Back
 JCC  Vol.7 No.12 , December 2019
Cloud-Based Access Control to Preserve Privacy in Academic Web Application
Abstract: Emerging cloud computing has introduced new platforms for developing enterprise academic web applications, where software, platforms and infrastructures are published to the globe as services. Software developers can build their systems by multiple invocations of these services. This research is devoted to investigating the management and data flow control over enterprise academic web applications where web services and developed academic web application are constructing infrastructure-networking scheme at the application level. Academic web services are invoked over http port and using REST based protocol; thus traditional access control method is not enough to control the follow of data using host and port information. The new cloud based access control rules proposed here are to be designed and implemented to work at this level. The new proposed access control architecture will be a web service gateway, and it published itself as a service (SaaS). We used three case studies to test our moodle and then we apply JSON parsers to perceive web service description file (WSDL file) and supply policies according to data are to be allowed or denied based on user roll through our parsing.

1. Introduction

Cloud computing could be defined as the availability of the resources of the computer system like computing power and storage of data without direct involvement of the users on-demand. It is utilized for describing the data centers that are available to various numbers of users. It relies on the sharing of resources. Several kinds of characteristics of cloud computing comprise of improvement of the agility of various organizations for the increment of the flexibility of the users with expansion, re-provision and auditioning of the resources of technological infrastructure. It also helps in the reduction of the costs, which are claimed by the providers of cloud. The capital expenditures are converted to the operational expenditures with help of the model of public-cloud delivery. The independence of device as well as the location helps in enabling the users for accessing the systems with the utilization of a web browser irrespective of the kind of devices, which are utilized by them along with the location of the users. Cloud computing becomes very advantageous as its maintenance is much easier and the main reason behind this is that the applications of cloud computing do not possess any need to get installed into the computer of the users which in turn could be accessed from various places and by the users. The multitenancy feature of cloud computing helps in enabling the sharing of costs along with the resources among huge size of users for the allowance of the infrastructure centralization with low costs in various locations along with the improvement of efficiency and utilization for the systems. The IT experts from the providers of service constantly monitor its performance. In addition to this, the productivity might be increased where multiple number of users could work on the similar data multiple number of times as compared to that of waiting for the data to get saved and then get emailed. Cloud computing is reliable which in turn helps in the improvement of the utilization of numerous sites which are redundant in nature. Security could be improved by incrementing the resources which are mainly focused on the security for the purpose of centralization of data. Nowadays, the cloud computing plays a major role due to its many technological and economic benefits. Subsequently, the cloud market has witnessed a growth rate of approximately 20 percent in 2017 and is expected to growing in the upcoming days [1]. The significant features are like resilience, portability, scalability, measured service and on-demand service once provisioning their services in the cloud. Moreover, cloud computing plays a significant role in field of academic web services, and it has been considered as one of the main emerging paradigms in computing influence on academic web services due to its dynamic scalability, high availability and other beneficial characteristics.

The use of a cloud-computing platform provides an effective solution to enhance the quality of academic web services by providing new ways of education and learning, which affects both students and teachers. Also, it has many benefits for the institutions like schools or universities.

In spite of the fact that the utilization of cloud services is quickly developing, these services are still a little part of the worldwide IT market. One of the fundamental obstacles to the full relocation to the cloud is the absence of security.

The cloud presents numerous security difficulties and threats, particularly to information protection and administration accessibility, which builds clients’ concerns about the transparency of the CSPs and security assurance [2] [3]. In addition, security challenges are numerous thus providing several opportunities for hackers to break the crypto-system. However most of the research and survey papers are in line with the survey suggested by this author. Cloud computing, still seems to be incomplete when it comes to security issues [4].

The main purpose of this paper is proposed new method based on access control rules and JSON parser to solve the security issues and preserve privacy in Academic web application. The remained of this paper organized as follow: In Section (2) REST full and JSON back ground, Section (3) problem description, Section (4) related work, Section (5) our proposed frame work, Section (6) proposed framework, Section (7) experiment and result, Section (8) display the conclusion.

There are several previous studies provides a brief summary for some perfect papers related with the cloud computing based education and papers illustrate the methods to preserve privacy in this area.

Engr and Huma worked in their research to help student and teacher have a perfect quality of academic and research. They proposed a model-based cloud computing to provide reliable resources, which improve the challenge in teaching infrastructure. Teachers and student can do many important activates like share the course materials and updates examinations or assignments on easy way [5].

Shri and Padhiar represent a study that discusses the benefits of e-learning in education. Using cloud-based e-learning improves the quality of education so that essential performance can be achieved. Also, the clients can store and access their data by using their web-based PCs or smartphones. On another hand, they identify various types of attacks suggested by different researchers in service delivery models of e-learning [6].

A lot of attention is being received by cloud computing from both industrial as well as academic fields. The users with the utilization of the Internet could outsource the storage to the web servers and computation. Cloud computing becomes advantageous as a hassle-free maintenance of the on-site resources is enjoyed by its users. Several kinds of services are provided by cloud be it applications, platforms or infrastructure. The applications, which are provided by cloud, comprise of Microsoft online and Google applications. The infrastructures, which are provided by cloud, constitutes of Nimbus, Eucalyptus and EC2 of Amazon. Various platforms like Windows Azure and S3 of Amazon are provided by cloud for helping the developers in writing applications. Privacy and security of information become an important concern of cloud computing as the services, which are provided, by cloud outsourced towards the remote servers. The privacy of the users is necessary such that other users as well as the cloud do not know the identity of the users. The user could be held accountable by the cloud regarding the outsourced data and on the other hand the cloud could also be hold accountable for all the services, which are provided by it. The validity of the users whoever stores data is verified too. The inclusion of searchable encryption could be verified from a study. The encrypted keywords are sent to the cloud and the cloud returns the results without it having the knowledge of the actual keywords utilized for a search. The researchers are studying the protection of privacy and security in the clouds. The access control in clouds is getting popular with each passing day and it is of huge importance because the valid services could only be accessed by the users who are authorized [6]. The main reason behind this is that a huge amount of confidential and sensitive information is stored in the cloud and which should be protected. Care should be also taken for ensuring the access control of this personal information, which could be frequently related to the important academic, documents that in Drop box or Google docs. It could also be related to the personal information that is shared over the social networking sites.

Thu and Nwe Aung provide RESTFUL web services to allow for a user to use the mobile network framework to get the e-book from the university library. The proposed system implemented android-based mobile library infrastructure and tested successfully using RESTFul web service provisioning concept [7].

2. RESTFULL and JSON Background

2.1. Representational State Transfer (RESTFULL)

REST stands for Representational State Transfer REST is a newer method that utilizes HTTP to communicate information while XML, JSON, etc. formats form data. It simplifies access to web services by using current and well-known norms rather than adding to the transmission and communication stack a fresh information-processing layer. REST therefore tends to be a lighter alternative to the heavy protocol of SOAP [8]. In other words it could also be described as an architectural style of software, which in turn describes a bunch of constraints, which needs to be utilized for the creation of the web services. The number of web based services which match up to the standards of the architectural style of REST are termed as RESTful web services which help in providing interoperability between the computer systems with the utilization of Internet. The World Wide Web itself, based on HTTP, can be seen in many respects as architecture based on REST. Moreover, REST architecture is the most dominant web design architecture for user-friendly applications in recent years. RESTFul web services are REST architecture-based web applications. They use web URIs to display information (data and functionality) and use the four main HTTP methods to create, download, modify, and delete resources. Usually, RESTFul web services map the four key HTTP methods to CRUD actions: build, download, modify, and delete. Figure 1 shows the RESTFul web services architecture.

2.2. Java Script Object Notation (JSON)

JSON is a language-independent, lightweight, text-based information interchange format. It was obtained from the programming language of the ECMAScript (European Association of Computer Manufacturers), but is independent of programming language. For the portable representation of structured data, JSON defines a small set of structuring rules. Like XML, JSON is an open standard text-based for information representation [9]. JSON could also be termed

Figure 1. Web with REST architecture.

as human-readable as well as text-based interchangeable format of data, which in turn is utilized for the representation of normal data objects and structures in codes based on web browser. JSON is made of two structures:

1) Set of name or value pairs;

2) List Sorted values.

These data structures are referred to as the universal data structure.

· Academic web services in cloud computing

1) Aspects regarding cloud computing

Cloud computing is a new concept and it is used as a utility to distributed the tasks to a large number of computers resources which represents both the software and the hardware delivered as services over the Internet. Cloud computing is developed to allow for the users access computing power, storage space and information service according to their needs. Figure 2 shows that There are three layers of cloud computing architecture such as, a) Platform-as-a-Service (PaaS) tool offered to develop applications without installing any software on the developer’s side, b) Software-as-a-Service (SaaS) that is run by the Cloud Service Providers (CSPs) and mostly used by organizations, c) Infrastructure-as-a-Service (IaaS) that comprises hardware, storage, servers, and networking services operated, controlled and maintained by the CSPs.

· Infrastructure as a supplier (IaaS);

· Software as a transporter (SaaS);

· Platform as an administration (PaaS).

There are a couple of kinds of PaaS. Each PaaS open door is either open, private, or a half of and half of mix of the two. When the user chooses a private mood, the privacy and accountability program “PAM” will be established to ensure confidentiality and transparency [10]. Open PaaS is encouraged inside the cloud, and its establishment is directed by methods for the supplier. Private PaaS, then again, is housed in put servers or non-open frameworks, and is set aside through the buyer. Hybrid PaaS uses added substances from both open and individual, and is fit for executing applications from several cloud establishments [11].

Figure 2. Cloud computing architecture.

2) Aspects regarding academic web services

Web service is defaced as an interface representing a series of operations that can be accessed through a network such as the Internet in the form of XML (Extensible Markup Language) messages. Web service is defined as piece or part of the data or process that anyone can access, using any computer at any time, not linked to the operating system or programming language used [12].

The academic web services help students to access information easily anywhere and anytime as well as reduce the uneven distribution of information by utilizing web service technology.

There are three components that make web service running, which are service provider, service requestor, and service registry. Figure 3 illustrates these components.

3. Problem Description

Academic web Services provide flexibility and platform independence along with a loosely coupled architecture for connecting data, systems, and organizations. Properly designed, loosely coupled services can be accessible as separate components of business logic, executed as standalone services, or combined with other services to create a complex application, however, this opens doors to a number of security concerns.

The academic web service threat profile given the right circumstance, an attacker can translate these threats to exploits and compromise the corresponding infrastructure or the application implemented as a academic web service.

3.1. Access Control Methodology

· Access control methodology

Let’s define the traffic of the enterprise academic web application to be the data flow produced by academic web service invocation over the Internet.

Figure 3. Web service architecture [9].

Let

A w s d l = { allow 6 Iff mining ( wsdl ) satisfy deny Else

where A w s d l = Access control action toward the invocation of certain academic web service which has its corresponding description in passed academic web services.

3.2. Challenges and Motivations

This proposed is due to the demanded control over data and service flow produced by academic web service invocation over cloud environment. The traditional control mechanisms do not comply with the emerging new platforms introduced by cloud, where academic web services are the kernel components of the modern web applications and these services do not share common geographical locations, reside on different internet segments.

Academic web services that compos certain enterprise web application can be thought as a global network and academic web services are the processing nodes of this network. Malicious academic web service can penetrate this network and join the communication session; this way data confidentiality and availability can be extremely harmed and traditional security methodologies can’t work at that level of abstraction. Policy based access control is a real demand to control the traffic flow over virtual global network composed of academic web services.

4. Proposed Framework for the System

Security and privacy are very important for any shared system. However, for a large distributed system like a cloud system, access decision needs to be more flexible and scalable. Figure 4 is framework presents how using the access control trough JSON parsing could provide more privacy and secure in academic web services.

REST and JSON

· RESTFUL

Figure 4. Privacy framework on academic web services.

REST used to define and address resources on the Internet. REST does not need an additional messaging layer such as the Simple Object Access Protocol (SOAP) to describe simple Hypertext Transfer Protocol (HTTP) interfaces. Moreover, Resources can be obtained in the RESTFul academic web service by referring the resource name through HTTP protocol and using an HTTP technique (i.e. GET, POST, PUT and DELETE) to handle resources on the server. Resource references are produced through distinctive URLs.

· JSON

For the portable representation of structured data, JSON describes a small set of structuring laws. Unlike XML, JSON is a text-based open standard for data representation, and it uses data representation characters such as “[{]}” braces, colon “:” and comma “.”. Use simple key/value pairs, data is represented and more complex data is represented as associative arrays.

Access control through JSON parsing

Access control through JSON parsing is another approach to resolving the privacy issue. Through specifying authorization access control through JSON parsing for user role, and representing private data in cloud computing environment, privacy is addressed using this approach, which allows users to access network, data, and device files with restricted authorization. It also controls who or which tools in the cloud computing system can be used. More than two systems such as Roll-Based Access Control (RBAC) and Discretionary Access Control (DAC) could be used to address security issues in cloud computing [13].

Web services

Web Services enables any Internet application to reach any other web application. If web applications can interact on the Internet in accordance with the norms of web service, A web service enables application software to be used via a network where information is exchanged via URL queries for an application. Input is processed and output is provided through HTTP protocol as information is exchanged in XML form.

Cloud computing

Cloud computing is the largest service platform on the Internet that offers hosting facilities. It offers services on demand and can be public, private or hybrid. Cloud computing is commonly used in education because it has enormous benefits. One of these benefits is free or less expensive cloud-based services used daily for teaching system assistance, content development, research and social interaction.

Usually there is client and server communicate with each other and this communication happen under the hood where both communicate through the Http protocol the same protocol power the web. The server to will offer bunch of services which accessible by the http protocol. Client will directly send request to the server through the http. This is where Rest comes to the picture. Our proposed system work based on the following algorithms:

1) Login Algorithm

Firstly, the user should have a unique user ID to sign up and be eligible to access the academic web service. The next step, the system will automatically check the user states if he/she is student, teacher, or staff to allow for each one to their work according to their access permission. Student and teacher will be able to get the benefits of the academic web services even in offline, however, the staff can access in the certain time. Figure 5 represents this algorithm as flowchart.

2) Parsing Based User Role Access Control Algorithm

The services are for Create, update, Read and Delete data in the server these operation called crud operations. For example we have student and need to register in a class what would the service for this is http://www.oakland.edu/courses this will be a service and the service will the course when the request execute the course will be residing in the server and inside of the request we want to read the available courses through the browser regarding to that the service will get the data in JSON format to the uses and the client will receive the respond and all the data will be renders in the browser by a web tool like JavaScript and will spit the data in certain format the application doing it into browser.

Input valid user

Output: valid/in valid data:

a) get data user inter;

b) capture user data;

c) parsing user data based on user role;

d) end.

Figure 5. Login algorithm.

5. Experiments and Results

In this section, we test our solution in this experiment, we use spring boot tools in Java as a backend to available to the frontend request call through RESTFUL web services. Spring Data JPA, part of the larger family of Spring Data, makes JPA-based repositories simple to introduce. This module addresses enhanced support for data access layers based on JPA. It makes it easier to build Spring-powered applications using technology for data access. For web services the post, request, rest to call the RESTFULL. The model is university and the case study is student. Our dataset is automated and it build online, so when the student login to the system we invoke the dataset and do the parsing on it. In side the spring tools we do repository dataset we use student as case study to build our dataset within controller. Implementing an application’s data access layer has been tedious for a long time. Too much boilerplate code needs to be written to perform simple searches, pagination, and auditing. The aim of Spring Data JPA is to improve the implementation of data access layers significantly by reducing the effort to the amount actually needed.

In Figure 6 we explore user role as student, which is matching with available services as course registration. We use course registration to call student as stringfy (item), which is responsible to do the JSON parsing.

Testing Operation Figure 7 shows the request from the client-side to minding the data to database through a RESTFULL call. The data will be capturing as showing in the student form.

Finally, Figure 8 and Figure 9 show that we did the same process and steps

Figure 6. JSON parsing for course registration.

Figure 7. Student moodle.

Figure 8. Instructor moodle.

for instructor and staff to provide for them high quality of security and privacy based on their authorization and role.

6. Conclusion and Future Work

In this paper, new method is based on access control trough JSON parser for user

Figure 9. Staff moodle.

role to solve the security issues and preserves privacy in academic web application. The importance of access control based on cloud for preserving the privacy of the academic applications has been focused on. The main reason behind this is that the third parties along with the unauthorized users could easily exploit the important details of the academic web applications. The aspects of cloud computing in the context of academic web services have been discussed in this paper, which further leads to utilization of Rest full and JSON. The problem regarding the threats like that of the academic web service threat profile given the right circumstance, an attacker can translate these threats to exploit and compromise the corresponding infrastructure or the application implemented as an academic web service. Certain case studies have been mentioned where the cloud-based access control became necessary for preserving the privacy of the resources of the university. The framework of the system has also been proposed along with the utilization of certain rules of access control and the importance of the academic web services. Access control could be broadly categorized into three categories, which are user based access protocols, attribute based access protocols and role based access protocols that are utilized for various purposes according to their functionalities. Data could only be accessed by those users having a valid bunch of attributes which become successful in satisfying the numerous access policies. In context of the academic web services, the important information related with the academic records might only be accessed by the faculty members, students and staff. Various sectors where the access control is being utilized are academic sector. The access control is being utilized in the academic sector where the important and confidential information of users could only be accessed by the authorities people, and faculties of a particular academy with the avoidance of any third party or unauthorized users. Besides, this result our future work will be in the following: 1) Apply our access control rules that will detect intruder to preserve a high quality of privacy and security in academic web services; 2) Connect these web services with cloud computing as Saas.

Cite this paper: Almtrf, A. and Zohdy, M. (2019) Cloud-Based Access Control to Preserve Privacy in Academic Web Application. Journal of Computer and Communications, 7, 37-49. doi: 10.4236/jcc.2019.712005.
References

[1]   The Statistics Portal, Market Growth Forecast for Public Cloud Services Worldwide from 2011 to 2021.
https://www.statista.com/statistics/203578/global-forecast-of-
cloud-computing-services-growth/


[2]   Halabi, T. and Bellaiche, M. (2018) A Broker-Based Framework for Standardization and Management of Cloud Security-SLAs. Computers & Security, 75, 59-71.
https://linkinghub.elsevier.com/retrieve/pii/S0167404818300476
https://doi.org/10.1016/j.cose.2018.01.019

[3]   Li, H., Yang, C. and Liu, J.B. (2019) A Novel Security Media Cloud Framework. Computers & Electrical Engineering, 74, 605-615.
https://linkinghub.elsevier.com/retrieve/pii/S0045790617324862

[4]   Subramanian, N. and Jeyaraj, A. (2018) Recent Security Challenges in Cloud Computing. Computers & Electrical Engineering, 71, 28-42.
https://linkinghub.elsevier.com/retrieve/pii/S0045790617320724
https://doi.org/10.1016/j.compeleceng.2018.06.006

[5]   Ahmed, E. and Ahmed, H. (2019) A Proposed Model for Education System Using Cloud Computing. 2018 3rd International Conference on Emerging Trends in Engineering, Sciences and Technology (ICEEST), Karachi, 21-22 December 2018, 3.
https://doi.org/10.1109/ICEEST.2018.8643331

[6]   Shah, S.U. and Patel, M.B. (2018) Opportunities and Challenges in Cloud-Based E-Learning.

[7]   EiEi, T. and Nwe Aung, T. (2015) Developing Mobile Application Framework by Using RESTFul Web Service with JSON Parser. In: Zin, T., Lin, J.W., Pan, J.S., Tin, P. and Yokota, M., Eds., Genetic and Evolutionary Computing. GEC 2015. Advances in Intelligent Systems and Computing, Vol. 388, Springer, Cham, 4-5.

[8]   Tihomirovs, J. and Grabis, J. (2016) Comparison of Soap and Rest Based Web Services Using Software Evaluation Metrics. Information Technology and Management Science, 19, 92-97.
https://doi.org/10.1515/itms-2016-0017

[9]   Pandini, M., Arifin, Z. and Khairina, D. (2015) Design Web Service Academic Information System Based Multiplatform. 2014 The 1st International Conference on Information Technology, Computer, and Electrical Engineering, Semarang, 8-8 November 2014, 2.
https://doi.org/10.1109/ICITACEE.2014.7065760

[10]   Alagrash, Y., Alghayadh, F., Alshammari, A. and Debnath, D. (2019) Cloud Computing: A Framework for Balancing Accountability and Privacy Based on Multi-Agent System. 2019 Cybersecurity and Cyberforensics Conference (CCC), Melbourne, 8-9 May 2019, 2.
https://doi.org/10.1109/CCC.2019.00-16

[11]   Almtrf, A. and Zohdy, M. (2018) A Study on Implementation of Cloud Computing Technology Using Data Mining Algorithms. 2018 International Conference on Advanced Science and Engineering (ICOASE), Duhok, 9-11 October 2018, 2.
https://doi.org/10.1109/ICOASE.2018.8548887

[12]   Sangsanit, K., Kurutach, W. and Phoomvuthisarn, S. (2018) REST Web Service Composition: A Survey of Automation and Techniques. 2018 International Conference on Information Networking (ICOIN), Chiang Mai, 10-12 January 2018, 1.
https://doi.org/10.1109/ICOIN.2018.8343096

[13]   Almtrf, A., Alagrash, Y. and Zohdy, M. (2019) Framework Modeling for User Privacy in Cloud Computing. 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 5.
https://doi.org/10.1109/CCWC.2019.8666453

 
 
Top