Cloud-Based Access Control to Preserve Privacy in Academic Web Application

Emerging cloud computing has introduced new platforms for developing enterprise academic web applications, where software, platforms and infra-structures are published to the globe as services. Software developers can build their systems by multiple invocations of these services. This research is devoted to investigating the management and data flow control over enterprise academic web applications where web services and developed academic web application are constructing infrastructure-networking scheme at the application level. Academic web services are invoked over http port and using REST based protocol; thus traditional access control method is not enough to control the follow of data using host and port information. The new cloud based access control rules proposed here are to be designed and implemented to work at this level. The new proposed access control architecture will be a web service gateway, and it published itself as a service (SaaS). We used three case studies to test our moodle and then we apply JSON parsers to perceive web service description file (WSDL file) and supply policies according to data are to be allowed or denied based on user roll through our parsing.


Introduction
Cloud computing could be defined as the availability of the resources of the computer system like computing power and storage of data without direct involvement of the users on-demand. It is utilized for describing the data centers that are available to various numbers of users. It relies on the sharing of resources. Several kinds of characteristics of cloud computing comprise of im-provement of the agility of various organizations for the increment of the flexibility of the users with expansion, re-provision and auditioning of the resources of technological infrastructure. It also helps in the reduction of the costs, which are claimed by the providers of cloud. The capital expenditures are converted to the operational expenditures with help of the model of public-cloud delivery. The independence of device as well as the location helps in enabling the users for accessing the systems with the utilization of a web browser irrespective of the kind of devices, which are utilized by them along with the location of the users. Cloud computing becomes very advantageous as its maintenance is much easier and the main reason behind this is that the applications of cloud computing do not possess any need to get installed into the computer of the users which in turn could be accessed from various places and by the users. The multitenancy feature of cloud computing helps in enabling the sharing of costs along with the resources among huge size of users for the allowance of the infrastructure centralization with low costs in various locations along with the improvement of efficiency and utilization for the systems. The IT experts from the providers of service constantly monitor its performance. In addition to this, the productivity might be increased where multiple number of users could work on the similar data multiple number of times as compared to that of waiting for the data to get saved and then get emailed. Cloud computing is reliable which in turn helps in the improvement of the utilization of numerous sites which are redundant in nature. Security could be improved by incrementing the resources which are mainly focused on the security for the purpose of centralization of data. Nowadays, the cloud computing plays a major role due to its many technological and economic benefits. Subsequently, the cloud market has witnessed a growth rate of approximately 20 percent in 2017 and is expected to growing in the upcoming days [1]. The significant features are like resilience, portability, scalability, measured service and on-demand service once provisioning their services in the cloud. Moreover, cloud computing plays a significant role in field of academic web services, and it has been considered as one of the main emerging paradigms in computing influence on academic web services due to its dynamic scalability, high availability and other beneficial characteristics.
The use of a cloud-computing platform provides an effective solution to enhance the quality of academic web services by providing new ways of education and learning, which affects both students and teachers. Also, it has many benefits for the institutions like schools or universities.
In spite of the fact that the utilization of cloud services is quickly developing, these services are still a little part of the worldwide IT market. One of the fundamental obstacles to the full relocation to the cloud is the absence of security.
The cloud presents numerous security difficulties and threats, particularly to information protection and administration accessibility, which builds clients' concerns about the transparency of the CSPs and security assurance [2] [3]. In addition, security challenges are numerous thus providing several opportunities for hackers to break the crypto-system. However most of the research and survey  [4].
The main purpose of this paper is proposed new method based on access control rules and JSON parser to solve the security issues and preserve privacy in Academic web application. The remained of this paper organized as follow: In Section (2) REST full and JSON back ground, Section (3) problem description, Section (4) related work, Section (5) our proposed frame work, Section (6) proposed framework, Section (7) experiment and result, Section (8) display the conclusion.
There are several previous studies provides a brief summary for some perfect papers related with the cloud computing based education and papers illustrate the methods to preserve privacy in this area.
Engr and Huma worked in their research to help student and teacher have a perfect quality of academic and research. They proposed a model-based cloud computing to provide reliable resources, which improve the challenge in teaching infrastructure. Teachers and student can do many important activates like share the course materials and updates examinations or assignments on easy way [5].
Shri and Padhiar represent a study that discusses the benefits of e-learning in education. Using cloud-based e-learning improves the quality of education so that essential performance can be achieved. Also, the clients can store and access their data by using their web-based PCs or smartphones. On another hand, they identify various types of attacks suggested by different researchers in service delivery models of e-learning [6].
A lot of attention is being received by cloud computing from both industrial as well as academic fields. The users with the utilization of the Internet could outsource the storage to the web servers and computation. Cloud computing becomes advantageous as a hassle-free maintenance of the on-site resources is enjoyed by its users. Several kinds of services are provided by cloud be it applications, platforms or infrastructure. The applications, which are provided by cloud, comprise of Microsoft online and Google applications. The infrastructures, which are provided by cloud, constitutes of Nimbus, Eucalyptus and EC2 of Amazon. Various platforms like Windows Azure and S3 of Amazon are provided by cloud for helping the developers in writing applications. Privacy and security of information become an important concern of cloud computing as the services, which are provided, by cloud outsourced towards the remote servers. The privacy of the users is necessary such that other users as well as the cloud do not know the identity of the users. The user could be held accountable by the cloud regarding the outsourced data and on the other hand the cloud could also be hold accountable for all the services, which are provided by it. The validity of the users whoever stores data is verified too. The inclusion of searchable encryption could be verified from a study. The encrypted keywords are sent to the cloud and the cloud returns the results without it having the knowledge of the actual keywords utilized for a search. The researchers are studying the protection Journal of Computer and Communications of privacy and security in the clouds. The access control in clouds is getting popular with each passing day and it is of huge importance because the valid services could only be accessed by the users who are authorized [6]. The main reason behind this is that a huge amount of confidential and sensitive information is stored in the cloud and which should be protected. Care should be also taken for ensuring the access control of this personal information, which could be frequently related to the important academic, documents that in Drop box or Google docs. It could also be related to the personal information that is shared over the social networking sites.
Thu and Nwe Aung provide RESTFUL web services to allow for a user to use the mobile network framework to get the e-book from the university library. The proposed system implemented android-based mobile library infrastructure and tested successfully using RESTFul web service provisioning concept [7].

Representational State Transfer (RESTFULL)
REST stands for Representational State Transfer REST is a newer method that utilizes HTTP to communicate information while XML, JSON, etc. formats form data. It simplifies access to web services by using current and well-known norms rather than adding to the transmission and communication stack a fresh information-processing layer. REST therefore tends to be a lighter alternative to the heavy protocol of SOAP [8]. In other words it could also be described as an architectural style of software, which in turn describes a bunch of constraints, which needs to be utilized for the creation of the web services. and delete. Figure 1 shows the RESTFul web services architecture.

Java Script Object Notation (JSON)
JSON is a language-independent, lightweight, text-based information interchange format. It was obtained from the programming language of the ECMA-Script (European Association of Computer Manufacturers), but is independent of programming language. For the portable representation of structured data, JSON defines a small set of structuring rules. Like XML, JSON is an open standard text-based for information representation [9]. JSON could also be termed  as human-readable as well as text-based interchangeable format of data, which in turn is utilized for the representation of normal data objects and structures in codes based on web browser. JSON is made of two structures: 1) Set of name or value pairs; 2) List Sorted values. These data structures are referred to as the universal data structure. • Academic web services in cloud computing 1) Aspects regarding cloud computing Cloud computing is a new concept and it is used as a utility to distributed the tasks to a large number of computers resources which represents both the software and the hardware delivered as services over the Internet. Cloud computing is developed to allow for the users access computing power, storage space and information service according to their needs. Figure 2 shows that There are three layers of cloud computing architecture such as, a) Platform-as-a-Service (PaaS) tool offered to develop applications without installing any software on the developer's side, b) Software-as-a-Service (SaaS) that is run by the Cloud Service Providers (CSPs) and mostly used by organizations, c) Infrastructure-as-a-Service (IaaS) that comprises hardware, storage, servers, and networking services operated, controlled and maintained by the CSPs.
There are a couple of kinds of PaaS. Each PaaS open door is either open, private, or a half of and half of mix of the two. When the user chooses a private mood, the privacy and accountability program "PAM" will be established to ensure confidentiality and transparency [10]. Open PaaS is encouraged inside the cloud, and its establishment is directed by methods for the supplier. Private PaaS, then again, is housed in put servers or non-open frameworks, and is set aside through the buyer. Hybrid PaaS uses added substances from both open and individual, and is fit for executing applications from several cloud establishments [11]. Journal of Computer and Communications 2) Aspects regarding academic web services Web service is defaced as an interface representing a series of operations that can be accessed through a network such as the Internet in the form of XML (Extensible Markup Language) messages. Web service is defined as piece or part of the data or process that anyone can access, using any computer at any time, not linked to the operating system or programming language used [12].
The academic web services help students to access information easily anywhere and anytime as well as reduce the uneven distribution of information by utilizing web service technology.
There are three components that make web service running, which are service provider, service requestor, and service registry. Figure 3 illustrates these components.

Problem Description
Academic web Services provide flexibility and platform independence along with a loosely coupled architecture for connecting data, systems, and organizations.
Properly designed, loosely coupled services can be accessible as separate components of business logic, executed as standalone services, or combined with other services to create a complex application, however, this opens doors to a number of security concerns.
The academic web service threat profile given the right circumstance, an attacker can translate these threats to exploits and compromise the corresponding infrastructure or the application implemented as a academic web service.

Access Control Methodology
• Access control methodology Let's define the traffic of the enterprise academic web application to be the data flow produced by academic web service invocation over the Internet.

Challenges and Motivations
This proposed is due to the demanded control over data and service flow pro-

Proposed Framework for the System
Security and privacy are very important for any shared system. However, for a large distributed system like a cloud system, access decision needs to be more flexible and scalable. Figure 4 is framework presents how using the access con-  Access control through JSON parsing Access control through JSON parsing is another approach to resolving the privacy issue. Through specifying authorization access control through JSON parsing for user role, and representing private data in cloud computing environment, privacy is addressed using this approach, which allows users to access network, data, and device files with restricted authorization. It also controls who or which tools in the cloud computing system can be used. More than two systems such as Roll-Based Access Control (RBAC) and Discretionary Access Con-  [13].

Web services
Web Services enables any Internet application to reach any other web application. If web applications can interact on the Internet in accordance with the norms of web service, A web service enables application software to be used via a network where information is exchanged via URL queries for an application.
Input is processed and output is provided through HTTP protocol as information is exchanged in XML form.

Cloud computing
Cloud computing is the largest service platform on the Internet that offers hosting facilities. It offers services on demand and can be public, private or hybrid. Cloud computing is commonly used in education because it has enormous benefits. One of these benefits is free or less expensive cloud-based services used daily for teaching system assistance, content development, research and social interaction.
Usually there is client and server communicate with each other and this communication happen under the hood where both communicate through the Http protocol the same protocol power the web. The server to will offer bunch of services which accessible by the http protocol. Client will directly send request to the server through the http. This is where Rest comes to the picture. Our proposed system work based on the following algorithms: 1) Login Algorithm Firstly, the user should have a unique user ID to sign up and be eligible to access the academic web service. The next step, the system will automatically check the user states if he/she is student, teacher, or staff to allow for each one to their work according to their access permission. Student and teacher will be able to get the benefits of the academic web services even in offline, however, the staff can access in the certain time. Figure 5 represents this algorithm as flowchart.
2) Parsing Based User Role Access Control Algorithm The services are for Create, update, Read and Delete data in the server these operation called crud operations. For example we have student and need to register in a class what would the service for this is http://www.oakland.edu/courses this will be a service and the service will the course when the request execute the course will be residing in the server and inside of the request we want to read the available courses through the browser regarding to that the service will get the data in JSON format to the uses and the client will receive the respond and all the data will be renders in the browser by a web tool like JavaScript and will spit the data in certain format the application doing it into browser.
Input valid user Output: valid/in valid data: a) get data user inter; b) capture user data; c) parsing user data based on user role; d) end.

Experiments and Results
In this section, we test our solution in this experiment, we use spring boot tools in Java as a backend to available to the frontend request call through RESTFUL web services. Spring Data JPA, part of the larger family of Spring Data, makes JPA-based repositories simple to introduce. This module addresses enhanced support for data access layers based on JPA. It makes it easier to build Spring-powered applications using technology for data access. For web services the post, request, rest to call the RESTFULL. The model is university and the case study is student. Our dataset is automated and it build online, so when the student login to the system we invoke the dataset and do the parsing on it. In side the spring tools we do repository dataset we use student as case study to build our dataset within controller.
Implementing an application's data access layer has been tedious for a long time.
Too much boilerplate code needs to be written to perform simple searches, pagination, and auditing. The aim of Spring Data JPA is to improve the implementation of data access layers significantly by reducing the effort to the amount actually needed.
In Figure 6 we explore user role as student, which is matching with available services as course registration. We use course registration to call student as stringfy (item), which is responsible to do the JSON parsing.
Testing Operation Figure 7 shows the request from the client-side to minding the data to database through a RESTFULL call. The data will be capturing as showing in the student form.
Finally, Figure 8 and Figure 9 show that we did the same process and steps Journal of Computer and Communications   for instructor and staff to provide for them high quality of security and privacy based on their authorization and role.

Conclusion and Future Work
In this paper, new method is based on access control trough JSON parser for user Figure 9. Staff moodle.
role to solve the security issues and preserves privacy in academic web application. The importance of access control based on cloud for preserving the privacy of the academic applications has been focused on. The main reason behind this is that the third parties along with the unauthorized users could easily exploit the important details of the academic web applications. The aspects of cloud computing in the context of academic web services have been discussed in this paper, which further leads to utilization of Rest full and JSON. The problem regarding the threats like that of the academic web service threat profile given the right circumstance, an attacker can translate these threats to exploit and compromise the corresponding infrastructure or the application implemented as an academic web service. Certain case studies have been mentioned where the cloud-based access control became necessary for preserving the privacy of the resources of the university. The framework of the system has also been proposed along with the utilization of certain rules of access control and the importance of the academic web services. Access control could be broadly categorized into three categories, which are user based access protocols, attribute based access protocols and role based access protocols that are utilized for various purposes according to their functionalities. Data could only be accessed by those users having a valid bunch of attributes which become successful in satisfying the numerous access policies. In context of the academic web services, the important information related with the academic records might only be accessed by the faculty members, students and staff. Various sectors where the access control is being utilized are academic sector. The access control is being utilized in the academic sector where the important and confidential information of users could only be accessed by the authorities people, and faculties of a particular academy with the avoidance of any third party or unauthorized users. Besides, this result our future work will be in the following: 1) Apply our access control rules that will detect intruder to preserve a high quality of privacy and security in academic web services; 2) Connect these web services with cloud computing as Saas.