives of database security are to prevent unauthorized access to data, prevent unauthorized tampering or modification of
data, and to also ensure that, these data remains available whenever needed. In this paper, we developed
a database security framework by combining different security mechanism on a sensitive students information database application designed for Shehu Shagari College of Education Sokoto (SSCOE) with the aim of minimizing and preventing the data from Confidentiality, Integrity and Availability threats
Information security plays an important role in
governments. Its realm has been increased nowadays, especially
with resent virusesā attacks in different governmental
organizations. The authentication is aspect of information
security, its current scheme used nowadays in the systems is
depend on the login by user name and password in addition to
one-time password or traditional secret questions, which in turn
is usually easy to predicate. This paper proposes enhanced
knowledge based authentication solution which ensures and
provides more security and usability levels for governmental
organizations.
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSIJNSA Journal
Ā
Cloud computing is a new innovative model for enterprise in which information is permanently stored on the servers and also manage how and when different resources are allocate to the requested users. It provides distributed approach through which resources are allocated dynamically to the users without investing in the infrastructure or licensing the softwareās on the client side. Using the cloud makes processing of information is more commodious but it also present them with new security problems about reliability.This phenomenon introduces serious problems regarding access mechanism to any information stored in the database and resources in the cloud. For the successful implementation of cloud computing it is necessary that we must know different areas where the security is needed. For this there should also governess strategy needed for secure communication between multi-clouds located in different geographical areas or in different countries. In this paper we discuss how to safely utilizing the benefit of cloud computing through the network where data security, provide authentication, integration, recovery, IP spoofing and Virtual Servers are the most captiousfields in the cloud.
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...IJERA Editor
Ā
In this paper, SMCSaaS is proposed to secure email system based on Web Service and Cloud Computing
Model. The model offers end-to-end security, privacy, and non-repudiation of PKI without the associated
infrastructure complexity. The Proposed Model control risks in Cloud Computing like Insecure Application
Programming Interfaces, Malicious Insiders, Data Loss Shared Technology Vulnerabilities, or Leakage,
Account, Service, Traffic Hijacking and Unknown Risk Profile
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...IJNSA Journal
Ā
Multi-cloud is an advanced version of cloud computing that allows its users to utilize different cloud systems from several Cloud Service Providers (CSPs) remotely. Although it is a very efficient computing
facility, threat detection, data protection, and vendor lock-in are the major security drawbacks of this infrastructure. These factors act as a catalyst in promoting serious cyber-crimes of the virtual world. Privacy and safety issues of a multi-cloud environment have been overviewed in this research paper. The
objective of this research is to analyze some logical automation and monitoring provisions, such as monitoring Cyber-physical Systems (CPS), home automation, automation in Big Data Infrastructure (BDI), Disaster Recovery (DR), and secret protection. The Results of this research investigation indicate that it is possible to avoid security snags of a multi-cloud interface by adopting these scientific solutions methodically.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Effect of Combustion Air Pre-Heating In Carbon Monoxide Emission in Diesel Fi...IJERA Editor
Ā
This paper describes the effect of combustion air pre- heating in Diesel fired heat Treatment Furnace. The main
heat treatment processes are Normalizing, Tempering, Hardening, Annealing, Solution Annealing and Stress
Relieving. The emission of carbon monoxide is measured with combustion air pre-heating and without preheating.
The results are then compared and it is found that the emission of CO is reduced by 29.12%. With the
Combustion air pre-heating a considerable reduction in Specific Furnace Fuel Consumption (SFFC) is obtained.
The test was caaried out at Peekay Steels Casting (P) ltd, Nallalam, Calicut.
General Terms: Heat Treatment Furnace
Study Utility Vehicle Makassar City Transport a High- ErgonomicsIJERA Editor
Ā
The development of technology during this was to meet the man, but it should be men must be spoilt, But if it
turns out that all that did not make people feel safe, comfortable, healthy and easy, but the planning process,
decision-making and developments have experienced a deviation orientation. Public transport Transportation in
the Makassar city should be made with implementing aspects promotes ergonomic comfort, but it does not apply
in means of transportation to the public. Issues for public vehicles on access up and down not in accordance
with The aim of the research vehicle users. is to phrases dimensions body which have an effect on to utility
vehicle, to examine the public vehicles that high-promotes ergonomic comfort. The method assessment is the
measurement dimensions body to the passengers as well as the use questionnaires and analyzed in a holistic
approach ergonomics. Results of research high security tools to public vehicles that high-security vehicle users
generally by body dimensions as a powerful than Knee-and-a-half was knee, long your feet, and your elbow
kelantai. While utilities yangbernilai ergonomics was the first and second around 24.76 cm and 49.53 cm, wide
around 24.25 cm and was hangar 104, 78 cm.
A Combined Approach for Feature Subset Selection and Size Reduction for High ...IJERA Editor
Ā
selection of relevant feature from a given set of feature is one of the important issues in the field of
data mining as well as classification. In general the dataset may contain a number of features however it is not
necessary that the whole set features are important for particular analysis of decision making because the
features may share the common informationās and can also be completely irrelevant to the undergoing
processing. This generally happen because of improper selection of features during the dataset formation or
because of improper information availability about the observed system. However in both cases the data will
contain the features that will just increase the processing burden which may ultimately cause the improper
outcome when used for analysis. Because of these reasons some kind of methods are required to detect and
remove these features hence in this paper we are presenting an efficient approach for not just removing the
unimportant features but also the size of complete dataset size. The proposed algorithm utilizes the information
theory to detect the information gain from each feature and minimum span tree to group the similar features
with that the fuzzy c-means clustering is used to remove the similar entries from the dataset. Finally the
algorithm is tested with SVM classifier using 35 publicly available real-world high-dimensional dataset and the
results shows that the presented algorithm not only reduces the feature set and data lengths but also improves the
performances of the classifier.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Chegamos na quarta aula do projeto vamos algoritmizar, vamos entender o infinito mundo das repetiƧƵes e comeƧar a entender esse novo comando...
... de novo!
Enhanced security framework to ensure data security in cloud using security b...eSAT Journals
Ā
Abstract Data security and Access control is a challenging research work in Cloud Computing. Cloud service users upload there private and confidential data over the cloud. As the data is transferred among the server and client, the data is to be protected from unauthorized entries into the server, by authenticating the userās and provide high secure priority to the data. So the Experts always recommend using different passwords for different logins. Any normal person cannot possibly follow that advice and memorize all their usernames and passwords. That is where password managers come in. The purpose of this paper is to secure data from unauthorized person using Security blanket algorithm.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
An extensive research survey on data integrity and deduplication towards priv...IJECEIAES
Ā
Owing to the highly distributed nature of the cloud storage system, it is one of the challenging tasks to incorporate a higher degree of security towards the vulnerable data. Apart from various security concerns, data privacy is still one of the unsolved problems in this regards. The prime reason is that existing approaches of data privacy doesn't offer data integrity and secure data deduplication process at the same time, which is highly essential to ensure a higher degree of resistance against all form of dynamic threats over cloud and internet systems. Therefore, data integrity, as well as data deduplication is such associated phenomena which influence data privacy. Therefore, this manuscript discusses the explicit research contribution toward data integrity, data privacy, and data deduplication. The manuscript also contributes towards highlighting the potential open research issues followed by a discussion of the possible future direction of work towards addressing the existing problems.
Wireless Information Security System via Role based Access Control Pattern Us...ijcnes
Ā
Business delivery value added more via security services to the service providers and service users. Organization system developing various models to achieve the security system according to the modern development and technology; which they requires for their own operations and for their interactions within departments, customers and partners. Business securities pattern will be aid to establish a powerful methodology to identify and understand these relationships to maximize the value of security system. This paper presents a study of important business patterns in Roles Right Definition Model Use Cases linking to Object oriented Analysis and Design approach for Secured Internet Information access.
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...IJNSA Journal
Ā
Cloud computing refers to a type of networked computing whereby an application can be run on connected
servers instead of local servers. Cloud can be used to store data, share resources and also to provide
services. Technically, there is very little difference between public and private cloud architecture. However,
the security and privacy of the data is a very big issue when sensitive data is being entrusted to third party
cloud service providers. Thus encryption with a fine grained access control is inevitable to enforce security
in clouds. Several techniques implementing attribute based encryption for fine grained access control have
been proposed. Under such approaches, the key management overhead is a little bit high in terms of
computational complexity. Also, secret sharing mechanisms have added complexity. Moreover, they lack
mechanisms to handle existence of traitors. Our proposed approach addresses these requirements and
reduces the overhead of the key management as well as secret sharing by using efficient algorithms and
protocols. Also, a traitor tracing technique is introduced into the cloud computing two layer encryption
environment.
Database SecurityāConcepts,Approaches, and ChallengesElisaOllieShoresna
Ā
Database SecurityāConcepts,
Approaches, and Challenges
Elisa Bertino, Fellow, IEEE, and Ravi Sandhu, Fellow, IEEE
AbstractāAs organizations increase their reliance on, possibly distributed, information systems for daily business, they become more
vulnerable to security breaches even as they gain productivity and efficiency advantages. Though a number of techniques, such as
encryption and electronic signatures, are currently available to protect data when transmitted across sites, a truly comprehensive
approach for data protection must also include mechanisms for enforcing access control policies based on data contents, subject
qualifications and characteristics, and other relevant contextual information, such as time. It is well understood today that the
semantics of data must be taken into account in order to specify effective access control policies. Also, techniques for data integrity
and availability specifically tailored to database systems must be adopted. In this respect, over the years the database security
community has developed a number of different techniques and approaches to assure data confidentiality, integrity, and availability.
However, despite such advances, the database security area faces several new challenges. Factors such as the evolution of security
concerns, the ādisintermediationā of access to data, new computing paradigms and applications, such as grid-based computing and on-
demand business, have introduced both new security requirements and new contexts in which to apply and possibly extend current
approaches. In this paper, we first survey the most relevant concepts underlying the notion of database security and summarize the
most well-known techniques. We focus on access control systems, on which a large body of research has been devoted, and describe
the key access control models, namely, the discretionary and mandatory access control models, and the role-based access control
(RBAC) model. We also discuss security for advanced data management systems, and cover topics such as access control for XML.
We then discuss current challenges for database security and some preliminary approaches that address some of these challenges.
Index TermsāData confindentiality, data privacy, relational and object databases, XML.
ļæ½
1 INTRODUCTION
AS organizations increase their adoption of databasesystems as the key data management technology for
day-to-day operations and decision making, the security of
data managed by these systems becomes crucial. Damage
and misuse of data affect not only a single user or
application, but may have disastrous consequences on the
entire organization. The recent rapid proliferation of Web-
based applications and information systems have further
increased the risk exposure of databases and, thus, data
protection is today more crucial than ever. It is also
important to appreciate that data needs to be protected
not only from external threats, but also from insider threats ...
SECURITY AND PRIVACY AWARE PROGRAMMING MODEL FOR IOT APPLICATIONS IN CLOUD EN...ijccsa
Ā
The introduction of Internet of Things (IoT) applications into daily life has raised serious privacy concerns
among consumers, network service providers, device manufacturers, and other parties involved. This paper
gives a high-level overview of the three phases of data collecting, transmission, and storage in IoT systems
as well as current privacy-preserving technologies. The following elements were investigated during these
three phases:(1) Physical and data connection layer security mechanisms(2) Network remedies(3)
Techniques for distributing and storing data. Real-world systems frequently have multiple phases and
incorporate a variety of methods to guarantee privacy. Therefore, for IoT research, design, development,
and operation, having a thorough understanding of all phases and their technologies can be beneficial. In
this Study introduced two independent methodologies namely generic differential privacy (GenDP) and
Cluster-Based Differential privacy ( Cluster-based DP) algorithms for handling metadata as intents and
intent scope to maintain privacy and security of IoT data in cloud environments. With its help, we can
virtual and connect enormous numbers of devices, get a clearer understanding of the IoT architecture, and
store data eternally. However, due of the dynamic nature of the environment, the diversity of devices, the
ad hoc requirements of multiple stakeholders, and hardware or network failures, it is a very challenging
task to create security-, privacy-, safety-, and quality-aware Internet of Things apps. It is becoming more
and more important to improve data privacy and security through appropriate data acquisition. The
proposed approach resulted in reduced loss performance as compared to Support Vector Machine (SVM) ,
Random Forest (RF) .
The spread of information networks in communities and organizations have led to a daily huge volume of information exchange between different networks which, of course, has resulted in new threats to the national organizations. It can be said that information security has become today one of the most challenging areas. In other words, defects and disadvantages of computer network security address irreparable damage for enterprises. Therefore, identification of security threats and ways of dealing with them is essential. But the question raised in this regard is that what are the strategies and policies to deal with security threats that must be taken to ensure the security of computer networks? In this context, the present study intends to do a review of the literature by using earlier researches and library approach, to provide security solutions in the face of threats to their computer networks. The results of this research can lead to more understanding of security threats and ways to deal with them and help to implement a secure information platform.
The advancements in cloud computing and leveraging the benefits from
cloud computing to the service providers have increased the deployment of
traditional applications to the cloud. The applications once deployed on the
cloud, due to various reasons, need migration from development
infrastructure to operational infrastructure, one operational instance to other
operational instances due to load balancing and the cycle continues due to the
use of DevOps as development strategies for cloud computing applications.
Advocates of hybrid and public clouds observe cloud computing makes it
possible for organizations to avert or minimize upfront IT infrastructure
expenses. Proponents also assert that cloud computing systems permit
businesses to receive their software up and running faster, using improved
manageability and less maintenance, so it empowers IT teams to rapidly
adapt tools to meet the varying and unpredictable requirements. DevOps is a
lot of practices that mechanizes the procedures between programming
improvement and IT groups, all together that they can fabricate, test, and
discharge programming quicker and even more dependably. The idea of
DevOps is established on building a culture of a joint effort between groups
that generally worked in relative siloes. The guaranteed advantages
incorporate expanded trust, quicker programming discharges, capacity to
explain basic issues rapidly and better oversee impromptu work. Thus, this
work identifies the need for providing multiple security protocols during the
complete life cycle of cloud application development and deployment. This
work proposes a novel framework for automatic selection and deployment of
the security protocols during cloud service deployments. The framework
identifies the need for security aspects and selects the appropriate security
algorithms for virtual machines. The proposed framework demonstrates
nearly 80% improvement over the security policy deployment time.
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...IJNSA Journal
Ā
Cloud computing refers to a type of networked computing whereby an application can be run on connected servers instead of local servers. Cloud can be used to store data, share resources and also to provide services. Technically, there is very little difference between public and private cloud architecture. However, the security and privacy of the data is a very big issue when sensitive data is being entrusted to third party cloud service providers. Thus encryption with a fine grained access control is inevitable to enforce security in clouds. Several techniques implementing attribute based encryption for fine grained access control have been proposed. Under such approaches, the key management overhead is a little bit high in terms of computational complexity. Also, secret sharing mechanisms have added complexity. Moreover, they lack mechanisms to handle existence of traitors. Our proposed approach addresses these requirements and reduces the overhead of the key management as well as secret sharing by using efficient algorithms and protocols. Also, a traitor tracing technique is introduced into the cloud computing two layer encryption environment.
A PRACTICAL CLIENT APPLICATION BASED ON ATTRIBUTE-BASED ACCESS CONTROL FOR UN...cscpconf
Ā
One of widely used cryptographic primitives for the cloud application is Attribute Based Encryption (ABE) where users can have their own attributes and a ciphertext encrypted by an access policy. Though ABE provides many benefits, the novelty often only exists in an academic world and it is often difficult to find a practical use of ABE for a real application. In this paper, we discuss the design and implementation of a cloud storage client application which supports the concept of ABE. Our proposed client provides an effective access control mechanism where it allows different types of access policy to be defined thus allowing large datasets to be shared by multiple users. Using different access policy, each user only needs to access only a small part of the big data. The goal of our experiment is to explore the right set of strategies for developing a practical ABE-based system. Through the implementation and evaluation, we have determined the various characteristics and issues associated with developing a practical ABEbased
application.
IRJET- An Efficient Data Sharing Scheme in Mobile Cloud Computing using Attri...
Ā
Bn31437444
1. Dilip kumar Choubey, Prof. Joy Bhattacharjee, Prof. Roopali Soni / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 1, January -February 2013, pp.1437-1444
āLoss Minimization of Web Databases by Fine Grain Approachā
Dilip kumar Choubey, Prof. Joy Bhattacharjee, Prof. Roopali Soni
M.Tech IVSem O.C.T Bhopal India
Department Of C.S.E O.C.T Bhopal India
Head, Department of C.S.E O.C.T Bhopal India
Abstract
Information is the most valuable asset driven web application, and must be guarded from
for organizations. One of the goals of numerous types of malicious attacks. Security is a
organizations is to share their data and at the major concern in the application of web database
same time to enforce their policies. Web database techniques to datasets containing personal sensitive
is a combined production with database or confidential information. To address this issue, a
technology and Web technology. Web database is more efficient and flexible security mechanism is
placed on the Internet, there are many security required to systematically authenticate users, control
problems. The secrecy and the integrity are two network traffic [14], and provide efficient fine-
important demands of security system. When grained access control. Traditional policies treat
database access control and the network security tables or columns as the basic access control unit
are addressed separately, the security systems [03].
are not optimized sufficiently as a whole. Fine- As security has gained significant
grained access control (FGAC) must be importance, organizations have been forced to
supported by web relational databases to satisfy protect individual preferences and comply with
the requirements of privacy preserving and many enacted privacy laws. This has been a strong
Internet-based applications. We propose a model driving force for access control in relational
of integrating network security with criterion databases [07]. Traditional relation level access
based access control to handle network security control is insufficient to address the increasingly
and the fine grained Web database access control complex requirements of access control policies
simultaneously. We have implemented our model where each cell in the relation might be governed by
in college database and performance is evaluated. a separate policy. In order to address this demand,
Whenever any unauthorized user altered our we are in need of a more fine grained access control
data a system called Web-Secure report to the scheme, at the row-level or even the cell-level.
authorized user via E-mail or Short Message Security is an integrative concept that
Service (SMS). The implementation results show includes the following properties [1]:
that how our model is suitable for web database confidentiality (absence of Unauthorized disclosure
security. of a service or piece of information), authenticity
(guarantees that a service or piece of information is
Keywords: Fine grained access control, Web authentic), integrity [01](protection of a service or
database security, multiple policies, Privacy piece of information against illicit and/or undetected
preservation, Network security, access control modification), and availability (protection of a
service or piece of information against possible
1. Introduction denials of service caused maliciously) [04].
Internet users interact with and use web Current day database applications, with
applications every day for a wide spectrum of tasks, large numbers of users, require fine-grained access
ranging from online banking to social networking, control mechanisms, at the level of individual
and everything in between. Security in database has tuples[17], not just entire relations/views, to control
become an important problem because of the large which parts of the data can be accessed by each
amount of personal data, which is tracked by many user. The authorization rules (security policy) may
business web applications. Web database is be different for different Web and distributed
combination of database and web technology. Web databases. It is convenient to implement flexible
database is placed on the Internet, there are many fine-grained access control for each database based
security problems. Web and distributed databases on different authorization rules [13].
play[02] the key role in most of these Web Currently, network security and database
applications and thus it is critical to protect them security are often addressed separately and therefore
from unauthorized access and malicious attacks. the security system is not optimized properly as a
One of the key components of every web whole.
application and arguably the most important in We propose a model of integrating network
terms of security [19] is the web application's security with criterion based access control to
database. The web database is the heart of any data-
1437 | P a g e
2. Dilip kumar Choubey, Prof. Joy Bhattacharjee, Prof. Roopali Soni / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 1, January -February 2013, pp.1437-1444
handle network security and the fine grained Web 2. Related work
database access control simultaneously. Fine-grained access control was first
We consider the issue of security of the web introduced as a part of the access control system in
database at the database layer and network layer. INGRES by Stonebraker and Wong (1974), which
Our main emphasis is at database layer[05] where was implemented by query modification technology.
we have applied fine grained access control to The basic idea of query modification is that before
achieve security at row level or even cell level. being processed, user queries are transparently
We have implemented our model in college modified to ensure that users can access only what
database and performance is evaluated. Whenever they are authorized to access (Bertino et al., 2005;
any unauthorized user altered our data a system Wang et al., 2007) [20][15].
called WebSecure report to the authorized user via Views are used to specify and store access
email or SMS. The implementation results show that permission for users. When a user submits a query,
how our model is suitable for web database security. DBMS first finds all views [08] whose attributes
The rest of the paper is divided as follows. Section 2 include the attributes of the issued query, and then
present the security related work. Section 3.1 covers add the predicates of these views to the predicates of
the proposed algorithm. Section 3.2 present the original query to form a new modified query,
implementation. Section 4 Present Experimental which will be carried out.
result and performance evaluation. Section 5 Recently, work on the policy for preserving
concludes the paper and also present future work. privacy has boosted the research of FGAC (Agrawal
et al., 2002; Bertino et al., 2005). Bertino et al.
1.1 Motivation (2005) [20] presented a privacy preserving access
In the past decade alone, the widespread control model for relational databases, which needs
availability of broadband internet connections a basis of FGAC in relational databases.
coupled with the relatively low cost of internet- Nevertheless, they did not describe how to
capable computers has led to a boom in the number implement the model.
of internet users. As entire populations log on to the LeFevre et al. (2004) proposed a practical
internet, the amount of physical data stored by web- approach to incorporating privacy policy
based applications continues to soar. Internet users enforcement into an existing application and
interact with and use web applications every day for database environment where the implementation of
a wide spectrum of tasks, ranging from online FGAC at cell level was provided.
banking to social networking, and everything in All works described above focused mainly
between. Web database is a combined production on the enforcement of FGAC, and did not provide a
with database technology and web technology. Data FGAC Model which supports many access control
security [18] is a major issue in any web-based policies [11]. Less work has been done with the
application. Web database was placed on the FGAC model. The work of Agrawal et al. (2005)
Internet, there are many security problems. Real [20]and Barker (2008) suffered from specific
world web databases have information that needs to aforementioned limitations.
be securely stored and accessed. Web applications Chaudhuri et al. (2007) also extended SQL
are becoming increasingly commonplace and the language to support fine-grained authorization by
database can be easily accessible. In the old web predicated grants. Not only the column- and cell-
database system, some database rights were granted level authorizations, but also the authorizations for
to legal users. Many applications are developed with function/procedure execution were supported.
loosely-typed scripting languages [06] and make use Moreover, they designed query defined user groups
of a single database user with full permissions, a so- and authorization groups to simplify the
called administrator user. Information is the most administration of authorizations.
valuable asset for organizations. The information Olson et al. (2008) presented a formal
disclosure from such databases may have very framework for reflective database access control
serious impact on organization business. It is policies where a formal specification of FGAC
important to properly handle network and web policies was supported by Transaction Data-log. The
database security issues [08] including security analysis [16] was also provided. Moreover,
authentication, denial of service, and fine-grained they enforced policies by compiling policies in
access control. So new security mechanism and Transaction Data-log into standard SQL views
access control [3] approaches for databases and (Olson et al., 2009). The shortcomings are that the
especially for web databases have become a dire negative authorization and multiple policies at fine
necessity. But with the development of web granularity (which are the major contributions of our
systems, the number of attacks on databases model) were not taken into account.
increased and it has become clear that their security Kabra et al. (2006) [09] considered two
mechanism and access control mechanism is different aspects of FGAC: efficiency and
inadequate for web-based database systems. information leakage of enforcement of FGAC.
Using query modification to enforce FGAC, there
1438 | P a g e
3. Dilip kumar Choubey, Prof. Joy Bhattacharjee, Prof. Roopali Soni / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 1, January -February 2013, pp.1437-1444
may exist redundancies in the final executed queries event. The attributes of the anomaly, such as user,
because of the same predicates between the FGAC role, SQL command, then correspond to the
policies and the queries issued by users. These environment surrounding such an event. Intuitively,
redundancies include not only cheap comparisons, a policy can be specified taking into account the
but also expensive semi-joins, which would increase anomaly attributes to guide the response engine in
the execution time. taking a suitable action.
Kabra et al. (2006) also considered the Fine-grained access control (FGAC) must
potential of information leakage through channels be supported by web relational databases to satisfy
caused by exceptions, error messages, and user the requirements of privacy preserving and Internet-
defined functions. For remedying the two problems, based applications. We propose a model of
they proposed methods for redundancy removal, the integrating network security with criterion based
definition of safety query plan, and the techniques to access control to handle network security and the
generate safe query plans. fine grained Web database access control
Wang et al. (2007) proposed a correctness simultaneously.
criterion of FGAC for databases, which contains Inconsistency Attributes
three properties: secure, sound, and maximum. They User The user associated with the request
argued that any algorithm used to implement FGAC Role The role associated with the request
must be sound and secure, and should strive to be Source IP the IP Address associated with the request
maximum. They also pointed out that no algorithm Date and Time Date/Time of the anomalous request.
exists that is both sound and secure. Then, they Client App The client application associated with
proposed an algorithm that is sound and secure. In the request.
this paper, we do not consider these aspects. There
is another important related work. 3.1 Proposed Algorithm
Bertino et al. (1997) proposed an extended
authorization model for relational databases, which Algorithm
supports negative authorization. This work inspired Input: user U, relation R, action A, database D.
us to extend the FGAC model to support negative Output: the combined Fine Grained Access Control
authorization. The main difference between their policy Pout.
work and ours is the granularity of negative
authorization: the model they proposed can support ON ANOMALY DETECTION
only negative authorization at coarse granularity IF ROLE != USERROLE and Source IP IN
(tables, views), but our model can express negative NETWORK and OBJECTTYPE=table
authorization at finer granularity (rows, columns, or And SQLCOMMAND
cells). IN{INSERT,UPDATE,DELETE}
Oracleās Virtual Private Database (VPD) THEN SUSPEND
model [9] supports finegrained access control CONFIRM REAUTHENTICATE
through functions that return strings containing ON SUCCESS
predicates. Oracle virtual private database (VPD) Access to web database according to Policy
also uses query modification to implement FGAC ON FAILURE
(Oracle Corporation, 2005). VPD supports Abort, Disconnect and response report to
FGAC[10] through functions written as stored authorized user
procedures which are associated with a relation.
When a user accesses the relation, the function is RSāā ;
triggered to return predicates, and the database PStempāā ;
rewrites the SQL statement submitted by the user to PSroleāā ;
include these predicates. For providing enhanced PStemp=Get all FGAC policies (U, R, A, D);
access control, in addition to row level access PD=Inter Section of (PStemp);
control, column-level VPD [12] has been added to RS=Get the Role Set (U, D);
Oracle to provide column-level access control, for all r in RS do
which in turn associates functions with columns. A
PStempāā ;
function is associated with each relation, and when
PStemp=Get RFGAC Policies Set (r, R, A, D);
invoked returns a string containing predicates that
PSroleāInter Section of (PStemp);
enforce fine-grained access control; the function
end for
takes as input the mode of access and an application
PR=Union of (PSrole);
context which includes information such as user-id
of the end user. Pout=PDā§PR.
3.2. Implementation
3 Our approach
The machine on which the experiments
The detection of an inconsistency by the
were performed has a system memory of 2GB, clock
detection engine can be considered as a system
1439 | P a g e
4. Dilip kumar Choubey, Prof. Joy Bhattacharjee, Prof. Roopali Soni / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 1, January -February 2013, pp.1437-1444
speed of 2.50 GHz, cache size of 512 KB, bus speed Now, instead of shipping the whole relation we can
of 100 MHz, and a block size of 1 KB. All the compute a checksum on the tuples of the relation in
experiments were run on the ORACLE 11g database the main database, ship the checksum to the Web-
management system. The tables used in our Secure site, compute a similar checksum of tuples in
experiments are of Educational Institute. The tables the local copies and compare the two checksums. If
used are students (eno, name, tos), faculty (id, name, they do not match, it can be reported as a security
dept, courseid), courses (courseid, coursename), breach. In fact, if detecting inconsistency is all that
grades (eno, courseid, grade), dept (deptno, dname), is required, we could do away with creating the
emp(empno, ename, job, mgr, hiredate, sal, comm, result tables. Instead of storing the results as a table,
deptno), bonus (ename, job, sal, comm), registration all we need to do is store the checksum of the query
(eno,courseid), salgrade (grade, losal, hisal), users result. During the periodic check, we compare this
(username, domainname, ipaddress, privatekey), checksum with the calculated checksum of the
tmp(eno, grade, newgrade). tuples in the main database relation.
The WebSecure is a system, which we are
developing to detect and report inconsistencies and We have incorporated this facility into our
security breaches in a web database. It runs on a Web-Secure code. We use MD5 checksums; we
separate site (typically different from the one on compute checksum of every tuple that is a 16-byte
which the application runs and the one on which the value and compute the exclusive-OR of all the
main database resides) monitoring the access to the checksums. This is the value that is transferred to
database indirectly. It runs periodically at pre- the Web-Secure, where a similar procedure is
decided intervals and checks for the consistency of followed to compute the checksum, and compared
the database relations and reports any discrepancies. with the computed checksum of the local copy. This
It also has a local copy of original data, which can reduces the network traffic significantly, which
be used to restore the database to the consistent would otherwise have been very high, if the whole
state. relation was transferred periodically to the Web-
We built a package in Java. Any Secure site.
application that uses this package should call the
appropriate function and send the query along with 4. Experimental Results and Performance
the parameters. We create a table containing the Evaluation
parameters of the queries passed, one table per We have Performed the row level or Cell
query type. And similarly we have one result table Level Security on the table as mentioned below and
per query type. When a new query is received at the The Data Dictionary is also given below of each
Web-Secure, we detect if it is a duplicate and insert table:
it into the table accordingly. We then run the query
on the main database and store the result we get in DEPT
the corresponding result table. Also each set of DEPTNO NUMBER(2)
parameter and result tables are identified by the DNAME VARCHAR2(14)
parameters in the query. LOC VARCHAR2(3)
We get the entire main database table to the Department table consists of Department
Web-Secure site and join it with the local parameter Number(DEPTNO), Department Name(DNAME),
table and detect the inconsistencies. In order to Location(LOC).
optimize the activity performed by the Web-Secure,
we run as less number of queries as possible during COURSES
the periodical activity of verifying the consistency COURSEID VARCHAR2(20)
of the database. For every type of query, i.e., for set
COURSENAME VARCHAR2(20)
of queries of the same type (meaning same number
Courses table consists of Courses Identity
and type of parameters), the Web-Secure runs a
(COURSEID),Courses Name(COURSENAME).
single query in order to check the results with the
local copies. As the parameters differ only in values,
EMP
we perform a join of the parameter table with the
EMPNO NUMBER(4)
database table to get the results and compare them
with the locally stored result tables containing ENAME VARCHAR2(10)
original contents. JOB VARCHAR2(9)
MGR NUMBER(4)
Our earlier model of Web-Secure maintains HIREDATE DATE
a copy of the frozen query results and periodically, SAL NUMBER(7,2)
it transfers the whole relation of the main database COMM NUMBER(7,2)
to the Web-Secure site and does a join of the DEPTNO NUMBER
parameter table with this relation as part of the
query to detect differences between these copies.
1440 | P a g e
5. Dilip kumar Choubey, Prof. Joy Bhattacharjee, Prof. Roopali Soni / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 1, January -February 2013, pp.1437-1444
Employee table consists of Employee Number TMP
(EMPNO), Employee Name (ENAME),Job(JOB), ENO VARCHAR2(20)
Manager(MGR),Hiredate(HIREDATE),Salary(SAL GRADE VARCHAR2(2)
),Commission (COMM),Department Number NEWGRADE VARCHAR2(2)
(DEPTNO). Temprorary table consists of Employee Number
(ENO),Grade(GRADE),New Grade(NEWGRADE).
GRADES
ENO VARCHAR2(20) There are eleven tables in our concept of
COURSEID VARCHAR2(20) fine grain approach.Now we will performed our
GRADES VARCHAR2(20) approach on the grade table.The fine grain approach
Grades table consists of Employee Number (ENO), is applied where the database tables are used not
Course Identity(COURSEID),Grades(GRADES). frequently.The example of our approach can be
applied on grade system and if tables commercially,
BONUS it can be applied on Land Registry,fixed deposits of
ENAME VARCHAR2(10) banks etc.
JOB VARCHAR2(9)
SAL NUMBER Now We have Performed the Operation on the table
COMM NUMBER grade. Before doing the Operation The Ticket
Bonus table consists of Employee Name (ENAME), authorization Serever will check for the authorized
Job(JOB),Salary(SAL),Commission(COMM). user.
STUDENTS
ENO VARCHAR2(20)
NAME VARCHAR2(20
TOS VARCHAR2(20
Students table consists of Employee Number(ENO),
Name(NAME),Type of Course Name(TOS).
REGISTRATION
ENO VARCHAR2(20)
COURSEID VARCHAR2(20)
Registration table consists of Employee Number
(ENO), Course Identity (COURSEID).
FACULTY
ID VARCHAR2(20)
NAME VARCHAR2(20)
DEPT VARCHAR2(20)
COURSEID VARCHAR2(20)
Faculty table Consists of Identity(ID),Name
(NAME),Department(DEPT),Couse Identity
(COURSEID).
SALGRADE
GRADE NUMBER
LOSAL NUMBER
HISAL NUMBER
Salary Grade table consists of Grade (GRADE),
Low Salary (LOSAL) ,High Salary(HISAL).
USERS
USERNAME VARCHAR2(20) Fig. 1
DOMAINNAME VARCHAR2(20)
IPADDRESS VARCHAR2(20) Here, authorized user mean he should be registered
PRIVATEKEY VARCHAR2(20) in database and should be aware to Server IP
Users table consists of User Name (USERNAME), Address.If this true,Then Ticket Authorization
Domain Name (DOMAIN NAME), IP Address Server will allow to perform the operation to
(IPADDRESS), Private Key(PRIVATEKEY). authorized usres.So that We assume the application
Software are secure because as we may see in
1441 | P a g e
6. Dilip kumar Choubey, Prof. Joy Bhattacharjee, Prof. Roopali Soni / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 1, January -February 2013, pp.1437-1444
Fig.1,the user should be registered as well as should snapshot describes the Fig. 2 mentioned concept
be aware to server IP address. here only one cell of one table is being modified.
Our approach gives the logoff data that is when
We assume the sense of following parameter: modified two of modification old value and also the
Scholar Number : Registerd User in database. updated value.
TAS IP :Client IP
Target Serversās IP Address:Server IP Address In the Fig. 2 named as Grade Information
(Where we have to send the value). We are changing the grade table through cell level
Duration(in minutes):for how much time. approach. Here only authorized user is able to
Value toSend:What we have to send change the grade but If there is an impersonification,
and then send request to TAS server. the impersonified person can only change a single
So, To Perform a task User should be aware for data therefore the whole table is secure from the
the above parameter . attack of an intruder. This is the concept behind of
our approach.
If unauthorized User will bypass
directly/logged to this database system Then he may If Unauthorized User gets an entry into the
alter the useful data ,So it is clear that Database database Server then he would not be able to
system are inseure so We are providing the security manipulate the Whole table, only One Cell of the
at database System. Here We are providing the data may be modified that too will be received by
security on grade table. authorized user and he would get the information by
mail & SMS Which Would describe the old and
updated value.
Fig. 2
In the Student Information System, meaningfully
unauthorized user Will alter data on grade table, so
We have Provided the Security on grade table. Only
one of the enroll grade will be alter at a time by
unauthorized user. Then instantly The Web Secure Fig. 3
will report to authorized user by email/sms with old
value and updated value, and then authorized user So, As we may See in Fig. 3 that only one cell will
may act. So here we are minimizing loss of be alter at a time and instantly The Web Secure will
databases by Fine Grain Approach. The above report to authorized user by email/sms with old
1442 | P a g e
7. Dilip kumar Choubey, Prof. Joy Bhattacharjee, Prof. Roopali Soni / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 1, January -February 2013, pp.1437-1444
value and updated value and then authorized user The chart which has been given below is in
may act. So,It may be noted that that we are histogram format. The number of users are same in
minimizing the Loss of database using Fine Grain the X-axis and number of seconds is in the Y-axis.
Approach. The performance can be evaluated
hypothetically.
The graph i.e., shown below evaluates the
performance between users and number of
interactions.
Performance Graph
350
300
Web Interaction per seconds
250
200
150
100
50
0 Fig. 5
10 20 30 40 50 60 70 80
In the Fig. 5 performance chart as we may
No. of users see that we are comparing the performance of
without FGAC and FGAC with time in second
without
versus number of users.
FGAC
Number of users in even same number we
with FGAC may see that more time is taking in case of with
FGAC while less in without FGAC with respect to
web interaction per seconds so again it is clear that
we are getting more security in case of FGAC
Fig. 4 because we are working on cell level therefore time
required is more and information retrieval is less.
In the Fig. 4 performance graph we
measure the performance of FGAC and without
5 Conclusion and future work
FGAC with Web interaction per second Vs no. of
Web database is combination of database
users. As we may see in the Fig. 4 the number of and web technology. Security of data stored in the
users in any number interacting / hitting more web web database is of prime importance in todayās
interaction per second in without FGAC and less in world with growing E-business. In order to preserve
with FGAC so it is clear that we may retrieve less
data privacy, we assume that no one except the data
information in case of FGAC because less owner or authorized users have the right to access
interaction/hitting with web interaction per second. the original data. We propose an authentication
So it may be noted it is providing security to the mechanism when certain anomalous actions are
database server. executed against critical system resources such as
anomalous access to system tables.
The system was considered extremely
useful by the administrators. These results clearly
show that our approach is very accessible to most
administrators and can be of extreme importance in
helping them to become more aware of the security
1443 | P a g e
8. Dilip kumar Choubey, Prof. Joy Bhattacharjee, Prof. Roopali Soni / International Journal of
Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 1, January -February 2013, pp.1437-1444
flaws existent in the configuration of the Access Control for GridFTP using
environments that they manage. The termination of SecPAL, IEEE 2007, Pg 1-9
the users requests at the early stage avoids to [14] Rongxing Lu, Xiaodong Lin, Haojin Zhu,
unnecessarily processing the requests further. The Pin-Han Ho & Xuemin (Sherman) Shen,
implemented system can be applied to many areas āA Novel Anonymous Mutual
such as education, finance, marketing, health care, Authentication Protocol With Provable
government, and military. We implemented our Link-Layer Location Privacyā, IEEE, 2009.
system in Education domain. The propose policy [15] Jie Wang & Jun Zhang, āAddressing
mechanism and access control mechanism is Accuracy Issues in Privacy Preserving Data
applicable for any existing web databases and is Mining through Matrix Factorizationā,
capable to prevent many kinds of attacks, thus IEEE, 2007.
significantly decreases the web databases' attack [16] Anup Patel, Naveeta Sharma, Magdalini,
surface. We propose a system which report when āNegative Database for Data Securityā,
any unauthorized user modifies our web database IEEE 2009
via SMS. [17] Attribute- Based Encryption for Fine-
Future work: Web database security and Grained Access Control of Encrypted
Semantic web is constantly research topic. Our Dataā, IEEE 2008
future works is to provide semantic web capability [18] Qing Zhao, Shihong Qin, ā Study on
to analyze user access and authentication. Security- based Databaseā, IEEE 2008
[19] Alex Roichman & Ehud Gudes, āFine-
References grained Access control to web databasesā,
[1] Zhu Yangqing, Yu Hui, Li Hua, Zeng ACM SACMAT, 2007.
Lianming, Design of a new web database [20] Elisa Bertino & Ravi Sandhu, ā Database
security model, IEEE, 2009, 292-297 Security- Concepts, Approaches, and
[2] Leon Pan, A Unified Network Security and challengesā, IEEE Transactions on
Fine-Grained Database Access Control Dependable and secure computing, 2005.
Model, IEEE 2009, pg 265-270
[3] Xueyong Zhu, William Atwood, A web
database Security model using the Host
identity protocol, IEEE 2007
[4] Lianzhong Liu, Qiang Huang, A
framework for database auditing, IEEE,
2009, 982-988
[5] Afonso Neto, Marco Vieira, Henrique
Maderia,An appriasal to assess the security
of database configurations, IEEE, 2009,
73-80
[6] Qing Zhao, Shihong Qin, Study on security
of web based database, IEEE, 2008, 902-
910
[7] WU Pufeng, Zhang Yoqing, An overview
of Database security, Computer
Engineering, Vol 32,2006,85-88
[8] Zhou Wen, A new web accessing database
module basing in security of information
computer security, 2008, 63-66
[9] S. Sudershan, Govind Kabra, Ravishankar
Ramamurthy, Redundancy and Information
Leakage in Fine-Grained Access Control,
ACM SIGMOD 2006
[10] Jie SHI, Hong ZHU, A fine-grained access
control model for relational databases,
IEEE 2010, Pg 575-585
[11] Sohial Imran, Irfan Hyder, Security Issues
in Databases, IEEE 2009, Pg 541-545
[12] Wang Baohua, Ma Xinqiang, Li Danning,
A formal multilevel database security
model, IEEE 2008, Pg 252-265
[13] Marty Humphrey, Sang-Min Park, Jun
Feng, Norm Beekwilder, Fine-Grained
1444 | P a g e