EFFICIENT TRACEABLE AUTHORIZATION

SEARCH
SYSTEM FOR SECURE CLOUD STORAGE

ABSTRACT
Secure search over encrypted remote data is crucial in cloud computing to guarantee the data privacy
and usability.To prevent unauthorized data usage, fine-grained access control is necessary in multi-
user system. However, authorized user may intentionally leak the secret key for financial benefit.
Thus, tracing and revoking the malicious user who abuses secret key needs tobe solved imminently.
In this project, we propose an escrow free traceable attribute based multiple keywords subset search
system with verifiable outsourced decryption (EF-TAMKS-VOD).The key escrow free mechanism could
effectively prevent the key generation center (KGC) from unscrupulously searching and decrypting all
encrypted files of users. Also, the decryption process only requires ultralight weight computation,
which is a desirable feature for energy-limited devices. In addition, efficient user revocation is
enabled after the malicious user is figured out. Moreover, the proposed system is able to support
flexible number of attributes rather than polynomial bounded. Flexible multiple keyword subset
search pattern is realized, and the change of the query keywords order does not affect the search
result. Security analysis indicates that EF-TAMKS-VOD is provably secure. Efficiency analysis and
experimental results show that EF-TAMKS-VOD improves the efficiency and greatly reduces the
computation overhead of users’ terminals.

EXISTING SYSTEM
With the development of new computing paradigm, cloud computing becomes the most notable
one,which provides convenient, on-demand services from as hared pool of configurable computing
resources. Therefore, an increasing number of companies and individuals prefer outsource their
data storage to cloud server. Despite the tremendous economic and technical advantages,
unpredictable security and privacy concerns become the most prominent problem that hinders the
widespread adoption of data storage in public cloud infra structure. Encryption is a fundamental
method to protect data privacy in remote storage. Searchable encryption provides mechanism to
enable keyword searchover encrypted data .For the file sharing system, such as multi-owner
multiuserscenario, fine-grained search authorization is a desirablefunction for the data owners to
share their privatedata with other authorized user. The outsourced decryption method allows user
to recover the message with ultralightweight decryption. Inattribute based access control system,
the secret key of useris associated with a set of attributes rather than individualidentity.

DISADVANTAGES
 Encryption system is effectively execute search for plaintext becomes difficult for encrypted
data due to the unreadability of cipher text.

 In file sharing system: most of the available systems require the user to perform a large
amount of complex bilinear pairing operations. These overwhelmed computations become a
heavy burden for user’s terminal, which is especially serious for energy constrained devices.

 The outsourced decryption method:In this method the cloud server might return wrong half-
decrypted information as a result of malicious attack or system malfunction. Thus, it is an
important issue to guarantee the correctness of outsourced decryption in public key
encryption with keyword search (PEKS) system.

 More importantly, in the original definition of PEKS scheme key generation centre (KGC)
generates all the secret keys in the system, which inevitably leads to the key escrow problem.
That is, the KGC knows all the secret keys of the users and thus can unscrupulously search
and decrypt on all encrypted files, which is a significant threat to data security and privacy .

PROPOSED SYSTEM
SEARCHABLE ENCRYPTION:

Searchable encryption enables keyword search over encrypted data. The concept of public key
encryption with keyword search (PEKS) was proposed by Boneh et al, which is important in
protecting the privacy of outsourced data. Data owners in PEKS schemes store their files in
encrypted form in the remote untrusted data server. The data users query to search on the
encrypted files by generating a keyword trapdoor, and the data server executes the search
operation. Waters et al. showed that PEKSschemes could be utilized to construct searchable audit
logs. Later, Xu et al. presented a general framework tocombine PEKS and fuzzy keyword search
without concreteconstruction. Tang proposed a multiparty searchableencryptionscheme together
with a bilinear pairing basedscheme. In 2016, Chen et al. Introduced the concept“dual-server” into
PEKS to resist off-line keyword guessingattack. Yang et al. Introduced time-release and proxy
reencryptionmethod to PEKS scheme in order to realize timecontrolledauthority delegation. Wang
et al. Proposed aranked keyword search scheme for searchable symmetricencryption, in which the
order-preserving symmetric encryption is utilized. Cao et al. Designed a novelsystem to realize
multiple keyword ranked search. Searchableencryption is also further studied in.

ABE:

ABE is an important method to realize fine-grained datasharing. In ABE schemes, descriptive

attributes and accesspolicies areassociated with attribute secret keys and ciphertexts.A certain
secret key can decrypt a ciphertext if andonly if the associated attributes and the access policy
matcheach other. The notion of ABE was proposed by Sahai et al. in 2005. According to whether the
access control policyassociates with the ciphertext or the secret key, ABE schemescan be classified
into cipher text-policy ABE (CP-ABE) and key-policy ABE (KP-ABE) .Since the Sahai’s seminal work,
ABE based access controlbecomes a research focusConsideringthe challenges in expressing access
control policy, ABE scheme with non-monotonic access structure is proposed. ABE systems with
constant size cipher text,are constructed to reduce the storage overhead. In order to accelerate the
decryption, researchers make effort to speedup the decryption algorithm .Decentralized ABE is
investigated in , in which multiple authorities workindependently without collaboration.

TRAITOR TRACING

Traitor tracing was introduced by Chor et al. to helpcontent distributors identifying pirates. In the
digital contentdistribution system, there is no way to prevent a legitimateuser to give (or sell) his
decryption key to the others.Traitor tracing mechanism helps the distributor to find outthe
misbehaved user by running “tracing” algorithm so could take legal action against the owner of the
leakedsecret key.Later, traitor tracing mechanism is introduced to broadcastencryption, where a
sender is able to generate ciphertextand only the users in the designated receiver set can decrypt.
The traceability function enables the broadcast to identify the traitor, and prevents the authorized
usersfrom leaking their keys. The approach is to give each usera distinct set of keys, which is
deemed as “watermark”for tracing. Traceability is further investigated for broadcast encryption in
.In CP-ABE scheme, secret keys are not defined over identities.Instead, they are associated with a
set of attributes.Multiple users may share the same set of attributes. Thisbrings convenience to
expressive access control. However,given a leaked secret key, it is impossible to figure out
theoriginal key owner in traditional ABE system. It means thatthe malicious user, who sells his
secret key, almost has little risk of being identified.

ADVANTAGES
 The enforcement of access control and the support of key word search are important issues
in secure cloud storage system. In this work, we defined a new paradigm of searchable
encryption system, and proposed a concrete construction.

 It supports flexible multiple keywords subset search, and solves the key escrow problem
during the key generation procedure.

 Malicious user who sells secret key for benefit can be traced. The decryption operation is
partly outsourced to cloud server and the correctness of half-decrypted result can be verified
by data user. The performance analysis and simulation show its efficiency in computation and
storage overhead.

SYSTEM ANALYSIS
The Systems Development Life Cycle (SDLC), or Software Development Life Cycle in systems
engineering, information systems and software engineering, is the process of creating or altering systems, and the
models and methodologies that people use to develop these systems.

In software engineering the SDLC concept underpins many kinds of software development methodologies. These
methodologies form the framework for planning and controlling the creation of an information system the software
development process.

SOFTWARE MODEL OR ARCHITECTURE ANALYSIS:

Structured project management techniques (such as an SDLC) enhance management’s control over
projects by dividing complex tasks into manageable sections. A software life cycle model is either a descriptive or
prescriptive characterization of how software is or should be developed. But none of the SDLC models discuss the
key issues like Change management, Incident management and Release management processes within the SDLC
process, but, it is addressed in the overall project management. In the proposed hypothetical model, the concept of
user-developer interaction in the conventional SDLC model has been converted into a three dimensional model which
comprises of the user, owner and the developer. In the proposed hypothetical model, the concept of user-developer
interaction in the conventional SDLC model has been converted into a three dimensional model which comprises of
the user, owner and the developer. The ―one size fits all‖ approach to applying SDLC methodologies is no longer
appropriate. We have made an attempt to address the above mentioned defects by using a new hypothetical model for
SDLC described elsewhere. The drawback of addressing these management processes under the overall project
management is missing of key technical issues pertaining to software development process that is, these issues are
talked in the project management at the surface level but not at the ground level.
WHAT IS SDLC?

A software cycle deals with various parts and phases from planning to testing and deploying
software. All these activities are carried out in different ways, as per the needs. Each way is known as a Software
Development Lifecycle Model (SDLC). A software life cycle model is either a descriptive or prescriptive
characterization of how software is or should be developed. A descriptive model describes the history of how a
particular software system was developed. Descriptive models may be used as the basis for understanding and
improving software development processes or for building empirically grounded prescriptive models.
SDLC models * The Linear model (Waterfall) - Separate and distinct phases of specification and development. -
All activities in linear fashion. - Next phase starts only when first one is complete. * Evolutionary development -
Specification and development are interleaved (Spiral, incremental, prototype based, Rapid Application
development). - Incremental Model (Waterfall in iteration), - RAD(Rapid Application Development) - Focus is on
developing quality product in less time, - Spiral Model - We start from smaller module and keeps on building it like
a spiral. It is also called Component based development. * Formal systems development - A mathematical system
model is formally transformed to an implementation. * Agile Methods. - Inducing flexibility into development. *
Reuse-based development - The system is assembled from existing components.
The General Model
Software life cycle models describe phases of the software cycle and the order in which those phases are executed.
There are tons of models, and many companies adopt their own, but all have very similar patterns. Each phase
produces deliverables required by the next phase in the life cycle. Requirements are translated into design. Code is
produced during implementation that is driven by the design. Testing verifies the deliverable of the implementation
phase against requirements.
SDLC Methodology:

Spiral Model

The spiral model is similar to the incremental model, with more emphases placed on risk analysis. The spiral
model has four phases: Planning, Risk Analysis, Engineering and Evaluation. A\ software project repeatedly passes
through these phases in iterations (called Spirals in this model). The baseline spiral, starting in the planning phase,
requirements is gathered and risk is assessed. Each subsequent spirals builds on the baseline spiral. Requirements are
gathered during the planning phase. In the risk analysis phase, a process is undertaken to identify risk and alternate
solutions. A prototype is produced at the end of the
risk analysis phase. Software is produced in the engineering phase, along with testing at
the end of the phase. The evaluation phase allows the customer to evaluate the output of the project to date before the
project continues to the next spiral. In the spiral model, the angular component represents progress, and the radius of
the spiral represents cost. Spiral Life Cycle Model.

This document play a vital role in the development of life cycle (SDLC) as it describes the complete
requirement of the system. It means for use by developers and will be the basic during testing phase. Any changes
made to the requirements in the future will have to go through formal change approval process.

SPIRAL MODEL was defined by Barry Boehm in his 1988 article, “A spiral Model of Software Development
and Enhancement. This model was not the first model to discuss iterative development, but it was the first model to
explain why the iteration models.

As originally envisioned, the iterations were typically 6 months to 2 years long. Each phase starts with a design
goal and ends with a client reviewing the progress thus far. Analysis and engineering efforts are applied at each
phase of the project, with an eye toward the end goal of the project.

The steps for Spiral Model can be generalized as follows:

 The new system requirements are defined in as much details as possible. This usually involves
interviewing a number of users representing all the external or internal users and other aspects of the
existing system.
 A preliminary design is created for the new system.

 A first prototype of the new system is constructed from the preliminary design. This is usually a scaled-
down system, and represents an approximation of the characteristics of the final product.

 A second prototype is evolved by a fourfold procedure:

1. Evaluating the first prototype in terms of its strengths, weakness, and risks.

2. Defining the requirements of the second prototype.

3. Planning an designing the second prototype.

4. Constructing and testing the second prototype.

 At the customer option, the entire project can be aborted if the risk is deemed too great. Risk factors
might involved development cost overruns, operating-cost miscalculation, or any other factor that could,
in the customer’s judgment, result in a less-than-satisfactory final product.

 The existing prototype is evaluated in the same manner as was the previous prototype, and if necessary,
another prototype is developed from it according to the fourfold procedure outlined above.

 The preceding steps are iterated until the customer is satisfied that the refined prototype represents the
final product desired.

 The final system is constructed, based on the refined prototype.

 The final system is thoroughly evaluated and tested. Routine maintenance is carried on a continuing basis
to prevent large scale failures and to minimize down time.
 Fig -Spiral Model

Advantages

 High amount of risk analysis

 Good for large and mission-critical projects.

 Software is produced early in the software life cycle.

5 System Requirements Specification

5.1 Introduction
 A Software Requirements Specification (SRS) – a requirements specification for a software system –
is a complete description of the behavior of a system to be developed. It includes a set of use cases that describe all
the interactions the users will have with the software. In addition to use cases, the SRS also contains non-functional
requirements. Non-functional requirements are requirements which impose constraints on the design or
implementation (such as performance engineering requirements, quality standards, or design constraints).
System requirements specification: A structured collection of information that embodies the requirements of a
system. A business analyst, sometimes titled system analyst, is responsible for analyzing the business needs of their
clients and stakeholders to help identify business problems and propose solutions. Within the systems development
life cycle domain, typically performs a liaison function between the business side of an enterprise and the
information technology department or external service providers. Projects are subject to three sorts of requirements:
 Business requirements describe in business terms what must be delivered or accomplished to provide value.
 Product requirements describe properties of a system or product (which could be one of
several ways to accomplish a set of business requirements.)
 Process requirements describe activities performed by the developing organization. For instance, process
requirements could specify specific methodologies that must be followed, and constraints that the organization
must obey.
Product and process requirements are closely linked. Process requirements often specify the activities that will be
performed to satisfy a product requirement. For example, a maximum development cost requirement (a process
requirement) may be imposed to help achieve a maximum sales price requirement (a product requirement); a
requirement that the product be maintainable (a Product requirement) often is addressed by imposing requirements to
follow particular development styles

5.2 PURPOSE

An systems engineering, a requirement can be a description of what a system must do, referred to as a Functional
Requirement. This type of requirement specifies something that the delivered system must be able to do. Another type
of requirement specifies something about the system itself, and how well it performs its functions. Such requirements
are often called Non-functional requirements, or 'performance requirements' or 'quality of service requirements.'
Examples of such requirements include usability, availability, reliability, supportability, testability and
maintainability.

A collection of requirements define the characteristics or features of the desired system. A 'good' list of requirements
as far as possible avoids saying how the system should implement the requirements, leaving such decisions to the
system designer. Specifying how the system should be implemented is called "implementation bias" or "solution
engineering". However, implementation constraints on the solution may validly be expressed by the future owner, for
example for required interfaces to external systems; for interoperability with other systems; and for commonality (e.g.
of user interfaces) with other owned products.

In software engineering, the same meanings of requirements apply, except that the focus of interest is the software itself. 4

NON FUNCTIONAL REQUIREMENTS

The major non-functional Requirements of the system are as follows

Usability
The system is designed with completely automated process hence there is no or less user intervention.

Reliability
The system is more reliable because of the qualities that are inherited from the chosen platform java. The code built
by using java is more reliable.

Performance
This system is developing in the high level languages and using the advanced front-end and back-end technologies it
will give response to the end user on client system with in very less time.

Supportability
The system is designed to be the cross platform supportable. The system is supported on a wide range of hardware
and any software platform, which is having JVM, built into the system.
Implementation
The system is implemented in web environment using struts framework. The apache tomcat is used as the web server
and windows xp professional is used as the platform.
Interface the user interface is based on Struts provides HTML Tag
Software Requirements:
Language : Java (JDK1.7.0)

Operating System : Microsoft Windows Xp Service Pack 3

IDE : my eclipse IDE 8.6

Front End : JAVA (Swings)

Backend : oracle10g
Hardware Requirements:
Processor : Intel Pentium 4

RAM : 256 MB

Hard Disk : 40 GB

6. System Design

6.1 Introduction
The purpose of the design phase is to plan a solution of the problem specified by the
requirement document. This phase is the first step in moving from the problem domain to the solution domain. In
other words, starting with what is needed, design takes us toward how to satisfy the needs. The design of a system is
perhaps the most critical factor affection the quality of the software; it has a major impact on the later phase,
particularly testing, maintenance. The output of this phase is the design document. This document is similar to a
blueprint for the solution and is used later during implementation, testing and maintenance. The design activity is
often divided into two separate phases System Design and Detailed Design.
System Design also called top-level design aims to identify the modules that should be in the system, the
specifications of these modules, and how they interact with each other to produce the desired results. At the end of
the system design all the major data structures, file formats, output formats, and the major modules in the system and
their specifications are decided.
 During, Detailed Design, the internal logic of each of the modules specified in system design is decided.
During this phase, the details of the data of a module is usually specified in a high-level design description language,
which is independent of the target language in which the software will eventually be implemented.
In system design the focus is on identifying the modules, where as during detailed design the focus is on
designing the logic for each of the modules. In other works, in system design the attention is on what components are
needed, while in detailed design how the components can be implemented in software is the issue.
Design is concerned with identifying software components specifying relationships among components.
Specifying software structure and providing blue print for the document phase. Modularity is one of the desirable
properties of large systems. It implies that the system is divided into several parts. In such a manner , the interaction
between parts is minimal clearly specified.
During the system design activities , Developers bridge the gap between the requirements specification ,
produced during requirements elicitation and analysis , and the system that is delivered to the user.
Design is the place where the quality is fostered in development . Software design is a process through which
requirements are translated into a representation of software.

6.2 System Model

Introduction to UML
The unified Modeling Language (UML) is a standard language for writing software blueprints. The UML may be
used to visualize, specify , construct and document the artifacts of software-intensive system.
The goal of UML is to provide a standard notation that can be used by all object - oriented methods and to select and
integrate the best elements .UML is itself does not prescribe or advice on how to use that notation in a software
development process or as part of an object - design methodology. The UML is more than just bunch of graphical
symbols. Rather , behind each symbol in the UML notation is well-defined semantics.
The system development focuses on three different models of the system.
 Functional model
 Object model
 Dynamic model
Functional model in UML is represented with use case diagrams , describing the functionality of the system from
user point of view.
Object model in UML is represented with class diagrams , describing the structure of the system in terms of objects ,
attributes , associations and operations.

Dynamic model in UML is represented with sequence diagrams , start chart diagrams and activity diagrams
describing the internal behaviour of the system.

6.3 Scenarios
A Use Case is an abstraction that all describes all possible scenarios involving the described functionality . A scenario
is an instance of a use case describing a concrete set of actions.
 The name of the scenario enables us to refer it ambiguously. The name of scenario is underlined to
indicate it is an instance.
 The Participating actor instance field indicates which actor instance are involved in this scenario.
Actor instance also have underlined names.
 The Flow of Events of scenario describe the sequence of events step by step.

6.3.1 Use Case Model

Use case diagrams represent the functionality of the system from a user point of view. A Use case describes a function
provided by the system that yields a visible result for an actor. an actor describe any entity that interacts with the
system. The identification of actors and use cases results in the definition of the boundary of the system, which is , in
differentiating the tasks accomplished by the system and the tasks accomplished by its environment. The actors
outside the boundary of the system, where as the use cases are inside the boundary of the system
A Use case contains all the events that can occur between an actor and a set of scenarios that explains the interactions
as sequence of happenings.

Actors
Actors represent external entities that interact with the system. An actor can be human or external system.
Actor are not part of the system. They represent anyone or anything that interact with the system.
An Actor may
 Only input information to the system.
 Only receive information from the system.
  Input and receive information from to and from the system.
During this activity , developers indentify the actors involved in this system are:

User:
User is an actor who uses the system and who performs the operations like data classifications and execution
performance that are required for him.

Use Cases:
Use cases are used during requirements elicitation and analysis to represent the functionality of the system. Use case
focus on the behaviour of the system from an external point of view. The identification of actors and use cases results
in the definition of the boundary of the system , which is , in differentiating the tasks accomplished by the system and
the tasks accomplished by its environment. The actors are outside the boundary of the system , where as the use cases
are inside the boundary of the system.

Paste Usecase
diagram
Class Diagram
Class Diagrams are used to describe the structure of the system. Classes are abstractions that specify
the common structure and behaviour of a set of objects. Objects are instances of classes that are created , modified
and destroyed during the execution of a system. An object has state that includes the values of its attributes and links
with other objects.

The class diagram is used to refine the use cases diagrams and define a detailed design of the system. The class
diagram classifies the actors defined in the use case diagram into a set of interrelated classes. The relationship or
association between the classes can be either an "is-a" or "has-a" relationship. Each class in the class diagram may be
capable of providing certain functionalities. These functionalities provided by the class are termed "methods" of the
classes. Apart from this , each class may have certain "attributes" that uniquely indentify the class. In the class
diagram these classes are represented with boxes which contain three parts..

Paste Class
Diagram
6.3.3 Dynamic model
6.3.3.1 Sequence Diagram
Sequence diagrams are used to formalize the dynamic behaviour of the system and to visualize the communication
among the objects. They are useful for identifying the additional objects that participate in the use case. Sequence
diagram represent the objects participating in the interaction horizontally and time vertically.
Sequence diagrams typically show a user or actor and the objects and the components they interact with the execution
of the use case. Each column represent an objects that participate in the interaction. Message is shown by solid
arrows. Labels on the solid arrows represent the message names. Activations are depicted by vertical rectangles. The
actor who initiates the interaction is shown in the left most columns . The messages coming from the actor represent
the interactions described in the use case diagrams.

Paste Sequence
Diagram
Fig : User collaboration diagram

6.3.3.2 State Chart Diagram

UML State chart is notation for describing the sequence of states an object goes through in response to external
events. Objects have behavior and state. The state of an object depends on its current activity or condition. A state
chart diagram shows the possible states of the object ad the transitions that cause a change in state.
State chart describes the dynamic behavior of an individual object as a number of states. A state is a condition
satisfied by attributes of objects. Given a state , a transition represents a future state the object can move to and the
conditions associated with the change of state.
A state is depicted by a rounded rectangle A transition is depicted by open arrows connecting two states. States are
labeled with their names. A small solid black circle indicates the initial state and a circle surrounding the small solid
circle indicates the final state.

State Chart
Diagram
Activity Diagram
An Activity diagram describes the behaviour of the system in terms of activities. Activities are modeling elements
that represent the execution of set of operations. The completion of these operations triggers a transition to another
activity. Activity diagrams similar to flowchart diagrams in that they can be used to represent control flow and data
flow . Activities are represented by rounded rectangles and arrows are represented transition between activities .
Think bars represent the synchronization of the control flow.

Activity Diagram
Data Flow Diagrams:
A graphical tool used to describe and analyze the moment of data through a system manual or automated including

the process, stores of data, and delays in the system. Data Flow Diagrams are the central tool and the basis from
which other components are developed. The transformation of data from input to output, through processes, may be

described logically and independently of the physical components associated with the system. The DFD is also know

as a data flow graph or a bubble chart.

DFDs are the model of the proposed system. They clearly should show the requirements on which the new system

should be built. Later during design activity this is taken as the basis for drawing the system’s structure charts. The

Basic Notation used to create a DFD’s are as follows:

1. Dataflow: Data move in a specific direction from an origin to a destination.

2. Process: People, procedures, or devices that use or produce (Transform) Data. The physical component is not

identified.

3. Source: External sources or destination of data, which may be People, programs, organizations or other entities.

4. Data Store: Here data are stored or referenced by a process in the System.
 7. Implementation

7.1 Introduction
Implementation is the stage where the theoretical design is turned in to working system. The most crucial
stage is achieving a new successful system and in giving confidence on the new system for the users that it will work
efficiently and effectively.

The system can be implemented only after through testing is done and if it found to work according to the
specification. It involves careful planning, investigation of the current system and its constraints on implementation,
design of methods to achieve the change over and an evaluation of change over methods a part from planning. Two
major tasks of preparing the implementation are education and training of the users and testing of the system.

The more complex the system being implemented, the more involved will be the systems analysis and design effort
required just for implementation. The implementation phase comprises of several activities. The required hardware
and software acquisition is carried out. The System may require some hardware and software acquisition is carried
out. The system may require some software to be developed. For this, programs are written and tested. The user then
changes over to his new fully tested system and the old system is discontinued.

Implementation is the process of having systems personnel check out and put new equipment in to use, train
users, install the new application, and construct any files of data needed to it.

Depending on the size of the organization that will be involved in using the application and the risk
associated with its use, system developers may choose to test the operation in only one area of the firm, say in one
department or with only one or two persons. Sometimes they will run the old and new systems together to compare
the results. In still other situations, developers will stop using the old system one-day and begin using the new one the
next. As we will see, each implementation strategy has its merits, depending on the business situation in which it is
considered. Regardless of the implementation strategy used, developers strive to ensure that the system’s initial use
in trouble-free.

Once installed, applications are often used for many years. However, both the organization and the users will
change, and the environment will be different over the weeks and months. Therefore, the application will
undoubtedly have to be maintained. Modifications and changes will be made to the software, files, or procedures to
meet the emerging requirements.

7.1 Technology Description

About the Java Technology

The Java platform consists of the Java application programming interfaces (APIs) and the Java virtual
machine (JVM).

The following Java technology lets developers, designers, and business partners develop and deliver a consistent user
experience, with one environment for applications on mobile and embedded devices. Java meshes the power of a rich
stack with the ability to deliver customized experiences across such devices.

Java APIs are libraries of compiled code that you can use in your programs. They let you add ready-made and
customizable functionality to save you programming time.
Java programs are run (or interpreted) by another program called the Java Virtual Machine. Rather than running
directly on the native operating system, the program is interpreted by the Java VM for the native operating system.
This means that any computer system with the Java VM installed can run Java programs regardless of the computer
system on which the applications were originally developed.

In the Java programming language, all source code is first written in plain text files ending with the .java extension.
Those source files are then compiled into .class files by the javac compiler. A .class file does not contain code that is
native to your processor; it instead contains bytecodes — the machine language of the Java Virtual Machine (Java
VM). The java launcher tool then runs your application with an instance of the Java Virtual Machine.

Because the Java VM is available on many different operating systems, the same .class files are capable of running on
Microsoft Windows, the Solaris TM Operating System (Solaris OS), Linux, or Mac OS.

Java technology is both a programming language and a platform.

The Java Programming Language

The Java programming language is a high-level language that can be characterized by all of the following buzzwords:

 Simple  Architecture neutral

 Object oriented  Portable

 Distributed  High performance

 Multithreaded  Robust

 Dynamic  Secure

Each of the preceding buzzwords is explained in The Java Language Environment , a white paper written by James
Gosling and Henry McGilton.

In the Java programming language, all source code is first written in plain text files ending with the .java extension.
Those source files are then compiled into .class files by the javac compiler. A .class file does not contain code that is
native to your processor; it instead contains bytecodes — the machine language of the Java Virtual Machine 1 (Java
VM). The java launcher tool then runs your application with an instance of the Java Virtual Machine.

An overview of the software development process.

Because the Java VM is available on many different operating systems, the same .class files are capable of running on
Microsoft Windows, the Solaris™ Operating System (Solaris OS), Linux, or Mac OS. Some virtual machines, such as
the Java HotSpot virtual machine, perform additional steps at runtime to give your application a performance boost.
This include various tasks such as finding performance bottlenecks and recompiling (to native code) frequently used
sections of code

Through the Java VM, the same application is capable of running on multiple platforms.

Client Server

Over view:

With the varied topic in existence in the fields of computers, Client Server is one, which has generated more heat than light, and also
more hype than reality. This technology has acquired a certain critical mass attention with its dedication conferences and magazines.
Major computer vendors such as IBM and DEC, have declared that Client Servers is their main future market. A survey of DBMS
magazine reveled that 76% of its readers were actively looking at the client server solution. The growth in the client server
development tools from $200 million in 1992 to more than $1.2 billion in 1996.
Client server implementations are complex but the underlying concept is simple and powerful. A client is an application running with
local resources but able to request the database and relate the services from separate remote server. The software mediating this
client server interaction is often referred to as MIDDLEWARE.
The typical client either a PC or a Work Station connected through a network to a more powerful PC, Workstation, Midrange or Main
Frames server usually capable of handling request from more than one client. However, with some configuration server may also act
as client. A server may need to access other server in order to process the original client request.
The key client server idea is that client as user is essentially insulated from the physical location and formats of the data needs for
their application. With the proper middleware, a client input from or report can transparently access and manipulate both local
database on the client machine and remote databases on one or more servers. An added bonus is the client server opens the door to
multi-vendor database access indulging heterogeneous table joins.

What is a Client Server

Two prominent systems in existence are client server and file server systems. It is essential to distinguish between client servers and
file server systems. Both provide shared network access to data but the comparison dens there! The file server simply provides a
remote disk drive that can be accessed by LAN applications on a file by file basis. The client server offers full relational database
services such as SQL-Access, Record modifying, Insert, Delete with full relational integrity backup/ restore performance for high
volume of transactions, etc. the client server middleware provides a flexible interface between client and server, who does what,
when and to whom.

Why Client Server

Client server has evolved to solve a problem that has been around since the earliest days of computing: how best to distribute your
computing, data generation and data storage resources in order to obtain efficient, cost effective departmental an enterprise wide
data processing. During mainframe era choices were quite limited. A central machine housed both the CPU and DATA (cards, tapes,
drums and later disks). Access to these resources was initially confined to batched runs that produced departmental reports at the
appropriate intervals. A strong central information service department ruled the corporation. The role of the rest of the corporation
limited to requesting new or more frequent reports and to provide hand written forms from which the central data banks were
created and updated. The earliest client server solutions therefore could best be characterized as “SLAVE-MASTER”.

Time-sharing changed the picture. Remote terminal could view and even change the central data, subject
to access permissions. And, as the central data banks evolved in to sophisticated relational database with
non-programmer query languages, online users could formulate adhoc queries and produce local reports
with out adding to the MIS applications software backlog. However remote access was through dumb
terminals, and the client server remained subordinate to the Slave\Master.
Front end or User Interface Design

The entire user interface is planned to be developed in browser specific environment with a touch of

Intranet-Based Architecture for achieving the Distributed Concept.

The browser specific components are designed by using the HTML standards, and the dynamism of the

designed by concentrating on the constructs of the Java Server Pages.

Communication or Database Connectivity Tier

The Communication architecture is designed by concentrating on the Standards of Servlets and Enterprise

Java Beans. The database connectivity is established by using the Java Data Base Connectivity.

The standards of three-tire architecture are given major concentration to keep the standards of higher

cohesion and limited coupling for effectiveness of the operations.

Features of The Language Used

In my project, I have chosen Java language for developing the code.

About Java

Initially the language was called as “oak” but it was renamed as “Java” in 1995. The primary motivation of this language was the need
for a platform-independent (i.e., architecture neutral) language that could be used to create software to be embedded in various
consumer electronic devices.
 Java is a programmer’s language.

 Java is cohesive and consistent.

 Except for those constraints imposed by the Internet environment, Java gives the programmer, full control.
Finally, Java is to Internet programming where C was to system programming.

Importance of Java to the Internet

Java has had a profound effect on the Internet. This is because; Java expands the Universe of objects that can move about freely in
Cyberspace. In a network, two categories of objects are transmitted between the Server and the Personal computer. They are:
Passive information and Dynamic active programs. The Dynamic, Self-executing programs cause serious problems in the areas of
Security and probability. But, Java addresses those concerns and by doing so, has opened the door to an exciting new form of
program called the Applet.

Java can be used to create two types of programs

Applications and Applets: An application is a program that runs on our Computer under the operating system of that computer. It is
more or less like one creating using C or C++. Java’s ability to create Applets makes it important. An Applet is an application designed
to be transmitted over the Internet and executed by a Java –compatible web browser. An applet is actually a tiny Java program,
dynamically downloaded across the network, just like an image. But the difference is, it is an intelligent program, not just a media
file. It can react to the user input and dynamically change.

Features Of Java

Security

Every time you that you download a “normal” program, you are risking a viral infection. Prior to Java,
most users did not download executable programs frequently, and those who did scanned them for viruses
prior to execution. Most users still worried about the possibility of infecting their systems with a virus. In
addition, another type of malicious program exists that must be guarded against. This type of program
can gather private information, such as credit card numbers, bank account balances, and passwords. Java
answers both these concerns by providing a “firewall” between a network application and your computer.

When you use a Java-compatible Web browser, you can safely download Java applets without fear of virus
infection or malicious intent.

Portability

For programs to be dynamically downloaded to all the various types of platforms connected to the
Internet, some means of generating portable executable code is needed .As you will see, the same
mechanism that helps ensure security also helps create portability. Indeed, Java’s solution to these two
problems is both elegant and efficient.

The Byte code

The key that allows the Java to solve the security and portability problems is that the output of Java
compiler is Byte code. Byte code is a highly optimized set of instructions designed to be executed by the
Java run-time system, which is called the Java Virtual Machine (JVM). That is, in its standard form, the
JVM is an interpreter for byte code.

Translating a Java program into byte code helps makes it much easier to run a program in a wide variety
of environments. The reason is, once the run-time package exists for a given system, any Java program
can run on it.
Although Java was designed for interpretation, there is technically nothing about Java that prevents on-the-fly compilation of byte
code into native code. Sun has just completed its Just In Time (JIT) compiler for byte code. When the JIT compiler is a part of JVM, it
compiles byte code into executable code in real time, on a piece-by-piece, demand basis. It is not possible to compile an entire Java
program into executable code all at once, because Java performs various run-time checks that can be done only at run time. The JIT
compiles code, as it is needed, during execution.

Java, Virtual Machine (JVM)

Beyond the language, there is the Java virtual machine. The Java virtual machine is an important element of the Java technology. The
virtual machine can be embedded within a web browser or an operating system. Once a piece of Java code is loaded onto a machine,
it is verified. As part of the loading process, a class loader is invoked and does byte code verification makes sure that the code that’s
has been generated by the compiler will not corrupt the machine that it’s loaded on. Byte code verification takes place at the end of
the compilation process to make sure that is all accurate and correct. So byte code verification is integral to the compiling and
executing of Java code.
Overall Description

Java Source Java bytecode JavaVM

Java .Class
Picture showing the development process of JAVA Program

Java programming uses to produce byte codes and executes them. The first box indicates that the Java source code is located in a.
Java file that is processed with a Java compiler called javac. The Java compiler produces a file called a. class file, which contains the
byte code. The. Class file is then loaded across the network or loaded locally on your machine into the execution environment is the
Java virtual machine, which interprets and executes the byte code.

Java Architecture

Java architecture provides a portable, robust, high performing environment for development. Java provides portability by compiling
the byte codes for the Java Virtual Machine, which is then interpreted on each platform by the run-time environment. Java is a
dynamic system, able to load code when needed from a machine in the same room or across the planet.

Compilation of code

When you compile the code, the Java compiler creates machine code (called byte code) for a hypothetical machine called Java Virtual
Machine (JVM). The JVM is supposed to execute the byte code. The JVM is created for overcoming the issue of portability. The code
is written and compiled for one machine and interpreted on all machines. This machine is called Java Virtual Machine.
Compiling and interpreting Java Source Code

Java
PC Compiler Interpreter
Java (PC)
Source
Code Byte code
………..
Macintosh Java
………..
Compiler Interpreter
(Platform (Macintosh)
……….. indepen
dent)

SPARC
………… Java
Compiler Interpreter
(Sparc)

During run-time the Java interpreter tricks the byte code file into thinking that it is running on a Java Virtual Machine. In reality this
could be a Intel Pentium Windows 95 or Sun SARC station running Solaris or Apple Macintosh running system and all could receive
code from any computer through Internet and run the Applets.

Simple

Java was designed to be easy for the Professional programmer to learn and to use effectively. If you are an experienced C++
programmer, learning Java will be even easier. Because Java inherits the C/C++ syntax and many of the object oriented features of C+
+. Most of the confusing concepts from C++ are either left out of Java or implemented in a cleaner, more approachable manner. In
Java there are a small number of clearly defined ways to accomplish a given task.

Object-Oriented

Java was not designed to be source-code compatible with any other language. This allowed the Java team the freedom to design with
a blank slate. One outcome of this was a clean usable, pragmatic approach to objects. The object model in Java is simple and easy to
extend, while simple types, such as integers, are kept as high-performance non-objects.

Robust

The multi-platform environment of the Web places extraordinary demands on a program, because the program must execute reliably
in a variety of systems. The ability to create robust programs was given a high priority in the design of Java. Java is strictly typed
language; it checks your code at compile time and run time.
Java virtually eliminates the problems of memory management and deallocation, which is completely automatic. In a well-written
Java program, all run time errors can –and should –be managed by your program.
JAVASCRIPT

JavaScript is a script-based programming language that was developed by Netscape Communication

Corporation. JavaScript was originally called Live Script and renamed as JavaScript to indicate its
relationship with Java. JavaScript supports the development of both client and server components of Web-
based applications. On the client side, it can be used to write programs that are executed by a Web
browser within the context of a Web page. On the server side, it can be used to write Web server
programs that can process information submitted by a Web browser and then updates the browser’s
display accordingly

Even though JavaScript supports both client and server Web programming, we prefer JavaScript at Client
side programming since most of the browsers supports it. JavaScript is almost as easy to learn as HTML,
and JavaScript statements can be included in HTML documents by enclosing the statements between a
pair of scripting tags

<SCRIPTS>..</SCRIPT>.

<SCRIPT LANGUAGE = “JavaScript”>

JavaScript statements

</SCRIPT>

Here are a few things we can do with JavaScript :

 Validate the contents of a form and make calculations.

 Add scrolling or changing messages to the Browser’s status line.
 Animate images or rotate images that change when we move the mouse over them.
 Detect the browser in use and display different content for different browsers.
 Detect installed plug-ins and notify the user if a plug-in is required.
We can do much more with JavaScript, including creating entire application.
J a v a S c r i p t V s J a v a
JavaScript and Java are entirely different languages. A few of the most glaring differences are:

 Java applets are generally displayed in a box within the web document; JavaScript can affect
any part of the Web document itself.
 While JavaScript is best suited to simple applications and adding interactive features to Web
pages; Java can be used for incredibly complex applications.
There are many other differences but the important thing to remember is that JavaScript and Java are
separate languages. They are both useful for different things; in fact they can be used together to
combine their advantages.

A D V A N T A G E S
 JavaScript can be used for Sever-side and Client-side scripting.
 It is more flexible than VBScript.
 JavaScript is the default scripting languages at Client-side since all the browsers supports it.

Hyper Text Markup Language

Hypertext Markup Language (HTML), the languages of the World Wide Web (WWW), allows users to
produces Web pages that include text, graphics and pointer to other Web pages (Hyperlinks).

HTML is not a programming language but it is an application of ISO Standard 8879, SGML (Standard
Generalized Markup Language), but specialized to hypertext and adapted to the Web. The idea behind
Hypertext is that instead of reading text in rigid linear structure, we can easily jump from one point to
another point. We can navigate through the information based on our interest and preference. A markup
language is simply a series of elements, each delimited with special characters that define how text or
other items enclosed within the elements should be displayed. Hyperlinks are underlined or emphasized
works that load to other documents or some portions of the same document.

HTML can be used to display any type of document on the host computer, which can be geographically at
a different location. It is a versatile language and can be used on any platform or desktop.
HTML provides tags (special codes) to make the document look attractive. HTML tags are not case-
sensitive. Using graphics, fonts, different sizes, color, etc., can enhance the presentation of the document.
Anything that is not a tag is part of the document itself.

Basic HTML Tags :

<!-- --> Specifies comments

<A>……….</A> Creates hypertext links

<B>……….</B> Formats text as bold

<BIG>……….</BIG> Formats text in large font.

<BODY>…</BODY> Contains all tags and text in the HTML document

<CENTER>...</CENTER> Creates text

<DD>…</DD> Definition of a term

<DL>...</DL> Creates definition list

<FONT>…</FONT> Formats text with a particular font

<FORM>...</FORM> Encloses a fill-out form

<FRAME>...</FRAME> Defines a particular frame in a set of frames

<H#>…</H#> Creates headings of different levels

<HEAD>...</HEAD> Contains tags that specify information about a document

<HR>...</HR> Creates a horizontal rule

<HTML>…</HTML> Contains all other HTML tags

<META>...</META> Provides meta-information about a document

<SCRIPT>…</SCRIPT> Contains client-side or server-side script

<TABLE>…</TABLE> Creates a table

<TD>…</TD> Indicates table data in a table

<TR>…</TR> Designates a table row

<TH>…</TH> Creates a heading in a table

ADVANTAGES

 A HTML document is small and hence easy to send over the net. It is small because it does
not include formatted information.
 HTML is platform independent.
 HTML tags are not case-sensitive.

Java Database Connectivity

What Is JDBC?

JDBC is a Java API for executing SQL statements. (As a point of interest, JDBC is a trademarked name and
is not an acronym; nevertheless, JDBC is often thought of as standing for Java Database Connectivity. It
consists of a set of classes and interfaces written in the Java programming language. JDBC provides a
standard API for tool/database developers and makes it possible to write database applications using a
pure Java API.

Using JDBC, it is easy to send SQL statements to virtually any relational database. One can write a single
program using the JDBC API, and the program will be able to send SQL statements to the appropriate
database. The combinations of Java and JDBC lets a programmer write it once and run it anywhere.

What Does JDBC Do?

Simply put, JDBC makes it possible to do three things:

 Establish a connection with a database
 Send SQL statements
 Process the results.
JDBC versus ODBC and otherAPIs

At this point, Microsoft's ODBC (Open Database Connectivity) API is that probably the most widely used
programming interface for accessing relational databases. It offers the ability to connect to almost all
databases on almost all platforms.

So why not just use ODBC from Java? The answer is that you can use ODBC from Java, but this is best done with the help of JDBC in

the form of the JDBC-ODBC Bridge, which we will cover shortly. The question now becomes "Why do you need JDBC?" There are

several answers to this question:

1. ODBC is not appropriate for direct use from Java because it uses a C interface. Calls from Java to
native C code have a number of drawbacks in the security, implementation, robustness, and
automatic portability of applications.
2. A literal translation of the ODBC C API into a Java API would not be desirable. For example, Java
has no pointers, and ODBC makes copious use of them, including the notoriously error-prone
generic pointer "void *". You can think of JDBC as ODBC translated into an object-oriented interface
that is natural for Java programmers.
3. ODBC is hard to learn. It mixes simple and advanced features together, and it has complex options
even for simple queries. JDBC, on the other hand, was designed to keep simple things simple while
allowing more advanced capabilities where required.
4. A Java API like JDBC is needed in order to enable a "pure Java" solution. When ODBC is used, the
ODBC driver manager and drivers must be manually installed on every client machine. When the
JDBC driver is written completely in Java, however, JDBC code is automatically installable, portable,
and secure on all Java platforms from network computers to mainframes.

Two-tier and Three-tier Models

The JDBC API supports both two-tier and three-tier models for database access.

In the two-tier model, a Java applet or application talks directly to the database. This requires a JDBC
driver that can communicate with the particular database management system being accessed. A user's

JAVA
Application Client machine

JDBC
DBMS-proprietary protocol

DBMS Database server

SQL statements are delivered to the database, and the results of those statements are sent back to the
user. The database may be located on another machine to which the user is connected via a network. This
is referred to as a client/server configuration, with the user's machine as the client, and the machine
housing the database as the server. The network can be an Intranet, which, for example, connects
employees within a corporation, or it can be the Internet.

In the three-tier model, commands are sent to a "middle tier" of services, which then send SQL
statements to the database. The database processes the SQL statements and sends the results back to
the middle tier, which then sends them to the user. MIS directors find the three-tier model very attractive
because the middle tier makes it possible to maintain control over access and the kinds of updates that
can be made to corporate data. Another advantage is that when there is a middle tier, the user can
Java applet or
Client machine (GUI)
Html browser

HTTP, RMI, or CORBA calls

Application
Server (Java) DBMS-proprietary
Server protocol
machine (business Logic)
JDBC

Database server

DBMS

employ an easy-to-use higher-level API which is translated by the middle tier into the appropriate low-
level calls. Finally, in many cases the three-tier architecture can provide performance advantages.

Until now the middle tier has typically been written in languages such as C or C++, which offer fast
performance. However, with theintroduction of optimizing compilers that translate Java byte code into
efficient machine-specific code, it is becoming practical to implement the middle tier in Java. This is a
big plus, making it possible to take advantage of Java's robustness, multithreading, and security
features. JDBC is important to allow database access from a Java middle tier.

JDBC Driver Types

The JDBC drivers that we are aware of at this time fit into one of four categories:

 JDBC-ODBC bridge plus ODBC driver

 Native-API partly-Java driver
 JDBC-Net pure Java driver
  Native-protocol pure Java driver

JDBC-ODBC Bridge

If possible, use a Pure Java JDBC driver instead of the Bridge and an ODBC driver. This completely
eliminates the client configuration required by ODBC. It also eliminates the potential that the Java VM
could be corrupted by an error in the native code brought in by the Bridge (that is, the Bridge native
library, the ODBC driver manager library, the ODBC driver library, and the database client library).

What Is the JDBC- ODBC Bridge?

The JDBC-ODBC Bridge is a JDBC driver, which implements JDBC operations by translating them into
ODBC operations. To ODBC it appears as a normal application program. The Bridge implements JDBC
for any database for which an ODBC driver is available. The Bridge is implemented as the

sun.jdbc.odbc Java package and contains a native library used to access ODBC. The Bridge is a joint
development of Intersolv and JavaSoft.

Java Server Pages (JSP)

Java server Pages is a simple, yet powerful technology for creating and maintaining dynamic-content
web pages. Based on the Java programming language, Java Server Pages offers proven portability,
open standards, and a mature re-usable component model .The Java Server Pages architecture enables
the separation of content generation from content presentation. This separation not eases maintenance
headaches, it also allows web team members to focus on their areas of expertise. Now, web page
designer can concentrate on layout, and web application designers on programming, with minimal
concern about impacting each other’s work.

Features of JSP

Portability:

Java Server Pages files can be run on any web server or web-enabled application server that provides
support for them. Dubbed the JSPengine, this support involves recognition, translation, and
management of the Java Server Page lifecycle and its interaction components.

Components
It was mentioned earlier that the Java Server Pages architecture can include reusable Java components.
The architecture also allows for the embedding of a scripting language directly into the Java Server Pages
file. The components current supported include Java Beans, and Servlets.

Processing

A Java Server Pages file is essentially an HTML document with JSP scripting or tags. The Java Server
Pages file has a JSP extension to the server as a Java Server Pages file. Before the page is served, the
Java Server Pages syntax is parsed and processed into a Servlet on the server side. The Servlet that is
generated outputs real content in straight HTML for responding to the client.

Access Models:

A Java Server Pages file may be accessed in at least two different ways. A client’s request comes directly
into a Java Server Page. In this scenario, suppose the page accesses reusable Java Bean components that
perform particular well-defined computations like accessing a database. The result of the Beans
computations, called result sets is stored within the Bean as properties. The page uses such Beans to
generate dynamic content and present it back to the client.

In both of the above cases, the page could also contain any valid Java code. Java Server Pages
architecture encourages separation of content from presentation.

Steps in the execution of a JSP Application:

1. The client sends a request to the web server for a JSP file by giving the name of the JSP file within
the form tag of a HTML page.

2. This request is transferred to the JavaWebServer. At the server side JavaWebServer receives the
request and if it is a request for a jsp file server gives this request to the JSP engine.
3. JSP engine is program which can understands the tags of the jsp and then it converts those tags
into a Servlet program and it is stored at the server side. This Servlet is loaded in the memory and
then it is executed and the result is given back to theJavaWebServer and then it is transferred back
to the result is givenback to the JavaWebServer and then it is transferred back to the client.

JDBC connectivity

The JDBC provides database-independent connectivity between the J2EE platform and a wide range of
tabular data sources. JDBC technology allows an Application Component Provider to:
  Perform connection and authentication to a database server
 Manager transactions
 Move SQL statements to a database engine for preprocessing and execution
 Execute stored procedures
 Inspect and modify the results from Select statements.

Tomcat 6.0 web server

Tomcat is an open source web server developed by Apache Group. Apache Tomcat is the servlet
container that is used in the official Reference Implementation for the Java Servlet and JavaServer
Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under
the Java Community Process. Web Servers like Apache Tomcat support only web components while an
application server supports web components as well as business components (BEAs Weblogic, is one
of the popular application server).To develop a web application with jsp/servlet install any web server like JRun, Tomcat etc
to run your application.
Bibliography:

References for the Project Development were taken from the following Books and

Web Sites.

Oracle

PL/SQL Programming by Scott Urman

SQL complete reference by Livion

JAVA Technologies

JAVA Complete Reference

Java Script Programming by Yehuda Shiran

Mastering JAVA Security

JAVA2 Networking by Pistoria

JAVA Security by Scotl oaks

Head First EJB Sierra Bates

J2EE Professional by Shadab siddiqui

JAVA server pages by Larne Pekowsley

JAVA Server pages by Nick Todd

HTML

HTML Black Book by Holzner

JDBC

Java Database Programming with JDBC by Patel moss.

Software Engineering by Roger Pressman

 8. System Testing
8.1 Testing Methodologies
Testing is the process of finding differences between the expected behavior specified by system
models and the observed behavior implemented system. From modeling point of view , testing is the attempt of
falsification of the system with respect to the system models. The goal of testing is to design tests that exercise
defects in the system and to reveal problems.
The process of executing a program with intent of finding errors is called testing. During testing , the program to be
tested is executed with a set of test cases , and the output of the program for the test cases is evaluated to determine if
the program is performing as expected . Testing forms the first step in determining the errors in the program. The
success of testing in revealing errors in program depends critically on test cases.

Strategic Approach to Software Testing:

The software engineering process can be viewed as a spiral. Initially system engineering defines the role of software
and leads to software requirements analysis where the information domain , functions , behavior , performance ,
constraints and validation criteria for software are established. moving inward along the spiral , we come to design
and finally to coding . To develop computer software we spiral in along streamlines that decreases the level of
abstraction on each item.
A Strategy for software testing may also be viewed in the context of the spiral. Unit testing begins at the vertex of the
spiral and concentrates on each unit of the software as implemented in source code. Testing will progress by moving
outward along the spiral to integration testing , where the focus on the design and the concentration of the software
architecture. Talking another turn on outward on the spiral we encounter validation testing where requirements
established as part of software requirements analysis are validated against the software that has been constructed .
Finally we arrive at system testing , where the software and other system elements are tested as a whole .
 UNIT TESTING
UNUNI

MODULE

Component SUB-SYSTEM

SYSTEM TESTING

Integration Testing

ACCEPTANCE

User Testing

Different Levels of Testing

Client Needs Acceptance Testing

Requirements System Testing
Design Integration Testing
Code Unit Testing

Testing is the process of finding difference between the expected behavior specified by system models and the
observed behavior of the implemented system.

8.2 Testing Activities

Different levels of testing are used in the testing process , each level of testing aims to test different aspects of the
system. the basic levels are:
Unit testing
Integration testing
System testing
Acceptance testing

Unit Testing
Unit testing focuses on the building blocks of the software system, that is, objects and sub system . There are three
motivations behind focusing on components. First, unit testing reduces the complexity of the overall tests activities,
allowing us to focus on smaller units of the system. Second , unit testing makes it easier to pinpoint and correct faults
given that few components are involved in this test . Third , Unit testing allows parallelism in the testing activities ,
that is each component can be tested independently of one another . Hence the goal is to test the internal logic of the
module.

Integration Testing
In the integration testing, many test modules are combined into sub systems , which are then tested . The goal here is
to see if the modules can be integrated properly, the emphasis being on testing module interaction.
After structural testing and functional testing we get error free modules. These modules are to be integrated to get the
required results of the system. After checking a module, another module is tested and is integrated with the previous
module. After the integration, the test cases are generated and the results are tested.

System Testing
In system testing the entire software is tested . The reference document for this process is the requirement document
and the goal is to see whether the software meets its requirements. The system was tested for various test cases with
various inputs.

Acceptance Testing
Acceptance testing is sometimes performed with realistic data of the client to demonstrate that the software is
working satisfactory. Testing here focus on the external behavior of the system , the internal logic of the program is
not emphasized . In acceptance testing the system is tested for various inputs.
8.3 Types of Testing
1. Black box or functional testing
2. White box testing or structural testing

Black box testing

This method is used when knowledge of the specified function that a product has been designed to perform is known .
The concept of black box is used to represent a system whose inside workings are not available to inspection . In a
black box the test item is a "Black" , since its logic is unknown , all that is known is what goes in and what comes out
, or the input and output.
Black box testing attempts to find errors in the following categories:
Incorrect or missing functions
Interface errors
Errors in data structure
Performance errors
Initialization and termination errors

As shown in the following figure of Black box testing , we are not thinking of the internal workings , just we think
about
What is the output to our system?
What is the output for given input to our system?

?
Input Output

The Black box is an imaginary box that hides its internal workings

White box testing

White box testing is concerned with testing the implementation of the program. the intent of structural is not to
exercise all the inputs or outputs but to exercise the different programming and data structure used in the program.
Thus structural testing aims to achieve test cases that will force the desire coverage of different structures . Two types
of path testing are statement testing coverage and branch testing coverage.

INTERNAL
WORKING
Input Output

The White Box testing strategy , the internal workings

8.4 Test Plan

Testing process starts with a test plan. This plan identifies all the testing related activities that must be performed and
specifies the schedules , allocates the resources , and specified guidelines for testing . During the testing of the unit
the specified test cases are executed and the actual result compared with expected output. The final output of the
testing phase is the test report and the error report.

Test Data:
Here all test cases that are used for the system testing are specified. The goal is to test the different functional
requirements specified in Software Requirements Specifications (SRS) document.

Unit Testing:
Each individual module has been tested against the requirement with some test data.

Test Report:
The module is working properly provided the user has to enter information. All data entry forms have tested with
specified test cases and all data entry forms are working properly.
Error Report:
If the user does not enter data in specified order then the user will be prompted with error messages. Error handling
was done to handle the expected and unexpected errors.

8.7 Test cases

A Test case is a set of input data and expected results that exercises a component with the purpose of
causing failure and detecting faults .test case is an explicit set of instructions designed to detect a particular class of
defect in a software system , by bringing about a failure . A Test case can give rise to many tests.

TEST CASES:

Test cases can be divided in to two types. First one is Positive test cases and second one is negative test cases. In
positive test cases are conducted by the developer intention is to get the output. In negative test cases are conducted
by the developer intention is to don’t get the output.

Efficient Traceable Authorization Search System for Secure Cloud

Storage
Data Flow Diagram
Data owner
Data User
KGC(Key Generation Centre)
Cloud
Usecase Diagram
Data owner

Data User

KGC(Key Generation Centre)

Cloud

Class Diagram
Sequence Diagram
Data owner

Data User

KGC(Key Generation Centre)

Cloud

Activity Diagram
Data owner

Data User

KGC(Key Generation Centre)

Cloud

Component Diagram
Data owner

Data User

KGC(Key Generation Centre)

Cloud

ER Diagram
Data owner

Data User

KGC(Key Generation Centre)

Cloud
CONCLUSION: