CHAPTER 1 OVERVIEW

1.1 Importance of the Project: [1]

Cloud Computing is a new type of service which provides large scale computing resource to each customer. Cloud Computing systems can be easily threatened by various cyber attacks, because most of Cloud Computing systems provide services to so many people who are not proven to be trustworthy. Therefore, a Cloud Computing system needs to contain some Intrusion Detection Systems (IDSs) for protecting each Virtual Machine (VM) against threats. In this case, there exists a tradeoff between the security level of the IDS and the system performance. If the IDS provide stronger security service using more rules or patterns, then it needs much more computing resources in proportion to the strength of security. So the amount of resources allocating for customers decreases. Another problem in Cloud Computing is that, huge amount of logs makes system administrators hard to analyse them. In this paper, we propose a method that enables Cloud Computing system to achieve both effectiveness of using the system resource and strength of the security service without trade-off between them. The purpose of using the cloud was the reliability and availability offered by it. We are using the Google App Engine Cloud Environment.

1.2 Literature Survey:

1.2.1 Cloud Computing
Cloud computing, as defined by NIST, is as a model for enabling convenient on demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or cloud provider interaction.

Cloud Server Google App Engine Intrusion Detection System Parameter Tampering Client or Intruder Denial of Service

SQL Injection

Brute Force

Database / Datastore

Intrusion Prevent & Analyze

Fig 1: Architecture of cloud computing

Small size business, enterprises and organizations who cannot afford the high cost software, hardware and data storage medium to maintain their business as well as to improve it must use cloud services on a pay-per-use basis. Cloud provide many advantages include lower cost, greater business agility, reduced IT administrative overhead, access to best applications. But one question about cloud computing is still in its place-HOW SECURE IS THE CLOUD. End user who wants to access the services of cloud must have browser on their system to access the network. We always talk about attacks on clouds which makes our data insecure on clouds system but there are so many attacks which can also affect our data . when any user login through interface on cloud site then they must take care to perform secure process. I will discuss about those attacks which can take place during login process.

1.2.1.1

Types of Cloud model

1. Private cloud The cloud infrastructure is operated solely for an organization. Contrary to popular belief, private cloud may exist off premises and can be managed by a third party 2. Public cloud The most ubiquitous, and almost a synonym for, cloud computing. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Examples of Public Cloud: 1. Google App Engine 2. Microsoft Windows Azure 3. IBM Smart Cloud 4. Amazon EC2

3. Community cloud The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). Government departments, universities, central banks etc. often find this type of cloud useful.
3

4. Hybrid cloud A hybrid cloud is a composition of at least one private cloud and at least one public cloud. A hybrid cloud is typically offered in one of two ways: a vendor has a private cloud and forms a partnership with a public cloud provider, or a public cloud provider forms a partnership with a vendor that provides private cloud platforms.

1.2.1.2

Types of Cloud Services

a. Software as a Service (SaaS). The capability provided to the consumer is to use the providers applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. b. Platform as a Service (PaaS). The capability provided to the or consumer acquired is to deploy onto created the cloud using

infrastructure consumer-created

applications

programming languages, libraries, services, and tools supported by the provider.3 The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment. c. Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).

1.2.1.3

Cloud Vendors
1. Microsoft Azure
4

2. Google AppEngine 3. Amazon Web Services (EC2)

1.2.2 ATTACKS [4]

Attack on client side

End user access area-When client access network for any applications from any public location like restaurant, hotels, offices through Wi-Fi the risk of data theft will be increase. Malware can affect system. Malware is a software designed to damage computer system without the owners informed content.

Identity theft- When wrong person got your identity he may login behalf of you on cloud to get advantages of services and can also affect your information.

Fake antivirus software- Person who creates this kind of software want to access only important information called passive attacker but if attacker modify your work then he is called active attacker.

Attack on web browser- Web browsers works as an interface between consumer and service provider. Most popular web browsers are Google chrome, internet explorer, opera and safari.

Cross site scripting- Cross site scripting is to insert the malicious code on dynamic web page which cannot be detected by client browser interpreter or server. It is also named as xss. Once these malicious codes get executed on web browser then every time we access the browser it gets private information and delivers to attacks.

Flooding- If Browser gets control by attacker then flooding attack is also possible to consume lot of resources and services as well as to increase the work load on cloud server. When user request

of any service then service provider works towards to satisfy their request but when an attack intentionally flood requests to provider then he wants to fulfill the requirement of attacker as he thinks that attacker is a client. As a result cloud system will not be able to satisfy the normal request from user.

Denial of service- Malicious code gets injected onto browser then attacks execute that code to open window many times. As a result server deny to legitimate user to offer their services. Plug-ins- We want to open any downloaded file or run any new software then browser asks to install plug-in to run this program and we allow to them. This is also a way for attackers to get involve into our system.

SQL injection- QL injection is a technique often used to attack a website. This is done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits security vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from the web form into the database of an application (like queries) to change the database content or dump the database information like credit card or passwords to the attacker. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

1.2.3 Top security concern in cloud computing

Misuse of cloud service On cloud any one can get register itself as a client to use cloud services for create new technologies to improve their activities.

Threat from inside employee People connect with cloud computations put on their sensitive and confidential information on cloud. Companies which provide services have number of employee who have access to these
6

sensitive data on regular basis and discuss it from out of company. Insider threat is more than just fraud and can also comprise theft of data and intellectual property.

Data protection Everyone wants that their personal data on cloud must be secure. To provide security of data on cloud comprises. Where will the data be stored or processed Are there are multiple platform involved Who is liable for the data or security related issues and natural disasters and data leakage? What are legal commercial and reputational risks? Can we move against the cloud vendor to Claim loss of profits?

Identity and access management In cloud computing technology NIST advices the need for trusted identities and secure and efficient management of these identities while users privacy is protected is a key element for the successful adoption of any cloud solution the big issue is can the provider segregate and protect individual groups of data within the remote, distributed shared environment.

Identity and access related problems mostly faced by SAAS service provider because they have to manage so many accounts of customers and when user leaves the organization their account remains active increasing risk of data exposure.

Shared technology issues Cloud customers needs resources dynamically as per requirement. The service provider is able to meet the demand of customer. They use virtualization where virtual machines share the same physical server for multiple customers.

Hypervisor security On hypervisor (virtual machine manager) many malware, rootkits and unwanted codes may installing themselves as a hypervisor below the operating system. This can make them difficult
7

to detect because hypervisor based malware could intercept any operations of operating systems. In fig 3 this kind of attack has shown.

Cross virtual machine side channel attacks Virtual memory shares the physical memory, CPU cycles, network buffers, dram of the physical machine attacks on virtual machine may takes place in two steps Placement of attacker virtual machine on the same physical machine Exploiting the shared resources.

Cross side channel attack on VMs virtual machine share the physical memory, CPU cycles, Network buffers, dram of the physical machines. Attack on VMs take place in 2 steps Placement of attacker virtual machine on the same physical machine exploiting the shared resources

1.2.4 Recommendations for improvement:

M86 Security announced its strategy to deploy its core malware and threat research capabilities for Web and email into the cloud, beginning with the launch of the company's new cloud-based Targeted Attacks Service in the M86 Mail Marshal Secure Email Gateway (SEG).

The new blended threats technology protects organizations from targeted attacks that use malicious embedded URL links in emails as the initial infection method. Harnessing the same malware detection technology used in the M86 Secure Web Gateway (SWG), M86 Security's Targeted Attacks Service scans emails for embedded URL links to potentially malicious websites as they are accessed.

1.3 Motivation:
In the recent years, number of attacks on networks has exponentially increased therefore; interest in cyber attack detection has increased among the researchers. The tremendous opportunities for information and resource sharing that this entails comes a heightened need for information security, as computing resources are both more vulnerable and more heavily depended upon them before. This paper provides a review on current trends in cyber attack detection together with a study on technologies implemented by some researchers in this area. This will help to predict, pointing towards a number of areas of future research in the field of cyber attack detection and response.

1.4 Scope of the Project:

The scope of the project is limited to following areas in order to achieve a full fledge secure application enough to serve a real time application need. The areas to be covered are 1. Authentication 2. Authorization 3. Data validation 4. Denial of Service Attacks 5. Error Handling 6. Session Management 7. Secure Coding Principles

CHAPTER 2 PROPOSED WORK

2.1 Problem Definition:
An intrusion detection system (IDS) [2] is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization. IDPSes typically record information related to observed events, notify security administrators of important observed events, and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a firewall), or changing the attack's content. Internet is a global public network. With the growth of the Internet and its potential, there has been subsequent change in business model of organizations across the world. More and more people are getting connected to the Internet every day to take advantage of the new business model popularly known as e-Business. Internetwork connectivity has therefore become very critical aspect of today's e_business. There are two sides of business on the Internet. On one side, the Internet brings in tremendous potential to business in terms of reaching the end users. At the same time it also brings in lot of risk to the business. There are both harmless and harmful users on the Internet.

10

While an organization makes its information system available to harmless Internet users, at the same time the information is available to the malicious users as well. Malicious users or hackers can get access to an organizations internal systems in various reasons. These are, Software bugs called vulnerabilities Lapse in administration Leaving systems to default configuration The malicious users use different techniques like Password cracking, sniffing unencrypted or clear text traffic etc. to exploit the system vulnerabilities mentioned above and compromise critical systems. Therefore, there needs to be some kind of security to the organizations private resources from the Internet as well as from inside users as survey says that eighty percent of the attacks happen from inside users for the very fact that they know the systems much more than an outsider knows and access to information is easier for an insider. Different organizations across the world deploy firewalls to protect their private network from the Public network. But, when it comes to securing a Private network from the Internet using firewalls, no network can be hundred percent secured. This is because; the business requires some kind of access to be granted on the internal systems to Internet users. The firewall provides security by allowing only specific services through it. The firewall implements a policy for allowing or disallowing connections based on organizational security policy and business needs. The firewall also protects the organization from malicious attack from the Internet by connections from unknown sources.

11

2.2. Data Flow Diagram [3]

Level 1:
Request Client Server Database

Response

Fig 2.1: DFD Level 1

Level 2:

Request Server Intrusion Detection System

Response Client

Database

Fig 2.2: DFD Level 2

12

Level 3:

Parameter tampering

Accepted Pattern of parameters

Intrusion Detection system

Brute Force

Database

Denial of Service

SQL injection

Fig 2.3: DFD Level 3

13

CHAPTER 3 ANALYSIS AND PLANNING

3.1 Feasibility Study

3.1.1 Detection Approaches
The detection approaches rely on finding the malicious party who launched a DoS attack and consequently hold him liable for the damage he has caused. However, pinning the real attacker down is not a straightforward task. One reason is that the attacker spoofs the source IP address of the attacking packets. Another reason is that the Internet is stateless, which means, whenever a packet passes through a router, the router does not store any information (or traces) about that packet. Therefore, mechanisms such as ICMP trace back and packets marking are devised to figure out the real attacker. In this subsection, we describe several techniques to identify the attacker after the attack took place.

3.1.2 SQL Injection

A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands. The main consequences are:

Confidentiality: Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL Injection vulnerabilities.
14

Authentication: If poor SQL commands are used to check user names and passwords, it may be possible to connect to a system as another user with no previous knowledge of the password.

Authorization: If authorization information is held in a SQL database, it may be possible to change this information through the successful exploitation of a SQL

Injection vulnerability.

Integrity: Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL Injection attack.

Example In a login form, which has a username and password, uses the table Users to authenticate the user. The code behind the login is select * from Users where username=$username and password=$password. Now if the attacker enters 'OR' '=' in the password field he gets logged in because the query returns True.

Control measure SQL injection is mainly done through form controls like text field, username field, hidden fields, etc. Therefore it can be detected by performing strong validation techniques on these inputs. We have maintained tokens of SQL and if the input appears to be one of them, the attacker is prevented from further operation.

3.1.3. Brute Force

During this type of attack, the attacker is trying to bypass security mechanisms while having minimal knowledge about them. Using one or more accessible methods: dictionary attack (with or without mutations), brute-force attack (with given classes of characters e.g.: alphanumerical, special, case (in) sensitive) the attacker is trying to achieve his/her goal. Considering a given method, number of tries, efficiency of the system, which conducts the attack and estimated efficiency of the system which is attacked, the attacker, is able to calculate how long the attack will have to last. Non bruteforce attacks, on the other hand, which include all classes of characters, give no certainty of success.
15

Brute-force attacks are mainly used for guessing passwords and bypassing access control. However there are a lot of tools which use this techinque to examine the web service's catalogue structures and seek interesting, from the attacker's point of view, information. Very often the target of an attack is data in forms (GET/POST) and users' Session-IDs.

Control measures Brute Force attack can be controlled by having effective session management, strong authentication mechanism, understanding the behavior of intruders access and keeping track of the speed at which successive requests are made.

3.1.4. Denial of Service

The Denial of Service (DoS) attack is focused on making unavailable a resource (site, application, server) for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. If a service receives a very large number of requests, it may stop providing service to legitimate users. In the same way, a service may stop if a programming vulnerability is exploited, or the way the service handles resources used by it. Sometimes the attacker can inject and execute arbitrary code while performing a DoS attack in order to access critical information or execute commands on the server. Denialof-service attacks significantly degrade service quality experienced by legitimate users. It introduces large response delays, excessive losses, and service interruptions, resulting in direct impact on availability. In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

16

Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. This technique has now seen extensive use in certain games, used by server owners, or disgruntled competitors on games such as Minecraft and League of Legends. The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management. Control measures: It can be prevented by having track of the attackers behavior, identifying the speed at which attacker is trying to access the resources and preventing the user for accessing the site once suspicious pattern of attackers behavior is identified.

3.1.5. Parameter Tampering

The Web Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control. This attack can be performed by a malicious user who wants to exploit the application for their own benefit, or an attacker who wishes to attack a third-person using a Man-in-themiddle attack. In both cases, tools likes Webscarab and Paros proxy are mostly used. The attack success depends on integrity and logic validation mechanism errors, and its exploitation can result in other consequences including XSS, SQL Injection, file inclusion, and path disclosure attacks.

Example: When a web application uses hidden fields to store status information, a malicious user can tamper with the values stored on his browser and change the referred information. For example, an e-commerce shopping site uses hidden fields to refer to its items, as follows: <input type=hidden id=1008 name=cost value=70.00>
17

In this example, an attacker can modify the value information of a specific item, thus lowering its cost. [5]

Control measures 1. Data Validation strategies a. Accept known good i. This strategy is also known as "whitelist" or "positive" validation. The idea is that you should check that the data is one of a set of tightly constrained known good values. Any data that doesn't match should be rejected. ii. If you expect a postcode, validate for a postcode (type, length and syntax):
public String isPostcode(String postcode) { return (postcode != null && Pattern.matches("^(((2|8|9)\d{2})|((02|08|09)\d{2})|([19]\d{3}))$", postcode)) ? postcode : "";}

b. Reject known bad i. This strategy, also known as "negative" or "blacklist" validation is a weak alternative to positive validation. Essentially, if you don't expect to see characters such as %3f or JavaScript or similar, reject strings containing them. This is a dangerous strategy, because the set of possible bad data is potentially infinite. c. Sanitize i. Rather than accept or reject input, another option is to change the user input into an acceptable format

18

3.2 Project Planning

The project to be undertaken has to have a certain project plan, which would serve as a structured guide for researching, designing and developing the project.

3.2.1 Aims and Objectives

The aims and objectives of the system are to cover the following areas: 1. Authentication Authentication is the act of confirming the truth of an attribute of a datum or entity. This might involve confirming the identity of a person or software program, tracing the origins of an artifact, or ensuring that a product is what its packaging and labeling claims to be. Authentication often involves verifying the validity of at least one form of identification.

2. Authorization Authorization is the function of specifying access rights to resources, which is related to information security and computer security in general and to access control in particular. More formally, "to authorize" is to define access policy. For example,human resources staff are normally authorized to access employee records, and this policy is usually formalized as access control rules in a computer system. During operation, the system uses the access control rules to decide whether access requests from (authenticated) consumers shall be approved (granted) or disapproved (rejected). Resources include individual files' or items' data, computer programs,

computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer programs and other devices on the computer.

3. Data validation Data validation is the process of ensuring that a program operates on clean, correct and useful data. It uses routines, often called "validation rules" or "check routines", that check for correctness, meaningfulness, and security of data that are input to the system. The rules may be implemented through the automated facilities of a data dictionary, or
19

by the inclusion of explicit application program validation logic.For business applications, data validation can be defined through declarative data integrity rules, or procedure-based business rules. Data that does not conform to these rules will negatively affect business process execution. Therefore, data validation should start with business process definition and set of business rules within this process. Rules can be collected through the requirements capture exercise. The simplest data validation verifies that the characters provided come from a valid set. For example, telephone numbers should include the digits and possibly the characters +, -, (, and ) (plus, minus, and parentheses). A more sophisticated data validation routine would check to see the user had entered a valid country code, i.e., that the number of digits entered matched the convention for the country or area specified.

4. Denial of Service Attacks The Denial of Service (DoS) attack is focused on making unavailable a resource (site, application, server) for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. If a service receives a very large number of requests, it may stop providing service to legitimate users. In the same way, a service may stop if a programming vulnerability is exploited, or the way the service handles resources used by it.

5. Error Handling An exception is an event that may change the program flow. One layer of the system uses an exception to give another layer information about special states the system is currently in. The different layers of software or hardware have contracts, that tell what can be expected; this is generally known as Programming by Contract. In the context of exception handling, a program is said to be exception-safe, if exceptions that occur will not produce side-effects (such as memory leaks), will not change stored data so that it becomes unreadable, or generate output that is invalid.
20

6. Session Management A session is a semi-permanent interactive information interchange, also known as a dialogue, a conversation or a meeting, between two or more communicating devices, or between a computer and user (see Login session). A session is set up or established at a certain point in time, and torn down at a later point in time. An established communication session may involve more than one message in each direction. A session is typically, but not always, stateful, meaning that at least one of the communicating parts needs to save information about the session history in order to be able to communicate, as opposed to stateless communication, where the communication consists of independent requests with responses.An established session is the basic requirement to perform a connection-oriented communication. A session also is the basic step to transmit in connectionless communication modes. However any unidirectional transmission does not define a session.[1]

21

3.3 Scheduling
3.3.1 Time line chart:

Fig 3.1: Time Line chart 1

Fig 3.2: Time line Chart 2

22

CHAPTER 4 DESIGN IMPLEMENTATION AND INSTALLATION

4.1 Technology and Software Used

Our project was based on the Java Programming Language and had to be deployed on to the cloud ,not many options were available to us some of the shortlisted tools we considered were as follows:

1. Microsoft Azure Platform 2. Google App Engine 3. Amazon Cloud Services 4. IBM Cloud Services 5. Ubuntu One Cloud Service

After considering all these options we had an in depth study of them to decide which particular service we required that would suit our needs. Further analysis showed that the google app engine platform would be the best choice due to their support for the java programming language and their dependable services.

4.1.1 Google App Engine:

The Services Provider were as follows 1.1GB of Cloud Storage Space. 2. Datastore Service Api for storing data
23

3. Blobstore Service Api to handle images and store them 4.24x7 Maintenance Support

Google App Engine (often referred to as GAE or simply App Engine, and also used by the acronym GAE/J) is a platform as a service (PaaS) cloud computing platform for developing and hosting web applications in Google-managed data centers. Applications are sandboxed and run across multiple servers. App Engine offers automatic scaling for web applicationsas the number of requests increases for an application, App Engine automatically allocates more resources for the web application to handle the additional demand. Google App Engine is free up to a certain level of consumed resources. Fees are charged for additional storage, bandwidth, or instance hours required by the application. It was first released as a preview version in April 2008, and came out of preview in September 2011. Runtimes and frameworks Currently, the supported programming languages are Python, Java (and, by extension, other JVM languages such as Groovy, JRuby, Scala, Clojure, Jython and PHP via a special version of Quercus), and Go. Google has said that it plans to support more languages in the future, and that the Google App Engine has been written to be language independent. Google App Engine supports many Java standards and frameworks. Core to this is the servlet 2.5 technology using the open-source Jetty Web Server, along with accompanying technologies such as JSP. JavaServer Faces operates with some workarounds. Though the datastore used may be unfamiliar to programmers, it is easily accessed and supported with JPA. JDO and other methods of reading and writing data are also provided. The Spring Framework works with GAE, however the Spring Security module (if used) requires workarounds. Apache Struts 1 is supported, and Struts 2 runs with workarounds. The Django web framework and applications running on it can be used on App Engine with modification. Django-nonrel aims to allow Django to work with non-relation databases and the project includes support for App Engine.

24

Applications developed for the Grails web application framework may be modified and deployed to Google App Engine with very little effort using the App Engine Plugin. Spring Roo also offers a cross-platform ability to develop. Reliability and Support All billed High-Replication Datastore App Engine applications have a 99.95% uptime SLA. App Engine is designed in such a way that it can sustain multiple datacenter outages without any downtime. This resilience to downtime is shown by the statistic that the High Replication Datastore saw 0% downtime over a period of a year. [16] Paid support from Google engineers is offered as part of Premier Accounts.[17] Free support is offered in the App Engine Groups and Stack Overflow, however assistance by a Google staff member is not guaranteed. Differences with other application hosting Compared to other scalable hosting services such as Amazon EC2, App Engine provides more infrastructure to make it easy to write scalable applications, but can only run a limited range of applications designed for that infrastructure. App Engine's infrastructure removes many of the system administration and development challenges of building applications to scale to hundreds of requests per second and beyond.[27] Google handles deploying code to a cluster, monitoring, failover, and launching application instances as necessary. While other services let users install and configure nearly any *NIX compatible software, App Engine requires developers to use only its supported languages, APIs, and frameworks. Current APIs allow storing and retrieving data from a BigTable non-relational database; making HTTP requests; sending e-mail; manipulating images; and caching. Existing web applications that require a relational database will not run on App Engine without modification.

25

Per-day and per-minute quotas restrict bandwidth and CPU use, number of requests served, number of concurrent requests, and calls to the various APIs, and individual requests are terminated if they take more than 60 seconds or return more than 32MB of data. Differences between SQL and GQL Google App Engine's datastore has a SQL-like syntax called "GQL". GQL intentionally does not support the Join statement, because it seems to be inefficient when queries span more than one machine. Instead, one-to-many and many-to-many relationships can be accomplished using ReferenceProperty().This shared-nothing approach allows disks to fail without the system failing. Switching from a relational database to the Datastore requires a paradigm shift for developers when modelling their data.Unlike a relational database the Datastore API is not relational in the SQL sense. The Java version supports asynchronous non-blocking queries using the Twig Object Datastore interface. This offers an alternative to using threads for parallel data processing.

4.1.2 JSP And Servlets (Technology)

JavaServer Pages (JSP) is a technology that helps software developers create dynamically generated web pages based on HTML, XML, or other document types. Released in 1999 by Sun Microsystems, JSP is similar to PHP, but it uses the Java programming language. To deploy and run, a compatible web server with a servlet container (such as Apache Tomcat) is required with it. Overview Architecturally, JSP may be viewed as a high-level abstraction of Java servlets. JSPs are translated into servlets at runtime; each JSP's servlet is cached and re-used until the original JSP is modified. JSP can be used independently or as the view component of a server-side modelviewcontroller design, normally with JavaBeans as the model and Java servlets (or a framework such as Apache Struts) as the controller. This is a type of Model 2 architecture.
26

JSP allows Java code and certain pre-defined actions to be interleaved with static web markup content, with the resulting page being compiled and executed on the server to deliver a document. The compiled pages (and any dependent Java libraries) use Java bytecode rather than a native software format. Like any other Java program, they must be executed within a Java virtual machine (JVM) that integrates with the server's host operating system to provide an abstract platform-neutral environment. JSP pages are usually used to deliver HTML and XML documents, but through the use of OutputStream, they can deliver other types of data as well. Syntax JSP pages use several delimiters for scripting functions. The most basic is <% ... %>, which encloses a JSP scriptlet. A scriptlet is a fragment of Java code that is run when the user requests the page. Other common delimiters include <%= ... %> for expressions, where the value of the expression is placed into the page delivered to the user, and directives, denoted with <%@ ... %>. Java code is not required to be complete (self contained) within its scriptlet element block, but can straddle markup content providing the page as a whole is syntactically correct. For example, any Java if/for/while blocks opened in one scriptlet element must be correctly closed in a later element for the page to successfully compile. Markup which falls inside a split block of code is subject to that code, so markup inside an if block will only appear in the output when the if condition evaluates to true; likewise, markup inside a loop construct may appear multiple times in the output depending upon how many times the loop body runs. Comparison with similar technologies JSP pages are similar to PHP pages and ASP.NET Web Forms, in that all three add server-side code to an HTML page. However, all three terms refer to a different component of the system. JSP refers to the JSP pages, which can be used alone, with Java servlets, or with a framework such as Apache Struts. PHP is itself a programming language, designed for dynamic Web pages.

27

ASP.net is a framework comparable to Struts or JavaServer Faces that uses pages called Web Forms. While JSP pages use the Java language, ASP.NET pages can use any .NET-compatible language (usually C#). ASP.NET is designed for a Microsoft Windows web server, while PHP and Java server technologies (including JSP) support Windows or GNU/Linux, among other platforms.

4.1.3 Servlets
A Servlet is a java based server side web technology. As the name implies, it serves a client request and receives a response from the server. Technically speaking a Servlet is a Java class in Java EE that conforms to the Java Servlet API, a protocol by which a Java class may respond to requests. They are not tied to a specific client-server protocol, but are most often used with the HTTP protocol. Therefore, the word "Servlet" is often used in the meaning of "HTTP Servlet".Thus, a software developer may use a servlet to add dynamic content to a Web server using the Java platform. The generated content is commonly HTML, but may be other data such as XML. Servlets are the Java counterpart to non-Java dynamic Web content technologies such as CGI and ASP.NET. Servlets can maintain state in session variables across many server transactions by using HTTP cookies, or URL rewriting. To deploy and run a Servlet, a Web container must be used. A Web container (also known as a Servlet container) is essentially the component of a Web server that interacts with the servlets. The Web container is responsible for managing the lifecycle of servlets, mapping a URL to a particular servlet and ensuring that the URL requester has the correct access rights. The servlet API, contained in the Java package hierarchy javax.servlet, defines the expected interactions of the Web container and a servlet. A Servlet is an object that receives a request and generates a response based on that request. The basic servlet package defines Java objects to represent servlet requests and responses, as well as objects to reflect the servlet's configuration parameters and execution environment. The package
28

javax.servlet.http defines HTTP-specific subclasses of the generic servlet elements, including session management objects that track multiple requests and responses between the Web server and a client. Servlets may be packaged in a WAR file as a Web application. Servlets can be generated automatically from JavaServer Pages (JSP) by the JavaServer Pages compiler. The difference between Servlets and JSP is that Servlets typically embed HTML inside Java code, while JSPs embed Java code in HTML. While the direct usage of Servlets to generate HTML (as shown in the example below) has become rare, the higher level MVC web framework in Java EE (JSF) still explicitly uses the Servlet technology for the low level request/response handling via the FacesServlet. A somewhat older usage is to use servlets in conjunction with JSPs in a pattern called "Model 2", which is a flavor of the model-view-controller pattern. Advantages over CGI The advantages of using servlets are their fast performance and ease of use combined with more power over traditional CGI (Common Gateway Interface). Traditional CGI scripts written in Java have a number of disadvantages when it comes to performance:

When an HTTP request is made, a new process is created for each call of the CGI script. This overhead of process creation can be very system-intensive, especially when the script does relatively fast operations. Thus, process creation will take more time than CGI script execution. Java servlets solve this, as a servlet is not a separate process. Each request to be handled by a servlet is handled by a separate Java thread within the Web server process, omitting separate process forking by the HTTP daemon.

Simultaneous CGI request causes the CGI script to be copied and loaded into memory as many times as there are requests. However, with servlets, there are the same amount of threads as requests, but there will only be one copy of the servlet class created in memory that stays there also between requests.

Only a single instance answers all requests concurrently. This reduces memory usage and makes the management of persistent data easy.A servlet can be run by a servlet engine in a restrictive environment, called a sandbox. This is similar to an applet that runs in the

29

sandbox of the Web browser. This makes a restrictive use of potentially harmful servlets possible.

4.2 Stage wise Model Development

Our project was divided into different stages or can say modules, these modules helped to decide the actual flow of the application and implementation of the project was achieved smoothly with the modular approach. The modular Approach was achieved with the help of the class diagram scheme.

4.2.1 Class Diagram

Fig 4: Class Diagram

30

Each of these modules describe the attributes and the methods that are used and performed by the entities involved in the project working. Modular approach simplified the task of what task each of the module will be performing in the project.

4.2.2 Flow Charts for Module Representation

1. Parameter Tampering

Send Parameter

Tamper Parameters

Acceptable pattern ?

no Stop

yes Proceed further

Fig 5: Flow Chart of Parameter Tampering

31

2. SQL Injection

Enter User input

yes Check SQL token? Stop

no

Proceed further

Fig 6: Flow Chart of SQL Injection

32

4.3 Implementation Stages

After the development of the individual modules of the project we looked in to the implementation of each of the module and defined the realtion between them, this was achieved by the use of flow charts which described the functions of each of the modules used in the project. The implementation scheme of the project was categorized as per the configuration of the google app engine, the google app engine working can be illustrated by the following diagram

Cloud

Fig 7: Google App Engine Cloud Working

33

4.4 Installation Stages[6]

4.4.1 Netbeans IDE 6.9.1
NetBeans refers to both a platform framework for Java desktop applications, and an integrated development environment (IDE) for developing with Java, JavaScript, PHP], Python (no longer supported after NetBeans 7), Groovy, C, C++, Scala, Clojure, and others. The NetBeans IDE 7.0 no longer supports Ruby and Ruby on Rails, but a third party has begun work on a separate plugin. The NetBeans IDE is written in Java and can run on Windows, Mac OS, Linux, Solaris and other platforms supporting a compatible JVM. A pre-existing JVM or a JDK is not required. The NetBeans platform allows applications to be developed from a set of modular software components called modules. Applications based on the NetBeans platform (including the NetBeans IDE) can be extended by third party developers.

4.4.2 Current versions

NetBeans IDE 6.0 introduced support for developing IDE modules and rich client applications based on the NetBeans platform, a Java Swing GUI builder (formerly known as "Project Matisse"), improved CVS support, WebLogic 9 and JBoss 4 support, and many editor enhancements. NetBeans 6 is available in official repositories of major Linux distributions. NetBeans IDE 6.5, released in November 2008, extended the existing Java EE features (including Java Persistence support, EJB 3 and JAX-WS). Additionally, the NetBeans Enterprise Pack supports development of Java EE 5 enterprise applications, including SOA visual design tools, XML schema tools, web services orchestration (for BPEL), and UML modeling. The NetBeans IDE Bundle for C/C++ supports C/C++ and FORTRAN development. NetBeans IDE 6.8 is the first IDE to provide complete support of Java EE 6 and the GlassFish Enterprise Server v3. Developers hosting their open-source projects on kenai.com additionally benefit from instant messaging and issue tracking integration and navigation right in the IDE,
34

support for web application development with PHP 5.3 and the Symfony framework, and improved code completion, layouting, hints and navigation in JavaFX projects. NetBeans IDE 6.9, released in June 2010, added support for OSGi, Spring Framework 3.0, Java EE dependency injection (JSR-299), Zend Framework for PHP, and easier code navigation (such as "Is Overridden/Implemented" annotations), formatting, hints, and refactoring across several languages. NetBeans IDE 7.0 was released in April 2011. On August 1, 2011, the NetBeans Team released NetBeans IDE 7.0.1, which has full support for the official release of the Java SE 7 platform.

4.4.3 NetBeans Platform

The NetBeans Platform is a reusable framework for simplifying the development of Java Swing desktop applications. The NetBeans IDE bundle for Java SE contains what is needed to start developing NetBeans Plugins and NetBeans Platform based applications; no additional SDK is required. Applications can install modules dynamically. Any application can include the Update Center module to allow users of the application to download digitally-signed upgrades and new features directly into the running application. Reinstalling an upgrade or a new release does not force users to download the entire application again. The platform offers reusable services common to desktop applications, allowing developers to focus on the logic specific to their application. Among the features of the platform are:

User interface management (e.g. menus and toolbars) User settings management Storage management (saving and loading any kind of data) Window management Wizard framework (supports step-by-step dialogs) NetBeans Visual Library Integrated development tools
35

NetBeans IDE is a free, open-source, cross-platform IDE with built-in-support for Java Programming Language.

4.4.4 NetBeans IDE

NetBeans IDE is an open-source integrated development environment. NetBeans IDE supports development of all Java application types (Java SE (including JavaFX), Java ME, web, EJB and mobile applications) out of the box. Among other features are an Ant-based project system, Maven support, refactorings, version control (supporting CVS, Subversion, Mercurial and Clearcase). Modularity: All the functions of the IDE are provided by modules. Each module provides a well defined function, such as support for the Java language, editing, or support for the CVS versioning system, and SVN. NetBeans contains all the modules needed for Java development in a single download, allowing the user to start working immediately. Modules also allow NetBeans to be extended. New features, such as support for other programming languages, can be added by installing additional modules. For instance, Sun Studio, Sun Java Studio Enterprise, and Sun Java Studio Creator from Sun Microsystems are all based on the NetBeans IDE. License: From July 2006 through 2007, NetBeans IDE was licensed under Sun's Common Development and Distribution License (CDDL), a license based on the Mozilla Public License (MPL). In October 2007, Sun announced that NetBeans would henceforth be offered under a dual license of the CDDL and the GPL version 2 licenses, with the GPL linking exception for GNU Classpath

4.4.5 NetBeans Profiler

The NetBeans Profiler is a tool for the monitoring of Java applications: It helps developers find memory leaks and optimize speed. Formerly downloaded separately, it is integrated into the core IDE since version 6.0.
36

The Profiler is based on a Sun Laboratories research project that was named JFluid. That research uncovered specific techniques that can be used to lower the overhead of profiling a Java application. One of those techniques is dynamic bytecode instrumentation, which is particularly useful for profiling large Java applications. Using dynamic bytecode instrumentation and additional algorithms, the NetBeans Profiler is able to obtain runtime information on applications that are too large or complex for other profilers. NetBeans also support Profiling Points that let you profile precise points of execution and measure execution time.

4.4.6 NetBeans GUI Builder

GUI design tool Formerly known as project Matisse, the GUI design-tool enables developers to prototype and design Swing GUIs by dragging and positioning GUI components. The GUI builder has built-in support for JSR 295 (Beans Binding technology), but the support for JSR 296 (Swing Application Framework) was removed in 7.1, without prior warning. NetBeans JavaScript editor The NetBeans JavaScript editor provides extended support for JavaScript, Ajax, and CSS. JavaScript editor features comprise syntax highlighting, refactoring, code completion for native objects and functions, generation of JavaScript class skeletons, generation of Ajax callbacks from a template; and automatic browser compatibility checks. CSS editor features comprise code completion for styles names, quick navigation through the navigator panel, displaying the CSS rule declaration in a List View and file structure in a Tree View, sorting the outline view by name, type or declaration order (List & Tree), creating rule declarations (Tree only), refactoring a part of a rule name (Tree only).

37

CHAPTER 5 RESULT AND DISCUSSIONS

The project aims to detect attack at early possible level in the system right from the login to the logout of the user. The methodology followed is as per the standards of the OWASP project. The project aims to develop a completely secure system which is not only able to detect malicious attacks but also to prevent and keep a track of such attacks so that the system is aware of the steps need to be taken the next time.

Snapshots of the Project:

Fig 8:Homepage

38

Fig 9:Attacks detected

39

Fig 10:Attack Statistics

40

Fig 11:User Homepage

41

Fig 12:User's Login history

42

Fig 13:User's purchase history

43

CHAPTER 6 CONCLUSION AND SCOPE FOR FUTURE WORK

Cloud Computing is a new type of service which provides large scale computing resource to each customer. Cloud Computing systems can be easily threatened by various cyber attacks, because most of Cloud Computing systems provide services to so many people who are not proven to be trustworthy. Therefore, a Cloud Computing system needs to contain some Intrusion Detection Systems (IDSs) for protecting each Virtual Machine (VM) against threats. In this case, there exists a tradeoff between the security level of the IDS and the system performance. If the IDS provide stronger security service using more rules or patterns, then it needs much more computing resources in proportion to the strength of security. So the amount of resources allocating for customers decreases. Another problem in Cloud Computing is that, huge amount of logs makes system administrators hard to analyze them. In this paper, we propose a method that enables Cloud Computing system to achieve both effectiveness of using the system resource and strength of the security service without trade-off between them.. In this project we have just detected the possible attacks and threats on the cloud server. An enhancement to this is the prevention of it. In future we will also prevent the attacks i.e. the attack detection and prevention on cloud server. Thus this will help us to minimize the risk and threats that could affect a cloud. We will also monitor the attack patterns and develop an mechanism that would capture and record all new attacks and prevent them from occurring in the future.

44

REFERENCES

[1]

Claudio Mazzariello, Roberto Bifulco and Roberto Canonico Integrating a Network IDS into an Open Source Cloud Computing Environment, ACM, 2009, pp. 199212. John McHugh, Alan Christie, and Julia Allen The Role of Intrusion Detection Systems, Proceedings of IEEE Network pp no. 42-51 September/October 2000. ]Biswanath Mukherjee, Karl N. Levitt Network Intrusion Detection System, Proceedings of IEEE Network pp.26-41 May/June 1994.

[2]

[3]

[4]

Information on threats and attack: http://www.cloudsecurityalliance.org/topthreads/csathreats.v1.0.pdf

[5]

Threats, Attacks and Control measures https://www.owasp.org/index.php/Category:Attack

[6]

Cloud tutorials , http://rocky.developerblogs.com/tutorials/getting-started-google-appengine-netbeans.html

45