ABSTRACT

Cloud-based data storageservicehasdrawn increasinginterests fromboth academicand

industry in the recent years due to its efficient and low cost management. Since itprovides
services in an open network, it is urgent for service providers to make use ofsecure data
storage andsharingmechanism to ensure data confidentiality andserviceuser privacy. To
protect sensitive data from being compromised, the most widely usedmethodisencryption.
However, simply encrypting data (e.g., viaAES) cannotfullyaddress the practical needof
datamanagement.Besides,an effectiveaccess
controloverdownloadrequestalsoneedstobeconsideredsothatEconomicDenialofSustainabili
ty(EDoS)attackscannotbelaunchedtohinderusersfromenjoyingservice. In this paper,we
considerthe dual accesscontrol,in the contextof cloud-based storage,in the sense that we
design a control mechanismoverboth dataaccessand download request without loss of
security and efficiency. Two dual access controlsystems are designed in this paper, where
each
ofthemisforadistinctdesignedsetting.Thesecurityandexperimentalanalysisforthesystemsare
alsopresented.
 TABLEOFCONTENTS

S.NO CHAPTERNAME PAGENO

1 INTRODUCTION 1

2 LITERATURE 3
SURVEY

3 SYSTEMANALYSIS 6

3.1 EXISTINGSYSTEM 6

3.2 PROPOSEDSYSTEM 7

3.3 FEASABILITY 9
STUDY
3.4 MODULES 10

4 H/W AND 11
S/WREQUIRME
NTSPECIFICATI
ONS
4.1 HARDWARER 11
EQUIRMENTS

4.2 SOFTWARER 11
EQUIREMENTS
5 SYSTEMDESIGN 12

5.1 INTRODUCTION 12

5.2 SYSTEM 14
DESIGNASP
ECTS
5.3 UMLDIAGRAMS 15

5.3.1 USECASEDIAGRAM 22

5.3.2 CLASSDIAGRAMS 24

5.3.3 SEQUENCE 25
DIAGRAMS
6 IMPLEMENTATION 26

6.1 TECHNOLOGY 26
USED

7 SOURCECODE 36

8 TESTING 43

8.1 INTRODUCTION 43

8.2 TYPESOFTESTS 43

9 SCREENS 47

10 CONCLUSION 52

11 FUTUREEN 53
HANCEMENT

12 BIBLIOGRAPHY 54
 DualAccessControlForCloudBasedDataStorageAndSharing

1. INTRODUCTION

1.1.INTRODUCTION
A strawman solution to the control of download request is to leverage
dummyciphertextstoIntherecentdecades,cloud-
basedstorageservicehasattractedconsiderableattentionfrombothacademiaandindustries.Itm
aybewidelyusedinmanyInternet-
basedcommercialapplications(e.g.,AppleICould)duetoitslong-
listbenefitsincludingaccessflexibility and free of local data management.Increasing
number of individuals
andcompaniesnowadaysprefertooutsourcetheirdatatoremotecloudinsuchawaythattheymay
reducethecostofupgradingtheirlocaldatamanagementfacilities/devices.However,the worry
of security breach over outsourced data may be one of the main obstacleshindering
Internet users from widely using cloud-based storage service. In many
practicalapplications, outsourced data may need to be further shared with others. For
example, aDropbox user Alice may share photos with her friends. Without using data
encryption,priortosharingthephotos,Aliceneedstogenerateasharinglinkandfurthersharetheli
nkwith friends. Although guaranteeing some level of access control over unauthorized
users(e.g., those are not Alice’s friends), the sharing link may be visible within the
Dropboxadministration level (e.g., administrator could reach the link).Since the cloud
(which
isdeployedinanopennetwork)isnotbefullytrusted,itisgenerallyrecommendedtoencryptthe
data prior to being uploaded to the cloud to ensure data security and privacy. One ofthe
corresponding solutions is to directly employ an encryption technique (e.g., AES)
ontheoutsourced data
Topreventsharedphotosbeingaccessedbythe“insiders”ofthesystem,astraightforwar
d way is to designate the group of authorized data users prior to encryptingthe data. In
somecases, nonetheless, Alice may have noidea aboutwho the
photoreceivers/usersaregoingtobe.ItispossiblethatAliceonlyhasknowledgeofattributes
w.r.t.photoreceivers.Inthiscase,traditionalpublickeyencryption(e.g.,PaillierEncryption),
which requires the encryptor to know who the data receiver is in advance,cannotbe
leveraged.so thatAlicemakesuseofthemechanismto defineaccess policy
 DualAccessControlForCloudBasedDataStorageAndSharing
Departmentof CSE Page 1
 DualAccessControlForCloudBasedDataStorageAndSharing

over the encrypted photos to guarantee only a group of authorized users is able
toaccessthephotos.
In a cloud-based storage service, there exists a common attack that is well-
knownas resource-exhaustion attack. Since a (public) cloud may not have any control
overdownload request (namely, a service user may send unlimited numbers of
downloadrequesttocloudserver),amaliciousserviceusermaylaunchthedenial-of-
service(DoS)/distributed denial-of-service (DDoS) attacks to consume the resource of
cloudstorage service server so that the cloud service could not be able to respond honest
users’service requests. As a result, in the “pay-as-you-go” model, economic aspects could
bedisruptedduetohigherresourceusage.Thecostsofcloudserviceuserswillrisedramaticallyast
heattacksscaleup.ThishasbeenknownasEconomicDenialofSustainability (EDoS) attack.
which targets to the cloud adopter’s economic resources.Apart from economic loss,
unlimited download itself could open a window for
networkattackerstoobservetheencrypteddownloaddatathatmayleadtosomepotentialinforma
tionleakage(e.g.,filesize).Therefore,aneffectivecontroloverdownloadrequestforoutsourced
(encrypted) data is also needed.
Inthisproject,weproposeanewmechanism,dubbeddualaccesscontrol,totackletheabo
vementionedtwoproblems.Tosecuredataincloud-basedstorageservice,attribute-based
encryption (ABE) is one of the promising candidates that enables
theconfidentialityofoutsourceddataaswellasfine-
grainedcontrolovertheoutsourceddata.Inparticular,Ciphertext-PolicyABE(CP-
ABE)providesaneffectivewayofdataencryptionsuchthataccesspolicies,definingtheaccesspr
ivilegeofpotentialdatareceivers, can be specified over encrypted data. Note that we
consider the use of CP-
ABEinourmechanisminthispaper.Nevertheless,simplyemployingCP-
ABEtechniqueisnotsufficienttodesignanelegantmechanismguaranteeingthecontrolofbothd
ataaccessanddownload request. verify data receiver’s decryption rights. It, concretely,
requires
dataowner,sayAlice,touploadmultiple“testing”ciphertextsalongwiththe“real”encryptionof
data to cloud, where the “testing” cipher texts are the encryptions of dummy
messagesunderthesameaccesspolicyasthatofthe“real”data.Afterreceivingadownloadreques
tfromauser,sayBob,cloudasksBobtorandomlydecryptoneofthe“testing”ciphertexts.Ifacorre
ct result/decryption is returned.
 DualAccessControlForCloudBasedDataStorageAndSharing
Departmentof CSE Page 2
 DualAccessControlForCloudBasedDataStorageAndSharing

2. LITERATURESURVEY
1) John Bethencourt, Amit Sahai, and BrentWaters. Ciphertext-policy attribute-
basedencryption. In S&P 2007, pages 321–334. IEEE,2007.
In several distributed systems a user should only be able to access data if a
userposses a certain set of credentials or attributes. Currently, the only method for
enforcingsuch policies is to employ a trusted server to store the data and mediate access
control.However,ifanyserverstoringthedataiscompromised,thentheconfidentialityofthedata
will be compromised. In this paper we present a system for realizing complex
accesscontrol on encrypted data that we call ciphertext-policy attribute-based encryption.
Byusing our techniques encrypted data can be kept confidential even if the storage server
isuntrusted; moreover, our methods are secure against collusion attacks. Previous
attribute-based encryption systems used attributes to describe the encrypted data and built
policiesintouser'skeys;whileinoursystemattributesareusedtodescribeauser'scredentials,and
a party encrypting data determines a policy for who can decrypt. Thus, our methods
areconceptuallyclosertotraditionalaccesscontrolmethodssuchasrole-
basedaccesscontrol(RBAC). In addition, we provide an implementation of our system and
give performancemeasurements.
2) Jinguang Han, Willy Susilo, Yi Mu, Jianying Zhou, and Man Ho Allen
Au.Improving privacy and security in decentralized ciphertext-policy attribute-
basedencryption. IEEE transactions on information forensics and security,
10(3):665–678,2015.
In previous privacy-preserving multiauthority attribute-based encryption (PPMA-
ABE)schemes,ausercanacquiresecretkeysfrommultipleauthoritieswiththemknowinghis/
herattributesandfurthermore,acentralauthorityisrequired.Notably,auser'sidentityinformatio
ncanbeextractedfromhis/hersomesensitiveattributes.Hence,existingPPMA-
ABEschemescannotfullyprotectusers'privacyasmultipleauthoritiescancollaboratetoidentif
yauserbycollectingandanalyzinghisattributes.Moreover,ciphertext-policy ABE (CP-ABE)
is a more efficient public-key encryption, where
theencryptorcanselectflexibleaccessstructurestoencryptmessages.Therefore,achallenging
and important work is to construct a PPMA-ABE scheme where there is
nonecessityofhaving the central authorityand furthermore,both theidentifiers andthe

Departmentof CSE Page 3

 DualAccessControlForCloudBasedDataStorageAndSharing

attributes can be protected to be known by the authorities. In this paper, a privacy-

preserving decentralized CP-ABE (PPDCP-ABE) is proposed to reduce the trust on
thecentral authority and protect users' privacy. In our PPDCP-ABE scheme, each
authoritycan work independently without any collaboration to initial the system and
issue secretkeys to users. Furthermore, a user can obtain secret keys from multiple
authoritieswithoutthem knowing anythingabout his global identifierandattributes.

3) Joseph Idziorek, Mark Tannian, and Doug Jacobson. Attribution of

fraudulentresourceconsumptioninthecloud.InIEEECLOUD2012,pages99–
106.IEEE,2012.
FrankMckeen.IntelRsoftwareguardextensions:Epidprovisioning
and attestation services. White Paper, 1:1–10, 2016. Obligated by a utility pricing
model,Internet-facing web resources hosted in the public cloud are vulnerable to
FraudulentResourceConsumption(FRC)attacks.Unlikeanapplication-
layerDDoSattackthatconsumes resources with the goal of disrupting short-term
availability, an FRC attack is aconsiderably more subtle attack that instead seeks to
disrupt the long-term financialviability of operating in the cloud by exploiting the utility
pricing model over an extendedtime period. By fraudulently consuming web resources in
sufficient volume (i.e.
datatransferredoutofthecloud),anattacker(e.g.botnet)isabletoincursignificantfraudulentcha
rges to the victim. This paper proposes an attribution methodology that the
presentedmethodology achieves qualified success against challenging attack scenarios.to
identifymaliciousclientsparticipating inanFRC attack.Experimentalresults demonstrate.
4) Jiguo Li, Xiaonan Lin, Yichen Zhang, and Jinguang Han. Ksfoabe:
outsourcedattribute-based encryption with keyword search function for cloud
storage. IEEETransactionson Services Computing.10(5):715–725, 2017.
Cloud computing becomes increasingly popular for data owners to outsource
theirdatatopubliccloudserverswhileallowingintendeddatauserstoretrievethesedatastoredin
cloud. This kind of computing model brings challenges to the security and privacy
ofdatastoredincloud.Attribute-
basedencryption(ABE)technologyhasbeenusedtodesignfine-grainedaccess control system,
which provides onegoodmethod to

Departmentof CSE Page 4

 DualAccessControlForCloudBasedDataStorageAndSharing

solve the security issues in cloud setting. However, the computation cost and
ciphertextsizeinmostABEschemesgrowwiththecomplexityoftheaccesspolicy.OutsourcedA
BE(OABE) with fine-grained access control system can largely reduce the computation
costfor users who want to access encrypted data stored in cloud by outsourcing the
heavycomputation to cloud service provider (CSP). However, as the amount of encrypted
filesstored in cloud is becoming very huge, which will hinder efficient query processing.
Todeal with above problem, we present a new cryptographic primitive called attribute-
basedencryption scheme with outsourcing key-issuing and outsourcing decryption, which
canimplement keyword search function (KSF-OABE). The proposed KSF-OABE scheme
isprovedsecureagainstchosen-
plaintextattack(CPA).CSPperformspartialdecryptiontaskdelegated by data user without
knowing anything about the plaintext. Moreover, the CSPcan perform encrypted keyword
search without knowing anything about the keywordsembeddedin trapdoor.
5) Jiguo Li, Yao Wang, Yichen Zhang, and Jinguang Han. Full verifiability
foroutsourceddecryptioninattributebasedencryption.IEEETransactionsonServicesC
omputing,DOI: 10.1109/TSC.2017.2710190, 2017.
Attributebasedencryption(ABE)isapopularcryptographictechnologytoprotectthe
security of users' data. However, the decryption cost and ciphertext size restrict
theapplication of ABE in practice. For most existing ABE schemes, the decryption cost
andciphertext size grow linearly with the complexity of access structure. This is
undesirabletothedeviceswithlimitedcomputingcapabilityandstoragespace.Outsourceddecr
yptionisconsideredasafeasiblemethodtoreducetheuser'sdecryptionoverhead,whichenablesa
user to outsource a large number of decryption operations to the cloud service
provider(CSP).However,outsourceddecryptioncannotguaranteethecorrectnessoftransform
ationdone by the cloud, so it is necessary to check the correctness of outsourced
decryption
toensuresecurityforusers'data.Currentresearchmainlyfocusesonverifiabilityofoutsourcedde
cryptionfortheauthorizedusers.Itstillremainsachallengingissuethathowtoguaranteethecorre
ctnessofoutsourceddecryptionforunauthorizedusers.Inthispaper,weproposeanABEscheme
withverifiableoutsourceddecryption(calledfullverifiabilityforoutsourceddecryption),

Departmentof CSE Page 5

 DualAccessControlForCloudBasedDataStorageAndSharing

3. SYSTEMANALYSIS

EXISTINGSYSTEM
Although being able to support fine-grained data access, CP-ABE, acting as a
singlesolution,isfarfrompracticalandeffectivetoholdagainstEDoSattackwhichsthecaseofD
DoS in the cloud setting. Several countermeasures to the attack have been proposed inthe
literature. But Xue et al. [38] stated that the previous works could not fully defend
theEDoS attack in the algorithmic (or protocol) level, and they further proposed a
solution tosecurecloud datasharingfrom theattack.

However, [38] suffers from two disadvantages. First, the data owner is required
togenerate a set of challenge ciphertexts in order to resist the attack, which enhances
itscomputational burden. Second, a data user is required to decrypt one of the
challengeciphertexts as a test, which costs a plenty of expensive operations (e.g., pairing).
Here thecomputational complexity of both parties is inevitably increased and meanwhile,
highnetworkbandwidthisrequiredforthedeliveryofciphertexts.Theconsiderablecomputation
al power of cloud is not fully considered in . In this paper, we will present anew solution
that requires less computation and communication cost to stand still in frontoftheEDoS
attack.

Recently,AntonisMichalasproposedadatasharingprotocolthatcombinessymmetricsearc
hableencryptionandABE,whichallowsuserstodirectlysearchoverencrypteddata.Toimpleme
ntthefunctionalityofkeyrevocationinABE,theprotocolutilizesSGXtohosta revocation
authority. Bakas and Michalas later extended the protocol in and proposed ahybrid
encryption scheme that reduces the problem of multi-user data sharing to that of asingle-
user. In particular, the symmetric key used for data encryption is stored in an
SGXenclave, which is encrypted with an ABE scheme. Similar to , it deals with the
revocationproblem in the context of ABE by employing the SGX enclave. In this work,
we employSGX to enable the control of the downloadrequest (such that the DDoS/EDoS
attacks canbe prevented). In this sense, the purpose and the technique of ours are different
from thatoftheprotocols in].

Departmentof CSE Page6

 DualAccessControlForCloudBasedDataStorageAndSharing

Disadvantages

1) The system was not implemented Ciphertext-Policy Attribute-based-

EncryptionMethodwhich leads lesssecurity on outsourceddata.

2) Thesystemis lesssecurityduetolack ofAuthenticatedEncryption withAssociatedData.

PROPOSED SYSTEM
In this paper, we propose a new mechanism, dubbed dual access control, to
tacklethe above aforementioned two problems. To secure data in cloud-based storage
service,attribute-based encryption (ABE) is one of the promising candidates that enables
theconfidentialityofoutsourceddataaswellasfine-grainedcontrolovertheoutsourceddata.

Inparticular,Ciphertext-PolicyABE(CP-ABE)providesaneffectiveway
ofdataencryptionsuchthataccesspolicies,definingtheaccessprivilegeofpotentialdatareceiver
s, can be specified over encrypted data. Note that we consider the use of CP-
ABEinourmechanisminthispaper.Nevertheless,simplyemployingCP-
ABEtechniqueisnotsufficienttodesignanelegantmechanismguaranteeingthecontrolofbothd
ataaccessanddownloadrequest.

A strawman solution to the control of download request is to leverage

dummycipher texts to verify data receiver’s decryption rights. It, concretely, requires data
owner,sayAlice,touploadmultiple“testing”ciphertextsalongwiththe“real”encryptionofdatat
o cloud, where the “testing” cipher texts are the encryptions of dummy messages
underthe same access policy as that of the “real” data. After receiving a download request
froma user, say Bob, cloud asks Bob to randomly decrypt one of the “testing” cipher
texts. If acorrect result/decryption is returned (i.e. indicating Bob is with valid decryption
rights),Bob is authorized by Alice to access the ”real” data, so that the cloud allows Bob
todownloadthe corresponding ciphertext.

Advantages

Departmentof CSE Page 7

 DualAccessControlForCloudBasedDataStorageAndSharing

(1) Confidentiality of outsourced data. In our proposed systems, the outsourced data
isencrypted prior to being uploaded to cloud. No one can access them without valid
accessrights.

(2) Anonymity of data sharing. Given an outsourced data, cloud server cannot
identifydataowner,sothattheanonymityofownercanbeguaranteedindatastorageandsharing.

(3) Fine-grained access control over outsourced (encrypted) data. Data owner
keepscontrolling his encrypted data via access policy after uploading the data to cloud.
Inparticular, a data owner can encrypt his outsourced data under a specified access
policysuchthatonlyagroupofauthorizeddatausers,matchingtheaccesspolicy,canaccesstheda
ta.

(4) Control over anonymous download request and EDoS attacks resistance. A
cloudserver is able to control the download request issued by any system user, where
thedownload request can set to be anonymous. With the control over download request,
westatethat oursystems areresistant to EDoS attacks.

(5) High efficiency. Our proposed systems are built on the top of the CP-ABE
system.Comparedwith[36],theydonotincursignificantadditionalcomputationandcommunic
ationoverhead.This makesthe systemsfeasibleforreal-world applications.

Departmentof CSE Page8

 DualAccessControlForCloudBasedDataStorageAndSharing

FEASIBILTYSTUDY
The feasibility of the project is analyzed in this phase and business proposal is
putforth with a very general plan for the project and some cost estimates. During
systemanalysis the feasibility study of the proposed system is to be carried out. This is to
ensurethat the proposed system is not a burden to the company. For feasibility analysis,
someunderstanding of the major requirements for the system is essential. Three
keyconsiderationsinvolved in the feasibility analysisare
 ECONOMICALFEASIBILITY
 TECHNICALFEASIBILITY
 SOCIALFEASIBILITY
ECONOMICALFEASIBILITY
Thisstudyiscarriedouttochecktheeconomicimpactthatthesystemwillhaveonthe
organization. The amount of fund that the company can pour into the research
anddevelopmentofthesystemislimited.Theexpendituresmustbejustified.Thusthedeveloped
system as well within the budget and this was achieved because most of thetechnologies
used are freely available. Only the customized products had to be
purchased.TECHNICALFEASIBILITY
This study is carried out to check the technical feasibility, that is, the
technicalrequirements of the system. Any system developed must not have a high
demand on theavailable technical resources. This will lead to high demands on the
available
technicalresources.Thiswillleadtohighdemandsbeingplacedontheclient.Thedevelopedsyste
mmusthaveamodestrequirement,asonlyminimalornullchangesarerequiredforimplementing
this system.
SOCIALFEASIBILITY
The aspect of study is to check the level of acceptance of the system by the
user.This includes the process of training the user to use the system efficiently. The user
mustnot real threatened by the system, instead must accept it as a necessity. The level
ofacceptance by the users solely depends on the methods that are employed to educate
theuser about the system and to make him familiar with it. His level of confidence must
beraisedsohatheisalsoabletomakesomeconstructivecriticism,whichiswelcomed,asheis
thefinal userof thesystem.

Departmentof CSE Page11

 DualAccessControlForCloudBasedDataStorageAndSharing

MODULESOFTHEPROJECT
DataOwner
In this module, the data owner uploads their data in the cloud server. For
thesecurity purpose the data owner encrypts the file and then store in the cloud.
Thedata owner can have capable of updating and deleting of a specific file. And
alsohecan view thetransactions based on the filesheuploaded to cloud.

EndUser
In this module, receivers logs in by using his/her user name and password.
AfterLogin receiver will Search for files and request for secret key of a particular
filefrom Authority, and get the secret key. After getting secret key he is trying
todownloadfileby entering filenameand secret key from cloudserver.
Authority

Inthismodule,theauthorityhelpstochecktransactionoffilesandalso.Ifreceiverexists
and the profile. Authority also view the requests from the receivers
andgeneratesthe secret keyand send totherequesteddata receivers.

CloudServer

The cloud service provider manages a cloud to provide data storage service.
DataownersencrypttheirdatafilesandstoretheminthecloudforsharingwithRemoteUs
er.Toaccesstheshareddatafiles,dataconsumersdownloadencrypteddatafilesoftheir
interest from thecloud and then decrypt them.
DataEncryptionandDecryption

All the legal receivers in the system can freely query any interested encrypted
anddecrypted data. Upon receiving the data from the server, the receiver runs
thedecryption algorithm Decrypt to decrypt the cipher text by using its secret
keysfromdifferent Users.
AttackerModule
In Data Receiver module, while downloading files if receiver enters wrong
secretkey for particular file, then cloud servers treats him as attacker and moves
toattackerlist.

Departmentof CSE Page10

 DualAccessControlForCloudBasedDataStorageAndSharing

4. HARDWAREANDSOFTWAREREQUIREMENTS
PECIFICATIONS
H/WREQUIREMENTS
Processor :Pentium –III/IV
Speed : 1.1 Ghz
RAM :256 MB(min)
HardDisk : 120 GB

SOFTWARE
REQUIREMENTSOperatingSystem
:Windows XP/7.CodingLanguage
:Java/J2EE
WebServer :Tomcat7.x
Database : MySQL5.5

Departmentof CSE Page11

 DualAccessControlForCloudBasedDataStorageAndSharing

5. SYSTEMDESIGN
INTRODUCTION
Agraphicaltoolusedtodescribeandanalyzethemomentofdatathroughasystemmanual
or automated including the process, stores of data, and delays in the system. DataFlow
Diagrams are the central tool and the basis from which other components aredeveloped.
The transformation of data from input to output, through processes, may bedescribed
logically and independently of the physical components associated with
thesystem.TheDFD is alsoknown as adataflowgraphor abubble chart.
DFDsarethemodeloftheproposedsystem.Theyclearlyshouldshowtherequirements
on which the new system should be built. Later during design activity this istaken as the
basis for drawing the system’s structure charts. The Basic Notation used
tocreateaDFD’sare asfollows:
1. Dataflow:Datamoveinaspecificdirection fromanorigintoadestination.

2. Process:People,procedures,ordevicesthatuseorproduce(Transform)
Data.Thephysicalcomponent is not identified.

3. Source:Externalsourcesordestinationofdata,whichmaybePeople,programs,organi
zationsor other entities.

Systems design is the process or art of defining the architecture,

components,modules,interfaces,anddataforasystemtosatisfyspecifiedrequirements.Onecou
ldseeit as the application of systems theory to product development. There is some
overlap
andsynergywiththedisciplinesofsystemsanalysis,systemsarchitectureandsystemsengineeri
ng.Database Designing is a part of the development process. Inthe

lineardevelopmentcycle,itisused duringthesystemrequirements phasetoconstructthedata

Departmentof CSE Page 12
 DualAccessControlForCloudBasedDataStorageAndSharing
componentsoftheanalysismodel.Thismodelrepresentsthemajordataobjectsandtherelationsh
ipbetweenthem.Itshouldnotbeconfusedwithdataanalysis,whichtakesplaceinthesystemdesig
nphase.AsinaDFD,amodelofdataconsistsofanumber
ofsymbolsjoinedupaccordingtocertainconventions.Systemdesignersdescribetheseconceptu
almodeling using symbols from a modeling method known as entity relationship
analysis.EntityRelationshipDiagram
Entityrelationshipanalysisusesthreemajorabstractions todescribedata.Theseare
1. Entities,whicharedistinct thingsintheenterprise.
2. Relationships,whicharemeaningfulinteractionsbetweentheobjects.
3. Attributes,whicharethe propertiesofthe entitiesand relationship.
The relative simplicity and pictorial clarity of this diagramming technique may
wellaccount in large part for the widespread use of ER model. Such a diagram consists of
thefollowingmajor components.
E-RDiagramComponents

Rectangles,whichrepresenttheentityset.Ell

ipse,which representattributes.

Diamonds,whichrepresentrelationshipsets.
Lines,whichlinkattributestoentitysetsandentitysets
to relationships.

DoubleEllipse,which representsmulti valuedattributes.

Doublelines,whichindicatestotalparticipationofanentityina
relationship set.
Entit
y
 Anentityisanobjectthatexists andisdistinguishablefromotherobjects.

Departmentof CSE Page13

 DualAccessControlForCloudBasedDataStorageAndSharing

 Anentitymaybe concreteorabstract.
 Anentityisasetofentitiesof thesametype.
 Entitysets neednot bedisjoint.
 Anentityisrepresentedbyasetofattributes.

MappingConstraints
AnE-Rdiagrammaydefinecertainconstraintswhichthecontentsofadatabasemustconform.
MappingCardinalities
It expresses the number of entities to which another entity can be associated via
arelationship.ForbinaryrelationshipsetsbetweenentitysetsAand
B,themappingcardinalitymust be oneof thefollowing:
One-to-One–Anentity inAisassociatedwithat
mostoneentityinB,andanentityinBisassociated with at most oneentity in A.
One-to-many -An entity in A is associated with any number in B. An entity in B
isassociatedwith any number in A.
Many-to-many – Entities in A and B are associated with any number from each
other.Cardinality:Itindicates
thatwhichtyperelationshipthebusinessrulefollowsiscalledcardinality.
Connectivity: It specifies that which type of notation the entities are connected in
bothsides that oneside ormany side.
DATADICTIONARY
Thelogicalcharacteristicsofcurrentsystemsdatastores,includingname,description,ali
ases,contents,andorganization,identifiesprocesseswherethedataareusedand where
immediate access to information required, Serves as the basis for identifyingdatabase
requirements during system design.
UsesofData Dictionary
 Tomanagethedetails inlargesystems.
 Tocommunicateacommonmeaningforallsystem elements.
 ToDocumentthefeatures ofthesystem.

Departmentof CSE Page14

 DualAccessControlForCloudBasedDataStorageAndSharing

 Tofacilitateanalysisofthedetailsinordertoevaluatecharacteristicsanddeter
minewheresystemchanges should bemade.
 Tolocateerrors andomissionsin thesystem.
UMLDIAGRAMS
Itisalanguagetospecifying,visualizingandconstructingtheartifactsofsoftwaresystem
as well as for business models. UML was originally motivated by the desire tostandardize
the disparate notational system and approaches to software design developedby Grady
Booch, Ivar Jacobson and James Rumbaugh at Rational Software in 1994-
95.TheUMLnotationisusefulforgraphicallydepictingObjectOrientedAnalysisandObjectOri
ented Design modules. The unified modeling language is a standard language
forspecifying,Visualizing,Constructinganddocumentingthesoftwaresystemanditscompone
nts.Itisagraphicallanguagethatprovidesavocabularyandsetofsemanticsandrules. The UML
focuses on the conceptual and physical representation of the system. Itcaptures the
decisions and understandings about systems that must be constructed. It
isusedtounderstand,design,configure,maintainandcontrolinformationaboutthesystems.An
Overviewof UML
TheUnified ModelingLanguageisa language for
 Visualizing.
 Specifying.
 Constructing.
 Documenting.
UML
ModelsUsermod
elview
 Thisviewrepresentsthe systemfromtheuser’sperspective.
 The analysis representation describes a usage scenario from the end-
usersperspective.
Structuralmodelview
 Inthismodelthedataandfunctionalityarearrivedfrominsidethesystem.
 Thismodelviewmodelsthestaticstructures.
Behavioralmodelview
Departmentof CSE Page15
 DualAccessControlForCloudBasedDataStorageAndSharing

It represents the dynamic of Behavioral as parts of the system, depicting

theinteractions of collection between various structural elements described in the user
modelandstructural model view.
Implementationmodelview
In this the structural and behavioral as parts of the system are represented as
theyaretobe built.
Environmentalmodelview
In this the structural and Behavioral aspects of the environment in which the system is
tobe implemented are represented. UML is specifically constructed through two
differentdomainsthey are
 UML Analysis modeling, this focuses on the user model and structural
modelviewsof thesystem.
 UMLdesignmodeling,whichfocusesontheBahaviouralmodeling,impl
ementationmodeling andenvironmental model views.
AConceptualmodelofUML
 ThethreemajorelementsofUML are
 TheUML’sbasicbuildingblocks.
 Therules thatdictatehowthosebuildingblocks maybeputtogether.
 SomecommonmechanismsthatapplythroughouttheUML.
Basicbuildingblocks ofthe UML
Thevocabulary ofUMLencompassesthreekindsof buildingblocks
 Things.
 Relationships.
 Diagrams.
Things
Things are the abstractions that are first-class citizens in a model.
Relationshipstiethesethings together.Diagramsgroup theinteresting collectionofthings.
Therearefourkinds of things in the UML
Structural
thingsBehavioral
thingsGroupingth
ings
Departmentof CSE Page16
 DualAccessControlForCloudBasedDataStorageAndSharing

Annotationalthings
StructuralThings
StructuralthingsarethenounsoftheUMLmodels.Thesearemostlystaticpartsofthe
model, representing elements that are either conceptual or physical. In all, there
aresevenkinds of Structuralthings.
UseCase
Usecaseisadescriptionofasetofsequenceofactionsthatasystemperformsthatyieldsan
observableresultofvaluetoaparticularthingsinamodel.Graphically,UseCaseisrenderedasane
llipsewithdashedlines,usuallyincludingonlyitsnameasshownbelow.

Fig-5.3.1:SampleUsecasediagram
Class
Aclassisadescriptionofasetofobjectsthatsharethesameattributes,operations,
relationships, and semantics. A class implements one or more interfaces. Graphically
aclass is rendered as a rectangle, usually including its name, attributes and operations,
asshownbelow.
Windows
Origin
Size
Open()
Close()
Move()
Display()
Fig-5.3.2:SampleClassDiagram
Interface
An interface is a collection of operations that specify a service of a class
orcomponent.Aninterfacedescribestheexternallyvisiblebehaviourofelement.Graphicallyth
einterfaceis renderedas a circletogether with its name.

Fig-5.3.3:Interface

Departmentof CSE Page17

 DualAccessControlForCloudBasedDataStorageAndSharing

Collaboration
Collaborationdefinesaninteractionandisasocietyofrolesandotherelementsthatwork
together to provide some cooperative behaviour that’s bigger than the sum of all
theelements. Graphically, collaboration is rendered as an ellipse with dashed lines,
usuallyincludingonly its name as shown below.

Fig-5.3.4:SampleCollaborationDiagram

Component
Component is a physical and replaceable part of a system that conforms to
andprovides the realization of a set of interfaces. Graphically, a component is rendered as
arectangle with tabs, usuallyincluding only its name,as shown below.

Fig-5.3.5:SampleComponentDiagram
Nod
e
ANodeisaphysicalelementthatexistsatruntimeandrepresentsacomputational
resource,generallyhavingatleastsomememoryandoften,processingcapability.Graphically,a
nodeisrenderedasacube,usuallyincludingonlyitsname,asshownbelow.

Fig-5.3.6:SampleNodeDiagram

BehavioralThings
BehavioralthingsarethedynamicpartsofUMLmodels.Thesearetheverbsofamodel,re
presenting behavior over timeand space.

Departmentof CSE Page18

 DualAccessControlForCloudBasedDataStorageAndSharing

Interaction
Aninteractionisabehaviorthatcomprisesasetofmessagesexchangedamongasetof
objects within aparticularcontext to accomplishaspecificpurpose.

Display
Fig-5.3.7:SampleInteractionDiagram
StateMachine
A state machine is a behavior that specifies the sequence of states an object or
aninteractiongoesthroughduringitslifetimeonresponsetoevents,togetherwithitsresponses to
those events. Graphically, a state is rendered as rounded rectangle usuallyincludingits
nameand its sub-states, if any, as shown below.

Fig-5.3.8:SampleStateMachine
3.GroupingThings
GroupingthingsaretheorganizationalpartsoftheUMLmodels.Thesearetheboxesinto
which amodel can be decomposed.
PackageApackageisageneral-purposemechanismfororganizingelementsintogroups.

Fig-5.3.9:SamplePackageDiagram
AnnotationalThings
Annotationalthings aretheexplanatory partsoftheUML models.
Notes
Anoteissimplyasymbolforrenderingconstraintsandcommentsattachedtoan
elementoracollectionofelements.Graphicallyanoteisrenderedasarectanglewithdog-
earedcorner together, witha textual orgraphicalcomment, as shownbelow.

DepartmentofCSE Page19
 DualAccessControlForCloudBasedDataStorageAndSharing

Fig-
5.3.10:SampleNoteDiagramRelationshipsin the UML
Therearefourkindsof relationshipsin theUML
 Dependency.
 Association.
 Generalization.
 Realization.
TheserelationshipsarethebasicrelationalbuildingblocksoftheUML.Youusethemtowrite
well-formedmodels.Graphicallydependencyisrenderedasadashedline,possiblydirected,and
occasionally including a label.
>
Fig-5.3.11:Dependency
Second, an association is a structural relationship that describes a set of links, a link
beinga connection among objects. Aggregation is a special kind of association,
representing
astructuralrelationshipbetweenawholeanditsparts.Graphically,anassociationisrenderedas a
solid line, possibly directed, occasionally including a label, andoftencontainingother
adornments, such asmultiplicityand role names.
Employer Employee
Fig-5.3.12:Association
Third, a generalization is a specialization/generalization relationship in which objects
ofthespecializedelementaresubstitutableforobjectsofthegeneralizedelement(theparent).In
this way, the child shares the structure and the behavior of the parent. Graphically
ageneralization relationship is rendered as a solid line with a hollow arrowhead pointing
totheparent.

Fig-5.3.13:Generalization
Fourth, a realization is a semantic relationship between classifiers, wherein one
classifierspecifiesa contractthat anotherclassifierguaranteestocarryout.You’ll encounter
Departmentof CSE Page20
 DualAccessControlForCloudBasedDataStorageAndSharing

realization relationships in two places between interfaces and the classes or

componentsthatrealizethem andbetween usecasesand thecollaborations thatrealize them.

Fig-5.3.14:Realization
Each UML diagram is designed to let developers and customers view a software
systemfrom a different perspective and in varying degrees of abstraction. Use Case
Diagramdisplaysthe relationship among actors and usecases.
Class Diagram models class structure and contents using design elements such as
classes,packages and objects. It also displays relationships such as containment,
inheritance,associationsand others.
InteractionDiagrams
Sequence Diagram displays the time sequence of the objects participating in
theinteraction.Thisconsistsoftheverticaldimension(time)andhorizontaldimension(different
objects).
 Collaboration Diagram displays an interaction organized around the objects
andtheirlinks tooneanother. Numbersareusedto show thesequenceofmessages.
 StateDiagramdisplaysthesequencesofstatesthatanobjectofaninteractiongoesthrough
during its life in response to received stimuli, together with its
responsesandactions.
Activity Diagram displays a special state diagram where most of the states are
actionstates and most of the transitions are triggered by completion of the actions in the
sourcestates.This diagram focuses on flowsdriven by internal processing.
PhysicalDiagrams
 Component Diagram displays the high level packaged structure of the code
itself.Dependencies among components are shown, including source code
components,binary code components, and executable components. Some
components exist atcompiletime, at linktime, at runtimes well
asatmorethanonetime.
 Deployment Diagram displays the configuration of run-time processing
elementsand the software components, processes, and objects that live on them.
Softwarecomponentinstances represent run-timemanifestations of code.

Departmentof CSE Page21

 DualAccessControlForCloudBasedDataStorageAndSharing

Departmentof CSE Page22

 DualAccessControlForCloudBasedDataStorageAndSharing

Diagramsin theUML
UseCaseDiagram
Use case diagram graphically depict system behavior. These diagrams present
ahighlevelviewofhowthesystemisusedasviewedfromanoutsider’s(actor’s)perspective.Ause
-casediagrammay depictall orsomeoftheusecases of asystem.
Ause-casediagramcancontain:
 Actors
 Usecases
Interactionorrelationshipbetweenactorandusecasesinthesystemincludingtheassociations,
dependencies, and generalizations. Use-case diagram can be used
duringanalysistocapturethesystemrequirementsandtounderstandhowthesystemshouldwork
.During the design phase, you can use use-case diagrams to specify the behavior of
thesystemsimplemented.

Departmentof CSE Page23

 DualAccessControlForCloudBasedDataStorageAndSharing

UseCaseDiagram

Fig-5.3.1.1:UseCaseDiagram

Departmentof CSE Page23

 DualAccessControlForCloudBasedDataStorageAndSharing

5.3.2.Class Diagram
Inengineering,aclassdiagramintheUnifiedModelingLanguage(UML)isatypeofstaticstructu
rediagramthatdescribes thestructureofa systembyshowing
thesystem'sclasses,theirattributes,operations(ormethods),andtherelationshipsamongtheclas
ses.Itexplainswhich class contains information.

Fig-5.3.2.1:ClassDiagram

Departmentof CSE Page 24

 DualAccessControlForCloudBasedDataStorageAndSharing

5.3.3SequenceDiagram

AsequencediagraminUnifiedModelingLanguage(UML)isakindofinteractiondiagra
m that shows how processes operate with one another and in what order. It is aconstruct
of a Message Sequence Chart. Sequence diagrams are sometimes called
eventdiagrams,event scenarios, and timing diagrams.

Fig-5.3.3.1:Sequence Diagram

Departmentof CSE Page25

 DualAccessControlForCloudBasedDataStorageAndSharing

6.IMPLEMENTATIONANDRESULTS

TECHNOLOGYUSED
Javatechnologyisbotha programminglanguage andaplatform.
TheJava ProgrammingLanguage
TheJavaprogramminglanguageisahigh-levellanguagethatcanbecharacterizedby
all of thefollowing buzzwords:
 Simple
 Architectureneutral
 Objectoriented
 Portable
 Distributed
 Highperformance
 Interpreted
 Multithreaded
 Robust
 Dynamic
 Secure

With most programming languages, you either compile or interpret a program

sothat you can run it on your computer. The Java programming language is unusual in
that
aprogramisbothcompiledandinterpreted.Withthecompiler,firstyoutranslateaprograminto
an intermediate language called Java byte codes —the platform-independent
codesinterpreted by the interpreter on the Java platform. The interpreter parses and runs
eachJava byte code instruction on the computer. Compilation happens just once;
interpretationoccurseachtimetheprogramisexecuted.Thefollowingfigureillustrateshowthis
works.

Departmentof CSE Page 26

 DualAccessControlForCloudBasedDataStorageAndSharing

Fig-6.1.1:JavaCompilerArchitecture
You can think of Java byte codes as the machine code instructions for the
JavaVirtual Machine (Java VM). Every Java interpreter, whether it’s a development tool
or aWeb browser that can run applets, is an implementation of the Java VM. Java byte
codeshelp make “write once, run anywhere” possible. You can compile your program
into bytecodes on any platform that has a Java compiler. The byte codes can then be run
on
anyimplementationoftheJavaVM.ThatmeansthataslongasacomputerhasaJavaVM,thesame
program written in the Java programming language can run on Windows 2000,
aSolarisworkstation, or on an iMac.

Fig-6.1.2:PlatformIndependentArchitecture
TheJavaPlatform
A platform is the hardware or software environment in which a program
runs.We’vealreadymentionedsomeofthemostpopularplatformslikeWindows2000,Linux,S
olaris, and MacOS. Most platforms can be described as a combination of the
operatingsystem and hardware. The Java platform differs from most other platforms in
that it’s asoftware-onlyplatform that runs on top ofother hardware-based platforms.
TheJavaplatform has two components:
Departmentof CSE Page27
 DualAccessControlForCloudBasedDataStorageAndSharing
 TheJavaVirtualMachine(JavaVM)
 TheJavaApplication ProgrammingInterface(JavaAPI)
You’vealreadybeenintroducedtotheJavaVM.It’sthebasefortheJavaplatformandis
ported onto various hardware-based platforms.
TheJavaAPIisalargecollectionofready-madesoftwarecomponentsthatprovidemany
useful capabilities, such as graphical user interface (GUI) widgets. The Java API
isgrouped into libraries of related classes and interfaces;these librariesare known
aspackages.Thenextsection,WhatCanJavaTechnologyDo?
Highlightswhatfunctionalitysome ofthe packages in theJavaAPIprovide.
Thefollowingfiguredepictsaprogramthat’srunningontheJavaplatform.Asthefigures
hows,theJavaAPIandthevirtualmachineinsulatetheprogramfromthehardware.

Native code is code that after you compile it, the compiled code runs on a
specifichardwareplatform.Asaplatform-
independentenvironment,theJavaplatformcanbeabitslower than native code. However,
smart compilers, well-tuned interpreters, and just-in-time byte code compilers can bring
performance close to that of native code withoutthreateningportability.
WhatCanJava TechnologyDo?
The most common types of programs written in the Java programming
languageare applets and applications. If you’ve surfed the Web, you’re probably already
familiarwithapplets.Anappletisaprogramthatadherestocertainconventionsthatallowittorun
withinaJava-enabled browser.
However, the Java programming language is not just for writing cute,
entertainingappletsfortheWeb.The general-purpose,high-
levelJavaprogramminglanguageisalsoapowerfulsoftwareplatform.UsingthegenerousAPI,y
oucanwritemanytypesofprograms.

Departmentof CSE Page 28

 DualAccessControlForCloudBasedDataStorageAndSharing

An application is a standalone program that runs directly on the Java platform.

Aspecial kind of application known as a server serves and supports clients on a
network.Examples of servers are Web servers, proxy servers, mail servers, and print
servers.Another specialized program is a servlet. A servlet can almost be thought of as an
appletthatrunsontheserverside.JavaServletsareapopularchoiceforbuildinginteractivewebap
plications, replacing the use of CGI scripts. Servlets are similar to applets in that theyare
runtime extensions of applications. Instead of working in browsers, though,
servletsrunwithin JavaWeb servers, configuringor tailoring the server.
HowdoestheAPIsupportallthesekindsofprograms?
Itdoessowithpackagesofsoftwarecomponentsthatprovidesawiderangeoffunctionality.Ever
yfullimplementationof theJavaplatform givesyou thefollowing features:
 The essentials: Objects, strings, threads, numbers, input and output,
datastructures,system properties, date and time, andso on.
 Applets:Thesetofconventions usedby applets.
 Networking:URLs,TCP(TransmissionControlProtocol),UDP(UserDat
agramProtocol)sockets, and IP(InternetProtocol)addresses.
 Internationalization: Help for writing programs that can be localized
forusers worldwide. Programs can automatically adapt to specific locales
andbedisplayed in theappropriate language.
 Security:Bothlowlevelandhighlevel,includingelectronicsignatures,publi
candprivatekeymanagement,accesscontrol, andcertificates.
TM
 Software components: Known as JavaBeans , can plug into
existingcomponentarchitectures.
 Objectserialization:Allowslightweightpersistenceandcommunicationvia
RemoteMethodInvocation (RMI).
TM
 JavaDatabaseConnectivity(JDBC ):Providesuniformaccesstoawide
rangeof relational databases.
The Java platform also has APIs for 2D and 3D graphics, accessibility,
servers,collaboration, telephony, speech, animation, and more. The following figure
depicts whatisincluded in the Java2SDK.

Departmentof CSE Page29

 DualAccessControlForCloudBasedDataStorageAndSharing

Fig-6.1.3 :JRE
METHODSOFIMPLEMENTATIONS
JDBC
InanefforttosetanindependentdatabasestandardAPIforJava;SunMicrosystemsdevel
oped Java Database Connectivity, or JDBC. JDBC offers a generic SQL databaseaccess
mechanism that provides a consistent interface to a variety of RDBMSs.
Thisconsistentinterfaceisachievedthroughtheuseof“plug-in”databaseconnectivitymodules,
or drivers. If a database vendor wishes to have JDBC support, he or she mustprovidethe
driver foreach platform that the databaseand Javarun on.
TogainawideracceptanceofJDBC,SunbasedJDBC’sframeworkonODBC.Asyou
discovered earlier in this chapter, ODBC has widespread support on a variety
ofplatforms. Basing JDBC on ODBC will allow vendors to bring JDBC drivers to
marketmuchfasterthan developing a completely newconnectivity solution.
JDBCwasannouncedinMarchof1996.Itwasreleasedfora90daypublicreviewthat
ended June 8, 1996. Because of user input, the final JDBC v1.0 specification
wasreleasedsoon after.
The remainder of this section will cover enough information about JDBC for you to
knowwhat it is about and how to use it effectively. This is by no means a complete
overview ofJDBC.That would fill an entirebook.
JDBCGoals
Few software packages are designed without goals in mind. JDBC is one
that,becauseofits manygoals, drovethe developmentofthe API.Thesegoals,in conjunction

Departmentof CSE Page30

 DualAccessControlForCloudBasedDataStorageAndSharing

withearlyreviewerfeedback,havefinalizedtheJDBCclasslibraryintoasolidframeworkforbuil
ding databaseapplications in Java.
The goals that were set for JDBC are important. They will give you some insight as
towhycertainclassesandfunctionalitiesbehavethewaytheydo.TheeightdesigngoalsforJDBC
areas follows:
IPdatagram’s
TheIPlayerprovidesaconnectionlessandunreliabledeliverysystem.Itconsiderseach
datagram independently of the others. Any association between datagram must
besupplied by the higher layers. The IP layer supplies a checksum that includes its
ownheader. The header includes the source and destination addresses. The IP layer
handlesrouting through an Internet. It is also responsible for breaking up large datagram
intosmallerones fortransmission and reassembling themat the other end.
UDP
UDPisalsoconnectionlessandunreliable.WhatitaddstoIPisachecksumforthecontents
of the datagram and port numbers. These are used to give a client/server model -seelater.
TCP
TCP supplies logic to give a reliable connection-oriented protocol above IP.
Itprovidesavirtual circuit that twoprocessescan useto communicate
Internetaddresses
In order to use a service, you must be able to find it. The Internet uses an
addressscheme for machines so that they can be located. The address is a 32 bit integer
whichgivestheIP address. This encodesanetworkIDand moreaddressing.
Networkaddress
Class A uses 8 bits for the network address with 24 bits left over for
otheraddressing.ClassBuses16bitnetworkaddressing.ClassCuses24bitnetworkaddressinga
ndclass D usesall 32.
Subnetaddress
Internally,theUNIXnetworkisdividedintosubnetworks.Building11iscurrentlyonone
sub networkanduses 10-bit addressing,allowing 1024 different hosts.
Hostaddress

DepartmentofCSE Page31
 DualAccessControlForCloudBasedDataStorageAndSharing

8bitsarefinallyusedforhostaddresseswithinoursubnet.Thisplacesalimitof256machinesthat can
beon thesubnet.
TotalAddress
The32bitaddressisusuallywritten as4integers separatedbydots.
Portaddresses
A service exists on a host, and is identified by its port. This is a 16 bit number.
Tosend a message to a server, you send it to the port for that service of the host that it
isrunningon. This is not location transparency! Certain of theseports are"well known".
Sockets
Asocketisadatastructuremaintainedbythesystem tohandlenetworkconnections. A
socket is created using the call socket. It returns an integer that is like afile descriptor. In
fact, under Windows, this handle can be used with Read File and WriteFilefunctions.
#include
<sys/types.h>#include<
sys/socket.h>
intsocket(intfamily,inttype,intprotocol);
Here "family" will be AF_INET for IP communications, protocol will be zero, and
typewilldependonwhetherTCPorUDPisused.Twoprocesseswishingtocommunicateoverane
tworkcreateasocketeach.Thesearesimilartotwoendsofapipe-buttheactualpipedoesnot yet
exist.
JFreeChart
JFreeChart is a free 100% Java chart library that makes it easy for developers
todisplay professional quality charts in their applications. JFreeChart's extensive feature
setincludes:
Aconsistentandwell-documentedAPI, supportingawiderangeof chart types;
A flexible design that is easy to extend, and targets both server-side and client-
sideapplications;
Supportformanyoutputtypes,includingSwingcomponents,imagefiles(including
PNG and JPEG), and vector graphics file formats (including PDF, EPS andSVG);

Departmentof CSE Page32

 DualAccessControlForCloudBasedDataStorageAndSharing

JFreeChart is "open source" or, more specifically, free software. It is distributed under
thetermsoftheGNULesserGeneralPublicLicence(LGPL),whichpermitsuseinproprietaryap
plications.
1.Map
Chartsshowingvaluesthatrelatetogeographicalareas.Some examplesinclude:
(a) population density in each state of the United States, (b) income per capita for
eachcountryinEurope,
(c)lifeexpectancyineachcountryoftheworld.Thetasksinthisprojectinclude:
Sourcing freely redistributable vector outlines for the countries of the
world,states/provincesinparticularcountries(USAin particular,butalso otherareas).
Creatinganappropriatedatasetinterface(plusdefaultimplementation),arendered,
andintegratingthis with theexistingXYPlot class in JFreeChart;
Testing,documenting,testingsomemore,documentingsomemore.
Implement a new (to JFreeChart) feature for interactive time series charts --- to display
aseparate control that shows a small version of ALL the time series data, with a
sliding"view"rectanglethatallowsyoutoselectthesubsetofthetimeseriesdatatodisplayinthem
ainchart.
1.Dashboards
Thereiscurrentlyalotofinterestindashboarddisplays.Createaflexibledashboardmechanis
mthatsupportsasubsetofJFreeChartcharttypes(dials,pies,thermometers,bars,and lines/time
series) that can be delivered easily via both Java Web Start and an
applet.2.PropertyEditors
The property editor mechanism in JFreeChart only handles a small subset of
thepropertiesthatcan besetforcharts.Extend(orreemployment)this
mechanismtoprovidegreaterend-user controlover theappearanceofthecharts.J2ME (Java2
Microedition)

SunMicrosystemsdefinesJ2MEas"ahighlyoptimizedJavarun-timeenvironmenttargeting a
wide range of consumer products, including pagers, cellular phones, screen-phones,
digital set-top boxes and car navigation systems." Announced in June 1999 at
theJavaOneDeveloperConference,J2MEbringsthe cross-platform functionality oftheJava
Departmentof CSE Page33
 DualAccessControlForCloudBasedDataStorageAndSharing

language to smaller devices, allowing mobile wireless devices to share applications.

WithJ2ME, Sun has adapted the Java platform for consumer products that incorporate or
arebasedon small computing devices.
DATABASE
SQLLevelAPI
ThedesignersfeltthattheirmaingoalwastodefineaSQLinterfaceforJava.Althoughnotthel
owestdatabaseinterfacelevelpossible,it isatalow enoughlevelforhigher-leveltools and APIs
to be created. Conversely, it is at a high enough level for applicationprogrammers to use
it confidently. Attaining this goal allows for future tool vendors
to“generate”JDBCcodeandto hidemany ofJDBC’scomplexities fromthe enduser.
1. SQLConformance
SQL syntax varies as you move from database vendor to database vendor. In an
effortto support a wide variety of vendors, JDBC will allow any query statement to be
passedthroughittotheunderlyingdatabasedriver.Thisallowstheconnectivitymoduletohandle
non-standardfunctionality inamanner thatis suitableforits users. 1.JDBC must
be implemental on top of common database
interfacesTheJDBCSQLAPImust“sit”ontopofothercommonSQLlevelAPIs.Thisgoalallow
sJDBCtouseexistingODBCleveldriversbytheuseofasoftwareinterface.Thisinterfacewouldt
ranslateJDBC calls to ODBC and viceversa.
2. ProvideaJavainterfacethatisconsistentwiththerestoftheJavasystem
Because of Java’s acceptance in the user community thus far, the designers
feelthatthey should not strayfrom thecurrent designofthecoreJavasystem.
3. Keepit simple
Thisgoalprobablyappearsinallsoftwaredesigngoallistings.JDBCisnoexception. Sun
felt that the design of JDBC should be very simple, allowing for only
onemethodofcompletingataskpermechanism.Allowingduplicatefunctionalityonlyservestoc
onfusethe users oftheAPI.
4. Usestrong,statictypingwhereverpossible
Strongtypingallowsformoreerrorcheckingtobedoneat compiletime;also,lesserror
appear at runtime.

Departmentof CSE Page34

 DualAccessControlForCloudBasedDataStorageAndSharing

5. Keepthecommon casessimple
Because more often than not, the usual SQL calls used by the programmer
aresimpleSELECT’s,INSERT’s,DELETE’sandUPDATE’s,thesequeriesshouldbesimpleto
performwith JDBC.However, morecomplex SQLstatements shouldalsobe possible.
Theyare,
1. TABLE
2. QUERY
3. FORM
4. REPORT
5. MACRO

1. DesignView
2. DatasheetView
DesignView:Tobuildormodifythestructureofatableweworkinthetabledesignview.Wecan
specifywhat kind of data will be hold.
DatasheetView:To add,editoranalysesthedata itselfweworkintables datasheetviewmode.
Query:Aqueryisaquestionthathastobeaskedthedata.Accessgathersdatathatanswersthequest
ionfromoneormoretable.Thedatathatmakeuptheansweriseitherdynaset(ifyou edit it) or a
snapshot (it cannot be edited).Each time we run query, we get latestinformation in the
dynaset. Access either displays the dynaset or snapshot for us to vieworperform an action
on it, such as deleting orupdating.

Departmentof CSE Page35

 DualAccessControlForCloudBasedDataStorageAndSharing

7. SAMPLECODE
Register.jsp
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"

xml:lang="en"lang="en"><head>

<title>DataOwnerRegister</title>

<metahttp-equiv="Content-Type"content="text/html;charset=utf-8"

/><linkhref="style.css"rel="stylesheet"type="text/css"/

><scriptsrc="js/cufon-yui.js"type="text/javascript"></script>

<scriptsrc="js/cufon-replace.js"type="text/javascript"></script>

<scriptsrc="js/Myriad_Pro_300.font.js"type="text/javascript"></script>

<!--[iflt IE7]>

<scripttype="text/javascript"src="js/ie_png.js"></script>

<scripttype="text/javascript">ie_png.fix('.png,#header.row-2ullia,#content,
.list li');</script>

<![endif]-->

<styletype="text/css">

<!--

.style1{

font-size:

37px;color:#CCCCC

C;

.style2{color:#20b7c9}

.style3{font-size:12px}

Departmentof CSE Page36

 DualAccessControlForCloudBasedDataStorageAndSharing

-->

Departmentof CSE Page37

 DualAccessControlForCloudBasedDataStorageAndSharing

</style>

</head>

<bodyid="page1">

<divclass="tail-top">

<divclass="tail-bottom">

<divclass="body-bg">

<!--HEADER-->

<divid="header">

<divclass="extra"><img src="images/header-img.jpg"alt=""/></div>

<divclass="row-1">

<divclass="fleft">

<h2 class="style1">Dual Access Control for Cloud-Based<br

/>DataStorageand Sharing</h2>

</div>

<divclass="fright"></div>

</div>

<divclass="row-2">

<ul>

<liclass="m1"><ahref="index.html">Home</a></li>

<liclass="m2"><ahref="R_Login.jsp">EndUser</a></li>

<liclass="m3"><ahref="E_Login.jsp"class="active">DataOwner</a></li>

<liclass="m4"><ahref="TA_Login.jsp">T-Authority</a></li>

<liclass="m5"><ahref="C_Login.jsp">Cloud</a></li>

</ul>

</div>

Departmentof CSE Page37

 DualAccessControlForCloudBasedDataStorageAndSharing

<divclass="row-3"><imgsrc="images/slogan.gif"alt=""/>

<formaction="#"method="post"id="search-form">

<fieldset>

<div><span>

<input type="text" value="Enter keyword

here"onfocus="if(this.value=='Enter keyword here')
{this.value=''}"onblur="if(this.value=='')
{this.value='Enterkeywordhere'}"/>

</span><ahref="#"><imgsrc="images/button.gif"alt=""/></a></div>

</fieldset>

</form>

</div>

</div>

<!--CONTENT-->

<divid="content">

<divclass="inner_copy">More<ahref="#">WebsiteTemplates</
a>@Templates.com!</div>

<divclass="tail-right">

<divclass="wrapper">

<divclass="col-1">

<divclass="indent">

<divclass="indent1">

<h3>EncrypterRegister</h3>

<palign="justify">&nbsp;</p>

<form action="E_RegisterAuthentication.jsp"
method="post"id=""enctype="multipart/form-data">

<labelfor="name">DataOwnerName(required)<br/>

Departmentof CSE Page38

 DualAccessControlForCloudBasedDataStorageAndSharing
</label>

Departmentof CSE Page39

 DualAccessControlForCloudBasedDataStorageAndSharing

<p>

<inputid="name"name="userid"class="text"

/></p>

<labelfor="password">Password(required)<br/>

</label>

<p>

<inputtype="password"id="password"name="pass"class="text"/>

</p>

<p>

<labelfor="email">EmailAddress(required)<br/>

</label>

<inputid="email"name="email"class="text"

/></p>

<labelfor="mobile">MobileNumber(required)<br/>

</label>

<p>

<inputid="mobile"name="mobile"class="text"

/></p>

<labelfor="address">YourAddress<br/>

</label>

<p>

<textarea name="address"

cols="50"id="address"></textarea></

p>

<labelfor="dob">DateofBirth(required)<br/>

Departmentof CSE Page40

 DualAccessControlForCloudBasedDataStorageAndSharing
</label>

Departmentof CSE Page41

 DualAccessControlForCloudBasedDataStorageAndSharing

<p>

<inputid="dob"name="dob" class="text"/>

</p>

<labelfor="gender">SelectGender(required)<br/>

</label>

<p>

<selectid="s1"name="gender"class="text">

<option>-Select-</option>

<option>Male</option>

<option>Female</option>

</select>

</p>

<labelfor="pincode">EnterPincode(required)<br/>

</label>

<p>

<inputid="pincode"name="pincode"class="text"/>

</p>

<labelfor="location">EnterLocation(required)<br/>

</label>

<p>

<inputid="loc"name="location"class="text"

/></p>

<labelfor="pic">SelectProfilePicture(required)<br/>

</label>

<p>

Departmentof CSE Page42

 DualAccessControlForCloudBasedDataStorageAndSharing

<inputtype="file"id="pic"name="pic"class="text"/>

</p>

<p>

<inputname="submit"type="submit"value="REGISTER"

/></p>

</form>

<palign="justify">&nbsp;</p>

</div>

<h4>&nbsp;</h4>

</div>

</div>

<divclass="col-2">

<ul>

<li><a

href="index.html">Home</a></li><li><ahref="R

_Login.jsp">End

User</a></li><li><ahref="E_Login.jsp">DataO

wner</a></li><li><ahref="TA_Login.jsp">T-

</ul> Authority</a></li>

</div> <li><ahref="C_Login.jsp">Cloud</a></li>

</div>

</div>

</div>

<!--FOOTER-->

<divid="footer">

Departmentof CSE Page43

 DualAccessControlForCloudBasedDataStorageAndSharing

<divclass="indent">

<divclass="fleft"></div>

<divclass="fright"></div>

</div>

</div>

</div>

</div>

</div>

<scripttype="text/javascript">Cufon.now();</script>

<divalign=center></div>

</body>

</html>

Departmentof CSE Page44

 DualAccessControlForCloudBasedDataStorageAndSharing

8. TESTING
Testingisaprocess,whichrevealserrorsintheprogram.Itisthemajorqualitymeasureemplo
yedduringsoftwaredevelopment.Duringsoftwaredevelopment,duringtesting,theprogramise
xecutedwithasetoftestcasesandtheoutputoftheprogramforthetestcasesisevaluated
todetermineiftheprogramis performingas itis expectedto perform.

TestingMethodologies

Inordertomakesurethatthesystemdoesnothaveerrors,thedifferentlevelsoftestingstrat
egies tothat areappliedto at differing phases of softwaredevelopment.

UnitTesting

Unit testing is done on individual modules as they are completed and

becomeexecutable. Itisconfinedonlytothedesigner'srequirements.Eachmodule
canbetestedusingthefollowing two Strategies,

BlackBox Testing

In this strategy some test cases are generated as input conditions that fully execute
allfunctional requirements for the program. This testing has been uses to find errors in
thefollowingcategories:
 Incorrectormissingfunctions
 Interfaceerrors
 Errorsindata structureor externaldatabaseaccess
 Performanceerrors
 Initializationandterminationerrors.
Inthistestingonlytheoutputischecked forcorrectness.Thelogicalflowof the dataisnot
checked.

Departmentof CSE Page 43

 DualAccessControlForCloudBasedDataStorageAndSharing

WhiteBox Testing

Inthisthetestcasesaregeneratedonthelogicofeachmodulebydrawingflowgraphsofthatmo
duleandlogicaldecisionsaretestedonallthecases.Ithasbeenusestogeneratethetest cases in
thefollowing cases:
 Guaranteethatallindependentpathshavebeenexecuted.
 ExecutealllogicaldecisionsontheirtrueandfalseSides.
 Executeallloopsattheir boundariesandwithintheir operationalbounds
 Executeinternal datastructures toensuretheirvalidity.

IntegratingTesting

Integration testing ensures that software and subsystems work together a whole.
Ittests the interface of all the modules to make sure that the modules behave properly
whenintegratedtogether.

SystemTesting

Here the entire software system is tested. The reference document for this
processis the requirements document, and the goal is to see if software meets its
requirements.Here entire ‘Cybernetic Protectors Application’ has been tested against
requirements ofprojectanditis checkedwhetherallrequirementsofprojecthavebeen
satisfiedornot.

AcceptanceTesting

Acceptance Test is performed with realistic data of the client to demonstrate

thatthe software is working satisfactorily. Testing here is focused on external behavior of
thesystem; the internal logic of program is not emphasized.In this project
‘CyberneticProtectors Application’ I have collected some data and tested whether project
is
workingcorrectlyornot.Testcasesshouldbeselectedsothatthelargestnumberofattributesofane
quivalence class is exercised at once. The testing phase is an important part of
softwaredevelopment.Itistheprocessoffindingerrorsandmissingoperationsandalsoacomplet
everification to determine whether the objectives are met and the user requirements
Departmentof CSE Page44
 DualAccessControlForCloudBasedDataStorageAndSharing
aresatisfied.

Departmentof CSE Page 43

 DualAccessControlForCloudBasedDataStorageAndSharing

TestApproach
Testingcanbedonein twoways:

 Bottomupapproach
 Topdownapproach
BottomUpApproach

Testingcanbeperformedstartingfromsmallestandlowestlevelmodulesandproceeding
one at a time. For each module in bottom up testing a short program
executesthemoduleandprovidestheneededdatasothatthemoduleisaskedtoperformthewayitw
illwhen embedded with in thelarger system.

TopdownApproach
This type of testing starts from upper level modules. Since the detailed
activitiesusually performed in the lower level routines are not provided stubs are written.
A stub isa module shell called by upper level module and that when reached properly will
return amessage to the calling module indicating that proper interaction occurred. No
attempt ismadeto verify thecorrectness ofthe lower levelmodule.
Validation

Thesystemhasbeentestedandimplementedsuccessfullyandthusensuredthatalltherequire
ments as listed in the software requirements specification are completely
fulfilled.Incaseoferroneous input correspondingerror messages aredisplayed.

Departmentof CSE Page45

 DualAccessControlForCloudBasedDataStorageAndSharing

TEST CASES

EXPECTED
S.No. TESTCASES INPUT ACTUALRESULT STATUS
RESULT

User User gets Registration

1 Enterallfields Pass
Registration registered issuccessful

ifuser miss User not Registrationis

2 User Fail
anyfield registered
Registration unsuccessful

Give the user User home

3 User Login name and pageshould UserhomePage Pass
has beenopened
password
be opened

Cloud page
4 CloudLogin GiveUsername should be Cloud page has Pass
andpassword beenopened
opened

GiveUsername Data Owner Login Success

DataOwner fullyandData
5 Login Page hasto Owner Pageis Pass
AndPassword Display
Displayed

Details
6 Upload Enter All the Details Should Uploaded Pass
Details Details beUpload
SuccessFully

Table8.3.1:Test CaseResults

Departmentof CSE Page46

 DualAccessControlForCloudBasedDataStorageAndSharing

9. SCREENS

Fig-8.1:HomePage

Fig-8.2:Ownerloginpage

Departmentof CSE Page47

 DualAccessControlForCloudBasedDataStorageAndSharing

Fig-8.3:HomePageofOwner

Fig-8.4:HomePageOf User

Departmentof CSE Page48

 DualAccessControlForCloudBasedDataStorageAndSharing

Fig-8.5:SelectionOffile ToUpload

Fig-8.15:FileUploading

Fig-8.16:FileUploadStatus

Departmentof CSE Page49

 DualAccessControlForCloudBasedDataStorageAndSharing

Fig-8.17:RequestMsk

Fig-8.19:MskStatus

Fig-8.21:AuthorityHomePage

Departmentof CSE Page50

 DualAccessControlForCloudBasedDataStorageAndSharing

Fig-8.23:RequestTrapdoor

Fig-8.24:DownloadFile

Fig-8.25:FileDownloadSuccessfully

Departmentof CSE Page51

 DualAccessControlForCloudBasedDataStorageAndSharing

10. CONCLUSION

CONCLUSION
Weaddressedaninterestingandlong-lastingproblemincloud-baseddatasharing,and
presented two dual access control systems. The proposed systems are resistant
toDDoS/EDoS attacks. We state that the technique used to achieve the feature of control
ondownload request is “transplantable” to other CP-ABE constructions. Our
experimentalresults show that the proposed systems do not impose any significant
computational andcommunication overhead (compared to its underlying CP-ABE
building block). In ourenhanced system, we employ the fact that the secret information
loaded into the enclavecannot be extracted. However, recent work shows that enclave
may leak some amounts ofits secret(s) to a malicious host through the memory access
patterns or other related side-channel attacks. The model of transparent enclave execution
is hence introduced in.Constructing a dual access control system for cloud data sharing
from transparent enclaveis an interesting problem. In our future work, we will consider
the corresponding solutionto theproblem.

Departmentof CSE Page52

 DualAccessControlForCloudBasedDataStorageAndSharing

11. FUTUREENHANCEMENTS

It is not possible to develop a system that makes all the requirements of the user.
Userrequirementskeepchangingasthesystemisbeingused.Someofthefutureenhancementsthatcanbe
donetothis systemare
Itisfurthertoimplementtosendtheencryptiontokey tomail.
It is better to implement to generate OTP/Biometric login Authentication
forstrengtheningsecurity.
Thisprojectneedstobe enhancewith cryptographyencryptiontechniques.

Departmentof CSE Page53

 DualAccessControlForCloudBasedDataStorageAndSharing

12. BIBLIOGRAPHY

[1] JosephAAkinyele,ChristinaGarman,IanMiers,MatthewWPagano,MichaelRushanan,
MatthewGreen,andAvielDRubin.Charm:aframeworkforrapidlyprototypingcryptosystems.
Journalof Cryptographic Engineering,3(2):111–128, 2013.
[2] Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata.Innovative
technologyfor cpu based attestation and sealing. In Workshop on hardware and
architectural supportforsecurity and privacy(HASP),volume13, page 7. ACM NewYork,
NY,USA,2013.
[3] AlexandrosBakasandAntonisMichalas.Modernfamily:Arevocablehybridencryption
scheme based on attribute-based encryption,symmetric searchable encryptionandSGX.In
SecureComm 2019, pages 472–486,2019.
[4] AmosBeimel.Secureschemesforsecretsharing
andkeydistribution.PhDthesis,PhDthesis,IsraelInstituteofTechnology,Technion,Haifa,
Israel,1996.
[5] JohnBethencourt,AmitSahai,andBrentWaters. Ciphertext-policyattribute-
basedencryption.In S&P2007, pages 321–334.IEEE,2007.
[6] VictorCostanandSrinivasDevadas.Intelsgxexplained.
IACRCryptologyePrintArchive,2016(086):1–118, 2016.
[7] Ben Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, and Sergey Gorbunov.
IRON:functionalencryptionusingintelSGX.InProceedingsofthe2017ACMSIGSACConfer
enceonComputerandCommunicationsSecurity,CCS2017,pages765–782,2017.
[8] EiichiroFujisakiandTatsuakiOkamoto.Secureintegrationofasymmetricandsymmetrice
ncryptionschemes.InAdvancesin Cryptology-CRYPTO1999, pages537–
[9] VipulGoyal,OmkantPandey,AmitSahai,andBrentWaters.Attribute-basedencryption
for fine-grained access control of encrypted data. In ACM CCS 2006, pages89–98. ACM,
2006.

Departmentof CSE Page54