A robust reputation management

mechanism inthe federated cloud

1
 CONTENTS

Chapter.No Title Name Page.No

1 INTRODUCTION 1
1.1 Scope of study 1
1.2 Charcterstic and services 2
1.3 Overview of Cloud 2

2 LITERATURE SURVEY 5
3 SYSTEM REQUIREMENTS 8
3.1 Hardware Requirements 8
3.2 Software Requirements 8
3.3 Software Environment 9
3.3.1 Over View of Java 9
3.3.2 Over View of SQL 10
3.4 Functional Requirements 12
3.5 Non-Functional Requirements 12
3.6 Fesability Study 12
3.6.1 Economical
Fesability 12
3.6.2 Technical Fesability 13
3.6.3 Social Fesailty 13
4 SYSTEM ANALYSIS 14
4.1 Existing System 14
4.2 Proposed System 14
5 SYSTEM DESIGN 16
5.1 System Architecture 16
5.2 Introduction to UML 16
5.2.1 Usecase Diagram 18

2
 5.2.2 Class Diagram 19
5.2.3 Sequence Diagram 20
5.2.4 Activity Diagram 21

6 IMPLEMENTATION 22
6.1 System Intilization 22
6.2 User Registration 22
6.3 KDC Setup 22
6.4 Sign 23
6.5 User 23
6.6 Sample Code 24

7 SCREEN SHOTS 47

8 TESTING 58
8.1 Unit Testing 58
8.2 Integration Testing 58
8.3 System Testing 59
8.4 Functional Test 59
8.5 White Box Testing 60
8.6 Black Box Testing 60
8.7 Acceptance Test 60

9 CONCLUSION 61

10 REFERENCES 62

3
 ABSTRACT

In the Infrastructure as a Service (IaaS) paradigm of cloud computing,

computational resources are available for rent.Although it offers a cost efficient
solution to virtual network requirements, low trust on the rented computational
resources preventsusers from using it. To reduce the cost, computational
resources are shared, i.e., there exists multi-tenancy. As the
communicationchannels and other computational resources are shared, it
creates security and privacy issues. A user may not identify a trustworthyco-
tenant as the users are anonymous. The user depends on the Cloud Provider
(CP) to assign trustworthy co-tenants. But, it is in theCP’s interest that it gets
maximum utilization of its resources. Hence, it allows maximum co-tenancy
irrespective of the behaviours ofusers. In this paper, we propose a robust
reputation management mechanism that encourages the CPs in a federated
cloud todifferentiate between good and malicious users and assign resources in
such a way that they do not share resources. We show thecorrectness and the
efficiency of the proposed reputation management system using analytical and
experimental analysis.

4
5
LIST OF FIGURES

Figure .no Figure Name Page.No

1.1 Structure of service model 3

5.1 System Architecture 16
5.2 Usecase Diagram 18
5.3 Class Diagram 19
5.4 Sequence Diagram 20
5.5 Activity Diagram 21
7.1 Login Page 47
7.2 Registration Page 48
7.3 Login 49
7.4 Request Page 50
7.5 Token Request 51
7.6 Admin 52
7.7 Token Id 53
7.8 Details 54
7.9 Uploading File 55
7.10 secret key 56
7.10 File Directory 57

6
CHAPTER 1

INTRODUCTION

1. INTRODUCTION

1.1 DEFINING CLOUD COMPUTING :

Distributed computing alludes to both the applications conveyed as administrations over the
Internet and the equipment and frameworks programming in the server farms that give those
administrations. These administrations have for quite some time been alluded to as Software
as a Service (SaaS). A few terms, for example, PaaS (Platform as a Service) and IaaS
(Infrastructure as a Service) are utilized by merchants to portray their roducts, yet we stay
away from these on the grounds that acknowledged definitions for despite everything them
differ generally. There is no fresh line between "low-level "foundation and a gher-level
"stage ". We trust both of these are more indistinguishable than various, and we do think of
them as together. Likewise, some related term, for example, "grid computing," from the elite
registering group, recommends conventions to offer stockpiling over long separations and
shared calculation, however those conventions did not prompt to a product situation that
developed past its own particular group. The server farm equipment and programming is the
thing that we will call a cloud. At the point when a cloud is made accessible in a
compensation as you-go way to the overall population, we call it an open cloud; the
administration being sold is utility processing. We utilize the term private cloud to allude to
inner server farms of a business or other association, not made accessible to the overall
population, when they are sufficiently huge to profit by the benefits of distributed computing
that we talk about here [1]. The distributed computing is the total of SaaS and utility
figuring, yet does exclude medium estimated server farms, regardless of the possibility that
these rely on upon virtualization for administration. Individuals can be clients or suppliers of
SaaS, or clients or suppliers of utility registering. We concentrate on SaaS suppliers (cloud
clients) and cloud suppliers, which have gotten less consideration than SaaS clients. Figure 1
makes supplier client connections clear. There are some case in which a similar performer

7
assumes different parts. For example, a cloud supplier may likewise have its own client
confronting

1.2BENEFITS ON CLOUD FRAMEWORK:

Distributed computing offers powerfully versatile assets provisioned as an administration

over the Internet. The thirdparty, on-request, self-benefit, pay-per-utilize, and flawlessly
versatile figuring assets and administrations offered by the uproarious worldview guarantee
to lessen capital and additionally operational consumptions for equipment and programming.
Mists can be classified considering the physical area from the perspective of the client [2].
An open cloud is offered by outsider administration suppliers and includes assets outside the
client's premises. In the event that the cloud framework is introduced on the client's
preface—as a rule in the claim server farm—this setup is called private cloud. A half and
half approach is indicated as mixture cloud. This paper will focus on open mists, in light of
the fact that these administrations interest for the most noteworthy security necessities
additionally—as this paper will begin contending—incorporates high potential for security
prospects. In broad daylight mists, the greater part of the three basic cloud benefit layers
(IaaS, Paas, SaaS) share the shared trait that the end-clients' computerized resources are
taken from an intraorganizational to an interorganizational setting. This makes various
issues, among which security perspectives are viewed as the most basic elements when
considering distributed computing appropriation [3]. Enactment and consistence systems
raise promote challenges on the outsourcing of information, applications, and procedures.
The high protection measures in the European Union, e.g., and their legitimate varieties
between the mainland's nations offer ascent to particular specialized and hierarchical
difficulties [4]. One thought on lessening the hazard for information and applications in an
open cloud is the synchronous utilization of various mists. A few methodologies utilizing
this worldview have been proposed as of late. They contrast in parceling and circulation
designs, advances, cryptographic strategies, and focused on situations and additionally
security levels. This paper is an augmentation of [5] and contains an overview on these
diverse security by multicloud selection3.approaches. It gives four unmistakable models in
type of disconnected multicloud structures. These created multicloud designs permit to sort
the accessible plans and to investigate them as indicated by their security benefits. An

8
appraisal of the diverse strategies with respect to legitimate angles and consistence
suggestions is given specifically. Whatever is left of this paper is sorted out as takes after:
Section 2 spurs the requirement for powerful cloud security countermeasures by quickly
evaluating the present condition of play. The perceptions assist prompt to the way that the
greater part of the innovative work is as of now committed to devoted security plans, which
don't consider the particular properties of the cloud itself. Just as of late a few
recommendations on making utilization of numerous particular mists in the meantime to
acknowledge security objectives began to show up. To give a formal ground to arrange and
examine these proposition, we propose an arrangement of four unmistakable multicloud
structures. These multi cloud models are presented in Section 3 and each of them is further
examined in Sections 4, 5, 6, and 7, including contextual investigations. Segment 8 gives a
thought of legitimate and consistence viewpoints. At long last, in Section 9, an appraisal and
correlation of the introduced methodologies is given. Distributed computing makes a
substantial number of security issues and difficulties. A rundown of security dangers to
distributed computing is introduced in [6]. These issues go from the required trust in the
cloud supplier and assaults on cloud interfaces to abusing the cloud administrations for
assaults on different frameworks. The principle issue that the distributed computing
worldview verifiably contains is that of secure outsourcing of delicate and in addition
business-basic information and procedures. At the point when considering utilizing a cloud
administration, the client must know about the way that all information given to the cloud
supplier leave the claim control and assurance circle. Much more, if conveying information
handling applications to the cloud (through IaaS or PaaS), a cloud supplier increases full
control on these procedures. Thus, a solid trust relationship between the cloud supplier and
the cloud client is viewed as a general essential in distributed computing. In [7], a diagram of
security blemishes and assaults on cloud frameworks is given. A few cases and later
advances are quickly talked about in the accompanying. Risten part et al. [8], [9] exhibited
some assault methods for the virtualization of the Amazon EC2 IaaS benefit. In their
approach, the aggressor distributes new virtual machines until one keeps running on an
indistinguishable physical machine from the casualty's machine. In a defect in the
administration interface of Amazon's EC2 was found. The SOAP-based interface utilizes
XML Signature as characterized as a part of WS-Security for trustworthiness assurance and

9
genuineness check. Gruschka and Iacono [10] found that the EC2 usage for mark check is
helpless against the Signature Wrapping Attack [11]. A noteworthy episode in a SaaS cloud
happened in 2009 with Google Docs [12]. Google Docs permits clients to alter archives (e.g.,
content, spreadsheet, presentation) on the web and impart these records to different clients.
In any case, this framework had the accompanying defect: Once a report was imparted to
anybody, it was open for everybody the record proprietor has ever imparted archives to some
time recently. For this specialized glitch, not in any case any criminal aim was required to
get unapproved access to private information. Late assaults have exhibited that cloud
frameworks of significant cloud suppliers may contain serious security blemishes in various
sorts of mists (see [13], [14]). Making utilization of numerous mists has been proposed by
Bernstein and Celesti [15].

1.3 ALL SORTS OF MISTS :

Real IT organizations have burned through billions of dollars since the 1990s to shape
distributed computing. Like, Sun's notable trademark "the system is the PC" was made in
1980s. Salesforce.com is the site which has been giving on-request Software as a Service
(SaaS) for clients since 1999 to present time. IBM and Microsoft are the initial two
organizations that began to convey Web benefits in the mid 2000s. Microsoft's Azure
administration gives an 5 working framework and an arrangement of designer instruments
and administrations. Google's prominent Google Docs programming gives Web-based word
processing, spreadsheets and all the Microsoft office applications. Google App Engine
permits framework designers to run their Python/Java applications on Google's foundation.
Sun gives $1 per CPU hour. Amazon is notable for giving Web administrations, for example,
EC2 and S3. Hurray! declared that it would utilize the Apache Hadoop structure to permit
clients to work with a great many hubs and petabytes (1 million gigabytes) of information.
These illustrations exhibit that distributed computing suppliers are putting forth benefits on
each level, from various equipment (e.g., Amazon and Sun), to the distinctive working
frameworks (e.g., Google and Microsoft), to programming and diverse administrations (e.g.,
Google, Microsoft, and Yahoo!). At present period Cloudcomputing suppliers focus on an
assortment of end clients, from designers of the product to the overall population. For extra
data in regards to distributed computing models, the University of California (UC)

10
Berkeley's report gives a decent correlation of these models by Amazon, Microsoft, and
Google. As distributed computing suppliers costs are low and IT headways evacuate
innovation hindrances, for example, virtualization, reproduction, arrange transmission
capacity — distributed computing has moved into the standard of innovation . Gartner
expressed, "Associations are changing from organization proprietor equipment and
programming to per-utilize benefit based models." For instance, the U.S. government site
(http://www.usa .gov/) will soon start utilizing distributed computing. The New York Times
utilized Amazon's EC2 and S3 benefits and utilized Hadoop application to give open access
to people in general area articles from 1851 to 1922. The Times stacked 4 TB of crude TIFF
pictures on web and their subordinate 11 million PDFs into Amazon's S3 in twenty-four
hours at less cost. This venture is fundamentally the same as computerized library ventures
keep running by scholastic libraries. Couple of years prior OCLC reported its development
of 6 library administration administrations to the Web It is obvious that OCLC will convey a
Web-based incorporated library framework (ILS) on web for upgrading the innovation to
give another method for running an ILS. Dura Space, a joint association by Fedora
Commons and D Space Foundation, reported that they would exploit distributed storage and
distributed computing.

11
CHAPTER 2

LITERATURE SURVEY

Existing clouds focus on the provision of web services targeted to developers, such a
Amazon Elastic Compute Cloud(EC2) [4], or the deployment of servers, such as Go Grid [1].
Emerging clouds such as the Amazon Simple DB and Simple Storage Service offer data
management services. Optimal pricing of cached structures is central to maximizing profit
for a cloud that offers data services. Cloud businesses may offer their services for free, such
as Google Apps [2]and Microsoft Azure [3] or based on a pricing scheme. Amazon Web
Service (AWS) clouds include separate prices for infrastructure elements, i.e. disk space,
CPU, I/O and bandwidth. Pricing schemes are static, and give the option for pay as-you-go.
Static pricing cannot guarantee cloud profit maximization. The cloud caching service can
maximize its profit using an optimal pricing scheme. This work proposes a pricing scheme
along the insight that it is sufficient to use a simplified price-demand model which can be re-
evaluated in order to adapt to model mismatches, external disturbances and errors,
employing feedback from the real system behavior and performing refinement of the
optimization procedure. Overall, optimal pricing necessitates an appropriately simplified
price-demand model that incorporates the correlations of structures in the cache services.

Related Work:

[1]This work proposes a novel estimating request plan intended for a cloud reserve that
offers querying administrations and goes for the expansion of the cloud benefit with
prescient interest value solution on monetary method for client benefit. The proposed
arrangement permits: on one hand, long haul profit amplification with value minimization on
solicitation of same interest, and, on the other, dynamic adjustment to the genuine conduct of
the cloud application, while the improvement process is in advancement [2] Cloud
computing is the technology of the next generation which unifies everything into one. It is an
on demand service because it offers dynamic flexible resource allocation for reliable and
guaranteed services in pay as you- use manner to users. The review shows that SaaS is very
important layer in cloud computing because all the allocation of resources to the application
is done by SaaS providers. This paper focused on the review of customer requests for SaaS

12
providers with the explicit aim of cost minimization or to increase the profit with dynamic
demands handling. An effective strategy is required for achieving user satisfaction and
maximizing the profit for cloud service providers. This paper discusses just about the review
of SaaS layer in cloud computing based on the QoS parameter and SLA.[3]A pricing model
is developed for cloud computing which takes many factors into considerations, such as the
requirement r of a service, the workload of an application environment, the configuration (m
and s) of a multi server system, the service level agreement c, the satisfaction (r ands0) of a
consumer, the quality (Wand T) of a service, the penalty d of a low-quality service, the cost
of renting, the cost of energy consumption, and a service provider’s margin and profit. And
this will schedules the job according to optimization of speed and size of the input hereby
maximizing the profit [4] Keeping in mind the end goal to ensure the nature of
administration demands and boost the benefit of administration providers, this paper has
proposed a novel Double-Quality-Guaranteed (DQG) leasing plan for administration
suppliers. This plan joins fleeting leasing with long haul leasing, which can lessen the asset
squander significantly and adjust to the dynamical interest of processing capacity. A
M/M/m+D queueing model is work for our multi server framework with changing system
size. And after that, an ideal setup issue of benefit amplification is detailed in which
numerous elements are taken into contemplations, for example, the business sector request
,the workload of demands, the server-level understanding, the rental expense of servers, the
expense of vitality consumption, et cetera. The ideal arrangements are tackled for two unique
circumstances, which are the perfect ideal arrangements and the real ideal arrangements.
What's more, a progression of calculations are directed to think about the benefit got by the
DQG leasing plan with the Single-Quality- Unguaranteed (SQU) leasing plan. The results
demonstrate that our plan outperforms the SQU plan as far as both of administration quality
and benefit.. [5]We have proposed a pricing model for cloud computing which takes many
factors into considerations, such as the requirement r of a service, the workload ? of an
application environment, the configuration (m and s) of a multi server system, the service
level agreement c, the satisfaction (r and s0) of a consumer, the quality (W and T) of a
service, the penalty d of a low-quality service, the cost (ß and m) of renting, the cost (a,?,P*,
and P) of energy Consumption, and a service provider’s margin and profit a. By using an
M/M/ m queuing model, we formulated and solved the problem of optimal multi server

13
configuration for profit maximization in a cloud computing environment .Our discussion can
be easily extended to other service charge functions. Our methodology can be applied to
other pricing models.

14
CHAPTER 3

SYSTEM REQUIREMENTS

3.1 HARDWARE REQUIREMENTS:

System Pentium IV 2.4 GHz.

Hard Disk 40 GB.

Monitor 15 VGA Colour.

Mouse Logitech.

RAM 512 MB.

3.2 SOFTWARE REQUIREMENTS:

Operating system Windows 7/8.

Coding Language JAVA/J2EE

IDE NetBeans 8.2

Database MYSQL

15
3.3 SOFTWARE ENVIRONMENT:

3.3.1 Over View of Java

With most programming languages, you either compile or interpret a program so that
you can run it on your computer. The Java programming language is unusual in that a
program is both compiled and interpreted. With the compiler, first you translate a program
into an intermediate language called Java byte codes —the platform-independent codes
interpreted by the interpreter on the Java platform. The interpreter parses and runs each Java
byte code instruction on the computer. Compilation happens just once; interpretation occurs
each time the program is executed. The following figure illustrates how this works.

Fig 3.1: Compilation and interpretation of java program

You can think of Java byte codes as the machine code instructions for the Java
Virtual Machine (Java VM). Every Java interpreter, whether it’s a development tool or a
Web browser that can run applets, is an implementation of the Java VM. Java byte codes
help make “write once, run anywhere” possible. You can compile your program into byte
codes on any platform that has a Java compiler. The byte codes can then be run on any
implementation of the Java VM. That means that as long as a computer has a Java VM, the
same program written in the Java programming language can run on Windows 2000, a
Solaris workstation, or on an iMac.

16
Fig 3.2 :Java program execution in different windows

3.3.2 Over View of MySQL:

MySQL, the most popular Open Source SQL database management system, is
developed, distributed, and supported by Oracle Corporation.

MySQL is a database management system.

A database is a structured collection of data. It may be anything from a simple

shopping list to a picture gallery or the vast amounts of information in a corporate network.
To add, access, and process data stored in a computer database, you need a database
management system such as MySQL Server. Since computers are very good at handling
large amounts of data, database management systems play a central role in computing, as
standalone utilities, or as parts of other applications.

MySQL databases are relational.

A relational database stores data in separate tables rather than putting all the data in
one big storeroom. The database structures are organized into physical files optimized for
speed. The logical model, with objects such as databases, tables, views, rows, and columns,
offers a flexible programming environment. You set up rules governing the relationships
between different data fields, such as one-to-one, one-to-many, unique, required or optional,
and “pointers” between different tables. The database enforces these rules, so that with a
well-designed database, your application never sees inconsistent, duplicate, orphan, out-of-
date, or missing data.

17
MySQL software is Open Source.

Open Source means that it is possible for anyone to use and modify the software.
Anybody can download the MySQL software from the Internet and use it without paying
anything. If you wish, you may study the source code and change it to suit your needs. The
MySQL software uses the GPL (GNU General Public License), to define what you may and
may not do with the software in different situations. If you feel uncomfortable with the GPL
or need to embed MySQL code into a commercial application, you can buy a commercially
licensed version from us. See the MySQL Licensing Overview for more information
(http://www.mysql.com/company/legal/licensing/).

The MySQL Database Server is very fast, reliable, scalable, and easy to use.

If that is what you are looking for, you should give it a try. MySQL Server can run
comfortably on a desktop or laptop, alongside your other applications, web servers, and so
on, requiring little or no attention. If you dedicate an entire machine to MySQL, you can
adjust the settings to take advantage of all the memory, CPU power, and I/O capacity
available. MySQL can also scale up to clusters of machines, networked together.

MySQL Server works in client/server or embedded systems.

The MySQL Database Software is a client/server system that consists of a multi-

threaded SQL server that supports different backends, several different client programs and
libraries, administrative tools, and a wide range of application programming interfaces
(APIs). We also provide MySQL Server as an embedded multi-threaded library that you can
link into your application to get a smaller, faster, easier-to-manage standalone product.

A large amount of contributed MySQL software is available.

MySQL Server has a practical set of features developed in close cooperation with our
users. It is very likely that your favorite application or language supports the MySQL
Database Server.

18
3.4 FUNCTIONAL REQUIREMENTS:

Functional requirements will define the fundamental actions that must take place in
the software in activating and blocking the users and attackers based on the pattern
classification methods.

3.5 NON-FUNCTIONAL REQUIREMENTS:

Efficiency: Can work all the time with the application server.

Reliability:Ability of a system or component to perform its required functions under stated

conditions for a specified period of time.

3.6 FEASIBILITY STUDY:

The feasibility of the project is analyzed in this phase and business proposal is put
forth with a very general plan for the project and some cost estimates. During system
analysis the feasibility study of the proposed system is to be carried out. This is to ensure that
the proposed system is not a burden to the company. For feasibility analysis, some
understanding of the major requirements for the system is essential.Three key considerations
involved in the feasibility analysis are

Economical Feasibility

Technical Feasibility

Social Feasibility

3.6.1 Economical Feasibility

This study is carried out to check the economic impact that the system will have on
the organization. The amount of fund that the company can pour into the research and
development of the system is limited. The expenditures must be justified. Thus the developed
system as well within the budget and this was achieved because most of the technologies
used are freely available. Only the customized products had to be purchased.

19
3.6.2 Technical Feasibility

This study is carried out to check the technical feasibility, that is, the technical
requirements of the system. Any system developed must not have a high demand on the
available technical resources. This will lead to high demands on the available technical
resources. This will lead to high demands being placed on the client. The developed system
must have a modest requirement, as only minimal or null changes are required for
implementing this system.

3.6.3 Social Feasability

The aspect of study is to check the level of acceptance of the system by the user. This
includes the process of training the user to use the system efficiently. The user must not feel
threatened by the system, instead must accept it as a necessity.

20
CHAPTER 4

SYSTEM ANALYSIS

4.1 EXISTING SYSTEM

 Existing RMMs for cloud computing gather feedback from users and
aggregate them to obtain reputations for the CPs. It attempts to
differentiate between fair feedback from unfair feedback provided by the
users about the performance of the CPs.It also differentiates between
faults in the physical networks and the intentional activities of CPs that
lead to disruption in the physical network. Therefore, faults (which are
assumed to be beyond the control of the CP) do not impact reputations of
CPs X. Sun et.al. proposed a multi-faceted trust management model with
the intention to distinguish between fair and unfair feedbacks about the
cloud providers. M. Wang et.al also proposed a multi-faceted reputation
management model that allows the users to evaluate the cloud providers
using various features. J. Sidhu et.al. proposed a trust evaluation of the
cloud providers based on the violation of contracts described in the
service level agreement. M. Mac´ıas et.al proposed a mechanism to
isolate unfair and malicious trust feedback in cloud computing. M.
Macas et. Al. proposed a policy on reputation management that
minimizes the impact of system failure on the reputation of the cloud
providers

Disadvantages of Existing System:

 This mechanism is vulnerable where the service provider faces

competition and may send unfair feedbacks about its competitors.This

21
 model assumes that seller agents act consistently, which might not be
true in many cases.

4.2 PROPOSED SYSTEM:

 In this paper, we propose a robust RMM in the federated cloud with

focus on multi-tenancy. In a multi-tenant cloud, a user depends on the CP
for trustworthy co-tenants.
 In this paper we propose a novel reputation management mechanism that
encourages the CPs to assign good co-tenants to a good user.
 In this paper we propose a mechanismthat encourages CPs to report
correct feedback about thecustomers.
 Briefly, our RMM works as follows:
 1) First, each CP distinguishes malicious users from good users and it
should assign resources to themsuch that the following holds:
o a) It must not allow any malicious user to becomea co-tenant of a
good user.
o b) It may allow malicious users to share resourcesamong
themselves.
 2) Next, the CPs share information about multitenancies.
 3) Each CP reports the behaviour of users to the RMM.
 4) A CP’s reputation is increased if the reputations of the users in each
group of multi-tenant users are consistent, i.e., either their reputations
increase ordecrease.

Advantages:

22
 In this paper we propose aRMM with a focus on multi-tenancy. Sharing
computationalresources with others is the main concern of users as
otherco-tenants may be malicious.
 In this paper, we propose a RMM that considers the CP’s capability and
willingness to make such differentiation among its users.
 It allows maximum co-tenancy irrespective of the behaviours of the users

23
CHAPTER 5

SYSTEM DESIGN

5.1SYSTEM ARCHITECTURE

Fig 5.1 :System Architecture

5.2 INTRODUCTION TO UML:

24
 UML stands for Unified Modeling Language. UML is a standardized general-purpose
modeling language in the field of object-oriented software engineering. The standard is
managed, and was created by, the Object Management Group. The goal is for UML to
become a common language for creating models of object oriented computer software. In its
current form UML is comprised of two major components: a Meta-model and a notation. In
the future, some form of method or process may also be added to; or associated with, UML.

The Unified Modeling Language is a standard language for specifying, Visualization,

Constructing and documenting the artifacts of software system, as well as for business
modeling and other non-software systems. The UML represents a collection of best
engineering practices that have proven successful in the modeling of large and complex
systems. The UML is a very important part of developing objects oriented software and the
software development process. The UML uses mostly graphical notations to express the
design of software projects.

Goals:

The Primary goals in the design of the UML are as follows:

Provide users a ready-to-use, expressive visual modeling Language so that they can develop
and exchange meaningful models.

Provide extendibility and specialization mechanisms to extend the core concepts.

Be independent of particular programming languages and development process.

Provide a formal basis for understanding the modeling language. Encourage the growth of
OO tools market.

Support higher level development concepts such as collaborations, frameworks, patterns and
components.

Integrate best practices.

25
5.2.1 Use case Diagram :

A use case diagram in the Unified Modeling Language (UML) is a type of behavioral
diagram defined by and created from a Use-case analysis. Its purpose is to present a
graphical overview of the functionality provided by a system in terms of actors, their goals
(represented as use cases), and any dependencies between those use cases. The main purpose
of a use case diagram is to show what system functions are performed for which actor. Roles
of the actors in the system can be depicted.

26
 Registration

Login

UploadFile

DataOwner ViewFile

Approval DataUser

OwnerList
Review

UserList
RequestFile

MaliciousUsers
CloudProvider
Download

ViewChart

Logout

CloudService

Fig 5.2 :Usecase Diagram

5.2.2 Class Diagram:

In software engineering, a class diagram in the Unified Modeling Language (UML) is

a type of static structure diagram that describes the structure of a system by showing the
system's classes, their attributes, operations (or methods), and the relationships among the
classes. It explains which class contains information.

27
Fig 5.3 :Class Diagram

5.2.3 Sequence Diagram:

A sequence diagram in Unified Modeling Language (UML) is a kind of interaction

diagram that shows how processes operate with one another and in what order. It is a

28
construct of a Message Sequence Chart. Sequence diagrams are sometimes called event
diagrams, event scenarios, and timing diagrams.

29
DataOwner CloudProvider Database DataUser

Register

Register

Login

Login

Login
Provide Cloud

UploadFile

ViewFile

View DataOwner

ViewDataUser

ViewMalicious Users

RequestFile

Approve File

DownloadFile

Logout

Logout

Logout

30
Fig 5.4 :Sequence Diagram

5.2.4 Activity Diagram:

Activity diagrams are graphical representations of workflows of stepwise activities

and actions with support for choice, iteration and concurrency. In the Unified Modeling
Language, activity diagrams can be used to describe the business and operational step-by-
step workflows of components in a system. An activity diagram shows the overall flow of
control.

31
Fig 5.5 :Activity Diagram

CHAPTER 6

IMPLEMENTATION

MODULES:

 Cloud Computing.

32
 Queuing Model.

 Business Service Module.

 Cloud Customer Module

 Infrastructure Service Provider Module

6.1 Cloud Computing:

 Cloud computing describes a type of outsourcing of computer services, similar

to the way in which the supply of electricity is outsourced. Users can simply
use it.

 They do not need to worry where the electricity is from, how it is made, or
transported. Every month, they pay for what they consumed.

 The idea behind cloud computing is similar: The user can simply use storage,
computing power, or specially crafted development environments, without
having to worry how these work internally.

 Cloud computing is usually Internet-based computing. The cloud is a

metaphor for the Internet based on how the internet is described in computer
network diagrams; which means it is an abstraction hiding the complex
infrastructure of the internet.

 It is a style of computing in which IT-related capabilities are provided “as a

service”, allowing users to access technology-enabled services from the
Internet ("in the cloud")without knowledge of, or control over the technologies
behind these servers.

6.2 Queuing Model:

33
  we consider the cloud service platform as a multi server system with a service
request queue. The clouds provide resources for jobs in the form of virtual
machine (VM).

 In addition, the users submit their jobs to the cloud in which a job queuing
system such as SGE, PBS, or Condor is used. All jobs are scheduled by the job
scheduler and assigned to different VMs in a centralized way.

 Hence, we can consider it as a service request queue. For example, Condor is

a specialized workload management system for computer intensive jobs and it
provides a job queuing mechanism, scheduling policy, priority scheme,
resource monitoring, and resource management.

 Users submit their jobs to Condor, and Condor places them into a queue,
chooses when and where to run them based upon a policy. An
M/M/m+Dqueueing model is build for our multiserver system with varying
system size.

 And then, an optimal configuration problem of profit maximization is

formulated in which many factors are taken into considerations, such as the
market demand, the workload of requests, the server-level agreement, the
rental cost of servers, the cost of energy consumption, and so forth.

 The optimal solutions are solved for two different situations, which are the
ideal optimal solutions and the actual optimal solutions.

6.3 Business Service Module:

 Service providers pay infrastructure providers for renting their physical

resources, and charge customers for processing their service requests, which
generates cost and revenue, respectively.

34
  The profit is generated from the gap between the revenue and the cost.In this
module the service providers considered as cloud brokers because they can
play an important role in between cloud customers and infrastructure providers
,and he can establish an indirect connection between cloud customer and
infrastructure providers.

6.4 Cloud Customer Module:

 A customer submits a service request to a service provider which delivers

services on demand.

 The customer receives the desired result from the service provider with certain
service-level agreement, and pays for the service based on the amount of the
service and the service quality.

6.5 Infrastructure Service Provider Module:

 In the three-tier structure, an infrastructure provider the basic hardware and

software facilities.

 A service provider rents resources from infrastructure providers and prepares, a

set of services in the form of virtual machine (VM).

 Infrastructure providers provide two kinds of resource renting schemes, e.g.,

long-term renting and short-term renting.

 In general, the rental price of long-term renting is much cheaper than that of
short-term renting.

6.6 Sample code:

Uploadfile.jsp:

<center>

35
<h2><font style="color: wheat">Send Request</font></h2>

<%

Statement st=conn.createStatement();

ResultSet rs=st.executeQuery("select * from bsp1 where bsp='on process' or isp='on

process'");

boolean b=true;

ArrayList Queue=new ArrayList();

if(b)

if(rs.next())

out.println("<font color='white' size='4'>Previous file is pending</font>");

Queue.remove(0);

else

Queue.add(rs.getString("bsp"));

%>

<form method="post" action="ServletUpload" enctype="multipart/fordata">

<table width="3" cellpadding="5">

36
<tr><td><font size="4"></font></td><td><input

type="hidden"name="name" value="yamini"></td></tr>

<tr><td><font size="4"></font></td><td><input type="hidden" name="date"

value="<%=new java.util.Date()%>" ></td></tr>

<tr><td><font size="4"></font></td><td><input type="hidden" name="bsp"

value="on process"></td></tr>

<tr><td><font size="4"></font></td><td><input type="hidden" name="isp"

value="on process"></td></tr>

<tr><td><font style="color: white" size="4">Upload:</font></td><td><input

type="file" style="color: white" name="file1"></td></tr>

<tr>

<td></td>

<td><input type="submit" value="send"></td>

</tr>

</table>

</form>

<%

%>

</center>

ServletUpload.Java:

public class ServletUpload extends HttpServlet {

37
protectedvoid processRequest(HttpServletRequest request, HttpServletResponse
response

throws ServletException, IOException {

response.setContentType("text/html;charset=UTF-8");

try (PrintWriter out = response.getWriter())

out.println("<!DOCTYPE html>");

out.println("<html>");

out.println("<head>");

out.println("<title>Servlet ServletUpload</title>");

out.println("</head>");

out.println("<body>");

out.println("<h1>Servlet ServletUpload at " + request.getContextPath() + "</h1>");

out.println("</body>");

out.println("</html>");

protectedvoiddoGet(HttpServletRequestrequest,HttpServletResponseresponse)

throws ServletException, IOException {

processRequest(request, response);

38
protectedvoiddoPost(HttpServletRequestrequest, HttpServletResponse
response)

throws ServletException, IOException

PrintWriter out=response.getWriter();

InputStream inputStream1=null;

Part filePart1 = request.getPart("file1");

if (filePart1 != null)

System.out.println(filePart1.getName());

System.out.println(filePart1.getSize());

System.out.println(filePart1.getContentType());

inputStream1 = filePart1.getInputStream();

String name=request.getParameter("name")

String date=request.getParameter("date");

String bsp=request.getParameter("bsp");

String isp=request.getParameter("isp");

long inputStream= filePart1.getSize();

String filename= filePart1.getSubmittedFileName();

System.out.println("The file1 is "+filename);

39
 StringTokenizer st1=new StringTokenizer(filename, ".");

String extention1=null;

while(st1.hasMoreTokens())

extention1=st1.nextToken()

System.out.println("The File Extention is "+extention1);

Connection conn = null;

String message = null;

try

Class.forName("com.mysql.jdbc.Driver");

conn=DriverManager.getConnection("jdbc:mysql://localhost:3306/promax","root","r

String sql = "INSERT INTO bsp1(file,name,filename,size,date,bsp,isp)

values(?,?,?,?,?,?,?)";

PreparedStatement statement = conn.prepareStatement(sql);

if (inputStream1 != null)

statement.setBlob(1, inputStream1);

40
 statement.setString(2,name);

statement.setString(3, filename);

statement.setLong(4, inputStream);

statement.setString(5,date);

statement.setString(6,bsp);

statement.setString(7,isp);

int row = statement.executeUpdate();

if (row > 0)

response.sendRedirect("requestsuccess.jsp");

out.println("<html><body><center><br><br><h2>Request Sent To Business

Service Provider</h2></body></center></html>");

} catch (SQLException ex) {

message = "ERROR: " + ex.getMessage();

ex.printStackTrace();

} catch (ClassNotFoundException ex) {

Logger.getLogger(ServletUpload.class.getName()).log(Level.SEVERE, null, ex);

} finally {

if (conn != null)

try {

41
conn.close();

} catch (SQLException ex) {

ex.printStackTrace();

public String getServletInfo()

return "Short description";

42
CHAPTER 7

SCREEN SHOTS

CHAPTER 8

SYSTEM TESTING

INTRODUCTION :

The purpose of testing is to discover errors. Testing is the process of trying to

discover every conceivable fault or weakness in a work product. It provides a way to
check the functionality of components, sub-assemblies, assemblies and/or a finished
product It is the process of exercising software with the intent of ensuring that
theSoftware system meets its requirements and user expectations and does not fail in
an unacceptable manner. There are various types of test. Each test type addresses a
specific testing requirement.

8.1 UNIT TESTING:

Unit testing involves the design of test cases that validate that the internal
program logic is functioning properly, and that program inputs produce valid outputs.
All decision branches and internal code flow should be validated. It is the testing of
individual software units of the application .it is done after the completion of an
individual unit before integration. This is a structural testing, that relies on knowledge
of its construction and is invasive. Unit tests perform basic tests at component level

43
and test a specific business process, application, and/or system configuration. Unit
tests ensure that each unique path of a business process performs accurately to the do
cumented specifications and contains clearly defined inputs and expected results.

8.2 INTEGRATION TESTING

Integration tests are designed to test integrated software components to

determine if they actually run as one program. Testing is event driven and is more
concerned with the basic outcome of screens or fields. Integration tests demonstrate
that although the components were individually satisfaction, as shown by successfully
unit testing, the combination of components is correct and consistent. Integration
testing is specifically aimed at exposing the problems that arise from the combination
of components.

8.3 SYSTEM TEST

System testing ensures that the entire integrated software system meets
requirements. It tests a configuration to ensure known and predictable results. An
example of system testing is the configuration oriented system integration test. System
testing is based on process descriptions and flows, emphasizing pre-driven process
links and integration points.

8.4 FUNCTIONAL TEST

Functional tests provide systematic demonstrations that functions tested are

available as specified by the business and technical requirements, system
documentation, and user manuals.

Functional testing is centered on the following items:

Valid Input: identified classes of valid input must be accepted.

Invalid Input: identified classes of invalid input must be rejected.

Functions: identified functions must be exercised.

Output: identified classes of application outputs must be exercised.

44
Systems/Procedures: interfacing systems or procedures must be invoked.

Organization and preparation of functional tests is focused on requirements,

key functions, or special test cases. In addition, systematic coverage pertaining to
identify Business process flows; data fields, predefined processes, and successive
processes must be considered for testing. Before functional testing is complete,
additional tests are identified and the effective value of current tests is determined.

45
8.5 WHITE BOX TESTING

White Box Testing is a testing in which in which the software tester has
knowledge of the inner workings, structure and language of the software, or at least its
purpose. It is purpose. It is used to test areas that cannot be reached from a black box
level.

8.6 BLACK BOX TESTING

Black Box Testing is testing the software without any knowledge of the inner
workings, structure or language of the module being tested. Black box tests, as most
other kinds of tests, must be written from a definitive source document, such as
specification or requirements document, such as specification or requirements
document. It is a testing in which the software under test is treated, as a black box .you
cannot “see” into it. The test provides inputs and responds to outputs without
considering how the software works.

8.7 ACCEPTANCE TESTING

User Acceptance Testing is a critical phase of any project and requires

significant participation by the end user. It also ensures that the system meets the
functional requirements.

Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
Test objectives

 All field entries must work properly.

 Pages must be activated from the identified link.

 The entry screen, messages and responses must not be delayed.

Features to be tested

 Verssify that the entries are of the correct format

 No duplicate entries should be allowed

 All links should take the user to the correct page

46
CHAPTER 9

CONCLUSION

This paper has proposed a novel double quality guaranteed renting scheme for service
providers. This scheme combines short term renting with long term renting, which can
reduce the resource waste greatly and adapt to the dynamical demand of computing
capacity. An M/M/m+D queuing model is build for our multiserver system with
varying system size. And then, an optimal configuration problem of profit
maximization is formulated in which many factors are taken , such as the market
demand the workload of requests, the server level agreement the rental cost of servers,
the cost of energy consumption and so forth. The optimal solutions are solved for two
different situations, which are the ideal optimal solutions and the actual optimal
solutions. In addition a series of calculations are conducted to compare the profit
obtained by the DQG renting scheme with the single quality unguaranteed renting
scheme.

47
CHAPTER 10

REFERENCES

[1] S. Ruj, M. Stojmenovic, and A. Nayak, “Privacy Preserving Access Control

with Authentication for Securing Data in Clouds,” Proc. IEEE/ACM Int’l
Symp. Cluster, Cloud and Grid Computing, pp. 556-563, 2012.

[2] C. Wang, Q. Wang, K. Ren, N. Cao, and W. Lou, “Toward Secure and
Dependable Storage Services in Cloud Computing,” IEEE Trans. Services
Computing, vol. 5, no. 2, pp. 220-232, Apr.- June 2012.

[3] J. Li, Q. Wang, C. Wang, N. Cao, K. Ren, and W. Lou, “Fuzzy Keyword
Search Over Encrypted Data in Cloud Computing,” Proc. IEEE INFOCOM,
pp. 441-445, 2010.

[4] S. Kamara and K. Lauter, “Cryptographic Cloud Storage,” Proc. 14th Int’l
Conf. Financial Cryptography and Data Security, pp. 136- 149, 2010.

[5] H. Li, Y. Dai, L. Tian, and H. Yang, “Identity-Based Authentication for Cloud
Computing,” Proc. First Int’l Conf. Cloud Computing (CloudCom), pp. 157-
166, 2009.

[6] C. Gentry, “A Fully Homomorphic Encryption Scheme,” PhD dissertation,

Stanford Univ., http://www.crypto.stanford.edu/ craig, 2009.

[7] A.-R. Sadeghi, T. Schneider, and M. Winandy, “Token-Based Cloud

Computing,” Proc. Third Int’l Conf. Trust and Trustworthy Computing
(TRUST), pp. 417-429, 2010.

[8] R.K.L. Ko, P. Jagadpramana, M. Mowbray, S. Pearson, M. Kirchberg, Q.

Liang, and B.S. Lee, “Trustcloud: A Framework for Accountability and Trust
in Cloud Computing,” HP Technical Report HPL-2011-38,
http://www.hpl.hp.com/techreports/2011/HPL-2011-38.html, 2013.

48
[9] R. Lu, X. Lin, X. Liang, and X. Shen, “Secure Provenance: The Essential of
Bread and Butter of Data Forensics in Cloud Computing,” Proc. Fifth ACM
Symp. Information, Computer and Comm. Security (ASIACCS), pp. 282-292,
2010.

[10] D.F. Ferraiolo and D.R. Kuhn, “Role-Based Access Controls,” Proc. 15th Nat’l
Computer Security Conf., 1992.

[11] D.R. Kuhn, E.J. Coyne, and T.R. Weil, “Adding Attributes to Role-Based
Access Control,” IEEE Computer, vol. 43, no. 6, pp. 79-81, June 2010.

[12] M. Li, S. Yu, K. Ren, and W. Lou, “Securing Personal Health Records in
Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in
Multi-Owner Settings,” Proc. Sixth Int’l ICST Conf. Security and Privacy in
Comm. Networks (SecureComm), pp. 89-106, 2010.

[13] S. Yu, C. Wang, K. Ren, and W. Lou, “Attribute Based Data Sharing with
Attribute Revocation,” Proc. ACM Symp. Information, Computer and Comm.
Security (ASIACCS), pp. 261-270, 2010.

[14] G. Wang, Q. Liu, and J. Wu, “Hierarchical Attribute-Based Encryption for

Fine-Grained Access Control in Cloud Storage Services,” Proc. 17th ACM
Conf. Computer and Comm. Security (CCS), pp. 735-737, 2010.

[15] F. Zhao, T. Nishide, and K. Sakurai, “Realizing Fine-Grained and Flexible

Access Control to Outsourced Data with Attribute-Based Cryptosystems,”
Proc. Seventh Int’l Conf. Information Security Practice and Experience
(ISPEC), pp. 83-97, 2011.

[16] S. Ruj, A. Nayak, and I. Stojmenovic, “DACC: Distributed Access Control in

Clouds,” Proc. IEEE 10th Int’l Conf. Trust, Security and Privacy in Computing
and Communications (TrustCom), 2011.

[17] http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cs-01-en.pdf, 2013.

[18] http://securesoftwaredev.com/2012/08/20/xacml-in-the-cloud, 2013.

49
[19] S. Jahid, P. Mittal, and N. Borisov, “EASiER: Encryption-Based Access
Control in Social Networks with Efficient Revocation,” Proc. ACM Symp.
Information, Computer and Comm. Security (ASIACCS), 2011.

[20] R.L. Rivest, A. Shamir, and Y. Tauman, “How to Leak a Secret,” Proc.
Seventh Int’l Conf. Theory and Application of Cryptology and Information
Security (ASIACRYPT), pp. 552-565, 2001.

[21] X. Boyen, “Mesh Signatures,” Proc. 26th Ann. Int’l Conf. Advances in
Cryptology (EUROCRYPT), pp. 210-227, 2007.

[22] D. Chaum and E.V. Heyst, “Group Signatures,” Proc. Ann. Int’l Conf.
Advances in Cryptology (EUROCRYPT), pp. 257-265, 1991.

[23] H.K. Maji, M. Prabhakaran, and M. Rosulek, “Attribute-Based Signatures:

Achieving Attribute-Privacy and Collusion-Resistance,” IACR Cryptology
ePrint Archive, 2008.

[24] H.K. Maji, M. Prabhakaran, and M. Rosulek, “Attribute-Based Signatures,”

Topics in Cryptology - CT-RSA, vol. 6558, pp. 376-392, 2011.

[25] A. Beimel, “Secure Schemes for Secret Sharing and Key Distribution,” PhD
thesis, Technion, Haifa, 1996.

[26] A. Sahai and B. Waters, “Fuzzy Identity-Based Encryption,” Proc. Ann. Int’l
Conf. Advances in Cryptology (EUROCRYPT), pp. 457-473, 2005.

[27] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-Based Encryption

for Fine-Grained Access Control of Encrypted Data,” Proc. ACM Conf.
Computer and Comm. Security, pp. 89-98, 2006.

[28] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-Policy Attribute-Based

Encryption,” Proc. IEEE Symp. Security and Privacy, pp. 321-334, 2007.

50
[29] X. Liang, Z. Cao, H. Lin, and D. Xing, “Provably Secure and Efficient
Bounded Ciphertext Policy Attribute Based Encryption,” Proc. ACM Symp.
Information, Computer and Comm. Security (ASIACCS), pp 343-352, 2009.

[30] M. Chase, “Multi-Authority Attribute Based Encryption,” Proc. Fourth Conf.

Theory of Cryptography (TCC), pp. 515-534, 2007.

[31] H. Lin, Z. Cao, X. Liang, and J. Shao, “Secure Threshold Multi- Authority
Attribute Based Encryption without a Central Authority,” Proc. Progress in
Cryptology Conf. (INDOCRYPT), pp. 426-436, 2008.

[32] M. Chase and S.S.M. Chow, “Improving Privacy and Security in Multi-
Authority Attribute-Based Encryption,” Proc. ACM Conf. Computer and
Comm. Security, pp. 121-130, 2009.

[33] M. Green, S. Hohenberger, and B. Waters, “Outsourcing the Decryption of

ABE Ciphertexts,” Proc. USENIX Security Symp., 2011.

51