International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
Cloud computing is an emerging computing paradigm where computing resources are provided as services over Internet while residing in a large data center. Even though it enables us to dynamically provide servers with the ability to address a wide range of needs, this paradigm brings forth many new challenges for the data security and access control as users outsource their sensitive data to clouds, which are beyond the same trusted domain as data owners. The occupier need not be concerned with how the Paas system achieves expansion under high load.MAC systems differ as security policy is defined for the entire system, typically by administrators. Information flow control (IFC) is a MAC approach, developed originally from military information management methodologies. IFC can be used to enforce more general policies, using appropriate labeling and checking schemes. The labels can be used to manage both confidentiality and integrity concerns, tracking “secrecy†and “quality†of data, respectively. Decentralized Information Flow Control (DIFC) is an approach to security that allows application writers to control how data flow between the pieces of application and the outside world. As applied to privacy DIFC allows un trusted software to compute with private data while trusted security code controls the release of that data. As applied to integrity DIFC allows trusted code to protect un trusted software from unexpected inputs.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Enhanced security framework to ensure data security in cloud using security b...eSAT Journals
Abstract Data security and Access control is a challenging research work in Cloud Computing. Cloud service users upload there private and confidential data over the cloud. As the data is transferred among the server and client, the data is to be protected from unauthorized entries into the server, by authenticating the user’s and provide high secure priority to the data. So the Experts always recommend using different passwords for different logins. Any normal person cannot possibly follow that advice and memorize all their usernames and passwords. That is where password managers come in. The purpose of this paper is to secure data from unauthorized person using Security blanket algorithm.
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
Cloud computing is an emerging computing paradigm where computing resources are provided as services over Internet while residing in a large data center. Even though it enables us to dynamically provide servers with the ability to address a wide range of needs, this paradigm brings forth many new challenges for the data security and access control as users outsource their sensitive data to clouds, which are beyond the same trusted domain as data owners. The occupier need not be concerned with how the Paas system achieves expansion under high load.MAC systems differ as security policy is defined for the entire system, typically by administrators. Information flow control (IFC) is a MAC approach, developed originally from military information management methodologies. IFC can be used to enforce more general policies, using appropriate labeling and checking schemes. The labels can be used to manage both confidentiality and integrity concerns, tracking “secrecy†and “quality†of data, respectively. Decentralized Information Flow Control (DIFC) is an approach to security that allows application writers to control how data flow between the pieces of application and the outside world. As applied to privacy DIFC allows un trusted software to compute with private data while trusted security code controls the release of that data. As applied to integrity DIFC allows trusted code to protect un trusted software from unexpected inputs.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Enhanced security framework to ensure data security in cloud using security b...eSAT Journals
Abstract Data security and Access control is a challenging research work in Cloud Computing. Cloud service users upload there private and confidential data over the cloud. As the data is transferred among the server and client, the data is to be protected from unauthorized entries into the server, by authenticating the user’s and provide high secure priority to the data. So the Experts always recommend using different passwords for different logins. Any normal person cannot possibly follow that advice and memorize all their usernames and passwords. That is where password managers come in. The purpose of this paper is to secure data from unauthorized person using Security blanket algorithm.
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...IJCNCJournal
Cloud computing is utility-based computing provides many benefits to its clients but security is one aspect which is delaying its adoptions. Security challenges include data security, network security and infrastructure security. Data security can be achieved using Cryptography. If we include location information in the encryption and decryption process then we can bind access to data with the location so that data can be accessed only from the specified locations. In this paper, we propose a method based on the symmetric cryptography, location-based cryptography and ciphertext policy – Attribute-based encryption (CP-ABE) to implements secure access control to the outsourced data. The Symmetric key is used to encrypt that data whereas CP-ABE is used to encrypt the secret key and the location lock value before uploading on the server. User will download encrypted data and the symmetric secret key XORed with the Location Lock value, using his attributes based secret key he can obtain first XORed value of Symmetric secret key and location lock value. Using anti-spoof GPS Location lock value can be obtained which can be used to retrieve the symmetric secret key. We have adopted Massage Authentication Code (MAC) to ensure Integrity and Availability of the data. This protocol can be used in the Bank, government organization, military services or any other industry those are having their offices/work location at a fixed place, so data access can be bounded to that location.
Grid computing is concerned with the sharing and use of resources in dynamic distributed virtual
organizations. The dynamic nature of Grid environments introduces challenging security concerns that
demand new technical approaches. In this brief overview we review key Grid security issues and outline
the technologies that are being developed to address those issues. We focus on works done by Globus
Toolkits to provide security and also we will discuss about the cyber security in Grid.
Cloud has major security challenges which can be a nightmare for any organization or clients. This paper published in IEEE discusses the cloud implementation security challenges with greater details. It is really a good reference for cloud security and privacy researchers.
Cloud Security and Data Integrity with Client Accountability FrameworkIDES Editor
The Cloud based services provide much efficient
and seamless ways for data sharing across the cloud. The fact
that the data owners no longer possess data makes it very
difficult to assure data confidentiality and to enable secure
data sharing in the cloud. Despite of all its advantages this
will remain a major limitation that acts as a barrier to the
wider deployment of cloud based services. One of the possible
ways for ensuring trust in this aspect is the introduction of
accountability feature in the cloud computing scenario. The
Cloud framework requires promotion of distributed
accountability for such dynamic environment[1]. In some
works, there‘s an accountable framework suggested to ensure
distributed accountability for data sharing by the generation
of only a log of data access, but without any embedded feedback
mechanism for owner permission towards data
protection[2].The proposed system is an enhanced client
accountability framework which provides an additional client
side verification for each access towards enhanced security of
data. The integrity of content of data which resides in the
cloud service provider is also maintained by secured
outsourcing. Besides, the authentication of JAR(Java Archive)
files are done to ensure file protection and to maintain a safer
environment for data sharing. The analysis of various
functionalities of the framework depicts both the
accountability and security feature in an efficient manner.
In an organization specifically as virtual as cloud there is need for access control systems to constrain
users direct or backhanded action that could lead to breach of security. In cloud, apart from owner access
to confidential data the third party auditing and accounting is done which could stir up further data leaks.
To control such data leaks and integrity, in past several security policies based on role, identity and user
attributes were proposed and found ineffective since they depend on static policies which do not monitor
data access and its origin. Provenance on the other hand tracks data usage and its origin which proves the
authenticity of data. To employ provenance in a real time system like cloud, the service provider needs to
store metadata on the subject of data alteration which is universally called as the Provenance Information.
This paper presents a provenance-policy based access control model which is designed and integrated with
the system that not only makes data auditable but also incorporates accountability for data alteration
events.
Design and implementation of a privacy preserved off premises cloud storagesarfraznawaz
Despite several cost-effective and flexible characteristics of cloud computing, some clients are reluctant to adopt this paradigm due to emerging security and privacy concerns. Organization such as Healthcare and Payment Card Industry where confidentiality of information is a vital act, are not assertive to trust the security techniques and privacy policies offered by cloud service providers. Malicious attackers have violated the cloud storages to steal, view, manipulate and tamper client's data. Attacks on cloud storages are extremely challenging to detect and mitigate. In order to formulate privacy preserved cloud storage, in this research paper, we propose an improved technique that consists of five contributions such as Resilient role-based access control mechanism, Partial homomorphic cryptography, metadata generation and sound steganography, Efficient third-party auditing service, Data backup and recovery process. We implemented these components using Java Enterprise Edition with Glassfish Server. Finally we evaluated our proposed technique by penetration testing and the results showed that client’s data is intact and protected from malicious attackers.
INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...IJNSA Journal
Security has become paramount in modern software services as more and more security breaches emerge, impacting final users and organizations alike. Trends like the Microservice Architecture bring new security challenges related to communication, system design, development, and operation. The literature presents a plethora of security-related solutions for microservices-based systems, but the spread of information difficult practitioners' adoption of novel security related solutions. In this study, we aim to present a catalogue and discussion of security solutions based on algorithms, protocols, standards, or implementations; supporting principles or characteristics of information security, considering the three possible states of data, according to the McCumber Cube. Our research follows a Systematic Literature Review, synthesizing the results with a meta-aggregation process. We identified a total of 30 primary studies, yielding 75 security solutions for the communication of microservices.
Review of access control models for cloud computingcsandit
The relationship between users and resources is dynamic in the cloud, and service providers
and users are typically not in the same security domain. Identity-based security (e.g.,
discretionary or mandatory access control models) cannot be used in an open cloud computing
environment, where each resource node may not be familiar, or even do not know each other.
Users are normally identified by their attributes or characteristics and not by predefined
identities. There is often a need for a dynamic access control mechanism to achieve crossdomain
authentication. In this paper, we will focus on the following three broad categories of
access control models for cloud computing: (1) Role-based models; (2) Attribute-based
encryption models and (3) Multi-tenancy models. We will review the existing literature on each
of the above access control models and their variants (technical approaches, characteristics,
applicability, pros and cons), and identify future research directions for developing access
control models for cloud computing environments.
A Literature Review on Trust Management in Web Services Access Controlijwscjournal
Web Service is a reusable component which has set of related functionalities that service requesters can
programmatically access from the service provider and manipulate through the Web. One of the main
security issue is to secure web services from the malicious requesters. Since trust plays an important role in
many kinds of human communication, it allows people to work under insecurity and with the risk of
negative cost, many researchers have proposed different trust based web services access control model to
prevent malicious requesters. In this literature review, various existing trust based web services access
control model have been studied also investigated how the concept of a trust level is used in the access
control policy of a service provider to allow service requester to access the web services.
A Novel Information Accountability Framework for Cloud ComputingIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
Privacy - Preserving Reputation with Content Protecting Location Based Queriesiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...IJCNCJournal
Cloud computing is utility-based computing provides many benefits to its clients but security is one aspect which is delaying its adoptions. Security challenges include data security, network security and infrastructure security. Data security can be achieved using Cryptography. If we include location information in the encryption and decryption process then we can bind access to data with the location so that data can be accessed only from the specified locations. In this paper, we propose a method based on the symmetric cryptography, location-based cryptography and ciphertext policy – Attribute-based encryption (CP-ABE) to implements secure access control to the outsourced data. The Symmetric key is used to encrypt that data whereas CP-ABE is used to encrypt the secret key and the location lock value before uploading on the server. User will download encrypted data and the symmetric secret key XORed with the Location Lock value, using his attributes based secret key he can obtain first XORed value of Symmetric secret key and location lock value. Using anti-spoof GPS Location lock value can be obtained which can be used to retrieve the symmetric secret key. We have adopted Massage Authentication Code (MAC) to ensure Integrity and Availability of the data. This protocol can be used in the Bank, government organization, military services or any other industry those are having their offices/work location at a fixed place, so data access can be bounded to that location.
Grid computing is concerned with the sharing and use of resources in dynamic distributed virtual
organizations. The dynamic nature of Grid environments introduces challenging security concerns that
demand new technical approaches. In this brief overview we review key Grid security issues and outline
the technologies that are being developed to address those issues. We focus on works done by Globus
Toolkits to provide security and also we will discuss about the cyber security in Grid.
Cloud has major security challenges which can be a nightmare for any organization or clients. This paper published in IEEE discusses the cloud implementation security challenges with greater details. It is really a good reference for cloud security and privacy researchers.
Cloud Security and Data Integrity with Client Accountability FrameworkIDES Editor
The Cloud based services provide much efficient
and seamless ways for data sharing across the cloud. The fact
that the data owners no longer possess data makes it very
difficult to assure data confidentiality and to enable secure
data sharing in the cloud. Despite of all its advantages this
will remain a major limitation that acts as a barrier to the
wider deployment of cloud based services. One of the possible
ways for ensuring trust in this aspect is the introduction of
accountability feature in the cloud computing scenario. The
Cloud framework requires promotion of distributed
accountability for such dynamic environment[1]. In some
works, there‘s an accountable framework suggested to ensure
distributed accountability for data sharing by the generation
of only a log of data access, but without any embedded feedback
mechanism for owner permission towards data
protection[2].The proposed system is an enhanced client
accountability framework which provides an additional client
side verification for each access towards enhanced security of
data. The integrity of content of data which resides in the
cloud service provider is also maintained by secured
outsourcing. Besides, the authentication of JAR(Java Archive)
files are done to ensure file protection and to maintain a safer
environment for data sharing. The analysis of various
functionalities of the framework depicts both the
accountability and security feature in an efficient manner.
In an organization specifically as virtual as cloud there is need for access control systems to constrain
users direct or backhanded action that could lead to breach of security. In cloud, apart from owner access
to confidential data the third party auditing and accounting is done which could stir up further data leaks.
To control such data leaks and integrity, in past several security policies based on role, identity and user
attributes were proposed and found ineffective since they depend on static policies which do not monitor
data access and its origin. Provenance on the other hand tracks data usage and its origin which proves the
authenticity of data. To employ provenance in a real time system like cloud, the service provider needs to
store metadata on the subject of data alteration which is universally called as the Provenance Information.
This paper presents a provenance-policy based access control model which is designed and integrated with
the system that not only makes data auditable but also incorporates accountability for data alteration
events.
Design and implementation of a privacy preserved off premises cloud storagesarfraznawaz
Despite several cost-effective and flexible characteristics of cloud computing, some clients are reluctant to adopt this paradigm due to emerging security and privacy concerns. Organization such as Healthcare and Payment Card Industry where confidentiality of information is a vital act, are not assertive to trust the security techniques and privacy policies offered by cloud service providers. Malicious attackers have violated the cloud storages to steal, view, manipulate and tamper client's data. Attacks on cloud storages are extremely challenging to detect and mitigate. In order to formulate privacy preserved cloud storage, in this research paper, we propose an improved technique that consists of five contributions such as Resilient role-based access control mechanism, Partial homomorphic cryptography, metadata generation and sound steganography, Efficient third-party auditing service, Data backup and recovery process. We implemented these components using Java Enterprise Edition with Glassfish Server. Finally we evaluated our proposed technique by penetration testing and the results showed that client’s data is intact and protected from malicious attackers.
INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...IJNSA Journal
Security has become paramount in modern software services as more and more security breaches emerge, impacting final users and organizations alike. Trends like the Microservice Architecture bring new security challenges related to communication, system design, development, and operation. The literature presents a plethora of security-related solutions for microservices-based systems, but the spread of information difficult practitioners' adoption of novel security related solutions. In this study, we aim to present a catalogue and discussion of security solutions based on algorithms, protocols, standards, or implementations; supporting principles or characteristics of information security, considering the three possible states of data, according to the McCumber Cube. Our research follows a Systematic Literature Review, synthesizing the results with a meta-aggregation process. We identified a total of 30 primary studies, yielding 75 security solutions for the communication of microservices.
Review of access control models for cloud computingcsandit
The relationship between users and resources is dynamic in the cloud, and service providers
and users are typically not in the same security domain. Identity-based security (e.g.,
discretionary or mandatory access control models) cannot be used in an open cloud computing
environment, where each resource node may not be familiar, or even do not know each other.
Users are normally identified by their attributes or characteristics and not by predefined
identities. There is often a need for a dynamic access control mechanism to achieve crossdomain
authentication. In this paper, we will focus on the following three broad categories of
access control models for cloud computing: (1) Role-based models; (2) Attribute-based
encryption models and (3) Multi-tenancy models. We will review the existing literature on each
of the above access control models and their variants (technical approaches, characteristics,
applicability, pros and cons), and identify future research directions for developing access
control models for cloud computing environments.
A Literature Review on Trust Management in Web Services Access Controlijwscjournal
Web Service is a reusable component which has set of related functionalities that service requesters can
programmatically access from the service provider and manipulate through the Web. One of the main
security issue is to secure web services from the malicious requesters. Since trust plays an important role in
many kinds of human communication, it allows people to work under insecurity and with the risk of
negative cost, many researchers have proposed different trust based web services access control model to
prevent malicious requesters. In this literature review, various existing trust based web services access
control model have been studied also investigated how the concept of a trust level is used in the access
control policy of a service provider to allow service requester to access the web services.
A Novel Information Accountability Framework for Cloud ComputingIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
Privacy - Preserving Reputation with Content Protecting Location Based Queriesiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Refereed Journal of Engineering and Science (IRJES)irjes
The core of the vision IRJES is to disseminate new knowledge and technology for the benefit of all, ranging from academic research and professional communities to industry professionals in a range of topics in computer science and engineering. It also provides a place for high-caliber researchers, practitioners and PhD students to present ongoing research and development in these areas.
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...Editor IJCATR
Cloud Computing is going to be very popular technology in IT enterprises. For any enterprise the data stored is very huge
and invaluable. Since all tasks are performed through network it has become vital to have the secured use of legitimate data. In cloud
computing the most important matter of concern are data security and privacy along with flexibility, scalability and fine grained access
control of data being the other requirements to be maintained by cloud systems Access control is one of the prominent research topics
and hence various schemes have been proposed and implemented. But most of them do not provide flexibility, scalability and fine
grained access control of the data on the cloud. In order to address the issues of flexibility, scalability and fine grained access control
of remotely stored data on cloud we have proposed the hierarchical attribute set-based encryption (HASBE) which is the extension of
attribute- set-based encryption(ASBE) with a hierarchical structure of users. The proposed scheme achieves scalability by handling the
authority to appropriate entity in the hierarchical structure, inherits flexibility by allowing easy transfer and access to the data in case
of location switch. It provides fine grained access control of data by showing only the requested and authorized details to the user thus
improving the performance of the system. In addition, it provides efficient user revocation within expiration time, request to view
extra-attributes and privacy in the intra-level hierarchy is achieved. Thus the scheme is implemented to show that is efficient in access
control of data as well as security of data stored on cloud with comprehensive experiments
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...IJNSA Journal
Cloud computing refers to a type of networked computing whereby an application can be run on connected
servers instead of local servers. Cloud can be used to store data, share resources and also to provide
services. Technically, there is very little difference between public and private cloud architecture. However,
the security and privacy of the data is a very big issue when sensitive data is being entrusted to third party
cloud service providers. Thus encryption with a fine grained access control is inevitable to enforce security
in clouds. Several techniques implementing attribute based encryption for fine grained access control have
been proposed. Under such approaches, the key management overhead is a little bit high in terms of
computational complexity. Also, secret sharing mechanisms have added complexity. Moreover, they lack
mechanisms to handle existence of traitors. Our proposed approach addresses these requirements and
reduces the overhead of the key management as well as secret sharing by using efficient algorithms and
protocols. Also, a traitor tracing technique is introduced into the cloud computing two layer encryption
environment.
Excellent Manner of Using Secure way of data storage in cloud computingEditor IJMTER
The major challenging issue in Cloud computing is Security. Providing Security is big issue
towards protecting data from third person as well as in Internet. This mainly deals the Security how it is
provided. Various type of services are there to protect our data and Various Services are available in Cloud
Computing to Utilize effective manner as Software as a Service (SaaS), Platform as a Service (PaaS),
Hardware as a Service (HaaS). Cloud computing is the use of computing resources (hardware and
software) that are delivered as a service over Internet network. Cloud Computing moves the Application
software and databases to the large data centres, where the administration of the data and services may not
be fully trustworthy that is in third party here the party has to get certified and authorized. Since Cloud
Computing share distributed resources via network in the open environment thus it makes new security
risks towards the correctness of the data in cloud. I propose in this paper flexibility of data storage
mechanism in the distributed environment by using the homomorphism token generation. In the proposed
system, users need to allow auditing the cloud storage with lightweight communication. While using
Encryption and Decryption methods it is very burden for a single processor. Than the processing
Capabilities can we utilize from Cloud Computing.
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...IJNSA Journal
Cloud computing refers to a type of networked computing whereby an application can be run on connected servers instead of local servers. Cloud can be used to store data, share resources and also to provide services. Technically, there is very little difference between public and private cloud architecture. However, the security and privacy of the data is a very big issue when sensitive data is being entrusted to third party cloud service providers. Thus encryption with a fine grained access control is inevitable to enforce security in clouds. Several techniques implementing attribute based encryption for fine grained access control have been proposed. Under such approaches, the key management overhead is a little bit high in terms of computational complexity. Also, secret sharing mechanisms have added complexity. Moreover, they lack mechanisms to handle existence of traitors. Our proposed approach addresses these requirements and reduces the overhead of the key management as well as secret sharing by using efficient algorithms and protocols. Also, a traitor tracing technique is introduced into the cloud computing two layer encryption environment.
A SECURITY FRAMEWORK FOR SOA APPLICATIONS IN MOBILE ENVIRONMENTIJNSA Journal
A Rapid evolution of mobile technologies has led to the development of more sophisticated mobile devices with better storage, processing and transmission power. These factors enable support to many types of application but also give rise to a necessity to find a model of service development. Actually, SOA (Service Oriented Architecture) is a good option to support application development. This paper presents a framework that allows the development of SOA based application in mobile environment. The objective of the framework is to give developers with tools for provision of services in this environment with the necessary security characteristics.
Adaptive Delegation Authority Enhancement to Hasbe for Efficient Access Contr...ijsrd.com
Cloud computing have high demand due to waste and huge data usage of clients. The privacy and security become major concern on the outsourced cloud data storage. The attribute based encryption schemes are used recently for access control of outsourced cloud data. It has highly inflexible in implementing complex access control policies. The existing work presented Hierarchical attribute set based Encryption (HASBE) that extended cipher-text policy attribute set based encryption (ASBE) with hierarchical structure of users. It used achieve scalability, inherits flexibility, fine grained access control, and employs multiple value assignments for access expiration time, and deal with user revocation efficiently. The performance analysis is made to evaluate the computational complexity of access control for outsourced data in cloud computing. However varying of cloud service provider complicates the hierarchical access control policies. The proposal presented an Adaptive Delegation Authority model enhancement to HASBE. It is used to minimize the complexity of access control policies in changing cloud service provider. The delegation authority coordinates the data owners and consumer for easy and quick data access control. It intimates the data owners and consumers about the authority delegation. The delegation authority sends encryption standards to be followed thereafter. The simulation is carried with Cloud simulator using java to testify in the effectiveness of Adaptive Delegation Authority enhancement to HASBE.
International Journal on Web Service Computing (IJWSC)ijwscjournal
Web Service is a reusable component which has set of related functionalities that service requesters can
programmatically access from the service provider and manipulate through the Web. One of the main
security issue is to secure web services from the malicious requesters. Since trust plays an important role in
many kinds of human communication, it allows people to work under insecurity and with the risk of
negative cost, many researchers have proposed different trust based web services access control model to
prevent malicious requesters. In this literature review, various existing trust based web services access
control model have been studied also investigated how the concept of a trust level is used in the access
control policy of a service provider to allow service requester to access the web services
A Literature Review on Trust Management in Web Services Access Controlijwscjournal
Web Service is a reusable component which has set of related functionalities that service requesters can programmatically access from the service provider and manipulate through the Web. One of the main security issue is to secure web services from the malicious requesters. Since trust plays an important role in many kinds of human communication, it allows people to work under insecurity and with the risk of negative cost, many researchers have proposed different trust based web services access control model to prevent malicious requesters. In this literature review, various existing trust based web services access control model have been studied also investigated how the concept of a trust level is used in the access control policy of a service provider to allow service requester to access the web services.
Secure and efficient handover authentication and detection of spoofing attackeSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
A Survey on Authorization Systems for Web Applicationsiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Trust Assessment Policy Manager in Cloud Computing – Cloud Service Provider’s...idescitation
Cloud computing is a model for enabling convenient, on-demand network access
to a shared pool of configurable computing resources. Reliability in compute cloud is an
important aspect in Quality of Service which needs to be addressed in order to foster the
adoption of compute cloud. In today’s integrated environment the distributed systems is
employed to carry out computational intensive task at a faster rate without much
investment. The Cloud is a multitenant architecture which allows faster computation with
high scalability at a lower cost thereby the users can share the same physical infrastructure.
Individual customers deploy their applications in such environment will occupy the virtual
partitions on the platform. This paper describes a straightforward procedure to analyze the
reliability of the application from the view point of the resource provider. A trust
component is implemented to provide preventive control and to mitigate the occurrence of
any non-permissible action by using the detective mechanism. Such mechanisms are used to
identify the privacy risk and it further prevents from utilization. Hence, in this paper trust
assessment is performed before the user is allowed to share the multitenant infrastructure.
The cloud can provide scalable and reliable service for the legitimate users. The proposed
work is tested using tools Aneka and Globus Toolkit.
Enhanced Data Partitioning Technique for Improving Cloud Data Storage SecurityEditor IJMTER
Cloud computing is a model for enabling for on demand network access to shared
configurable computing resources (e.g. networks, servers, storage, applications, and services).It is
based on virtualization and distributed computing technologies. Cloud Data storage systems enable
user to store data efficiently on server without any trouble of data resources. User can easily store
and retrieve their data remotely. The two biggest concerns about cloud data storage are reliability and
security. Clients aren’t like to entrust their data to another third party or companies without a
guarantee that they will be able to access therein formations whenever they want. In the existing
system, the data are stored in the cloud using dynamic data operation with computation which makes
the user need to make a copy for further updating and verification of the data loss. Different
distributed storing auditing techniques are used for overcoming the problem of data loss. Recent
work of this paper has show that data partitioning technique used for data storage by providing
Digital signature to every partitioning data and user .this technique allow user to upload or retrieve
the data with matching the digital signatures provided to them. This method ensures high cloud
storage integrity, enhanced error localization and easy identification of misbehaving server and
unauthorized access to the cloud server. Hence this work aims to store the data securely in reduced
space with less time and computational cost.
International Journal of Computational Engineering Research(IJCER) ijceronline
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...ijcseit
Millions of people all over the world are now connected to the Internet for doing business. Therefore, the demand for Internet and web-based services continues to grow. So, need to install required infrastructure to balance the computing. In spite the success of new infrastructure, it is susceptible to several critical
malfunctions. Therefore, to guarantee the secure operations on Network and Data, several solutions need to be developed. The researchers are working in this direction to have the better solution for security. In distributed environment, at the time of management of resources both computing and networking,
resource allocation and resource utilization, etc, the security is most crucial problem. In this paper, an extensive review has been made on the different security aspect, different types of attack and techniques to sustain and block the attack in the distributed environment.
ANALYSIS OF SECURITY ASPECTS FOR DYNAMIC RESOURCE MANAGEMENT IN DISTRIBUTED S...ijcseit
Millions of people all over the world are now connected to the Internet for doing business. Therefore, the
demand for Internet and web-based services continues to grow. So, need to install required infrastructure
to balance the computing. In spite the success of new infrastructure, it is susceptible to several critical
malfunctions. Therefore, to guarantee the secure operations on Network and Data, several solutions need
to be developed. The researchers are working in this direction to have the better solution for security.
In distributed environment, at the time of management of resources both computing and networking,
resource allocation and resource utilization, etc, the security is most crucial problem. In this paper, an
extensive review has been made on the different security aspect, different types of attack and techniques to
sustain and block the attack in the distributed environment.
A Survey on Different Techniques Used in Decentralized Cloud ComputingEditor IJCATR
This paper proposes various methods for anonymous authentication for data stored in cloud. Cloud verifies the authenticity
of the series without knowing the user’s identity before storing data. This paper also has the added feature of access control in which
only valid users are able to decrypt the stored information. These schemes also prevents replay attacks and supports creation,
modification, and reading data stored in the cloud. Moreover, our authentication and access control scheme is decentralized and robust,
unlike other access control schemes designed for clouds which are centralized. The communication, computation, and storage
overheads are comparable to centralized approaches .The aim of this paper is to cover many security issues arises in cloud computing
and different schemes to prevent security risks in cloud. Storage-as-a-service (Saas) offered by cloud service providers (CSPs) is a paid
facility that enables organizations to outsource their sensitive data to be stored on remote servers. In this paper, we propose a cloudbased
storage schemes that allows the data owner to benefit from the facilities offered by the CSP and enables indirect mutual trust
between them. This Paper provides different authentication techniques and algorithms for cloud security.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Securing your Kubernetes cluster_ a step-by-step guide to success !
Gw3312111217
1. Nilambari Joshi, Paras Patel, Dr. B.B. Meshram / International Journal of Engineering
Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 3, May-Jun 2013, pp.1211-1217
1211 | P a g e
Survey of Security in Service Oriented Architecture
Nilambari Joshi*, Paras Patel**, Dr. B.B. Meshram***
*(Department of Computer Engineering and Information Technology, Veermata Jijabai Technological Institute,
Matunga, Mumbai - 400019)
**(Department of Computer Engineering and Information Technology, Veermata Jijabai Technological
Institute, Matunga, Mumbai - 400019)
*** (Head of Department, Department of Computer Engineering and Information Technology, Veermata Jijabai
Technological Institute, Matunga, Mumbai – 400019)
ABSTRACT
Service Oriented Architecture (SOA) is
a driving force behind all present and evolving
techniques of data exchange and resource
sharing over the network. This helps in adapting
to the changing market needs efficiently and
effectively. Inherent characteristics of SOA
framework have nurtured agility and flexibility
in distributed computing environment but also
have posed high security challenges. This is
especially because of the anonymity of the end
user of a service and data exchange over
unsecured network. This paper discusses risks
posed by SOA related to important aspects of
security Authentication, Authorization,
Confidentiality, Data Integrity and Non-
repudiation. It also presents mechanisms which
are being used by service providers to deal with
these security concerns.
Keywords – Kerberos, Public Key Cryptography,
Public Key Infrastructure (PKI), Security, Service
Oriented Architecture (SOA),
I. INTRODUCTION
1.1 Service Oriented Architecture
Service-oriented architecture (SOA) is
now a days well established framework that
addresses the requirements of distributed
computing by loosely coupled, standards-based,
and protocol independent communication among
involved software resources. In SOA, software
resources are packaged as “services”, which are
well defined, self-contained modules that provide
standard business functionality and are independent
of the state or context of other services. Services
are described in a standard definition language,
have a published interface, and communicate with
each other requesting execution of their operations
in order to collectively support a common business
task or process [2].
Service Oriented Architecture is a
methodology for achieving application
interoperability and reuse of IT assets that feature a
strong architectural focus on ideal level of
abstraction, a deployment infrastructure and
reusable library of services. (W3C definition) [9]. It
also incorporates support for organizing and
utilizing resources that are under control of
different administrations.
It is need of time for enterprises to quickly
respond to business changes with efficiency and
leverage existing investments in applications and
application infrastructure to address newer business
requirements. The solution proposed and actively
being used to cater these requirements is Service
Oriented Architecture, which allows enterprises to
plug in new services or upgrade existing services in
a granular fashion to address the new business
requirements. It provides the option to make the
services consumable across different channels, and
exposes the existing enterprise and legacy
applications as services, which is basic building
block of Service Oriented Architecture.
1.2 SOA Characteristics
Service Oriented Architecture emphasize on
reusability of existing resources by means of
following characteristics
1. Discoverable - A service consumer that needs
a service discovers what service to use based
on a set of criteria at runtime. The service
consumer asks a registry for a service that
fulfils its need.
2. Loosely coupled – SOA binding minimizes
dependencies between services and thus
achieves loose coupling through discovery and
contract.
3. Autonomous – The service controls the
business logic they encapsulate. The service
only exposes interface of underlying
functionality and can change implementation
without any change required at consumer’s
side.
4. Stateless - Statelessness refers to services that
do not keep track of transaction or session
information.
5. Composable - Service composition is
assembling service capabilities that consist of
smaller units of logic to solve larger problems.
It facilitates the assembly of composite
services.
6. Interoperable - The ability of systems using
different platforms and languages to
communicate with each other. Each service
2. Nilambari Joshi, Paras Patel, Dr. B.B. Meshram / International Journal of Engineering
Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 3, May-Jun 2013, pp.1211-1217
1212 | P a g e
provides an interface that can be invoked from a
client which can run on any operating system
and can be implemented in any language. The
only requirement is it should abide to the data
format and protocol as suggested in the service
interface.
II. SOA SECURITY CHALLENGES
Characteristics and design principles of SOA make
systems more susceptible to security threats
because of the following reasons.
1. Service interface is exposed publicly to whole
world. The owner has least control over who
can consume the service.
2. Data is exposed to wide range of users. Data
protection during transit and in storage is
important to ensure data integrity and privacy.
3. Data travels through heterogeneous
environments, having different policies,
technologies, network protocols etc. therefore
it is difficult to integrate and synergize
different security measures deployed.
4. Connectivity in SOA is not point to point. It is
hop by hop. This limits use of SSL for data
protection while on network.
5. This system is still vulnerable to a replay
attack which simply replays a valid signed
message, and gains unauthorized access.
2.1 Framework Induced Security Concerns
Following generic security concerns are applicable
to SOA, but with a bigger impact due to SOA
characteristics.
1. Authentication - Since services are exposed
publicly, it is difficult to know beforehand who
the users of the service are. The services
invoked might be across different
organizational domain. It is required to have
common trusted authentication mechanism
across services to ensure identity of the ultimate
user using them.
2. Authorization - It is important to verify
capability and rights of user to take an action or
get some information. Traditional approach of
role based authorization might not be sufficient
in SOA, since same user can invoke the service
in different context with different capabilities.
Also there should be way to communicate user
capability information across services, which
are integrated as a part composite service.
3. Confidentiality - Since data is shared across
different services and across different domains,
there are high chances of data being exposed to
unintended recipients unless strict measures to
protect data are imposed.
4. Integrity - There is high possibility of data
being tampered during transit over the network.
There might be different mechanisms of data
protection deployed for different services,
which are part of same transaction. There
should be mechanism to communicate and
agree upon security measures to be incorporated
across services to ensure data integrity.
5. Non-repudiation – Whenever data is shared
across services, there should be way to ensure
that it is from authenticated source.
2.2 Technology related Security Concerns
SOA security is also affected by certain
technological aspects .XML being the most widely
used mechanism for service invocation and
message transfer, XML related security issues need
to be handled. Following security concerns are
frequently observed in SOA paradigm.
1. SQL Injection - SQL Injection attacks involve
the insertion of SQL fragments into XML data
to return inappropriate data, or to produce an
error which reveals database access
information.
2. XML External Entry – Document Type
Definition (DTD) functionality that is available
in XML is used to define syntax of document
elements. It also allows outside data to be
embedded into an XML document. By
specifying a local file, some XML engines
could be made to access unauthorized
information from the local file system.
3. XML Denial of Service – This attack takes
advantage of, the ability to pull in entities
which are defined in a DTD. Pulling the entities
recursively causes memory to exhaust and thus
deny service to further requests.
4. Capture Relay Attacks – A service in SOA is
protected by a policy which ensures that service
requests are digitally signed. This system is still
vulnerable to a replay attack which simply
replays a valid signed message, thus gaining
unauthorized access.
III. SOA SECURITY MECHANISMS
Security measures are designed and
applied to address different security aspects as
mentioned in section 2.1. Most widely used and
comprehensive mechanisms to deal with SOA
security can be considered as Public Key
Infrastructure (PKI) and Kerberos.
3.1 Public Key Infrastructure (PKI) provides the
framework of services, technology, protocols, and
standards that enable you to deploy and manage a
strong and scalable information security system [6].
It is based on public key cryptography for
encryption. The PKI creates digital certificates
which map public keys to entities, securely stores
these certificates in a central repository, and
revokes them if needed.
The most popular uses X.509 identity
certificates. In this PKI, a highly trusted CA issues
X.509-based certificates where a unique identity
3. Nilambari Joshi, Paras Patel, Dr. B.B. Meshram / International Journal of Engineering
Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 3, May-Jun 2013, pp.1211-1217
1213 | P a g e
name and the public key of an entity are bound
through the digital signature of that CA [1].
Fig.1 PKI Workflow
3.1.1 PKI Workflow [1] [6] [9]
As shown in Fig.1 the main steps involved in PKI
workflow are as below -
Step 1 – The user provides credentials to the
Certification Authority (CA) and Requests for the
certificate.
Step 2 – CA contacts Registration Authority (RA)
to validate the user credentials. If user is authentic,
RA gives go ahead to CA to issue certificate.
Step 3 – CA issues certificate which includes user’s
public key and certificate expiration date.
Step 4 – User Presents the Certificate to service
provider while requesting a service
Step 5 – Service Provider verifies the certificate
and if certificate is valid, the communication starts
3.1.2 Security Considerations addressed by PKI.
PKI addresses most of the security challenges
posed by SOA framework.
1. Authentication – Certification Authority (CA)
acts as a trusted third party to ensure
authenticity of service requester. Both the
entities involved in data exchange trust CA as
intermediary. Thus without exchanging
credentials directly with the service provider,
service requester can be authenticated.
2. Confidentiality – Each entity involved in Data
exchange maintains a pair of Public and private
key pair. Whenever data is sent over the
network, it is encrypted using public key of the
receiver. At the receiver end, it is decrypted
using receiver’s private key. Any unintended
person cannot decrypt the message without
knowing actual receiver’s private key.
3. Integrity – Data integrity can be achieved by
two ways. Either by using Digital signature or
by using Message Authentication Code (MAC).
Any data tampering results in non-verification
of the digital signature.
4. Non-Repudiation – The entity's signing private
key is used to bind the entity to a particular
piece of data this can be used as non-repudiable
evidence to prove to a third party that this entity
did originate this data.
3.1.3 PKI Limitations –
1. PKI doesn’t deal with Authorization of user to
perform a particular action or invoke a service.
2. PKI is a resource consuming technique in terms
of CPU and Memory so it cannot be easily
integrated with low power web enabled devices
mobile phones.
3. It can be tedious process to obtain X.509
certificates from a trusted CA, especially if a
local RA does not exist.
4. Each site involved trusts its users, CAs, and
other sites. If the trust between any of these is
broken, then the impact can potentially be
severe.
3.2 Kerberos - Kerberos is an authentication
protocol which works on the basis of "tickets" or
session keys to allow nodes communicating over a
non-secure network to prove their identity to one
another in a secure manner. Kerberos uses
symmetric key cryptography. Cross-realm
authentication is a useful and component of
Kerberos aimed at enabling secure access to
services across organizational boundaries.
3.2.1 Kerberos Protocol Workflow [1] [4] [5] –
As shown in Fig.2 the main steps involved in
Kerberos workflow are as below
Fig.2 Kerberos Workflow
1. User sends credentials to Authentication
Service, and requests for Ticket Granting Ticket
(Session key to be used with ticket granting
service encrypted with TGS secrete key).
2. AS verifies user with reference to the data
maintained at its end. After verification, it
generates encryption key, and a timestamp
(same as that in the user session) and expiration
time usually 8 hrs. AS sends session key to be
used between user and TGS encrypted with
user’s secrete key and TGT encrypted with
TGS secrete key and sends it to the user.
{{Ttgs,Ksession}Ktgs,Ksession}Kuser
3. User sends this TGT and service ID to Ticket
Granting Service.
4. Nilambari Joshi, Paras Patel, Dr. B.B. Meshram / International Journal of Engineering
Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 3, May-Jun 2013, pp.1211-1217
1214 | P a g e
). {TGT,{request,client-IP,time}Ksession} (where
TGT = {Ttgs,Ksession}Ktgs)
4. TGS decrypts TGT and recovers session key to
be used with the client for future
communication.
5. TGS generates session key (Client-Service
Key) to be used by client for further
communication with the service. It encrypts it
with Service’ secrete key and sends back to the
client. {{Tservice,Kservice-
session}Kservice,Kservice-session}Ksession
6. Client sends the encrypted Service ticket
(obtained from TGS) to the service and requests
an operation.
({Tservice,Kservice-session}Kservice
7. Service decrypts the ticket and obtains session
key. This key is further used for communication
with the client till its timestamp expires
3.2.3 Security Considerations addressed by
Kerberos
1. Authentication – In Kerberos client
authentication is done initially by authentication
service. During first communication of client
with TGS and application service, both these
entities decrypt the ticket (TGT and service
ticket respectively) with their secrete key with
AS. Successful decryption ensure
authentication of the client.
2. Confidentiality – Data can be exchanged
confidentially by using secrete key encryption.
The secrete keys are generated for every client
–server session and are time bound.
3. Integrity – Kerberos enforce session based keys
for client-server communication which are time
bound. So if any user intercepts the message
while in transit, and try to decrypt it to get
session key, it is almost impossible to use that
key and send a forged message to the server
within session key expiration duration.
3.2.4 Kerberos Limitations –
1. Existing services need modifications to
handle Kerberos protocol.
2. Key Distribution center can be a single point
of failure. If it is affected, the entire Kerberos
system is at risk.
3. Kerberos cannot be used when interacting
with a non-kerberosed system.
3.3 Authorization Mechanisms
Service Oriented architecture facilitates services
being shared across different administrative
domains. Services sharing necessitates
authorization mechanisms which determine who is
authorized to access these resources and in which
ways, and who is not authorized. Authorization is
usually under the control of the service provider. A
generic authorization framework, as shown in Fig.3
defined by the ISO Access Control Framework
X.812 standard for cross domain service
invocation.
Fig. 3 Generic Authorization Framework
Two key components to support authorized access
to the target are -
Policy Enforcement Point (PEP) - The
PEP ensures that all requests to access the
target service go through the PDP.
Policy Decision Point (PDP) - PDP makes
the authorization decision based on a set
of rules or policies. In SOA paradigm
policy languages are xml based.
By default unless a PDP explicitly determines a
request to be valid and access should be granted, it
is set to deny access.
Some of the commonly used authorization
techniques are mentioned below -
1. Community Authorization Service (CAS) - The
main idea of CAS is that a resource owner
delegates the allocation of authorization rights
to a community administrator and lets the
community administrator determine who can
use this allocation. The main component used in
CAS server, which decides whether a user has
sufficient privileges and give the user the rights
to perform the requested actions depending on
their role in the community, which is
established through Role Based Access Control
(RBAC).
2. PrivilEge and Role Management Infrastructure
Standard (PERMIS) - It is an advanced
authorization infrastructure based on the X.509
Privilege Management Infrastructure (PMI). In
PMI, an authority issues X.509 attribute
certificates (ACs) to users and an AC is used as
a credential to store a binding between a user’s
distinguished name and the user’s privileges. In
PERMIS access control decisions are made
based upon users’ attributes, not just upon their
organizational roles as in conventional Role
Based Access Systems.
3.4 Trust Management Systems
In a large distributed environment communication
over internet, creating a single local database of all
5. Nilambari Joshi, Paras Patel, Dr. B.B. Meshram / International Journal of Engineering
Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 3, May-Jun 2013, pp.1211-1217
1215 | P a g e
potential requesters to a service is not a wise
solution. Furthermore a potential user can not
always be predictable and domain administrator
might not have proper information about the user.
In addition to that authorization cannot be purely
based on, since security in modern distributed
systems utilizes more sophisticated features like
delegation, separation of duties etc. These
problems can be addressed by the use of trust
management systems.
Trust management automates the process of
determining whether access should be allowed, on
the basis of policy, rights, and authorization
semantics.
3.6Data Confidentiality and Integrity Measures
Data protection is an important aspect of SOA
security paradigm.
SOA message transfer is from service to service
(rather than source to destination) it is significant to
provide data protection to incremental message
content.
XML being a language of message exchange in
SOA, traditional data protection mechanisms like
encryption and digital signature are extended to
work with XML data.
Protection is at individual data item level rather
than at message level or document level
3.6.1 XML Encryption
With XML encryption one cam encrypt part of
document or complete. We can encrypt one or all
of the following portions of an XML document:
1. The entire XML document
2. An element and all its sub-elements
3. The content portion of an XML document
4. A reference to a resource outside of an
XML document
The steps involved in XML encryption are as
follows:
1. Select the XML to be encrypted (all or
part of an XML document).
2. Convert the data to be encrypted in a
canonical form (optional).
3. Encrypt the result using public key
encryption.
4. Send the encrypted XML document to the
intended recipient.
3.6.2 XML Digital Signature
Usually digital signature is calculated over
the complete message. It cannot be calculated on
part of a message. This is because message digest
which is used in digital signature is calculated on
whole message. But in practice users may want to
sign only specific portions of a message. For
example, in a purchase order, the purchase manager
may want to authorize only the quantity portion,
whereas the accounting officer may want to
authorize only the rate portion, this is mainly
because they are responsible to share, update or
decide upon different information.
In such cases XML digital signatures can be used.
This technology treats a message or a document as
consisting of many elements, and facilitates for the
signing of one or more such elements.
3.7Security design principles
While designing an application which is SOA
based, more attention should be given to make it
secured since it can be consumed by entities not in
same administrative domain as that of the service
provider. To ensure information security in SOA
based application certain key aspects need to be
considered as below. [12]
There should be generic service contract to
expose service interface so that it can be
consumed and followed by different service
consumers irrespective of administrative
domain.
Security mechanisms should be policy based
and platform independent so that they can be
easily implemented.
There is always tradeoff between loosely
coupling and security of a service. The extent of
loose coupling should be optimized so that it
will allow only necessary and sufficient
metadata in the service contract and at the same
time provide enough security.
Define and clarify information security
requirements which can be reused for different
contexts.
Build a trust component.
IV. PROPOSED SOLUTION
Fig. 4 Proposed System
Taking into consideration different aspects
of security with reference to SOA as discussed in
the earlier sections, the system proposed as shown
in Fig.4 is a comprehensive approach for secured
service oriented framework. To ensure complete
security in the system, it is required to deploy all
elements of security viz. Authentication,
Authorisation, Confidentiality, Integrity and Non-
Repudiation. Also it is required to ensure seamless
talk between different administrative domains.
6. Nilambari Joshi, Paras Patel, Dr. B.B. Meshram / International Journal of Engineering
Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 3, May-Jun 2013, pp.1211-1217
1216 | P a g e
Main Components of the system are as below –
1. Service Requester-It is a client who wants to
call a service. In most cases it is client side
web browser.
2. Perimeter Service Router – The perimeter
service router provides an external interface on
the perimeter network for internal Web
services. It accepts messages from external
applications and routes them to the appropriate
Web service on the private network. Thus
acting as an intermediary for the internal web
services it can monitor traffic and allows only
legitimate traffic to enter into the private
network and use its resources.
3. Web Application Server – Web Application
Server host services under one organisation
domain. The service can be a simple service or
it can be collection of different services
interacting with each other through service
orchestration. Web Application server takes
care of clubbing, interaction and integration of
different web services within and across the
organisations.
4. Web Server – Web server hosts simple
services within one organisation boundary.
5. Policy Server – Policy Server takes care of
policy enforcement, decision making,
authorisation decisions etc. It consists of
Policy Enforcement Point, Policy Decision
Point. It interacts with trusted third party for
certificate verification and validation
6. Trusted Third Party – It is third Party entity
trusted by different administrative domains
who are participating in some service
invocation. It verifies, validates service
providers and issues certificates.
Security Mechanisms
1. Different Security mechanisms can be
implemented at different levels of
communication.
2. Data Confidentiality and Integrity needs to be
ensured over the network during service
invocation and response. XML DigSign,
XMLEncryption techniques can be used to
achieve this. This will ensure message level
security.
3. While invoking services authenticity and
authorisation of client is important. This is to
ensure information access to legitimate user
only. PKI and Kerberos can be deployed to
ensure the same. This involves trusted third
party to issue and then to verify certificates.
4. It also ensures seamless integration of services
across different organisational domains.
5. Authorisation policies, parameters should be
communicated correctly and securely also
appropriate decision needs to be
communicated. XML based communication
with (Security Assertion Markup Language)
SAML and (eXtensible Access Control
Markup Language ) XACML can be used to
achieve this.
V. CONCLUSION AND FUTURE SCOPE
Following points need to be considered while
designing security framework for service oriented
architecture
1. Increasing demand of resource sharing
across organizations.
2. Data exposure to wide range of known,
unknown users.
3. Least control over services due to cross
domain interactions.
Thumb rules to be observed are
1. Create Security awareness among all
stakeholders at all levels.
2. Prepare, Monitor and Enforce Security
Policies.
3. Security should be considered at different
levels of application development, right
from requirement analysis till deployment,
with a vision of prospective threats.
Security can be enhanced with by taking proper
measures at operating system level, network level,
Application Level and Data storage level.
With the extension of SOA towards the cloud
environment, systems are becoming more
susceptible to security threats. Current security
measures are addressing the security part to a
greater extent. But new emerging business models
and exponential enhancement on technology side to
cope up with this changing paradigm are posing
more challenges. In addition to the security aspects
considered in this paper, challenges related to
multi-tenancy, accounting, billing, policy
integration have to be addressed meticulously.
REFERRENCES
[1] “A Review of Grid Authentication and
Authorization Technologies and Support
for Federated Access Control, WEI JIE,
Thames Valley University et al.- ACM
Computing Surveys, Vol. 43, No. 2,
Article 12, January 2011.
[2] ”Service oriented architectures:
approaches, technologies and research
issues”, Mike P. Papazoglou · Willem-Jan
van den Heuvel - The VLDB Journal
(2007) 16:389–415 DOI 10.1007/s00778-
007-0044-3.
[3] ”Computationally Efficient PKI-Based
SingleSign-On Protocol PKASSO for
Mobile Devices”, Ki-Woong Park, et al. -
IEEE TRANSACTIONS ON
COMPUTERS, VOL. 57, NO. 6, JUNE
2008.
[4] “How Kerberos Authentication
works”,http://learn-
7. Nilambari Joshi, Paras Patel, Dr. B.B. Meshram / International Journal of Engineering
Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 3, Issue 3, May-Jun 2013, pp.1211-1217
1217 | P a g e
networking.com/network-security/how-
kerberos-authentication-works.
[5] ”Kerberos Explained”,
http://technet.microsoft.com/en-
us/library/bb742516.aspx
[6] “Basic Components of a Public Key
Infrastructure”,
http://technet.microsoft.com/en-
us/library/cc962020.aspx
[7] “Kerberos: An Authentication Service for
Computer Networks” ,
http://gost.isi.edu/publications/kerberos-
neuman-tso.html
[8] ”Core PKI Services: Authentication,
Integrity, and Confidentiality ”
http://technet.microsoft.com/en-
us/library/cc700808.aspx
[9] ”Introduction to Digital Certificates”,
http://www.verisign.com.au/repository/tut
orial/digital/intro1.shtml#step1
[10] ”Formalizing Service Oriented
Architectures”, Khalil A. Abuosba and
Asim A. El-Sheikh, - P u b l i s h e d by t
h e I E E E Comp u t e r S o c i e t y July /
August 2008
[12] “Towards An Information Security
Framework For Service-oriented
Architecture”, Jacqui Chetty, Marijke
Coetzee – published in Information
Security for South Africa (ISSA), 2010.
[13] A Secure Information Flow Architecture
for Web Service Platforms, Jinpeng Wei,
Lenin Singaravelu, and Calton Pu,- IEEE
TRANSACTIONS ON SERVICES
COMPUTING, VOL. 1, NO. 2, APRIL-
JUNE 2008