SlideShare a Scribd company logo

ppt.ppt

Download as PPT, PDF
P
pbrinda

hi

Engineering
1 of 19
ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY Abstract: • Authentication and Authorization are the base of security for all the Technologies present in this world today. • Proper authentication is an essential technology for cloud-computing environments in which connections to external environments are common and risks are high. • As the cyber threat landscape continues to evolve, robust authentication mechanisms are essential to protect sensitive information and prevent unauthorized access.To secure a website and allow access only to certain users based on their stated intentions or reasons for access, we can implement a multi-layered access control system 1
Introduction:. • In today's interconnected and data-driven world, the security of digital systems and sensitive information is of paramount importance • Authorization is the process of granting or denying permissions or access rights to users or entities based on their authenticated identity and their specific roles, privileges, or attributes • However, as the digital landscape becomes more complex and security threats grow in sophistication, there is an increasing need for a deeper understanding of user intentions • Intention verification introduces a new layer of security, where security measures are not only concerned with protecting against unauthorized access but also with assessing the potential risks associated with a user's intentions. 2 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
Literature Review: 3 Title Author Software/ Hardware Methodology Key Points Inference Authenticatio n and authorization in modern web apps for data security using node js and role of dark web Piyush Pant, Anand Singh Rajawat, S.B.Goyal, Pradeep Bedi, Chaman Verma, Maria Simona Raboaca,Flor entina Magda Enescu Artificial Intelligence Blockchain, NodeJS, Hashing Algorithm Dark web, MongoDB Scyther automatically verifies all the security protocols. Scyther’s adversary model is based on the Dolev– Yao model [47]. Scyther creates an attack graph on detecting an attack. It is based on the pattern-refinement algorithm that gives the brief and to the point representation of sets traces (infinite) [4 This system is tested using Scyther formal system tool against various attacks to evaluate the performance. The results prove that the proposed system is highly efficient and successful in mitigating various outsider and insider threat’s. It also enhances the security of the cloud environment by identifying all sorts of possible attacks. In the research we learnt that, Authentication can be built either by developing the model from scratch or using package to implement authentication. It is concluded that using a Package is better as they provide better security and are mostly bug-free. ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
Literature Review: 4 Title Author Software/ Hardware Methodology Key Points Inference Authentication Protocol for Cloud Databases Using Blockchain Mechanism Gaurav Deep , Rajni Mohana , Anand Nayyar , P. Sanjeevikumar , and Eklas Hossain Blockchain; clustering algorithm; hash value; e Scyther claim test,NodeJS ,ExpressJS. To implement Authentication and authorization, a programming language for the backend should be learned and mastered. NodeJS – (NodeJS is a JavaScript runtime built on Chrome’s V8 JavaScript engine) This Research fills the research gap by providing how the authentication methods are implemented in industry based website and how the data stolen from websites plays important role in the dark web The research paper comprehensively explained the security flaw’s existing in the cloud environment and has proved how insiders, as well as outsiders, can bypass the authentication system in cloud databases ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
Literature Review: 5 Title Author Software/ Hardware Methodology Key Points Inference A Permissioned Blockchain-based Identity Management and User Authentication Scheme for E-health Systems XINYIN XIANG1,2, (Member, IEEE), MINGYU WANG1,2, WEIGUO(PATR ICK) FAN, (Senior Member) Scyther tool verification, Blockchain, Authentication, Biometric, E-health. To provide secure data transmission and storage in an intelligent medical environment, cryptographic mechanisms must be used to protect privacy and avoid network attacks A PBBIMUA scheme for ehealth systems using personal biometrics, which is a new key distribution mechanism is usede that achieves privacy protection by recording identity information using blockchain technology information needs to be protected effectively. However, due to the vulnerability to network attacks of the medical system, sharing the sensitive information of patients in an IoT environment may result in a series of serious security and privacy issues ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
Literature Review: 6 Title Author Software/ Hardware Methodology Key Points Inference An Enhanced SIP Authentication Protocol for Preserving User Privacy Sarah Naveed, Aiman Sultan, Khwaja Mansoor Authentication Protocol, Session initiation protocol (SIP), ProVerif. The proposed protocol is formally verified to check and validate both security and authentication using ProVerif. Proverif is used to verify different cryptographic primitives such as hash function, signatures, encryption / decryption mechanisms etc presented a scheme that can mitigate the traceability issue with achievement of high performance and better security issue is that the proposed scheme is a risk of traceability attack which can lead to tracing user activities in different sessions ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
Literature Review: 7 Title Author Software/ Hardware Methodology Key Points Inference Intelligent Pervasive Network Authentication S/Key based Device Authentication Deok Gyu Lee†, Jong-Wook Han, Doo Soon Park, Im Yeong Lee -Intelligent Pervasive Network; Authentication; S/Key, LIGHTWEIGHT AUTHORIZATION PROTOCOL(LAP) we consider the S/Key scheme and its variants, which uses lightweight cryptographic operations such as exclusive-OR and Hash function. This section briefly describes the S/Key based authentication schemes. The S/KEY one- time password scheme is designed to protect a system against replay or eavesdropping attacks The purpose of authorization is controlling access of entity even though it has been successfully authenticated and restricting a privilege and access right pervasive network consists of heterogeneous network protocols and a variety of service models, it is likely to be exposed to various cyber attacks of Internet ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
Objective: • The objective of the "Access Guard: Purpose-Driven Web Security" project is to develop a comprehensive and adaptive web security solution that focuses on safeguarding digital assets and user interactions by aligning security measures with the specific purposes and needs of an organization, thereby ensuring a more efficient and context-aware protection against cyber threats. 8 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
Existing System: • In the previous paper provides authentication to the users by providing user name and password so any user can login easily to the website and use the resource of the website • There is no proper authentication techniques to ensure the privacy of the admin • In the existing websites we have only the username verification ,password verification ,mail verification , Biometrics verification and so on 9 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY Proposed System: • Here we are going to create a secure interface to the users who want to access the website • Here we are using NodeJS with crypto. Cryptography is the science of secret writing with the intention of keeping the data secret. • Users must first register on the website, providing their basic information, including email, username, and password. • They need to answer few questions after that which must satisfy the admin, then the Admins evaluate the intentions and decide whether to approve or deny access based on predefined criteria. 10
Requirements ( Hardware/Software): Software: • NodeJS, • HTML, • CSS, • Javascript, • Bootstrap • ExpressJS • MongoDB 11 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
METHODOLOGY: Choice of Node.js and Express.js: The research focuses on implementing authentication and authorization for a web application, using Node.js as the backend programming language and Express.js as the web application framework. Database Selection: MongoDB is chosen as the database for storing user information due to its scalability and flexibility. It emphasizes the importance of secure data storage for tasks like authentication and authorization. Authentication Implementation: The process of implementing authentication from scratch is outlined, starting with user registration, password hashing using algorithms like Bcrypt for security, and comparing entered credentials with stored ones during login. 12 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
13 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY Block Diagram:
14 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY USECASE:
ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY Modules: List of Modules: 15 QUIZ LOGIN ACCESS PAGE DASH BOARD
ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY Future Scope: Blockchain Technology: Leveraging blockchain for user identity verification and intention validation can offer enhanced security and transparency. Blockchain can ensure the immutability of intention records and prevent unauthorized modifications • blockchain-based access control provides a secure, transparent, and efficient method for managing user intentions and access decisions on websites. It leverages the immutability and smart contract capabilities of blockchain technology to create a tamper-proof and decentralized access management system. 16
17 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY Conclusion: This system not only enhances security but also allows website administrators to make informed decisions about user access, ensuring that only legitimate users with valid reasons gain entry. we can strike a balance between security and usability. Additionally, by periodically reviewing and adapting the approval criteria, the system can remain responsive to changing circumstances and user needs. In an ever-evolving digital landscape, this approach not only safeguards the website but also respects user privacy and intentions, making it a valuable strategy for managing access to sensitive online resources.
18 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY References: P. Pant et al., "Blockchain for AI-Enabled Industrial IoT with 5G Network," 2022 14th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 2022, pp. 1-4, doi: 10.1109/ECAI54874.2022.9847428. [25] Joby, P. P. "Expedient information retrieval system for web pages using the natural language modeling." Journal of Artificial Intelligence 2, no. 02 (2020): 100-110. [21] H. Zhang and F. Zou, "A Survey of the Dark Web and Dark Market Research," 2020 IEEE 6th International Conference on Computer and Communications (ICCC), 2020, pp. 1694-1705, doi: 10.1109/ICCC51575.2020.9345271 B. O. ALSaleem and A. I. Alshoshan, "Multi-Factor Authentication to Systems Login," 2021 National Computing Colleges Conference (NCCC), 2021, pp. 1-4, doi: 10.1109/NCCC49330.2021.9428806. Paro, A., 17, M. A. | F., 03, B. S. | F., 28, J. S. | J., Richi Jennings | 4, M. V. | M., & 11, R. J. | M. (2021). Hackers leaked 22 million records on the dark web in 2020.| https://securityboulevard.com/2021/01/hackers-leaked-22-million-records-on-the-dark-web-in- 2020/ [2] Bernard Meyer | 2022 | Most common passwords 2022 | https://cybernews.com/best-password-managers/most-common- passwords/
Thank you 19

Recommended

Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...LeMeniz Infotech
 
SCWCD : Secure web
SCWCD : Secure webSCWCD : Secure web
SCWCD : Secure webBen Abdallah Helmi
 
SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7Ben Abdallah Helmi
 
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET Journal
 
A cryptographic mutual authentication scheme for web applications
A cryptographic mutual authentication scheme for web applicationsA cryptographic mutual authentication scheme for web applications
A cryptographic mutual authentication scheme for web applicationsIJNSA Journal
 
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONS
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONSA CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONS
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONSIJNSA Journal
 
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...IJNSA Journal
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- orgDharmalingam S
 

Recommended

Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...LeMeniz Infotech
 
SCWCD : Secure web
SCWCD : Secure webSCWCD : Secure web
SCWCD : Secure webBen Abdallah Helmi
 
SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7SCWCD : Secure web : CHAP : 7
SCWCD : Secure web : CHAP : 7Ben Abdallah Helmi
 
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET Journal
 
A cryptographic mutual authentication scheme for web applications
A cryptographic mutual authentication scheme for web applicationsA cryptographic mutual authentication scheme for web applications
A cryptographic mutual authentication scheme for web applicationsIJNSA Journal
 
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONS
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONSA CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONS
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONSIJNSA Journal
 
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...IJNSA Journal
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- orgDharmalingam S
 
Bluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security ModelBluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security Modeltom termini
 
Secure Redundant Data Avoidance over Multi-Cloud Architecture.
Secure Redundant Data Avoidance over Multi-Cloud Architecture. Secure Redundant Data Avoidance over Multi-Cloud Architecture.
Secure Redundant Data Avoidance over Multi-Cloud Architecture. IJCERT JOURNAL
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET Journal
 
Analysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computingAnalysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computingredpel dot com
 
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...IJNSA Journal
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityPyingkodi Maran
 
Design of access control framework for big data as a service platform
Design of access control framework for big data as a service platformDesign of access control framework for big data as a service platform
Design of access control framework for big data as a service platformInternational Journal of Reconfigurable and Embedded Systems
 
BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyHappiest Minds Technologies
 
Kx3518741881
Kx3518741881Kx3518741881
Kx3518741881IJERA Editor
 
Efficient and Empiric Keyword Search Using Cloud
Efficient and Empiric Keyword Search Using CloudEfficient and Empiric Keyword Search Using Cloud
Efficient and Empiric Keyword Search Using CloudIRJET Journal
 
Accessing secured data in cloud computing environment
Accessing secured data in cloud computing environmentAccessing secured data in cloud computing environment
Accessing secured data in cloud computing environmentIJNSA Journal
 
ACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENT
ACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENTACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENT
ACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENTIJNSA Journal
 
PROJECT REVIEW of technical vulnerability 1 (3).pptx
PROJECT REVIEW of technical vulnerability 1 (3).pptxPROJECT REVIEW of technical vulnerability 1 (3).pptx
PROJECT REVIEW of technical vulnerability 1 (3).pptxDHANUSH447825
 
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1... Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...WebStackAcademy
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3CCG
 
Two Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed ServicesTwo Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed ServicesIRJET Journal
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationAddressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationPeter Choi
 
The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...IJERA Editor
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityPyingkodi Maran
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

More Related Content

Similar to ppt.ppt

Bluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security ModelBluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security Modeltom termini
 
Secure Redundant Data Avoidance over Multi-Cloud Architecture.
Secure Redundant Data Avoidance over Multi-Cloud Architecture. Secure Redundant Data Avoidance over Multi-Cloud Architecture.
Secure Redundant Data Avoidance over Multi-Cloud Architecture. IJCERT JOURNAL
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET Journal
 
Analysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computingAnalysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computingredpel dot com
 
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...IJNSA Journal
 
BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyHappiest Minds Technologies
 
Efficient and Empiric Keyword Search Using Cloud
Efficient and Empiric Keyword Search Using CloudEfficient and Empiric Keyword Search Using Cloud
Efficient and Empiric Keyword Search Using CloudIRJET Journal
 
Accessing secured data in cloud computing environment
Accessing secured data in cloud computing environmentAccessing secured data in cloud computing environment
Accessing secured data in cloud computing environmentIJNSA Journal
 
ACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENT
ACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENTACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENT
ACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENTIJNSA Journal
 
PROJECT REVIEW of technical vulnerability 1 (3).pptx
PROJECT REVIEW of technical vulnerability 1 (3).pptxPROJECT REVIEW of technical vulnerability 1 (3).pptx
PROJECT REVIEW of technical vulnerability 1 (3).pptxDHANUSH447825
 
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1... Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...WebStackAcademy
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3CCG
 
Two Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed ServicesTwo Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed ServicesIRJET Journal
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationAddressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationPeter Choi
 
The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...IJERA Editor
 

Similar to ppt.ppt (20)

Bluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security ModelBluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security Model
 
Secure Redundant Data Avoidance over Multi-Cloud Architecture.
Secure Redundant Data Avoidance over Multi-Cloud Architecture. Secure Redundant Data Avoidance over Multi-Cloud Architecture.
Secure Redundant Data Avoidance over Multi-Cloud Architecture.
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
 
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET - Study Paper on Various Security Mechanism of Cloud Computing
IRJET - Study Paper on Various Security Mechanism of Cloud Computing
 
Analysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computingAnalysis of classical encryption techniques in cloud computing
Analysis of classical encryption techniques in cloud computing
 
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Design of access control framework for big data as a service platform
Design of access control framework for big data as a service platformDesign of access control framework for big data as a service platform
Design of access control framework for big data as a service platform
 
BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network Secuirty
 
Kx3518741881
Kx3518741881Kx3518741881
Kx3518741881
 
Efficient and Empiric Keyword Search Using Cloud
Efficient and Empiric Keyword Search Using CloudEfficient and Empiric Keyword Search Using Cloud
Efficient and Empiric Keyword Search Using Cloud
 
Accessing secured data in cloud computing environment
Accessing secured data in cloud computing environmentAccessing secured data in cloud computing environment
Accessing secured data in cloud computing environment
 
ACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENT
ACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENTACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENT
ACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENT
 
PROJECT REVIEW of technical vulnerability 1 (3).pptx
PROJECT REVIEW of technical vulnerability 1 (3).pptxPROJECT REVIEW of technical vulnerability 1 (3).pptx
PROJECT REVIEW of technical vulnerability 1 (3).pptx
 
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1... Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
 
Two Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed ServicesTwo Aspect Validation Control Frameworks for Online Distributed Services
Two Aspect Validation Control Frameworks for Online Distributed Services
 
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor AuthenticationAddressing Insider Threat using "Where You Are" as Fourth Factor Authentication
Addressing Insider Threat using "Where You Are" as Fourth Factor Authentication
 
The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 

Recently uploaded

Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 

Recently uploaded (20)

Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 

ppt.ppt

  • 1. ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY Abstract: • Authentication and Authorization are the base of security for all the Technologies present in this world today. • Proper authentication is an essential technology for cloud-computing environments in which connections to external environments are common and risks are high. • As the cyber threat landscape continues to evolve, robust authentication mechanisms are essential to protect sensitive information and prevent unauthorized access.To secure a website and allow access only to certain users based on their stated intentions or reasons for access, we can implement a multi-layered access control system 1
  • 2. Introduction:. • In today's interconnected and data-driven world, the security of digital systems and sensitive information is of paramount importance • Authorization is the process of granting or denying permissions or access rights to users or entities based on their authenticated identity and their specific roles, privileges, or attributes • However, as the digital landscape becomes more complex and security threats grow in sophistication, there is an increasing need for a deeper understanding of user intentions • Intention verification introduces a new layer of security, where security measures are not only concerned with protecting against unauthorized access but also with assessing the potential risks associated with a user's intentions. 2 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
  • 3. Literature Review: 3 Title Author Software/ Hardware Methodology Key Points Inference Authenticatio n and authorization in modern web apps for data security using node js and role of dark web Piyush Pant, Anand Singh Rajawat, S.B.Goyal, Pradeep Bedi, Chaman Verma, Maria Simona Raboaca,Flor entina Magda Enescu Artificial Intelligence Blockchain, NodeJS, Hashing Algorithm Dark web, MongoDB Scyther automatically verifies all the security protocols. Scyther’s adversary model is based on the Dolev– Yao model [47]. Scyther creates an attack graph on detecting an attack. It is based on the pattern-refinement algorithm that gives the brief and to the point representation of sets traces (infinite) [4 This system is tested using Scyther formal system tool against various attacks to evaluate the performance. The results prove that the proposed system is highly efficient and successful in mitigating various outsider and insider threat’s. It also enhances the security of the cloud environment by identifying all sorts of possible attacks. In the research we learnt that, Authentication can be built either by developing the model from scratch or using package to implement authentication. It is concluded that using a Package is better as they provide better security and are mostly bug-free. ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
  • 4. Literature Review: 4 Title Author Software/ Hardware Methodology Key Points Inference Authentication Protocol for Cloud Databases Using Blockchain Mechanism Gaurav Deep , Rajni Mohana , Anand Nayyar , P. Sanjeevikumar , and Eklas Hossain Blockchain; clustering algorithm; hash value; e Scyther claim test,NodeJS ,ExpressJS. To implement Authentication and authorization, a programming language for the backend should be learned and mastered. NodeJS – (NodeJS is a JavaScript runtime built on Chrome’s V8 JavaScript engine) This Research fills the research gap by providing how the authentication methods are implemented in industry based website and how the data stolen from websites plays important role in the dark web The research paper comprehensively explained the security flaw’s existing in the cloud environment and has proved how insiders, as well as outsiders, can bypass the authentication system in cloud databases ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
  • 5. Literature Review: 5 Title Author Software/ Hardware Methodology Key Points Inference A Permissioned Blockchain-based Identity Management and User Authentication Scheme for E-health Systems XINYIN XIANG1,2, (Member, IEEE), MINGYU WANG1,2, WEIGUO(PATR ICK) FAN, (Senior Member) Scyther tool verification, Blockchain, Authentication, Biometric, E-health. To provide secure data transmission and storage in an intelligent medical environment, cryptographic mechanisms must be used to protect privacy and avoid network attacks A PBBIMUA scheme for ehealth systems using personal biometrics, which is a new key distribution mechanism is usede that achieves privacy protection by recording identity information using blockchain technology information needs to be protected effectively. However, due to the vulnerability to network attacks of the medical system, sharing the sensitive information of patients in an IoT environment may result in a series of serious security and privacy issues ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
  • 6. Literature Review: 6 Title Author Software/ Hardware Methodology Key Points Inference An Enhanced SIP Authentication Protocol for Preserving User Privacy Sarah Naveed, Aiman Sultan, Khwaja Mansoor Authentication Protocol, Session initiation protocol (SIP), ProVerif. The proposed protocol is formally verified to check and validate both security and authentication using ProVerif. Proverif is used to verify different cryptographic primitives such as hash function, signatures, encryption / decryption mechanisms etc presented a scheme that can mitigate the traceability issue with achievement of high performance and better security issue is that the proposed scheme is a risk of traceability attack which can lead to tracing user activities in different sessions ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
  • 7. Literature Review: 7 Title Author Software/ Hardware Methodology Key Points Inference Intelligent Pervasive Network Authentication S/Key based Device Authentication Deok Gyu Lee†, Jong-Wook Han, Doo Soon Park, Im Yeong Lee -Intelligent Pervasive Network; Authentication; S/Key, LIGHTWEIGHT AUTHORIZATION PROTOCOL(LAP) we consider the S/Key scheme and its variants, which uses lightweight cryptographic operations such as exclusive-OR and Hash function. This section briefly describes the S/Key based authentication schemes. The S/KEY one- time password scheme is designed to protect a system against replay or eavesdropping attacks The purpose of authorization is controlling access of entity even though it has been successfully authenticated and restricting a privilege and access right pervasive network consists of heterogeneous network protocols and a variety of service models, it is likely to be exposed to various cyber attacks of Internet ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
  • 8. Objective: • The objective of the "Access Guard: Purpose-Driven Web Security" project is to develop a comprehensive and adaptive web security solution that focuses on safeguarding digital assets and user interactions by aligning security measures with the specific purposes and needs of an organization, thereby ensuring a more efficient and context-aware protection against cyber threats. 8 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
  • 9. Existing System: • In the previous paper provides authentication to the users by providing user name and password so any user can login easily to the website and use the resource of the website • There is no proper authentication techniques to ensure the privacy of the admin • In the existing websites we have only the username verification ,password verification ,mail verification , Biometrics verification and so on 9 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
  • 10. ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY Proposed System: • Here we are going to create a secure interface to the users who want to access the website • Here we are using NodeJS with crypto. Cryptography is the science of secret writing with the intention of keeping the data secret. • Users must first register on the website, providing their basic information, including email, username, and password. • They need to answer few questions after that which must satisfy the admin, then the Admins evaluate the intentions and decide whether to approve or deny access based on predefined criteria. 10
  • 11. Requirements ( Hardware/Software): Software: • NodeJS, • HTML, • CSS, • Javascript, • Bootstrap • ExpressJS • MongoDB 11 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
  • 12. METHODOLOGY: Choice of Node.js and Express.js: The research focuses on implementing authentication and authorization for a web application, using Node.js as the backend programming language and Express.js as the web application framework. Database Selection: MongoDB is chosen as the database for storing user information due to its scalability and flexibility. It emphasizes the importance of secure data storage for tasks like authentication and authorization. Authentication Implementation: The process of implementing authentication from scratch is outlined, starting with user registration, password hashing using algorithms like Bcrypt for security, and comparing entered credentials with stored ones during login. 12 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY
  • 13. 13 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY Block Diagram:
  • 14. 14 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY USECASE:
  • 15. ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY Modules: List of Modules: 15 QUIZ LOGIN ACCESS PAGE DASH BOARD
  • 16. ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY Future Scope: Blockchain Technology: Leveraging blockchain for user identity verification and intention validation can offer enhanced security and transparency. Blockchain can ensure the immutability of intention records and prevent unauthorized modifications • blockchain-based access control provides a secure, transparent, and efficient method for managing user intentions and access decisions on websites. It leverages the immutability and smart contract capabilities of blockchain technology to create a tamper-proof and decentralized access management system. 16
  • 17. 17 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY Conclusion: This system not only enhances security but also allows website administrators to make informed decisions about user access, ensuring that only legitimate users with valid reasons gain entry. we can strike a balance between security and usability. Additionally, by periodically reviewing and adapting the approval criteria, the system can remain responsive to changing circumstances and user needs. In an ever-evolving digital landscape, this approach not only safeguards the website but also respects user privacy and intentions, making it a valuable strategy for managing access to sensitive online resources.
  • 18. 18 ACCESS GUARD: PURPOSE-DRIVEN WEB SECURITY References: P. Pant et al., "Blockchain for AI-Enabled Industrial IoT with 5G Network," 2022 14th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 2022, pp. 1-4, doi: 10.1109/ECAI54874.2022.9847428. [25] Joby, P. P. "Expedient information retrieval system for web pages using the natural language modeling." Journal of Artificial Intelligence 2, no. 02 (2020): 100-110. [21] H. Zhang and F. Zou, "A Survey of the Dark Web and Dark Market Research," 2020 IEEE 6th International Conference on Computer and Communications (ICCC), 2020, pp. 1694-1705, doi: 10.1109/ICCC51575.2020.9345271 B. O. ALSaleem and A. I. Alshoshan, "Multi-Factor Authentication to Systems Login," 2021 National Computing Colleges Conference (NCCC), 2021, pp. 1-4, doi: 10.1109/NCCC49330.2021.9428806. Paro, A., 17, M. A. | F., 03, B. S. | F., 28, J. S. | J., Richi Jennings | 4, M. V. | M., & 11, R. J. | M. (2021). Hackers leaked 22 million records on the dark web in 2020.| https://securityboulevard.com/2021/01/hackers-leaked-22-million-records-on-the-dark-web-in- 2020/ [2] Bernard Meyer | 2022 | Most common passwords 2022 | https://cybernews.com/best-password-managers/most-common- passwords/