Академический Документы
Профессиональный Документы
Культура Документы
Abstract Among the various applications of high Semantic information which focuses on special kind of data,
performance computing, security of cloud computing is very nature of commands which are dangerous. Thus system will
essential and greater awareness in India. Security issues in detect complicated attacks much more efficient way by
cloud are very challenging, as the data are roaming without any analyzing the user requests for finding attacks possibility.
control. The need to keep the security as well as privacy of the Proposed system in paper [2] highlights semantic analysis of the
information in the cloud becomes a critical issue. On the basis of HTTP traffic about network flow but can be extended for other
cloud architectures we can specify the security rules for the web application protocols such as SMTP, HTTPS, FTP and others.
application attacks. In this paper we go through study, design Many times ontological representations can be easily shared,
and purpose of ontology containing encryption algorithms. Here
refined, reused between entities in a domain. We can develope
ontology describes the security rule specification. Encryption
algorithm describes comparision of performance among different
model of ontology with description logic that is conceptual
algorithms. The main focus of this kind of work is to present a knowledge which was defined by the web ontology language.
study of cloud security policy using some encryption algorithm The Horn Logic declarations are inference rules given in the
based on ontology. This study will follow the ontology framework paper are implemented using the Jena Apache API. By using
build for security policy rules. This paper also discusses cloud Jena Apache API system is platform and technology
based web services attacks, design of semantic rules, and independent. Paper [3] author Chang Choi, Junho Choi and
detection of malicious traffic over internet as well as tools for Pankoo Kim focuses on access control model based on ontology
handling ontology. called as Onto-ACM which describes dynamic access control.
In Onto-ACM semantic analysis model given that address
Keywords Cloud computing; vulnerability; ontology; data differences in the specified limit between different service
encryption; security management. providers with users. Gurupreetsingh et.al (2013) has done the
comparison of all available encryption algorithms like RSA,
DES, 3DES, AES for information security purposes. The
I. INTRODUCTION generation, updation and transfer of keys have been done by
Cloud computing have three types of cloud service models. the described algorithms. The paper[4] Gurupreetsingh and
First one is Infrastructure as a service, second is platform as a Supriya find different terms about speed and that gives
service and third is software as a service.High performance advantage of using cloud computing resources for
computing supports for the three cloud models as public cloud, implementing security algorithms which are used in
private cloud as well as hybrid cloud. We can describe ontology businesses to secure large number of data. They used different
as specification of a conceptualization, reality models in kinds of algorithms like an asymmetric algorithm RSA, a
the different system combined together with their properties. hashing algorithm MD5 and an asymmetric algorithm AES
Pascal Meunier [1] in his book defined meaningfully to .Vijay Varadharajan and Udaya Tupakula [11] described
represent, or broadcast knowledge about vulnerabilities, attacks, techniques based on range of attacks and malicious content
because of that we require ontology. Paper [2] Abdul Razzaq et against specific services like DNS, database and web servers
al. (2014) proposed security ontology which provides different within a same domain. Attack range between the virtual
taxonomies for malacious contents includes threats, machines in different domains, in this paper near about twenty
vulnerabilities as well as types of attacks. Paper states ontology papers survey is done. Discussions are made according to the
is a precise design which captures its context. There is need survey.A further section compares actual work, methodologies
of special kind of system like semantic system which and comparative work among the different papers.
describes a complete overview and can recognize the depth of
application with its data for attacks. Validation based on
overview that is
25
C. Frameworks
The paper [3] uses frameworks like context analysis engine,
access control module, inference engine, ontology handler, interoperability rules could be interchanged between this system
policy checker, abstraction description in cloud computing and other security applications which are not possible.
environments. R. Sivakumar et al. (2011) proposed Protg Reference paper [3] proposes onto ACM called Ontology- based
tool is popular for the ontology revelation called protg tool access control model, analysis model called semantic which
applied for further improvement in various regulations for better address in difference with given access control of users and
understanding of domain knowledge. The purpose of this service providers. System provides intelligent context aware
work is to present a study on application of different methods. access model for positively applying the access level of
These techniques are used for the improvement of different resource based on semantic analysis method ontology
kinds of protg revelation tools and classify their quality and reasoning. Semantic analysis model classify differences in the
aspects. In the area of ontology visualization it is supportive given limit between users and service providers. communication
method selection and encourages future research [20]. interface access control module ,cloud service
providers.,Providers context analysis engine, tools like
D. Semantic web application security ontology handler provides locality of all resources that can be
Harshal A. Karande et al. paper [12] proposes syntax based viewed based on their context information and role ex.
validation provides the size where validation is semantic based transaction list for access demand, approval of rules with
will focus on format, specific data, and understand potentially OWL for analyzing context information and gathering
dangerous commands. Proposed system is able to address all Problem solved in this system are better for protecting and
these facts through usally updating of knowledge base. Also insider intrusions prevention like role based and context
proposed systems mitigate the different types of attacks like based,which provides dynamic access control. Advantages of
web application successfully and easily able of overcome the the system are convenience and efficient for policy management
existing strategy of original management of treats and attacks by admin and users, disadvantages of the system, if ontology
by hackers. Protocol ontology in this system we have focused handler does not recognize specific rules or policy for context
on the HTTP protocol because it is establishment of data data then only data flow is there without any control. System
communication for World Wide Web. Logic based context can be useful in organizations and data centers.Paper[4] makes
reasoning can be employed based on functionality. Rule based algorithm comparisons while considering all parameters
reasoning specify semantic rules which can be defined that depending on memory usage computation time and output
will manipulate the ontology logic. Standard rule languages byte. Survey is given to combine all the techniques which are
are used for defining rules or can be written in a variant of a helpful for real-time applications. The system can add
language supported by a specific reasoner. combination of algorithms both ways applied as sequentially or
parallel, to buildup much more secure environment for storing
E. Algorithms data and retrieving data. In paper [6] the proposed architecture
Gurupreetsingh et.al (2013) describes the key updation, defends against wide attack vectors and also accomplishes a
generation, and transportation which are done by the tiny TCM target cloud model (low cost embedded processor).
encryption algorithm. These types of algorithms are called as System propose architecture of cloud in which critical
cryptographic algorithm. Many security algorithms existing in processes and data affecting on VMs .the guest VMs security
the market to encrypt means to hide the data. The power of are isolated from specified domains and administrators of cloud.
encryption algorithm basically depends on computer system The environment called as cryptographic for the encryption and
which can be used for the key generation. Key generation integrity checking should be separated from specified
procedure, encryption and decryption for each and every domains. Used cryptographic key and integrity with hash data
algorithm are described. of VM images should be isolated from administrators of cloud
to prevent potential threats of security. System provides secure
III.COMPARATIVE ANALYSIS management, secure storage, good scalability and performance
In reference paper [2] proposed method is of detecting and of I/O. problems solved in the system are, the data of cloud
classifying web application attacks. Solution is an ontology users from cloud administrators is isolated by using
based method. It specifies attacks based on semantic rules web architecture. The data of cloud users are protected with
application, the situation of significance and the requirements of malicious cloud administrators, compromised specified domain
application protocols. The model of ontology was generated or malicious specified domain. The proposed system offers
using logic description that is the Web Ontology Language. functionality of security against wide attack vectors .It shows
Horn logic statements with inference rules which can be I/O performance, showing its feasibility on cloud.
implemented using the API of apache JENA structure. Problem Disadvantages of the system are service providers cloud is
solved like performance of system and detection capability is mainly related with security threats from external attack types
significantly good than old solutions.Work effectively detects rather than internal attack types. Vijay varadharajam and
attacks based on web application at the same time as generating Udaya Tupakaula [7] gives policy based access control like
few false positives. Disadvantages of the system are generic through some firewalls with ID techniques and trustful
rule generation mechanism with computing technologies for security of distributed applications
26
on virtualized system that is on distributed computing. Secure
communication of applications and VM in different distributed HTTP RESPONSE SPLITTING 80.28
servers.Tenat Virtual domain that is TVD allows security policy
based grouping like same kind of virtual machines running on
distributed machine. There is cloud cluster domain. Attacks HTTP REQUEST SMUGGLING 78.69
such as SQL injection, buffer overflow, and cross site scripting
are detected. Advantages of system, organizations TVD can be
used describing security policies and usage of domain. System CACHE POISONING 85.90
detect attacks by monitoring any violations of access control
policies that is RBACP, limitations of the system are it cannot
support for more range of attacks ,authors can extend it to more CROSS USER DEFACEMENT 85.20
range of attacks. Further it can extend to test on multiple
softwares instead of only one. Paper [9] described range of
Information flow control models, data protection of tenants and DOS 84.44
providers, MAC security policy, security labels with data and
principles at Information flow control, protection in hardware
and OS. System makes provision of Information flow control
with three cloud services. Paper also discusses about Policy This attack analysis can lead to XSS, web cache poisoning,
specification, translation, enforcement, audit logging. System cross user defacement, browser cache poisoning and cloud
can overcome problems with sensitive data. Disadvantages of cluster poisoning. Injection types are Cross site scripting attacks
the system are Mac security policy is used for all users but in which malicious scripts are injected. First attacker will use
specifically it is for only sensitive type of information. XSS to send a script which is malicious to an unsuspecting user.
Reference paper [15] focused to apply the idea in other areas to When data enters a web application XSS attack can occur
examine the automatic verification of the results. These types of through an untrusted source, like web request. The data is
areas can use medical case studies and law documents which included as a dynamic content which is sent to a web user
uses multiple descriptors from different views. The automatic without any validatation for malicious content, consider
construction of an ontology which can classify, assist, and example cookie grabber. Different targets are used In HTTP
retrieve relevant services, without any preparation by previously splitting which can use different techniques to decide when the
developed methods. This work gives bootstrapping process of first starting HTTP message ends and when the second starts.
ontology for web services. It generates the advantage that web Some targets consider message will be carried out by packets,
services always consist of WSDL and free text descriptors. The some will use message boundaries. The request will send by
WSDL descriptor is seen using two methods first is term using POST as a substitute of GET considers several
Frequency or Inverse document frequency and second is application servers which allow these functions. HTTP
web context generation. Given ontology bootstrapping process smuggling leverages the different ways that a usually HTTP
integrates the results of both methods and applies a second message can be parsed and interpreted by agents like web
method to confirm the concepts using the service free text caches, browsers, application firewalls. Consider Example is
descriptor, thereby offering a more accurate definition of bypass of an application firewall. Web cache poisoning is a
ontologies. The bootstrapping process of ontology is based on new attack. The attacker simply forces the target for example
analyzing a web service using three different methods; each to send a request to force the target as cache server to cache the
method will represent a different point of view of the web response of second request which is fully controlled by the
service. Result is the process provides a correct definition of the attacker. Single user, single page, and temporary defacement
ontology and give better results. Web Service annotation are the Cross defacement attacks in which the target can share
ontology creation and evolution Ontology Evolution of Web the same connection of TCP with the server among large
Services. number of users. The attacker to deface the site for a single page
local as well as temporary requested by single user.DoS attacks
are more damaging. Paper [13] defines ontologies are at the
IV. DISCUSSIONS
heart of research and numerous vulnerability evaluation
Authors of article [10] describe study of HTTP vulnerability
projects. A formal explicit description of ideas in a domain of
attacks and private port attack as shown in table [1].
discourse, properties of every idea describing various features
Table 1 Attack Analysis and attributes of the concept, and limits on properties called
Ontology. Conceptualization of a domain of interest is called
Traditional Ontology Based IDs DR ontology. Examples of vul- nerabilities are session riding,
hijacking, virtual machine escape, and insecure or obsolete
cryptography. One possibility that an attacker might
successfully escape from a virtualized environment lies in
virtualizations environment. Consider this vulnerability as
intrinsic to virtualization and highly relevant to (HPC) cloud
computing. Another is, web application technologies must
overcome the problem that, by design, a
27
Stateless protocol called as the HTTP protocol, exactly By Analysis we can overview the effectiveness of proposed
opposite is Web applications which require some kind of threats and evaluation of actual effects after they are actually
session state [14]. Vaishali Singh et al. (2014) proposes used [17].
following types of ontologies
SEVERITY OF THE
COMMON VULNERABILITY CLASSIFY YES
VULNERABILITY INTO HIGH, MEDIUM AND LOW
SCORING
SYSTEM(CVSS) Fig. 2. Protocol Structure
28
10.1109/TCC.2016.2535320, 2016.
29