Professional Documents
Culture Documents
GENERATING CLOUD MONITORS FROM MODELS TO SECURE.docx 2
GENERATING CLOUD MONITORS FROM MODELS TO SECURE.docx 2
REPORT ON
requirement.
BACHELOR OF TECHNOLOGY
IN
Submitted
by
CERTIFICATE
ABSTRACT:
1
CHAPTER -1
INTRODUCTION
In many companies, private clouds are considered to be an important element of data center
transformations. Private clouds are dedicated cloud environments created for the internal
use by a single organization . According to the Cloud Survey 2017 ,private clouds are
adopted by 72% of the cloud users, while the hybrid cloud adoption (both public and
private) accounts for 67%. The companies, adopting private clouds, vary in size from 500
to more than 2000 employees. Therefore, designing and developing secure private cloud
environments for such a large number of users constitutes a major engineering challenge.
Usually, cloud computing services offer REST APIs (REpresentational State Transfer
Application Programming Interface) to their consumers. REST APIs, e.g., AWS, Windows
Azure , OpenStack , define software interfaces allowing for the use of their resources in
various ways. The REST architectural style exposes each piece of information with a URI,
which results in a large number of URIs that can access the system. Data breach and loss of
critical data are among the top cloud security threats . The large number of URIs further
complicates the task of the security experts, who should ensure that each URI, providing
access to their system, is safeguarded to avoid data breaches or privilege escalation attacks.
Since the source code of the Open Source clouds is often developed in a collaborative
manner, it is a subject of frequent updates. The updates might introduce or remove a variety
of features and hence, violate the security properties of the previous releases. It makes it
rather unfeasible to manually check correctness of the APIs access control implementation
and calls for enhanced monitoring mechanisms. In this paper, we present a cloud monitoring
framework that supports a semi-automated approach to monitoring a private cloud
implementation with respect to its conformance to the functional requirements and API
access control policy. Our work uses UML (Unified Modeling Language) models with
OCL (Object Constraint Language) to specify the behavioral interface with security
constraints for the cloud implementation. The behavioral interface of the REST API
provides an information regarding the methods that can be invoked on it and pre- and post-
conditions of the methods. In the current practice, the pre- and post-conditions are usually
given as the textual descriptions associated with the API methods. In our work, we rely on
the Design by Contract (DbC) framework , which allows us to define security and functional
requirements as verifiable contracts.
2
CHAPTER-2
LITERATURE SURVEY
1.Model Driven Security For Web Servies
3
practical aim is to enable developers (that may not be security specialists) to make use of
established knowledge on security engineering through the means of a widely used notation.
4. Cloud computingthe business perspective
Author: PhuHNguyenetal
4
CHAPTER-3
SYSTEM REQUIREMENTS
HARDWARE REQUIREMENTS:
SOFTWARE REQUIREMENTS:
❖ Front-End : Python.
❖ Designing : Html,css,javascript.
5
SYSTEM STUDY
FEASIBILITY STUDY
The feasibility of the project is analyzed in this phase and business proposal is put forth
with a very general plan for the project and some cost estimates. During system analysis
the feasibility study of the proposed system is to be carried out. This is to ensure that the
proposed system is not a burden to the company. For feasibility analysis, some
understanding of the major requirements for the system is essential.
Three key considerations involved in the feasibility analysis are,
ECONOMICAL FEASIBILITY
This study is carried out to check the economic impact that the system will have on
the organization. The amount of fund that the company can pour into the research and
development of the system is limited. The expenditures must be justified. Thus the developed
system as well within the budget and this was achieved because most of the technologies
used are freely available. Only the customized products had to be purchased.
TECHNICAL FEASIBILITY
This study is carried out to check the technical feasibility, that is, the technical
requirements of the system. Any system developed must not have a high demand on the
available technical resources. This will lead to high demands on the available technical
resources. This will lead to high demands being placed on the client. The developed system
must have a modest requirement, as only minimal or null changes are required for
implementing this system.
SOCIAL FEASIBILITY
The aspect of study is to check the level of acceptance of the system by the user. This
includes the process of training the user to use the system efficiently. The user must not feel
threatened by the system, instead must accept it as a necessity. The level of acceptance by
the users solely depends on the methods that are employed to educate the user about the
system and to make him familiar with it. His level of confidence must be raised so that he is
also able to make some constructive criticism, which is welcomed, as he is the final user of
the system.
6
CHAPTER-4
THEORETICAL BACKGROUND
PYTHON
Python is a general-purpose interpreted, interactive, object-oriented, and high-level
programming language. An interpreted language, Python has a design philosophy that
emphasizes code readability (notably using whitespace indentation to delimit code
blocks rather than curly brackets or keywords), and a syntax that allows programmers to
express concepts in fewer lines of code than might be used in languages such
as C++or Java. It provides constructs that enable clear programming on both small and large
scales. Python interpreters are available for many operating systems. CPython, the reference
implementation of Python, is open source software and has a community-based
development model, as do nearly all of its variant implementations. CPython is managed by
the non-profit Python Software Foundation. Python features a dynamic type system and
automatic memory management. It supports multiple programming paradigms,
including object-oriented, imperative, functional and procedural, and has a large and
comprehensive standard library.
7
DJANGO
Django's primary goal is to ease the creation of complex, database-driven websites. Django
emphasizes reusabilityand "pluggability" of components, rapid development, and the
principle of don't repeat yourself. Python is used throughout, even for settings files and data
models.
Django also provides an optional administrative create, read, update and delete interface that
is generated dynamically through introspection and configured via admin models
8
CHAPTER-5
SYSTEM ANALYSIS
EXISTING SYSTEMS
In many companies, private clouds are considered to be an important element of data center
transformations. Private clouds are dedicated cloud environments created for the internal use
by a single organization. Therefore, designing and developing secure private cloud
environments for such a large number of users constitutes a major engineering challenge.
Usually, cloud computing services offer REST APIs (REpresentational State Transfer
Application Programming Interface) to their consumers. The REST architectural style
exposes each piece of information with a URI, which results in a large number of URIs that
can access the system.
➢ Data breach and loss of critical data are among the top cloud security threats.
➢ The large number of URIs further complicates the task of the security experts, who
should ensure that each URI, providing access to their system, is safeguarded to avoid
data breaches or privilege escalation attacks.
➢ Since the source code of the Open Source clouds is often developed in a collaborative
manner, it is a subject of frequent updates. The updates might introduce or remove a
variety of features and hence, violate the security properties of the previous releases.
PROPOSED SYSTEM
9
ADVANTAGES OF PROPOSED SYSTEM
➢ Our methodology enables creating a (stateful) wrapper that emulates the usage
scenarios and defines security-enriched behavioural contracts to monitor cloud.
➢ The proposed approach also facilitates the requirements traceability by ensuring the
propagation of the security specifications into the code. This also allows the security
experts to observe the coverage of the security requirements during the testing phase.
➢ The approach is implemented as a semi-automatic code generation tool in Django a
Python web framework.
10
CHAPTER-6
SYSTEM DESIGN
INTRODUCTION
This design consists of modules which are well programmed and structured.
MODULES
USER
It defines the access rights of the cloud users. A volume can be created, if the it has not
exceeded its quota of the permitted volumes and a user Authorization is an important security
concern in cloud computing environments. a POST request from the authorized user on the
volumes resource would create a new volume. a DELETE request on the volume resource
by an authorized user would delete the volume . if the user of the service is authorized to do
so, and the volume is not attached to any instance .It aims at regulating an access of the users
to system resources.
11
6.2.1 CLOUD
.The cloud monitors contain contracts used to automatically verify the implementation . A
cloud developer uses IaaS to develop a private cloud for her/his organization that would be
used by different cloud users within the organization. In some cases, this private cloud may
be implemented by a group of developers working collaboratively on different machines.
We use Django web framework to implement cloud monitor and OpenStack to validate our
implementation.
CLOUD LOGIN
12
6.2.3ADMIN
the cloud administrator using Keystone and users or usergroups are assigned the roles in
these projects. It defines the access rights of the cloud users in the project. A volume can be
created, if the project has not exceeded its quota of the permitted volumes and a user is
authorized to create a volume in the project. Similarly, a volume can be deleted, if the user
of the service is authorized to do so, and the volume is not attached to any instance, i.e., its
status is not in-use.
Admin login
13
Machine learning
Machine learning refers to the computer’s acquisition of a kind of ability to make predictive
judgments and make the best decisions by analyzing and learning a large number of existing
data. The representation algorithms include deep learning, artificial neural network, decision
tree, enhancement algorithm and so on. The key way for computers to acquire artificial
intelligence is machine learning. Nowadays, machine learning plays an important role in
various fields of artificial intelligence. Whether in aspects of internet search, biometric
identification, auto driving, Mars robot, or in American presidential election, military
decision assistants and so on, basically, as long as there is a need for data analysis, machine
learning can be used to play a role.
SYSTEM ARCHITECTURE
UML DIAGRAMS
14
The goal is for UML to become a common language for creating models of object
oriented computer software. In its current form UML is comprised of two major components:
a Meta-model and a notation. In the future, some form of method or process may also be
added to; or associated with, UML.
The Unified Modeling Language is a standard language for specifying, Visualization,
Constructing and documenting the artifacts of software system, as well as for business
modeling and other non-software systems.
The UML represents a collection of best engineering practices that have proven
successful in the modeling of large and complex systems.
The UML is a very important part of developing objects oriented software and the
software development process. The UML uses mostly graphical notations to express the
design of software projects.
GOALS:
The Primary goals in the design of the UML are as follows:
1. Provide users a ready-to-use, expressive visual modeling Language so that they can
develop and exchange meaningful models.
2. Provide extendibility and specialization mechanisms to extend the core concepts.
3. Be independent of particular programming languages and development process.
4. Provide a formal basis for understanding the modeling language.
5. Encourage the growth of OO tools market.
6. Support higher level development concepts such as collaborations, frameworks,
patterns and components.
7. Integrate best practices.
15
3. DFD shows how the information moves through the system and how it is modified by a
series of transformations. It is a graphical technique that depicts information flow and
the transformations that are applied as data moves from input to output.
DFD is also known as bubble chart. A DFD may be used to represent a system at any level
of abstraction. DFD may be partitioned into levels that represent increasing information
flow and functional detail.
16
USE CASE DIGRAM
A use case diagram in the Unified Modeling Language (UML) is a type of behavioral
diagram defined by and created from a Use-case analysis. Its purpose is to present a graphical
overview of the functionality provided by a system in terms of actors, their goals
(represented as use cases), and any dependencies between those use cases. The main purpose
of a use case diagram is to show what system functions are performed for which actor. Roles
of the actors in the system can be depicted.
17
CLASS DIAGRAM
18
SEQUENCE DIAGRAM
19
ACTIVITY DIAGRAM
20
CHAPTER-7
SYSTEM IMPLEMENTATION
LOGICAL DESIGN
DEEP LEARNING
Deep learning algorithms refer to a class of machine learning algorithms that are
based on artificial neural networks with multiple layers (hence the term "deep").
These algorithms are designed to automatically learn hierarchical representations of
data by progressively extracting more abstract and complex features from raw input.
The most common and widely used deep learning algorithm is called the deep neural
network (DNN), specifically the convolutional neural network (CNN) for computer
vision tasks and the recurrent neural network (RNN) for sequential data such as text
or speech. However, there are several other types of deep learning algorithms, such
as generative adversarial networks (GANs), autoencoders, and transformers.
Here's a brief overview of some popular deep learning algorithms:
1. Convolutional Neural Networks (CNNs): CNNs are primarily used for image and
video analysis. They are composed of convolutional layers that extract local
features, followed by pooling layers that downsample the spatial dimensions, and
fully connected layers for classification or regression.
2. Recurrent Neural Networks (RNNs): RNNs are suitable for sequential data
processing, such as natural language processing and speech recognition. They
utilize recurrent connections to maintain internal memory, enabling the network to
capture temporal dependencies.
3. Generative Adversarial Networks (GANs): GANs consist of two neural networks—
the generator and the discriminator—that are trained in an adversarial manner. The
generator aims to generate realistic data samples, while the discriminator tries to
distinguish between real and fake data. GANs have been used for tasks like image
synthesis, style transfer, and data augmentation.
4. Autoencoders: Autoencoders are neural networks that aim to learn a compressed
representation of the input data. They consist of an encoder network that maps the
input to a lower-dimensional latent space and a decoder network that reconstructs
the input from the latent representation. Autoencoders are commonly used for data
denoising, dimensionality reduction, and anomaly detection.
5. Transformers: Transformers have gained significant attention for their success in
natural language processing tasks. They use self-attention mechanisms to capture
dependencies between different positions in the input sequence. Transformers have
been particularly effective in machine translation, text generation, and language
understanding.
It's important to note that deep learning algorithms require large amounts of labeled
data and significant computational resources to train effectively. Nonetheless, they
21
have achieved state-of-the-art results in various domains and continue to advance the
field of artificial intelligence.
ARTIFICIAL NEUTRAL NETWORK
Artificial Neural Networks (ANNs) are a class of machine learning algorithms
inspired by the structure and function of biological neural networks. ANNs consist of
interconnected artificial neurons, also known as nodes or units, organized into layers.
Each neuron receives input signals, performs a computation, and passes the result to
the next layer until the final output is generated.
Here's a general overview of the algorithmic steps involved in training and using an
artificial neural network:
1. Architecture Design: Decide on the architecture of the neural network, including
the number of layers, the number of neurons in each layer, and the type of
connections between neurons (e.g., feedforward, recurrent).
2. Initialize Weights: Initialize the weights (parameters) of the neural network with
small random values. These weights determine the strength of connections between
neurons and are adjusted during the training process.
3. Forward Propagation: Perform forward propagation to compute the output of the
neural network. Input data is passed through the network, and computations are
performed layer by layer using activation functions on the weighted sums of inputs.
4. Compute Loss: Compare the network's output with the desired output (ground
truth) and calculate a loss function that quantifies the mismatch between them.
Common loss functions include mean squared error (MSE) for regression problems
and cross-entropy loss for classification problems.
5. Backpropagation: Use the loss function to calculate the gradients of the weights
with respect to the loss. This is done through backpropagation, which involves
propagating the error backward from the output layer to the input layer while
applying the chain rule of calculus.
6. Update Weights: Adjust the weights of the neural network using an optimization
algorithm such as gradient descent or one of its variants. The goal is to minimize
the loss function by iteratively updating the weights in the direction that reduces the
loss.
7. Repeat Steps 3-6: Repeat steps 3 to 6 for multiple iterations or epochs until the
network's performance converges or reaches a satisfactory level.
8. Model Evaluation: Evaluate the trained model's performance on a separate
validation or test dataset to assess its generalization capabilities. Various metrics,
such as accuracy, precision, recall, or mean squared error, can be used depending
on the problem domain.
9. Prediction: Once the model is trained and evaluated, it can be used to make
predictions on new, unseen data by performing a forward pass through the network
using the learned weights.
22
Artificial neural networks can be applied to a wide range of tasks, including
classification, regression, pattern recognition, and time series analysis. They have
proven to be powerful tools in machine learning and have contributed to significant
advancements in various fields.
DECISION TREE
The decision tree algorithm is a supervised machine learning algorithm used for both
classification and regression tasks. It creates a tree-like model of decisions and their
possible consequences based on the features of the input data. The algorithm learns
decision rules by recursively partitioning the data into subsets based on feature
values and their associated target variables.
Here's a general overview of the decision tree algorithm:
1. Data Preparation: Prepare the dataset, ensuring it is in a format suitable for training
a decision tree. This typically involves cleaning the data, handling missing values,
and encoding categorical variables if necessary.
2. Tree Construction: The algorithm starts with the entire dataset and selects a feature
that best splits the data based on a certain criterion. The most common criterion for
classification problems is the Gini impurity or information gain, while for
regression problems, it can be based on mean squared error or other measures. The
dataset is partitioned into subsets based on the chosen feature.
3. Recursive Splitting: The process of selecting the best feature and splitting the data
is repeated recursively for each subset. This creates a tree-like structure where each
internal node represents a decision based on a specific feature, and each leaf node
represents a class label (in classification) or a predicted value (in regression).
4. Stopping Criteria: The recursion continues until a stopping criterion is met. This
criterion can be based on factors such as the maximum depth of the tree, the
minimum number of samples required to split a node, or the maximum number of
leaf nodes.
5. Tree Pruning (Optional): After the decision tree is constructed, pruning techniques
can be applied to reduce overfitting and improve generalization. Pruning involves
removing unnecessary branches or nodes that do not contribute significantly to the
overall accuracy or predictive power of the tree.
6. Prediction: Once the decision tree is built, it can be used to make predictions on
new, unseen data. The input data traverses the tree from the root to a leaf node,
following the decision rules at each internal node. The leaf node reached
determines the predicted class label or value.
Decision trees are popular due to their interpretability, as the resulting tree structure
can be easily visualized and understood. They can handle both categorical and
numerical data, and they can capture non-linear relationships between features and
targets. However, decision trees are prone to overfitting if not properly pruned or
regularized.
23
Various algorithms can be used to construct decision trees, such as ID3, C4.5, CART
(Classification and Regression Trees), and Random Forests (an ensemble of decision
trees). The choice of algorithm depends on the specific requirements and
characteristics of the problem at hand.
PHYSICAL DESIGN
INPUT DESIGN
The input design is the link between the information system and the user. It
comprises the developing specification and procedures for data preparation and those steps
are necessary to put transaction data in to a usable form for processing can be achieved by
inspecting the computer to read data from a written or printed document or it can occur by
having people keying the data directly into the system. The design of input focuses on
controlling the amount of input required, controlling the errors, avoiding delay, avoiding
extra steps and keeping the process simple. The input is designed in such a way so that it
provides security and ease of use with retaining the privacy. Input Design considered the
following things:
➢ What data should be given as input?
➢ How the data should be arranged or coded?
➢ The dialog to guide the operating personnel in providing input.
➢ Methods for preparing input validations and steps to follow when error occur.
OBJECTIVES
1. Input Design is the process of converting a user-oriented description of the
input into a computer-based system. This design is important to avoid errors in the data input
process and show the correct direction to the management for getting correct information
from the computerized system.
2. It is achieved by creating user-friendly screens for the data entry to handle
large volume of data. The goal of designing input is to make data entry easier and to be free
from errors. The data entry screen is designed in such a way that all the data manipulates can
be performed. It also provides record viewing facilities.
3. When the data is entered it will check for its validity. Data can be entered with
the help of screens. Appropriate messages are provided as when needed so that the user will
not be in maize of instant. Thus the objective of input design is to create an input layout that
is easy to follow
OUTPUT DESIGN
A quality output is one, which meets the requirements of the end user and presents the
information clearly. In any system results of processing are communicated to the users and
to other system through outputs. In output design it is determined how the information is to
be displaced for immediate need and also the hard copy output. It is the most important and
direct source information to the user. Efficient and intelligent output design improves the
system’s relationship to help user decision-making.
24
CHAPTER :8
SYSTEM TESTING
8.1 TYPES OF TESTING-UNIT TESTING
Unit testing involves the design of test cases that validate that the internal program logic is
functioning properly, and that program inputs produce valid outputs. All decision branches
and internal code flow should be validated. It is the testing of individual software units of
the application .it is done after the completion of an individual unit before integration. This
is a structural testing, that relies on knowledge of its construction and is invasive. Unit tests
perform basic tests at component level and test a specific business process, application,
and/or system configuration. Unit tests ensure that each unique path of a business process
performs accurately to the documented specifications and contains clearly defined inputs
and expected results.
INTEGRATION TESTING
Integration tests are designed to test integrated software components to determine if they
actually run as one program. Testing is event driven and is more concerned with the basic
outcome of screens or fields. Integration tests demonstrate that although the components
were individually satisfaction, as shown by successfully unit testing, the combination of
components is correct and consistent. Integration testing is specifically aimed at exposing
the problems that arise from the combination of components.
FUNCTIONAL TESTING
Functional tests provide systematic demonstrations that functions tested are
available as specified by the business and technical requirements, system documentation,
and user manuals.
Functional testing is centered on the following items:
25
Systems/Procedures : interfacing systems or procedures must be invoked.
SYSTEM TESTING
System testing ensures that the entire integrated software system meets
requirements. It tests a configuration to ensure known and predictable results. An example
of system testing is the configuration oriented system integration test. System testing is based
on process descriptions and flows, emphasizing pre-driven process links and integration
points.
Field testing will be performed manually and functional tests will be written in detail.
Test objectives
26
• Pages must be activated from the identified link.
• The entry screen, messages and responses must not be delayed.
Features to be tested
Integration Testing
Software integration testing is the incremental integration testing of two or
more integrated software components on a single platform to produce failures caused by
interface defects.
The task of the integration test is to check that components or software applications, e.g.
components in a software system or – one step up – software applications at the company
level – interact without error.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
Acceptance Testing
User Acceptance Testing is a critical phase of any project and requires significant
participation by the end user. It also ensures that the system meets the functional
requirements.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
27
CHAPTER -9
OUTPUT SCREENS
User login
28
User register
Admin login
29
Admin approve user
30
Django rest
31
Cloud approve app
32
Edit file
33
SAMPLE TEST CASES
34
CONCLUSION
In this paper, we have presented an approach and associated tool for monitoring security in
cloud. We have relied on the model-driven approach to design APIs that exhibit REST
interface features. The cloud monitors, generated from the models, enable an automated
contract-based verification of correctness of functional and security requirements, which are
implemented by a private cloud infrastructure. The proposed semi-automated approach
aimed at helping the cloud developers and security experts to identify the security loopholes
in the implementation by relying on modelling rather than manual code inspection or testing.
It helps to spot the errors that might be exploited in data breaches or privilege escalation
attacks. Since open source cloud frameworks usually undergo frequent changes, the
automated nature of our approach allows the developers to relatively easily check whether
functional and security requirements have been preserved in new releases.
35
REFERENCES
[1] Amazon Web Services. https://aws.amazon.com/. Accessed: 30.11.2017.
[2] Block Storage API V3 . https://developer.openstack.org/api-ref/ block-storage/v3/.
retrieved: 126.2017.
[3] Cloud Computing Trends: 2017 State of the Cloud Survey. https://www.
rightscale.com/blog/cloud-industry-insights/. Accessed: 30.11.2017.
[4] cURL. http://curl.haxx.se/. Accessed: 20.08.2013.
[5] Extensible markup language (xml). https://www.w3.org/XML/. Accessed: 27.03.2018.
[6] Keystone Security and Architecture Review. Online at
https://www.openstack.org/summit/ openstack-summit-atlanta-2014/session-
videos/presentation/keystonesecurity-and-architecture-review. retrieved: 06.2017
36
37