International Journal of Computer Applications (0975 – 8887)
Volume 74– No.10, July 2013
A Framework includes Path based Method and Sandbox
Techniques for Effective Communication System
S.Sandhiya
S.Prakasam, Ph.D
M.Phil (CS) Research Scholar
SCSVMV University
Enathur, Kanchipuram
Asst .Professor
Department of CSA, SCSVMV University
Enathur, Kanchipuram
ABSTRACT
The aim of thesis is to implement the embedded sandbox
techniques with32 bit RAM processor. Nowadays, many
security methods are depends on a effective method in which
each issues of attack is countered by a custom-made approach
to eliminate the incident. Conventionally access control
models are depend on the paradigm of restricting the
functions of users that makes protecting users from each
other or protecting system resources from users.
Heterogeneous network causes some difficulties to maintain,
so sandbox method is used to reduce the delay and bandwidth
usage. In the proposed method, the memory allocation is
required with some shape and approaches all the applications
in sequence manner to store. This minimizes the delay in
deleting and updating the response data‟s and makes the
system more efficiently. This paper describes solution for
these problems through path based approach and sandboxing
provides security environment to the data( or information) on
Heterogeneous network services.
dynamic behavior. An individual wireless channel is subject
to path loss, fading, and environmental interference. Together,
these can have a significant impact on the performance of the
channel. Further, overlay networks arrange wireless coverage
as a set of overlapping technologies, each providing a
different tradeoff between bandwidth, coverage, cost, and
reliability.
Keywords
Communication path, Sandbox techniques, Heterogeneous
Network services, etc.
1. INTRODUCTION
Recently computer security schemes are failed to save users.
Protection consists of cost corporations billions by directly
affecting business and by affecting share values ,usage
ordinary users of privacy, and expose users to individual
system behavior such as aimed adds , loss of data, refusal of
service, and the use of systems to bring out volunteer illegal
activities such as sending spam, hosting contraband, and
mounting attacks opposite to other systems .These consists to
become so general that the regular discovery of new
difficulties and danger software that allows hackers to bring
control of computers is general place.
Difficulties in usages are countered by “patching” or
updating the wrong software to fix that possible problem,
while anti-malware software exactly works by searching for
and eliminating known examples of malware.
A typical communication path between a client application
and the visited server, one can observe that the path usually
involves multiple links. These links can have very different
bandwidth, delay, and error characteristics, ranging from
serial links to wireless to broadband to fiber link. In a network
links, the nodes along the path can also have very different
capabilities. When running in such heterogeneous and
constantly changing environments, applications require
quality guarantees in data communication for delivering
satisfactory user experiences. There are many reasons for this
Figure 1.1 Heterogeneous Network
Environment
1.1 Access Controls
General access controls are not enough stops some
applications. Access control methods stops what subjects are
permitted to do. For instance, the common discretionary
access control (DAC) method permits users to save
themselves and their resources from other users, while a
important access control (MAC) model permits a system
administrator to stop which system resources each user can
access . Executed programs are thus essentially allowed nonstoppable access to a user‟s status .Own security models of
modern operating systems such as Linux 2.6, Mac OS X and
Microsoft Windows 7 are user-oriented and are firstly depend
on the common methods. Even though user-oriented access
controls are not enough , as a process is not necessarily acting
on behalf of the user whose identity it is associated with these
methods are unable to differentiate between justify actions,
and behavior that is beyond the expectation of the functions
the application is suppose to function. A process can act
outside the behavior the user scopes of the application and
build the user‟s authority maliciously.
Efforts to act maliciously can be stopped. In common the task
of restricting applications includes finding the high level
security aims – that is, showing the behavior that should be
permissible and finding all the low-level rules details needed
to enforce these goals. As a response, in addition to being
44
International Journal of Computer Applications (0975 – 8887)
Volume 74– No.10, July 2013
complex for users to generate lawful separate policies, rule is
exactly difficult to maintain and comprehend because of the
detail and complexity of the policy associated with each
individual application. Most application-oriented access
control models simply explain a list of privileges directly with
an application. Rest brings policy abstractions that group
privileges and which can be reused to a limited extent.
frequently provide ways of overcome this isolation in order to
copy data into and out of sandboxes. The drawbacks of
isolation-based restrictions are discussed that follows this
exist.
With the help of isolation sandboxes, the only rule abstraction
available is an separate container that groups subjects with the
objects they can interact with. While models that stop access
to shared resources are commonly either devoid of policy
abstraction (privileges are listed for each application), or are
stored in terms of large monolithic self-contained policy
abstractions, such as is the case with DTE domains and RC
roles. These rules abstractions exactly have limited reusability
as they authorized control has been almost exclusively
considered in terms of user confinement.
Access control methods were generated to note exactly what
each user could do with shared resources (based on the user‟s
clearance or roles) and to save users from each other (based
on the identity of the user) . Significantly the aim has been to
protect the confidentiality, integrity, and availability (CIA) of
the system‟s resources from malicious users. With the help of
user-oriented access control it is typical for active entities
within the system (known as „subjects‟) to have permits to all
the user‟s privileges with depend of the actual program that is
running. In most access control methods in the survey ,
subjects are considered to act on behalf of users and are thus
confined based on the find of the user .
1.2 Role based access control
Role-based access control (RBAC) is an access control model
(or class of models) that depends on users with status through
semantic constructs called roles. Hereafter, practically
designed and generally used as a non-discretionary model,
RBAC has been shown to be ability for
modeling
discretionary controls . Primarily, RBAC has created as an
alternative model for user-oriented access control, and is
individually useful in companies where users are given
duties or responsibilities needs individual privileges. Access
decisions are then made depend on the access based on the
roles the user is given.
1.3 Isolation Sandboxes and Virtualization
An effective method to reducing the risk associated with
untrusted software is to stop each program‟s permission to
access resources. Another way to stop programs is running
them in a sandboxed environment, where each application can
only access objects within their sandbox. Therefore the terms
in use changes , in common a sandbox is separate from the
controls given to all running programs. Commonly sandboxes
only apply to programs externally applied into or from within
a sandbox. In many of the cases no security meaning varies
take place when a new process is started, and all programs in
a individual sandbox run with the same set of data‟s.
Sandboxes can and effective be permanent where resource
varies withstands after the programs complete running, or
transient where variations are eliminated after the sandbox is
no longer in use. Therefore discussions are based on
terminology and the fact that sandbox survey is frequently
considered separate from access control literature.
Many sandboxes gives an separated -based method where the
effect of programs run inside a sandbox is completely
separated from resources outside the sandbox‟s access. Even
though , because of practical necessities, sandboxing methods
Figure 1.2 Sandbox architecture
2. RESEARCH METHODOLOGY
A heterogeneous network is a network that combines
computers and other devices with different operating systems
and protocols. In those cases the network services does not
able to give in the regular manner/ the network services are
breaks due to different reasons (i.e, bandwidth, delay, error
connections, etc.,) In this proposed method , path based
approach is a technique that brings dynamic reconfiguration
of the network services. Path based method is used,
1. To provide automatic creation of network path,
2. To dynamic reconfigure that network path and ,
3. To manage such network path when network
changes and delays.
In addition with this path based technique, SANDBOX
technique plays a significant role in bringing secured path to
the network services. Path based approach and sandboxing act
as a framework that gives secured and effective
communication path to the network environment to share the
secured data.
Sandboxing is the testing environment that separates unique
code varies and outright evaluations from the production
environment in the meaning of the software development
Sandboxing save the living servers and their information‟s
about source code distributions and other collection of code,
data and content , public from variations that could be
affecting to which simply be different to return.
32bit
processor
32 bit
processor
Sandbox
environment
32-bit
processor
Figure 2.1 Sandbox Framework
45
International Journal of Computer Applications (0975 – 8887)
Volume 74– No.10, July 2013
The proposed methodology presents the technique with two
32 bit RAM processor .It can be implemented by transmitting
the data from processor to processor and illustrates the
memory allocation. This can be illustrated in the above
figure2.1.The diagram includes 32bit controller, rf module
which is used to transmit the data from one controller to
another.
3. LITERATURE REVIEW
The efficient approach to access efficient network services in
different network environment is to bring network awareness
in communication paths. Network services across a world area
network still remains a valuable task and the hardly mainly
derives from the heterogeneous and constantly changing
network environment, which commonly affects undesirable
user experience for network-oblivious applications. It is used
to address this is to provide network awareness in
communication paths. Many difficult problems remain,
particularly how to create effective network paths by itself
whose performance is maintained for encountered network
conditions; how to differently reconfigure such paths when
network conditions varies and how to manage and distribute
network resources among different paths and between
different network regions. This method explains solutions for
these issues , built into a programmable network infrastructure
called Switching Network Services .The Switching Network
Services infrastructure provides applications with networkaware communication paths that are automatically generated
and dynamically changed .
Users often have to choose between functionality and
security. When running popular Web browsers or email
clients, they often detect by themselves turning off functions
such as JavaScript, only to switch them back on in order to
view a particular site or read a particular message. Internet has
undergone a transition from simply being a data repository to
one providing access to a large set of sophisticated network
accessible. A typical communication path between a client
application and the visited server, one can observe that the
path usually involves multiple links. These links can have
very different bandwidth, delay, and error characteristics,
ranging from serial links to wireless to broadband to fiber
link. In a network links, the nodes along the path can also
have very different capabilities. Data communication should
also have the knowledge of application performance
requirements, which are directly related to the way in which
data is interpreted and used by the application. Combining
these two together, a network-aware communication path
should be able to match application performance requirements
with the underlying network resource availability, and further
continually adapt to dynamic changes in the network.
Traditional data communication path that provides high-level
abstractions such as reliable byte streams, a network-aware
communication path understands application specific
performance requirements and can accordingly change its
behavior under different network conditions. Without the
support for such network awareness, either applications
themselves have to cope with the problems or the user will
end up with an unsatisfactory experience.
system can then use the access file as a pattern to queue file
access requests made by sandboxed applications. We brings
an example of how this system was used to place Netscape
changer in a sandbox.
4. RESULTS AND DISCUSSIONS
System-level sandboxes brings complete operating
environments to every applications. One way of attaining
this is via the usage of hardware-level virtual machines
(VMs). A virtual machine monitor can be used to combining
the physical hardware between multiple self-contained fully
virtualized operating environments, each consists of a
complete operating system. The results obtained from the
sandbox techniques is demonstrated in below diagram 4.1
table.
Figure 4.1 Proposed Architecture
&VALUE = 0 X 1234
1byte
103
63
2Bytes
52
1byte
VALUE=63
Figure 4.2: Existing Technique
&VALUE = 0 X 1234H
0 X 1245
1byte
79
Users of Unix (or similar) systems can create a sandbox where
such programs execute in a limited environment. Generating
such a sandbox is not trivial; one has to conclude what files or
services to place within the sandbox to make the execution of
the application. In this thesis we explain a transferrable
system that queues the file requests that made by some
running software‟s generating an access file. The similar
2Bytes
63
89
1byte
VALUE =63
0 X 1246H
Figure4.3: Proposed Sandbox Technique
46
International Journal of Computer Applications (0975 – 8887)
Volume 74– No.10, July 2013
5. CONCLUSION
Thus, It have been concluded that embedded sandbox is
implemented to reduce the delay by creating the boundary
with some matrix shape to allocate the memory for different
applications that comes from different sources such as 32 bit
processor.
The main outputs of the research are the last point approach
commonly works well with server sites that have a large
quantity of evaluation resources and for customers that
connect to the network with relatively high bandwidth links.
Even though, servers that have restricted to computation
capability or customers that use poor connections may affect
from poor performance using such an method. The proxy
method commonly does not have bias towards variety of
types of servers or clients. The shared resource pool at proxy
sites can provide good performance for small server sites or
clients that have poor connectivity. Though compressing the
situation only occur before the last hop can cause considerable
resource wastage in the network, in turn leading to early
saturation as load improves.
Technical help for dynamic reconfiguration is significant for
the performance of both individual paths and the whole
network. The path-based method has all the merits of both
end-point and proxy approaches. Situations can be conducted
on upstream nodes without being restricted to the node before
the last hop. With the help of effective resource management
methods, this approach provides the best and the most robust
performance under all conditions
6. ACKNOWLEDGEMENT
I Express my sincere thanks to my guide
Dr.S.Prakasam for his encouragement and Guidance, which
helped me in completing the Thesis.
And also I would like to thank to my family members and
friends who helped me in completing the template
successfully
7. REFERENCES
[1] Rakesh Kumar Singh “VI:41-No.6” Network
Awareness In Communication Path For Efficient
Support to Network Services” IJCA (March‟2012)”
[2] S. Tzu, "VI:30," in The Art of War (Translated by
Griffith, S.B. 1971): Oxford University Press, USA,
6th Century BCE.
IJCATM : www.ijcaonline.org
[3] K. Aytes, S. Byers, and M. Santhanakrishnan, "The
Economic Impact of Information Security Breaches:
Firm Value and Intra-industry Effects," in Americas
Conference on Information Systems (AMCIS)
Acapulco, Mexico, 2006, pp. 399-407.
[4] B. Cashell, W. D. Jackson, M. Jickling, and B.
Webel, Congressional Research Service, The
Library of Congress, Washington, DC, "CRS Report
for Congress RL32331: The Economic Impact of
Cyber-attacks," 2004.
[5] S. Weber, P. A. Karger, and A. Paradkar, "A
Software Flaw Taxonomy: Aiming Tools at
Security," ACM SIGSOFT Software Engineering
Notes: Software Engineering for Secure Systems
(SESS) - Building Trustworthy Applications vol.
30, 4, pp. 1-7, 2005.
[6] N. Weaver, V. Paxson, S. Staniford, and R.
Cunningham, "A Taxonomy of Computer Worms,"
in ACM Workshop on Rapid Malcode Washington,
DC, USA: ACM Press, 2003, pp. 11-18.
[7] C. E. Landwehr, A. R. Bull, J. P. McDermott, and
W. S. Choi, "A Taxonomy of Computer Program
Security Flaws," ACM Computing Surveys (CSUR),
vol. 26, 3, pp. 211-254, 1994.
[8] D. Dagon, G. Gu, C. P. Lee, and W. Lee, "A
Taxonomy of Botnet Structures," in 23rd Annual
Computer Security Applications Conference
(ACSAC) Miami Beach, FL, USA: IEEE Computer
Society, 2007, pp. 325- 339.
[9] T. F. Stafford and A. Urbaczewski, "Spyware: The
Ghost in the Machine," Communications of the
Association for Information Systems, vol. 14, pp.
291-306, 2004.
[10] E. Cooke, F. Jahanian, and D. McPherson, "The
Zombie Roundup: Understanding, Detecting, and
Disrupting Botnets," in USENIX Workshop on
Steps to Reducing Unwanted Traffic on the Internet
(SRUTI ‟05) Cambridge, MA, USA: USENIX
Association, 2005, pp. 39–44.
[11] H. Vegge, F. M. Halvorsen, R. W. Nergard, M. G.
Jaatun, and J. Jensen, "Where Only Fools Dare to
Tread: An Empirical Study on the Prevalence of
Zero-Day Malware," in 4th International
Conference on Internet Monitoring and Protection
(ICIMP 2009) Venice/Mestre, Italy: IEEE
Computer Society, 2009.
47