Professional Documents
Culture Documents
Abstract-Security as a Service for cloud system are IFCaaS has been designed in such a way that every
increasing in every prospect since the beginning of the Cloud. application that has been developed in different
Applications on cloud or internet are available everywhere and
programming language will have a specific
its access able to anyone who has internet accessibility, there
for security for such applications are required there for security
dictionary so that the source code of that
maintainers are available from anti-virus, security event application will be tested and matched with the
management services, authentication, anti-malware and dictionary that has been provided if the source code
intrusion detection. These security applications maintain the
has any vulnerability then the third party service
security of such applications but those security solutions will
will give a low rating point on how much the
come at a cost which are mostly costly not all internet or cloud
users can afford. Hence Information Flow Control as a Services specific application is vulnerable. Hence these
on Cloud Systems has been introduced which will bring a services can help in nurturing the efficiency of
solution for any vulnerability in applications which are
security resolutions.
available on cloud.Information Flow Control as a Service on
Cloud computing a service which is
cloud System basically based on third party which is trusted
party for checking and searching applications metadata or provided through internet everywhere in the world
source code for vulnerability if any application that is designed It provides different types of service for clients or
or developed in any particular programming language IFCaaS
consumer. Clients and consumers could be anyone
will check that particular application and match them with
just a common person who use cloud services as a
specific programming language dictionary which has been
provided for different types of programming language. storage or it could be software developer, big
multinational organization, public and private
1. INTRODUCTION
companies, who use cloud services for different
Information Flow Control as a Service on Cloud
proposes.
System a web based application that provide
Cloud computing has three models or
services for Application as a Service and for users.
categories which are Software as a Service,
Its based on vulnerability checking on source code
Application as a Service and Infrastructure as a
of specific application. The vulnerability checking
Service. These services provide different types of
is done by third trusted party which all the
service for user. Since this project is based on
applications metadata will be sent to third party
Software as a service the concentration would be
server, when the application arrived in third party
on Software as a Service.
servers storage it will immediately open the source
Software as a Service (SaaS) it provides
code and check that with the specific dictionary. application or software licensing for clients upon
Application or software which are provided for develop an independent project which is more
users or clients on cloud or internet for any propose efficient and the propose of system requirement is
must be verified by third party which should be a Software has their own requirement specification
trusted party. with the help of system analysis, which also called
Third party should not be in favor of requirements engineering those requirements can
anyone software as a service provider, cloud be solved, whiten this process the user determines
service provider or users who are intent to use expectations for a new or modified product. These
applications or software from cloud. The third features, called requirements, that must be
party with use of Information Flow Control (IFC) computable, related and comprehensive.
can detect any vulnerability to the source code of Software requirement specification describe the
the application or software which has been sent. behavior of the project and its development which
After the source code is verified for includes the functional and nonfunctional
vulnerability the third party will provide details necessities for the project or software to be
information of specific application for users into developed. The functional requirements contain
the logbook then users can download or use those that the software compatibility and none
specific verified application. compatibility which needs to be considered while
3.4 Advantages in proposed system developing any project and software. None
functional requirements include the control on the
Application and software can be trusted.
strategy or operation of the project or software.
Detection of vulnerabilities.
Requirements must meet all the functionality of
Verified source code of application. project which is going to be developed which
Users can see how much an application includes performance, services, platforms,
has vulnerability. availability of services, configuration of services.
[8] Jedidiah Yanez-Sierra, Arturo Diaz-Perez, Victor Sosa- of Electronic Health Records in Cloud, 35th Annual
Sosa and J.L.Gonzalez,Towards Secure and Dependable International Conference of the IEEE EMBS, 2013.
Cloud Storage Based on User-Defined Workflows, IEEE [20] Yu Jia Chen, Feng Yi, A Dynamic Security Traversal
2nd International Conference on Cyber Security and Mechanism for Providing Deterministic Delay Guarantee in
Cloud Computing, 2015. SDN, IEEE Signal and Information Processing Association
[9]Nidhiben Solanki, Timothy Hoffman,Stephen S. Yau, An Annual Summit and Conference, 2012.
Access and Information Flow Control Paradigm for Secure [21] Purva Grover, Rahul Johari,BigData,Cloud Computing
Information Sharing in Service-Based Systems, IEEE 39th and Distributed Computing, Proceedings of Global
Conference on Communication Technologies,2015.