A PROJECT report on

Privacy-Preserving and Secure Cloud Computing

A Case of Large-Scale Nonlinear Programming

BACHELOR OF TECHNOLOGY
IN
COMPUTER SCIENCE AND ENGINEERING

Submitted By
TOGARI ESHWAR CHANDRA (21VF1M3359)

Under The Guidance Of

Ms.S.Guru Jyothi
Asst.Professor,Dept.Of CSE

Department of Computer Science & Engineering

SR INTERNATIONAL INSTITUTE OF TECHNOLOGY

Rampally(V),Keesara(M),Medchal Dist.,Hyderabad-501301
(Affiliated To JNTUH,Approved by AICTE NEW DELHI)

HYDERABAD

2021-2025
 SR INTERNATIONAL INSTITUTE OF TECHNOLOGY
Rampally(V),Keesara(M),Medchal Dist.,Hyderabad-501301
(Affiliated To JNTUH,Approved by AICTE NEW DELHI)

Department Of Computer Science And Engineering

CERTIFICATE BY THE HEAD OF THE DEPARTMENT

This is to certify that this project report entitled “Privacy-Preserving and Secure Cloud
Computing A Case of Large-Scale Nonlinear Programming” submitted by Togari
Eshwar Chandra, bearing Roll No:21VF1M3359, in Partial fulfillment of the
requirement for the Award of Degree of Bachelor of Technology in Computer Science
& Engineering, is a record of Bonafied work carried out by him.

Dr. Pulagam Hari Krishna,

Head Of The Department,
Department of Computer Science&
Engineering SRIIT,Hyderabad
 SR INTERNATIONAL INSTITUTE OF TECHNOLOGY
Rampally(V),Keesara(M),Medchal Dist.,Hyderabad-501301
(Affiliated To JNTUH,Approved by AICTE NEW DELHI)

Department of Computer Science & Engineering

DECLARATION BY THE CANDIDATES

I, Togari Eshwar chandra, bearing Roll No:21VF1M3359 hereby certify that the project entitled
“Privacy-Preserving and Secure Cloud Computing A Case of Large-Scale Nonlinear
Programming”,carried out under the guidance of Ms.S.Guru Jyothi in partial fulfillment of the
requirements for the award of the degree of Bachelor of Technology in computer science and
engineering is a record of Bonafide work carried out by me.The results embodied in this project
report have not been reprodued/copied from any source,and have not been submitted to any other
university or institute for the award of any other degree or diploma.

Togari Eshwar Chandra (21VF1M3359)

 SR INTERNATIONAL INSTITUTE OF TECHNOLOGY
Rampally(V),Keesara(M),Medchal Dist.,Hyderabad-501301
(Affiliated To JNTUH,Approved by AICTE NEW DELHI)

Department of Computer Science & Engineering

CERTIFICATE

This is to certify that the project work entitled “Privacy-Preserving and Secure Cloud
Computing A Case of Large-Scale Nonlinear Programming” submitted by Togari Eshwar
Chandra, bearing Roll No:21VF1M3359, in partial fulfillment ofthe requirements for the award
of degree of Bachelor of Technology in computer science & Engineering is a record of bonafide
work carried out by him under my guidance.The results of investigation enclosed in this report
have been verified and found satisfactory.The result embodied in this project report have not
been submitted to any other University or Institute for the award of any other degree or diploma.

Signature of the Guide Signature of HOD

Ms.S.Guru Jyothi Dr.Pulagam Hari Krishna
Asst.Professor HOD
DEPT.OF CSE DEPT.OF CSE
 SR INTERNATIONAL INSTITUTE OF TECHNOLOGY
Rampally(V),Keesara(M),Medchal Dist.,Hyderabad-501301
(Affiliated To JNTUH,Approved by AICTE NEW DELHI)

Department of Computer Science & Engineering

ACKNOWLEDGEMENT
The satisfaction that accompanies the successful completion of any task would be incomplete
without the mention of people who made it possible, whose constant guidance and encouragement
crown all the efforts with success,who guided, inspired and helped us for the completion of our
project work.
I would like to express our deep indebtedness and whole hearted thanks to Dr. D. Sravan
Kumar, Principal of SRIIT, for allowing us to undertake this project work. I am also thankful
for his valuable suggestions and cooperation during the development of this project.
I am also thankful to Dr. Pulagam Hari Krishna, Head of the Department of Computer Science
and Engineering,who has continuously helped in critical suggestions and extension of proper
working atmosphere,finally evolved into this research work. And I am also thankful to
Ms.S.Guru Jyothi, project guide, Department of Computer Science and Engineering,for her
valuable guidance throughout the project.I am also thankful to all our faculty and the staff
members for their support. Last but not least I would like to thank our family members and friends
for their priceless cooperation and encouragement.I am thankful to each and every person who
helped us directly or indirectly in doing our work.

Togari Eshwar Chandra (21VF1M3359)

Contents

Abstract ................................................................................................................................ 1

Chapter 1

INTRODUCTION ................................................................................................................3
1.1 Introduction ....................................................................................................................3
1.2 Implementation ............................................................................................................. 7

Chapter 2

SYSTEM ANALYSIS ......................................................................................................... 8

2.1 Introduction ................................................................................................................... 8
2.2 Existing System.............................................................................................................. 8
2.3 DisAdvantages of The Existing System ........................................................................ 9
2.4 Proposed System ............................................................................................................ 9
2.5 Advantages of Proposed System ................................................................................... 9
2.6 The Study of The System............................................................................................. 11
2.7 System Requirements .................................................................................................. 13
2.7.1 Hardware Requirements .......................................................................................... 13
2.7.2 Software Requirements ............................................................................................ 13
2.8 Input & Output Representation .................................................................................. 14
2.9 Introduction to Java .................................................................................................... 15
2.9.1 Feasibility Study ........................................................................................................ 30
Chapter 3

SYSTEM DESIGN ........................................................................................................... 33

3.1 System Architecture .................................................................................................... 33
3.2 UML Diagrams ............................................................................................................ 35

Chapter 4

Code................................................................................................... 54

Chapter 5

TESTING & VALIDATION ............................................................................................ 68

Chapter 6

SCREEN SHOTS .............................................................................................................. 77

Chapter 7

CONCLUSIONS................................................................................................................ 85

Chapter 8

REFERENCES .................................................................................................................. 86
 ABSTRACT

The increasing massive amount of data generated by various sources has given birth to big data
analytics. Solving large-scale nonlinear programming problems (NLPs) is one important big data
analytics task that has applications in many domains such as transport and logistics. However,
NLPs are usually too computationally expensive for resource-constrained users. Fortunately,
cloud computing provides an alternative and economical service for resource constrained users to
outsource their computation tasks to the cloud. However, one major concern with outsourcing
NLPs is the leakage of user’s private information contained in NLP formulations and results.
Although much work has been done on privacy-preserving outsourcing of computation tasks,
littleattention has been paid to NLPs.In this paper, we for the first time investigate secure
outsourcing of general large-scale NLPs with nonlinear constraints. A secure and efficient
transformation scheme at the user side is proposed to protect users’ private information; at the
cloud side, generalized reduced gradient method is applied to effectively solve the transformed
large-scale NLPs. The proposed protocol is implemented on a cloud computing testbed.
Experimental evaluations demonstrate that significant time can be saved for users and the
proposed mechanismhas the potential for practical use.

PROBLEM STATEMENT:

Large-scale nonlinear programming (NLP) is critical in various fields, including optimization,

engineering, and machine learning, where complex problems must be solved efficiently.
However, executing these computationally intensive tasks on cloud platforms raises significant
privacy and security concerns, particularly when sensitive data is involved. Traditional cloud
computing solutions often expose sensitive data to potential breaches, making them unsuitable
for handling secure, privacy-preserving computations. The challenge lies in developing a method
that ensures both the security of data and the integrity of computations without sacrificing
performance. Additionally, the need for scalability in handling large-scale NLP tasks further
complicates the problem.

1
OBJECTIVE:

The goal is to develop a privacy-preserving and secure cloud computing framework tailored for
large-scale nonlinear programming tasks. This framework will utilize advanced cryptographic
methods, such as homomorphic encryption or secure multi-party computation, to protect data
throughout the computation process. The solution will aim to maintain the efficiency and
scalability necessary for handling large datasets and complex NLP problems without
compromising on security. By integrating robust privacy measures, the framework seeks to
provide a secure environment for executing NLP tasks on the cloud. Ultimately, this approach will
enable organizations to leverage cloud computing for sensitive computations while ensuring data
confidentiality and computational integrity.

2
 CHAPTER.1
INTRODUCTION

Introduction:

Cloud computing has gained an increasing popularity in both academia and industry communities
and has been widely used due to its huge computing power, on-demand scalability and low usage
cost. It offers many services to users, such as data storage, data management and computing
resources via the Internet. Besides personal uses such as data storage service represented by
Dropbox, cloud computing also has enterprise applications such as big data analytics and business
intelligence. One fundamental feature of cloud computing is computation outsourcing, allowing
users to perform computations at the resource-rich cloud side and no longer be limited by limited
local resources. Despite the tremendous benefits, outsourcing computation to the cloud also
introduces security and privacy concerns. The first concern is data privacy including both input
data privacy and output data privacy. The outsourcing paradigm deprives users’ direct control over
the systems where their data is hosted and computed. The data input to the cloud may contain
sensitive information such as medical records and financial asset status. The leakage of these data
will breach users’ privacy. To protect data against unauthorized leakage, data must be encrypted
before outsourcing.
Another concern is the verifiability of results returned from the cloud. Usually, users cannot
oversee all details of the computations in the cloud. There do exist some motives for the cloud
service provider to behave dishonestly and deliver incorrect results to users. One motive is that
since intensive computing resources are usually needed to perform outsourced computationtasks,
the cloud service provider might not do all the needed computations to save computing resources.
If the cloud server is under outside attacks during the computing process or suffering from
internal software failures, the correctness of returned results will also be at risk. Consequently,
the verifiability of results returned from cloud should be provided. A third concern is that the
computation at the cloud should be efficient; otherwise, there is no need for users to outsource
computations to the cloud. The time needed by the client to offload the computation to the cloud
should be much less than the time needed by the client to solve the computation task byitself. In
this paper, we investigate privacy-preserving outsourcing of large-scale NLPs with nonlinear
constraints . NLP is a general optimization problem. For instance, finding the optimal investment
portfolio is a typical NLP optimization problem subjecting to nonlinear constraints, where an
investor wants to maximize expected return and minimize risk simultaneously for investment. In
the deep learning area, researchers are always making efforts to find the optimal solution for loss
function, which can also be formulated as an NLP with nonlinear constraints.NLPs with
nonlinear constraints are also common in various industry domains, such as the minimum cost
of transport and logistics, optimal design, emission-constrained minimum fuel, and so forth.

3
It is very challenging for resource-limited users to solve large-scale NLPs with nonlinear
constraints, since it requires intensive computation resources. In this work, we propose a privacy-
preserving and efficient mechanism to offload large-scale NLPs with nonlinear constraints to the
cloud. To the best of our knowledge, privacy-preserving outsourcing of NLPs with nonlinear
constraints has never been studied before and this paper is the first. We first formulate the private
NLP with nonlinear constraints as a set of matrices and vectors. Then the user generates random
vectors and matrices and performs mathematical transformation to protect the original NLP
formulation. It is proved that the transformed NLP with nonlinear constraints is computationally
indistinguishable from the original one, which means that the cloud cannot infer any useful
information about the original NLP from the transformed NLP. At the cloud side, the generalized
reduced gradient method is employed to solve the encrypted NLP, which is experimentally
demonstrated to be efficient and practical. Finally, the user can verify the correctness of the
returned solution to NLP.

4
 LITERATURE SURVEY:

Much work has been done on privacy-preserving outsourcing of computation-intensive tasks to

the cloud. Some work focused on outsourcing arbitrary computation functions, mainly using fully
homomorphic encryption (FHE) schemes such as. Although theoretical guarantees of privacy can
be achieved with FHE, current FHE schemes have very high computation cost, making them
impractical for large-scale computations such as large-scale NLPs addressed in this paper. Other
work designed secure outsourcing protocols for specific problems, such as linear programming,
system of equations, distributed linear programming, quadratic programming, and linear
regression. Outsourcing basic mathematical computations has also been studied, such as matrix
determinant computation, matrix inversion, and modular exponentiations. However, previous
work mostly focused on linear systems and some other particular problems. Outsourcing NLPs has
received little attention Very recently, we also studied securely outsourcing NLPs in our previous
work, but that work only considers NLPs with linear equality constraints. Different from it, this
paper addresses NLPs with nonlinear inequality and equality constraints which are more
complicated and general

Barbosa, M., Farshim, P.: Delegable homomorphic encryption with applications to secure
outsourcing of computation. In: Proceedings of the 12th conference on Topics in Cryptology. pp.
296–312 (2012).
 Objective of Paper: This allows a Trusted Authority to control/delegate the capability to
evaluate circuits over encrypted data to untrusted workers/evaluators by issuing tokens.
 Approach/Algorithm/Framework: Delegable Homomorphic Encryption (DHE)
 Pro’s: senders do not need to be aware of the functions which will be evaluated on the
encrypted data, nor do they need to register keys.
 Cons: Encryption process takes more time.

Chen, F., Xiang, T., Lei, X., Chen, J.: Highly efficient linear regression outsourcing to a cloud.
IEEE Transactions on Cloud Computing 2(4), 499–508 (2014).
 Objective of Paper: This paper investigates the linear regression outsourcing problem,
which is a quite common engineering task and employed in various applications
 Approach/Algorithm/Framework: linear regression
 Pro’s: special linear transformations and there are no homomorphic encryptions and
interactions between the client and the cloud.
 Con’s: Experimental results validate no practical usability of protocols.

5
Chen, F., Xiang, T., Yang, Y.: Privacy-preserving and verifiable protocols for scientific
computation outsourcing to the cloud. Journal of Parallel and Distributed Computing 74(3), 2141–
2151 (2014).
 Objective of Paper: protocols for secure outsourcing scientific computations
 Approach/Algorithm/Framework: pseudorandom number generator
 Pro’s: we achieve the improvement by reformulating the linear programming problem in
the standard and natural form.
 Con’s:, the verification time in both the new protocols and the previous protocols are same
Lei, X., Liao, X., Huang, T., Li, H., Hu, C.: Outsourcing large matrix inversion computation to
a public cloud. IEEE Transactions on Cloud Computing 1(1), 1–1 (2013).
 Objective of Paper: The main idea to protect the privacy is employing some
transformations on the original matrix
 Approach/Algorithm/Framework: Randomized Monte Carlo verification algorithm
 Pro’s: the superiority of this novel technique in designing inexpensive result verification
algorithm for secure outsourcing is well demonstrated.
 Con’s: Extensive theoretical analysis and experimental evaluation

6
 IMPLEMENTATION:

MODULES

User Module:

Using this module user can register with application and view encrypted data uploaded by
owner and request key to download and decrypt data.

Owner Module:
User is a person who takes service from cloud and use services for storing data and performing
task, but he has restrictions to process data which is an NLP problem for us who will request
cloud to solve problem and get solution form cloud without knowing actual data by verifying
if requested problem is solved or not and then decrypt data. Owner will generate hash function
to check if any data is modified by cloud

Cloud Module:

Cloud module stores users encrypted data and process requests sent by owner which are NLP
problems and get problem solved without knowing owners personal information. If cloud
modifies users’ data hash code will change which is used for verification.

7
 CHAPTER: 2
SYSTEM ANALYSIS
Introdu
ction:

The general form of NLP is expressed as follows P1 : Minimize subject to f(x) gi(x) = 0, hj(x) ≤
bj, i =1,··· ,m j =1,··· ,l AK ≤Xu ≤UK, k =1,···n (1) where x = (x1,x2,··· ,xn) is an n dimensional
vector of variables, f(x) is a nonlinear objective function, gi(x) = 0 are m equality constraints, and
hj(x) ≤ bj are l inequality constraints. In this paper, the NLP is considered as feasible indicating
that there exists at least one point x∗ satisfying all the inequality and equality constraints. Also, it
should be noted that the inequality and equality constraints are both of nonlinear form in this paper.
NLPs appear many practical applications, such as machine learning, finance budget allocation, and
some decision-making problems. Taking the typical support vector machine (SVM) classification
as an example. It is known that SVM consists of linear and nonlinear form according to the
selection of classification functions. A large portion of the classification tasks require using the
nonlinear form of hyperplanes due to the complexity of data. As a result, the training of the SVM
classifier is transformed to solve the nonlinear function subjecting to nonlinear constraints, where
nonlinear function is the loss function of SVM model, and nonlinear constraints are nonlinear
forms of hyperplanes.

EXISTING SYSTEM:

Cloud computing offers a powerful infrastructure for large-scale computational tasks , including
nonlinear programming (NLP) .It provides on-demand access to shared pool of configurable
computing resources (e.g., networks, servers, storage, applications , and services) that can be
rapidly provisioned and released with minimal management effort. For large-scale NLP, cloud
computing offers: Scalability : The ability to scale computing resources up or down based
on demand. Cost Efficiency: Reduced capital expenditure on physical infrastructure. Accessibility
Remote access to computational resources from anywhere with an internet connection. Resource
Optimization: Efficient utilization of computational resources through virtualization.

8
 DISADVANTAGES OF EXISTING SYSTEM:

 Lack of robust and efficient techniques for preserving privacy during the outsourcing of
large-scale nonlinear programming problems to the cloud.
 Insufficient exploration of cryptographic methods, such as homomorphic encryption,
secure multi-party computation, or differential privacy, in the context of nonlinear
programming.
 Limited research on scalability issues when dealing with large-scale optimization problems
in a privacy-preserving manner.
 Need for efficient algorithms and protocols that can handle the computational demands of
nonlinear programming while ensuring privacy.
 Limited validation of privacy-preserving techniques in the context of real-world
applications or industries that frequently require large-scale nonlinear programming
outsourcing.
 A need for adaptive privacy mechanisms that can dynamically adjust the level of privacy
protection based on the sensitivity of the data and the requirements of the optimization
problem.

PROPOSED SYSTEM:

• we investigate secure outsourcing of general large-scale NLPs with nonlinear constraints. A

secure and efficient transformation scheme at the user side is proposed to protect users
private information at the cloud side,generalized reduced access control method is applied to
effectively solve the transformed large-scale NLPs The proposed protocol is to
implemented on a cloud computing testbed. We apply time attribute-based access.

ADVANTAGES OF PROPOSED SYSTEM:

Implementing privacy-preserving and secure cloud computing for large-scale nonlinear

programming can offer numerous benefits , addressing many of the concerns associated with
traditional cloud computing solutions. Here are some of the primary advantages:

9
 Enhanced Data Privacy

o Data Encryption : Encrypting data both at rest and in transit ensures that sensitive
information is protected from unauthorized access.
o Secure Multiparty Computation (SMC): Allows computations to be performed
on encrypted data without revealing the actual data, thus preserving privacy.
o Homomorphic Encryption : Enables computations on encrypted data, producing
encrypted results that, when decrypted, match the results of operations performed
on plaintext data.

 Improved Security

o Access Control Mechanisms : Implementing robust authentication and

authorization protocols ensures that only authorized users can access sensitive data
and resources.
o Intrusion Detection and Prevention Systems (IDPS): Continuous monitoring and
real-time detection of suspicious activities help mitigate security threats.
o Secure Data Sharing : Techniques like attribute-based encryption and role-based
access control (RBAC) facilitate secure data sharing among multiple users without
compromising privacy.

10
 THE STUDY OF THE SYSTEM

 To conduct studies and analyses of an operational and technological nature, and

 To promote the exchange and development of methods and tools for operational analysis
as applied to defense problems. 

Logical design

The logical design of a system pertains to an abstract representation of the data flows, inputs and
outputs of the system. This is often conducted via modeling, using an over-abstract (and sometimes
graphical) model of the actual system. In the context of systems design are included. Logical
design includes ER Diagrams i.e. Entity Relationship Diagrams

Physical design

The physical design relates to the actual input and output processes of the system. This is laid down
in terms of how data is input into a system, how it is verified / authenticated, how it is processed,
and how it is displayed as output. In Physical design, following requirements about the system
are decided.

1. Input requirement,
2. Output requirements,
3. Storage requirements,
4. Processing Requirements,
5. System control and backup or recovery.

11
Put another way, the physical portion of systems design can generally be broken down into three
sub-tasks:

1. User Interface Design

2. Data Design
3. Process Design

User Interface Design is concerned with how users add information to the system and with how
the system presents information back to them. Data Design is concerned with how the data is
represented and stored within the system. Finally, Process Design is concerned with how data
moves through the system, and with how and where it is validated, secured and/or transformed as
it flows into, through and out of the system. At the end of the systems design phase, documentation
describing the three sub-tasks is produced and made available for use in the next phase.

Physical design, in this context, does not refer to the tangible physical design of an information
system. To use an analogy, a personal computer's physical design involves input via a keyboard,
processing within the CPU, and output via a monitor, printer, etc. It would not concern the actual
layout of the tangible hardware, which for a PC would be a monitor, CPU, motherboard, hard
drive, modems, video/graphics cards, USB slots, etc. It involves a detailed design of a user and a
product database structure processor and a control processor. The H/S personal specification is
developed for the proposed system.

12
SYSTEM REQUIREMENTS

HARDWARE REQUIREMENTS:

• System : Pentium IV 2.4 GHz.

• Hard Disk : 200 GB.

• Floppy Drive : 1.44 Mb.

• Monitor : 15 VGA Colour.

• Mouse : Logitech.

• Ram : 1 GB.

SOFTWARE REQUIREMENTS:

 Operating system : Windows XP/7/10.

 Coding Language : Java

 Tool : NetBeans

 Database : MYSQL

13
 INPUT & OUTPUT REPRESENTATION

Input Design

The input design is the link between the information system and the user. It comprises the
developing specification and procedures for data preparation and those steps are necessary to put
transaction data into a usable form for processing can be achieved by inspecting the computer to
read data from a written or printed document or it can occur by having people keying the data
directly into the system. The design of input focuses on controlling the amount of input required,
controlling the errors, avoiding delay, avoiding extra steps and keeping the process simple. The
input is designed in such a way so that it provides security and ease of use with retaining the
privacy. Input Design considered the following things:

 What data should be given as input?

 How the data should be arranged or coded?
 The dialog to guide the operating personnel in providing input.
 Methods for preparing input validations and steps to follow when error occur.

Objectives

Input Design is the process of converting a user-oriented description of the input into a computerbased
system. This design is important to avoid errors in the data input process and show the correct
direction to the management for getting correct information from the computerized system.It is
achieved by creating user-friendly screens for the data entry to handle large volumes of data. The
goal of designing input is to make data entry easier and to be free from errors. The data entry
screen is designed in such a way that all the data manipulates can be performed. It also provides
record viewing facilities.
When the data is entered it will check for its validity. Data can be entered with the help of
screens. Appropriate messages are provided as when needed so that the user will not be in maize
of instant. Thus, the objective of input design is to create an input layout that is easy to follow.

Output Design

A quality output is one which meets the requirements of the end user and presents the information
clearly . In any system results of processing are communicated to the users and to other system

14
through outputs . In output design it is determined how the information is to be displaced for the
immediate need and the hard copy output. It is the most important and direct source information
to the user. Efficient and intelligent output design improves the system’s relationship to help user
decision-making.
a. Designing computer output should proceed in an organized, well thought out manner; the
right output must be developed while ensuring that each output element is designed so that
people will find the system can use easily and effectively. When analysis design computer
output, they should Identify the specific output that is needed to meet the requirements.
b. Select methods for presenting information.
c. Create document, report, or other formats that contain information produced by the system.

Introduction to Java

Java Technology

Java technology is both a programming language and a platform.

The Java Programming Language

The Java programming language is a high-level language that can be characterized by all of the
following buzzwords:
 Simple
 Architecture neutral
 Object oriented
 Portable
 Distributed
 High performance
 Interpreted
 Multithreaded
 Robust
 Dynamic
 Secure

15
With most programming languages, you either compile or interpret a program so that you can run
it on your computer. The Java programming language is unusual in that a program is both compiled
and interpreted. With the compiler, first you translate a program into an intermediate language
called Java byte codes —the platform-independent codes interpreted by the interpreter on the Java
platform. The interpreter parses and runs each Java byte code instruction on the computer.
Compilation happens just once; interpretation occurs each time the program is executed. The
following figure illustrates how this works.

You can think of Java byte codes as the machine code instructions for the Java Virtual Machine
(Java VM). Every Java interpreter, whether it’s a development tool or a Web browser that can run
applets, is an implementation of the Java VM. Java byte codes help make “write once, run
anywhere” possible. You can compile your program into byte codes on any platform that has a
Java compiler. The byte codes can then be run on any implementation of the Java VM. That means
that as long as a computer has a Java VM, the same program written in the Java programming
language can run on Windows 2000, a Solaris workstation, or on an iMac.

16
The Java Platform

A platform is the hardware or software environment in which a program runs. We’ve

already mentioned some of the most popular platforms like Windows 2000, Linux, Solaris,
and MacOS. Most platforms can be described as a combination of the operating system
and hardware. The Java platform differs from most other platforms in that it’s a software-
only platform that runs on top of other hardware-based platforms.

The Java platform has two components:

 The Java Virtual Machine (Java VM)
 The Java Application Programming Interface (Java API)
You’ve already been introduced to the Java VM. It’s the base for the Java platform and is
ported onto various hardware-based platforms.

The Java API is a large collection of ready-made software components that provide many
useful capabilities, such as graphical user interface (GUI) widgets. The Java API is grouped
into libraries of related classes and interfaces; these libraries are known as packages. The
next section, What Can Java Technology Do? Highlights what functionality some of the
packages in the Java API provide.

The following figure depicts a program that’s running on the Java platform. As the figure
shows, the Java API and the virtual machine insulate the program from the hardware.

Native code is code that after you compile it, the compiled code runs on a specific hardware
platform. As a platform-independent environment, the Java platform can be a bit slower
than native code. However, smart compilers, well-tuned interpreters, and just-in-time byte
code compilers can bring performance close to that of native code without threatening
portability.

17
What Can Java Technology Do?

The most common types of programs written in the Java programming language are applets
and applications. If you’ve surfed the Web, you’re probably already familiar with applets.
An applet is a program that adheres to certain conventions that allow it to run within a Java-
enabled browser. However, the Java programming language is not just for writing cute,
entertaining applets for the Web. The general-purpose, high-level Java programming
language is also a powerful software platform. Using the generous API, you can write
many types ofprograms.
An application is a standalone program that runs directly on the Java platform. A special
kind of application known as a server serves and supports clients on a network. Examples
of servers are Web servers, proxy servers, mail servers, and print servers. Another
specialized program is a servlet. A servlet can almost be thought of as an applet that runs
on the server side. Java Servlets are a popular choice for building interactive web
applications, replacing the use of CGI scripts. Servlets are similar to applets in that they
are runtime extensions of applications. Instead of working in browsers, though, servlets
run within Java Web servers, configuring or tailoring the server.
How does the API support all these kinds of programs? It does so with packages of software
components that provides a wide range of functionality. Every full implementation of the
Java platform gives you the following features:
 The essentials: Objects, strings, threads, numbers, input and output, data structures,
system properties, date and time, and so on.
 Applets: The set of conventions used by applets.

 Networking: URLs, TCP (Transmission Control Protocol), UDP (User Data gram
Protocol) sockets, and IP (Internet Protocol) addresses.
 Internationalization: Help for writing programs that can be localized for users
worldwide. Programs can automatically adapt to specific locales and be displayed
in the appropriate language.
 Security: Both low level and high level, including electronic signatures, public and
private key management, access control, and certificates.
 Software components: Known as JavaBeansTM, can plug into existing component
architectures.
 Object serialization: Allows lightweight persistence and communication via
Remote Method Invocation (RMI).
 Java Database Connectivity (JDBCTM): Provides uniform access to a wide range
of relational databases.

18
 The Java platform also has APIs for 2D and 3D graphics, accessibility, servers,
collaboration, telephony, speech, animation, and more. The following figure depicts what
is included in the Java 2 SDK.

How Will Java Technology Change My Life?

We can’t promise you fame, fortune, or even a job if you learn the Java programming
language. Still, it is likely to make your programs better and requires less effort than other
languages. We believe that Java technology will help you do the following:
 Get started quickly: Although the Java programming language is a powerful
object-oriented language, it’s easy to learn, especially for programmers already
familiar with C or C++.
 Write less code: Comparisons of program metrics (class counts, method counts,
and so on) suggest that a program written in the Java programming language can
be four times smaller than the same program in C++.
 Write better code: The Java programming language encourages good coding
practices, and its garbage collection helps you avoid memory leaks. Its object
orientation, its JavaBeans component architecture, and its wide-ranging, easily
extendible API let you reuse other people’s tested code and introduce fewer bugs.
 Develop programs more quickly: Your development time may be as much as
twice as fast versus writing the same program in C++. Why? You write fewer lines
of code, and it is a simpler programming language than C++.

19
  Avoid platform dependencies with 100% Pure Java: You can keep your
program portable by avoiding the use of libraries written in other languages. The
100% Pure JavaTM Product Certification Program has a repository of historical
process manuals, white papers, brochures, and similar materials online.
 Write once, run anywhere: Because 100% Pure Java programs are compiled into
machine-independent byte codes, they run consistently on any Java platform.
 Distribute software more easily: You can upgrade applets easily from a central
server. Applets take advantage of the feature of allowing new classes to be loaded
“on the fly,” without recompiling the entire program.

ODBC
Microsoft Open Database Connectivity (ODBC) is a standard programming interface for
application developers and database systems providers. Before ODBC became a de facto standard
for Windows programs to interface with database systems, programmers had to use proprietary
languages for each database they wanted to connect to. Now, ODBC has made the choice of the
database system almost irrelevant from a coding perspective, which is as it should be. Application
developers have much more important things to worry about than the syntax that is needed to port
their program from one database to another when business needs suddenly change.
Through the ODBC Administrator in Control Panel, you can specify the particular database that is
associated with a data source that an ODBC application program is written to use. Think of an
ODBC data source as a door with a name on it. Each door will lead you to a particular database.
For example, the data source named Sales Figures might be a SQL Server database, whereas the
Accounts Payable data source could refer to an Access database. The physical database referred to
by a data source can reside anywhere on the LAN.
The ODBC system files are not installed on your system by Windows 95. Rather, they are installed
when you setup a separate database application, such as SQL Server Client or Visual Basic
4.0.When the ODBC icon is installed in Control Panel, it uses a file called ODBCINST.DLL. It is
also possible to administer your ODBC data sources through a stand-alone program called
ODBCADM.EXE. There is a 16-bit and a 32-bit version of this program, and each maintains a
separate list of ODBC data sources.

From a programming perspective, the beauty of ODBC is that the application can be written to use
the same set of function calls to interface with any data source, regardless of the database vendor.
The source code of the application doesn’t change whether it talks to Oracle or SQL Server. We
only mention these two as an example. There are ODBC drivers available for several dozen popular

20
database systems. Even Excel spreadsheets and plain text files can be turned into data sources. The
operating system uses the Registry information written by ODBC Administrator to determine
Which low-level ODBC drivers are needed to talk to the data source (such as the interface to
Oracleor SQL Server). The loading of the ODBC drivers is transparent to the ODBC application
program.In a client/server environment, the ODBC API even handles many of the network issues
for the application programmer.The advantages of this scheme are so numerous that you are
probably thinking there must be somecatch. The only disadvantage of ODBC is that it isn’t as
efficient as talking directly to the native database interface. ODBC has had many detractors make
the charge that it is too slow. Microsoft has always claimed that the critical factor in performance
is the quality of the driver software that is used. In our humble opinion, this is true. The
availability of good ODBC drivers has improved a great deal recently. And anyway, the criticism
about performance is somewhat analogous to thosewho said that compilers would never match the
speed of pure assembly language. Maybe not, but the compiler (or ODBC) gives you the
opportunity to write cleaner programs, which means you finish sooner. Meanwhile, computers
get faster every year.

JDBC
In an effort to set an independent database standard API for Java; Sun Microsystems developed
Java Database Connectivity, or JDBC. JDBC offers a generic SQL database access mechanism
that provides a consistent interface to a variety of RDBMSs. This consistent interface is achieved
through the use of “plug-in” database connectivity modules, or drivers. If a database vendor wishes
to have JDBC support, he or she must provide the driver for each platform that the database and
Java run on.
To gain a wider acceptance of JDBC, Sun based JDBC’s framework on ODBC. As you discovered
earlier in this chapter, ODBC has widespread support on a variety of platforms. Basing JDBC on
ODBC will allow vendors to bring JDBC drivers to market much faster than developing a
completely new connectivity solution.
JDBC was announced in March of 1996. It was released for a 90-day public review that ended
June 8, 1996. Because of user input, the final JDBC v1.0 specification was released soon after.
The remainder of this section will cover enough information about JDBC for you to know what it
is about and how to use it effectively. This is by no means a complete overview of JDBC. That
would fill an entire book.

21
JDBC Goals
Few software packages are designed without goals in mind. JDBC is one that, because of its many
goals, drove the development of the API. These goals, in conjunction with early reviewer feedback,
have finalized the JDBC class library into a solid framework for building database applications in
Java.The goals that were set for JDBC are important. They will give you some insight as to why
certainclasses and functionalities behave the way they do. The eight design goals for JDBC are as
follows:
1. SQL Level API
The designers felt that their main goal was to define a SQL interface for Java. Although not
the lowest database interface level possible, it is at a low enough level for higher-level tools
and APIs to be created. Conversely, it is at a high enough level for application programmers
to use it confidently. Attaining this goal allows for future tool vendors to “generate” JDBC
code and to hide many of JDBC’s complexities from the end user.

2. SQL Conformance
SQL syntax varies as you move from database vendor to database vendor. In an effort to
support a wide variety of vendors, JDBC will allow any query statement to be passed
through it to the underlying database driver. This allows the connectivity module to handle
non- standard functionality in a manner that is suitable for its users.

3. JDBC must be implemental on top of common database

interfaces The JDBC SQL API must “sit” on top of other common SQL level APIs. This
goal allows JDBC to use existing ODBC level drivers by the use of a software interface.
This interface would translate JDBC calls to ODBC and vice versa.

4. Provide a Java interface that is consistent with the rest of the Java system
Because of Java’s acceptance in the user community thus far , the designers feel that they
should not stray from the current design of the core Java system.

5. Keep it simple
This goal probably appears in all software design goal listings. JDBC is no exception. Sun
Felt that the design of JDBC should be very simple, allowing for only one method of
Completing atask per mechanism. Allowing duplicate functionality only serves to confuse
the users of the API.

6. Use strong, static typing wherever possible

Strong typing allows for more error checking to be done at compile time; also,less error appearat
runtime.

22
Networking:

TCP/IP stack

The TCP/IP stack is shorter than the OSI one:

TCP is a connection-oriented protocol ; UDP (User Datagram Protocol) is a connectionless

protocol.

IP datagram’s

The IP layer provides a connectionless and unreliable delivery system. It considers each
datagram independently of the others. Any association between datagram must be supplied by the
higher layers. The IP layer supplies a checksum that includes its own header. The header includes
the source and destination addresses. The IP layer handles routing through an Internet. It is also
responsible for breaking up large datagram into smaller ones for transmission and reassembling
them at the other end.

UDP

UDP is also connectionless and unreliable. What it adds to IP is a checksum for the contents of the
datagram and port numbers. These are used to give a client/server model - see later.

TCP

TCP supplies logic to give a reliable connection-oriented protocol above IP. It provides a virtual
circuit that two processes can use to communicate.

23
Internet addresses

In order to use a service, you must be able to find it. The Internet uses an address scheme for
machines so that they can be located. The address is a 32-bit integer which gives the IP address.
This encodes a network ID and more addressing. The network ID falls into various classes
according to the size of the network address.

Network address

Class A uses 8 bits for the network address with 24 bits left over for other addressing. Class B uses
16-bit network addressing. Class C uses 24-bit network addressing and class D uses all 32.

Subnet address

Internally, the UNIX network is divided into sub networks. Building 11 is currently on one
subnetwork and uses 10-bit addressing, allowing 1024 different hosts.

Host address

8 bits are finally used for host addresses within our subnet. This places a limit of 256 machines
that can be on the subnet.

Total address

The 32-bit address is usually written as 4 integers separated bydots.

24
Port addresses

A service exists on a host and is identified by its port. This is a 16-bit number. To send a message to a
server, you send it to the port for that service of the host that it is running on. This is not location
transparency! Certain of these ports are "well known".

Sockets

A socket is a data structure maintained by the system to handle network connections. A socket is created
using the call socket. It returns an integer that is like a file descriptor. In fact, under Windows, this handle
can be used with Read File and Write File functions.
#include <sys/types.h>
#include <sys/socket.h>
int socket (int family, int type, int protocol);
here "family" will be affined for ip communications, protocol will be zero, and type will depend
on whether tcp or udp is used. two processes wishing to communicate over a network create a
socket each. these are similar to two ends of a pipe - but the actual pipe does not yet exist.

JFree Chart

JFreeChart is a free 100% Java chart library that makes it easy for developers to display
professional quality charts in their applications. JFreeChart's extensive feature set includes:

A consistent and well-documented API, supporting a wide range of chart types.

A flexible design that is easy to extend, and targets both server-side and client-side applications.

Support for many output types, including Swing components, image files (including PNG and
JPEG), and vector graphics file formats (including PDF, EPS and SVG).

1. Map Visualizations
Charts showing values that relate to geographical areas. Some examples include:

(a) population density in each state of the United States,

(b) income per capita for each country in Europe,

(c) life expectancy in each country of the world.

25
The tasks in this project include:

Sourcing freely redistributable vector outlines for the countries of the world, states/provinces in
particular countries (USA in particular, but also other areas).

Creating an appropriate dataset interface (plus default implementation), a rendered, and integrating
this with the existing XYPlot class in JFreeChart.

Testing, documenting, testing some more, documenting some more.

2. Time Series Chart Interactivity

Implement a new (to JFreeChart) feature for interactive time series charts --- to display a separate
control that shows a small version of ALL the time series data, with a sliding "view" rectangle that
allows you to select the subset of the time series data to display in the main chart.

3. Dashboards
There is currently a lot of interest in dashboard displays. Create a flexible dashboard mechanism
that supports a subset of JFreeChart chart types (dials, pies, thermometers, bars, and lines/time
series) that can be delivered easily via both Java Web Start and an applet.

4. Property Editors
The property editor mechanism in JFreeChart only handles a small subset of the properties that
can be set for charts. Extend (or reimplement) this mechanism to provide greater end-user control
over the appearance of the charts.

J2ME (Java 2 Micro edition):

Sun Microsystems defines J2ME as "a highly optimized Java run-time environment targeting a wide
range of consumer products, including pagers, cellular phones, screen-phones, digital set-top boxes
and car navigation systems." Announced in June 1999 at the Javone Developer Conference, J2ME
brings the cross-platform functionality of the Java language to smaller devices, allowing mobile
wireless devices to share applications. With J2ME, Sun has adapted the Java platform for consumer
products that incorporate or are based on small computing devices.

26
1. General J2ME architecture

J2ME uses configurations and profiles to customize the Java Runtime Environment (JRE). As a
complete JRE, J2ME is comprised of a configuration, which determines the JVM used, and a
profile, which defines the application by adding domain-specific classes. The configuration defines
the basic run-time environment as a set of core classes and a specific JVM that run on specific
types of devices. We'll discuss configurations in detail in the profile defines the application;
specifically, it adds domain-specific classes to the J2ME configuration to define certain uses for
devices. We'll cover profiles in depth in the following graphic depicts the relationship between the
different virtual machines, configurations, and profiles. It also draws a parallel with the J2SE API
and its Java virtual machine. While the J2SE virtual machine is generally referred to as a JVM, the
J2ME virtual machines, KVM and CVM, are subsets of JVM. Both KVM and CVM can be thought
of as a kind of Java virtual machine -- it's just that they are shrunken versions of the J2SE JVM
and are specific to J2ME.

1. Developing J2ME applications

Introduction In this section, we will go over some considerations you need to keep in mind when
developing applications for smaller devices. We'll take a look at the way the compiler is invoked
when using J2SE to compile J2ME applications. Finally, we'll explore packaging and deployment
and the role preverification plays in this process.

27
2. Design considerations for small devices

Developing applications for small devices requires you to keep certain strategies in mind during
the design phase. It is best to strategically design an application for a small device before you begin
coding. Correcting the code because you failed to consider all of the "gotchas" before developing
the application can be a painful process. Here are some design strategies to consider:

* Keep it simple. Remove unnecessary features, possibly making those features a separate,
secondary application.

* Smaller is better. This consideration should be a "no brainer" for all developers. Smaller
applications use less memory on the device and require shorter installation times. Consider
packaging your Java applications as compressed Java Archive (jar) files.

* Minimize run-time memory use. To minimize the amount of memory used at run time, use scalar
types in place of object types. Also, do not depend on the garbage collector. You should manage
the memory efficiently yourself by setting object references to null when you are finished with

* them. Another way to reduce run-time memory is to use lazy instantiation, only allocating
objects on an as-needed basis. Other ways of reducing overall and peak memory use on small
devices areto release resources quickly, reuse objects, and avoid exceptions.

3. Configurations overview

The configuration defines the basic run-time environment as a set of core classes and a specific
JVM that run on specific types of devices. Currently, two configurations exist for J2ME, though
others may be defined in the future:

* Connected Limited Device Configuration (CLDC) is used specifically with the

KVM for 16- bit or 32-bit devices with limited amounts of memory. This is the configuration
and the virtual machine) used for developing small J2ME applications. Its size limitations make
CLDC more interesting and challenging (from a development point of view) than CDC.
CLDC is also the configuration that we will use for developing our drawing tool application. An
example of a smallwireless device running small applications is a Palm hand-held computer.

* Connected Device Configuration (CDC ) is used with the C virtual machine (CVM) and
is used for 32-bit architectures requiring more than 2 MB of memory. An example of such a
device is a Net TV box.

28
4. J2ME profiles

What is a J2ME profile?

As we mentioned earlier in this tutorial, a profile defines the type of device supported. The Mobile
Information Device Profile (MIDP), for example, defines classes for cellular phones. It adds
domain-specific classes to the J2ME configuration to define uses for similar devices. Two profiles
have been defined for J2ME and are built upon CLDC: KJava and MIDP. Both KJava and MIDP
are associated with CLDC and smaller devices. Profiles are built on top of configurations. Because
profiles are specific to the size of the device (amount of memory) on which an application runs,
certain profiles are associated with certain configurations.

A skeleton profile upon which you can create your own profile, the Foundation Profile, is available
for CDC.

Profile 1: KJava

KJava is Sun's proprietary profile and contains the KJava API. The KJava profile is built on top
of the CLDC configuration. The KJava virtual machine, KVM, accepts the same byte codes and
class file format as the classic J2SE virtual machine. KJava contains a Sun-specific API that runs
on the Palm OS. The KJava API has a great deal in common with the J2SE Abstract Windowing
Toolkit (AWT). However, because it is not a standard J2ME package, its main package is com.sun.
kjava.

We'll learn more about the KJava API later in this tutorial when we develop some sample
applications.

Profile 2: MIDP

MIDP is geared toward mobile devices such as cellular phones and pagers. The MIDP, like KJava,
is built upon CLDC and provides a standard run-time environment that allows new applications
and services to be deployed dynamically on end user devices. MIDP is a common, industry-
standard profile for mobile devices that is not dependent on a specific vendor. It is a complete and
supported foundation for mobile application development.

29
 MIDP contains the following packages, the first three of which are core CLDC packages, plus
three MIDP-specific packages.

* Java.lang

* Java.io

* Java. util

* Javax.microedition.io

* Javax. microedition. lcdui

* Javax. microedition. midlet

* Javax.microedition.rms

2.9.1 Feasibility Study: Key Auditing in Cloud Computing

1. Executive Summary

This feasibility study evaluates the implementation of a key auditing module for cloud computing.
The module involves four main actors : Cloud Owner, RSA (an auditor), Cloud Service Provider
(CSP), and Third Party Auditor (TPA). The purpose is to ensure data integrity through encryption,
hashing, and audit requests.

2. Objective

To develop a secure and efficient system that allows cloud owners to audit their data using
cryptographic techniques and ensures that any tampering or unauthorized changes are detected
and reported.

3. System Overview

 Cloud Owner: Manages data by registering, logging in, uploading files, encrypting data,
generating hashes, sending requests to CSP, and reviewing audit reports.
 RSA (Auditor) : Monitors and modifies data in attack scenarios, verifies data integrity,
and interacts with CSP and Cloud Owner.
 CSP: Manages encrypted data, processes audit requests,and validates hash codes to ensure
data integrity.
 TPA (Third Party Auditor): Facilitates communication between Cloud Owner and CSP,
verifies audit results, and informs the Cloud Owner of the audit status.

30
4. Technical Feasibility

**a. Encryption and Hashing:

 Encryption: To ensure data confidentiality, use robust encryption algorithms like AES
(Advanced Encryption Standard). Each block of the file is encrypted separately to add
an extra layer of security.
 Hashing: Employ cryptographic hash functions (e.g., SHA-256) to generate hash codes
for verifying data integrity. The use of Merkle trees can efficiently manage and verify
large datasets.

**b. Data Integrity Verification:

 Merkle Tree: Provides a method to summarize and verify the integrity of data blocks.
This will be used to generate unique values for data blocks, ensuring changes can be
detected.
 RSA Implementation: In an attack scenario, RSA will allow modification and checking
of data, ensuring that any tampering can be identified.

**c. Audit Requests:

 Audit Request Mechanism: The Cloud Owner sends audit requests with hash codes to
CSP . CSP verifies the hash codes and responds with audit results, indicating whether
data has been tampered with.

**d. Role-Based Access Control:

 Login and Logout: All roles (Cloud Owner, RSA , CSP , TPA) will have secure login
/logout mechanisms to ensure authorized access.

5. Operational Feasibility

**a. User Interface:

 Cloud Owner : Simple and intuitive UI for file management, encryption , and audit
reporting.
 RSA: Interface to view, modify (if necessary), and verify data.
 CSP: Interface to manage encrypted data , process audit requests , and validate hashes.
 TPA: Interface to facilitate audit request handling and verification.

**b. Workflow Efficiency:

 The workflow involves multiple steps but manageable with clear roles and responsibilities
Each actor has specific tasks , and interactions are streamlined through well-defined
processes.

6. Economic Feasibility

**a. Cost Estimates:

 Development Costs: Initial investment for developing the system , including software
development, encryption implementation, and UI design.

31
  Operational Costs: Ongoing maintenance, support, and potential scaling costs.

**b. Cost-Benefit Analysis:

 Benefits : Enhanced data security and integrity, reduced risk of unauthorized data
modification, and compliance with data integrity standards.
 Costs : Development and operational costs must be balanced against the benefits of
increased security and reliability.

7. Security and Compliance

**a. Data Security:

 Implement industry-standard encryption and hashing techniques to protect data from
unauthorized access and tampering.

**b. Compliance:
 Ensure the system complies with relevant data protection regulations (e.g: GDPR, HIPAA)
and industry standards.

8. Risks and Mitigation

**a. Technical Risks:
 Risk: Potential vulnerabilities in encryption algorithms or hash functions.
 Mitigation: Use well-established, widely accepted algorithms and keep up with security
updates.

**b. Operational Risks:

 Risk: User errors or misuse.
 Mitigation: Provide comprehensive training and support for all users.

**c. Economic Risks:

 Risk: Higher-than-expected costs or delays.
 Mitigation: Perform thorough planning and budgeting; include contingency funds.

9. Conclusion
The proposed key auditing module for cloud computing is technically feasible and can provide
Significant benefits in terms of data security and integrity . The implementation requires careful
planning, development , and adherence to security best practices . The system's successful deploy-
ment will depend on effective collaboration between all actors involved and continuous monitoring
and improvement.

32
 CHAPTER: 3

SYSTEM DESIGN

SYSTEM ARCHITECTURE

Architecture Flow:

Below architecture diagram represents mainly flow of request from the users to database through
servers. In this scenario overall system is designed in three tiers separately using three layers called
presentation layer, business layer, data link layer. This project was developed using 3-tier
architecture.

Figure 3.1: Architecture diagram

33
3- Tier Architecture:

The three-tier software architecture (a three-layer architecture) emerged in the 1990s to overcome
the limitations of the two-tier architecture. The third tier (middle tier server) is between the user
interface (client) and the data management (server) components. This middle tier provides process
management where business logic and rules are executed and can accommodate hundreds of users
(as compared to only 100 users with the two-tier architecture) by providing functions such as
queuing, application execution, and database staging.

The three-tier architecture is used when an effective distributed client/server design is needed that
provides (when compared to the two tier) increased performance, flexibility, maintainability,
reusability, and scalability, while hiding the complexity of distributed processing from the user.
These characteristics have made three-layer architectures a popular choice for Internet applications
and net-centric information systems

Advantages of Three-Tier:

 Separates functionality from presentation.

 Clear separation – better understanding.
 Changes limited to well define components.
 Can be running on WWW.
 Effective network performance.

SYSTEM DESIGN

System Design Introduction:

The System Design Document describes the system requirements, operating environment, system
and subsystem architecture,files and database design, input formats, output layouts, human machine
interfaces, detailed design, processing logic, and external interfaces.

34
UML DIAGRAMS

Global Use Case Diagrams:

Identification of actors:

Actor: Actor represents the role a user plays with respect to the system. An actor interacts
with but has no control over the use cases.

Graphical representation :

<<Actor name>>

Actor

An actor is someone or something that:

Interacts with or uses the system.

 Provides input to and receives information from the system.

 Is external to the system and has no control over the use cases.

Actors are discovered by examining:

 Who directly uses the system?

 Who is responsible for maintaining the system?

 External hardware used by the system.

 Other systems that need to interact with the system.

35
Questions to identify actors:

 Who is using the system? Or who is affected by the system? Or which groups need help
from the system to perform a task?
 Who affects the system? Or which user groups are needed by the system to perform its
functions? These functions can be both main functions and secondary functions such
as administration.
 Which external hardware or systems (if any) use the system to perform tasks?

 What problems does this application solve (that is, for whom)?

 And, finally, how do users use the system (use case)? What are they doing with the
system?
The actors identified in this system are:

a. System Administrator

b. Customer

c. Customer Care

Identification of use cases:

Use case :A use case can be described as a specific way of using the system from a user’s
(actor’s) perspective.

Graphical representation :

A more detailed description might characterize a use case as:

 Pattern of behavior the system exhibits

 A sequence of related transactions performed by an actor and the system

 Delivering something of value to the actor

36
Use cases provide a means to:

 capture system requirements

 communicate with the end users and domain experts

 test the system

Use cases are best discovered by examining the actors and defining what the actor will be able to
do with the system.

Guidelines for identifying use cases:

 For each actor, find the tasks and functions that the actor should be able to perform or
that the system needs the actor to perform. The use case should represent a course of
events that leads to clear goal
 Name the use cases.

 Describe the use cases briefly by applying terms with which the user is familiar.

 This makes the description less ambiguous

Questions to identify use cases:

 What are the tasks of each actor?

 Will any actor create, store, change, remove or read information in the system?

 What use case will store, change, remove or read this information?

 Will any actor need to inform the system about sudden external changes?

 Does any actor need to inform about certain occurrences in the system?

 What use cases will support and maintains the system?

37
Flow of Events

A flow of events is a sequence of transactions (or events) performed by the system. They typically
contain very detailed information, written in terms of what the system should do, not how the
system accomplishes the task. Flow of events are created as separate files or documents in your
favorite text editor and then attached or linked to a use case using the Files tab of a model element.

A flow of events should include:

 When and how the use case starts and ends

 Use case/actor interactions
 Data needed by the use case
 Normal sequence of events for the use case
 Alternate or exceptional flows

38
Construction of Use case diagrams:

A use case diagram in the Unified Modeling Language (UML) is a type of behavioral diagram
defined by and created from a Use-case analysis. Its purpose is to present a graphical overview of
the functionality provided by a system in terms of actors, their goals (represented as use cases),
and any dependencies between those use cases. The main purpose of a use case diagram is to show
what system functions are performed for which actor. Roles of the actors in the system can be
depicted.

Figure 3.2.1 Use Case Diagram

39
 SEQUENCE DIAGRAMS:

A sequence diagram in Unified Modeling Language (UML) is a kind of interaction diagram that
shows how processes operate with one another and in what order. It is a construct of a Message
Sequence Chart. Sequence diagrams are sometimes called event diagrams, event scenarios, and
timing diagrams.

Figure 3.2.2: Sequence diagram

40
 CLASS DIAGRAM:

In software engineering, a class diagram in the Unified Modeling Language (UML) is a type of
static structure diagram that describes the structure of a system by showing the system's classes,
their attributes, operations (or methods), and the relationships among the classes. It explains which
class contains information.

Figure 3.2.3: Class Diagram

41
ACTIVITY DIAGRAM:
Activity diagrams are graphical representations of workflows of stepwise activities and actions
with support for choice, iteration and concurrency. In the Unified Modeling Language, activity
diagrams can be used to describe the business and operational step-by-step workflows of
components in a system. An activity diagram shows the overall flow of control.

Figure 3.2.4: Activity Diagram

42
STATE CHART DIAGRAM:

OWNER

43
STATE CHART DIAGRAM :

CLOUD

44
STATE CHART DIAGRAM :

OWNER

45
ER DIAGRAM :

46
COLLOBORATION DIAGRAM :

47
COMPONENT DIAGRAM :

48
DATA FLOW DIAGRAMS ( DFD’S ):

49
DFD -- Data Users :

50
DFD -- Data Owners :

51
DFD -- Cloud :

52
DEPLOYMENT DIAGRAM:

53
 CHAPTER: 4

Code

Databaseconnection

package databaseconnection.
import java.sql. *;
public class databasecon
{
static Connection co.
public static Connection getconnection ()
{
try
{
Class.forName("com. mysql. jdbc. Driver").
co DriverManager.getConnection("jdbc:mysql://localhost:3306/securedata”,” root”, “root");
}
catch (Exception e)
{
System.out.println("Database Error"+e).
}
return co.
}
}
Decryption

/*
To change this template, choose Tools | Templates
and open the template in the editor.
*/
package action;

/**
*
@author java2
*/

54
 import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileWriter;
import java.util.Scanner;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;import javax.swing.JOptionPane;
import sun.misc.BASE64Decoder;import sun.misc.BASE64Encoder;public class decryption
{
//public static void main(String args[])
//{
// Scanner s=new Scanner(System.in);
// System.out.println("Enter encrypted Text and key");
// String text=s.next();
// String key=s.next();
// new decryption().decrypt(text,key);
//}
public String decrypt(String txt, String skey)
{String decryptedtext = null;
try {
//converting string to secretkey byte[] bs = Base64.decode(skey);
SecretKey sec = new SecretKeySpec(bs, "AES");
System.out.println("converted string to seretkey:" + sec);
System.out.println("secret key:" + sec);
Cipher aesCipher = Cipher.getInstance("AES");
//getting AES instance aesCipher.init(Cipher.ENCRYPT_MODE, sec);
//initiating ciper encryption usingsecretkey
byte[] byteCipherText = new BASE64Decoder().decodeBuffer(txt);
//encryptingdata
//System.out.println("ciper text:"+byteCipherText);
aesCipher.init(Cipher.DECRYPT_MODE, sec, aesCipher.getParameters());
//initiating ciper decryption byte[]
byteDecryptedText = aesCipher.doFinal(byteCipherText);
decryptedtext = new String(byteDecryptedText);
System.out.println("Decrypted Text:" + decryptedtext);
}
catch (Exception e)
{System.out.println(e);

55
}
return decryptedtext;
}
String decrypt(String str, SecretKey sec) {
throw new UnsupportedOperationException("Not supported yet.");
//To changebody of generated methods, choose Tools | Templates.
}
}

Download

<%@page import="java.sql.*"%>
<%@page import="Distributed.Dbconnection"%>
<%@ page session="true" %>
<%
String username = session.getAttribute("user").toString();String task =
request.getParameter("task");
String location = request.getParameter("location");String status
= null;
String person = null;try{
Connection con=Dbconnection.getConnection();
PreparedStatement ps=con.prepareStatement("insert into task values(?,?,?,?,?)"); ps.setString(1,username);
ps.setString(2,task);
ps.setString(3,location);
ps.setString(4,person);
ps.setString(5,status);
int i=ps.executeUpdate();if(i>0)
{
response.sendRedirect("owner_upload.jsp?msg=Registered");
}
else{ response.sendRedirect("ownerreg.jsp?msg1=Failed");
}
%>
<%
}
catch(Exception e)
{
out.println(e);
}
%>

56
 View task

<%@page import="java.sql.ResultSet"%>
<%@page import="java.sql.PreparedStatement"%>
<%@page import="Distributed.Dbconnection"%>
<%@page import="java.sql.Connection"%>
<!DOCTYPE html PUBLIC"-//W3C//DTD XHTML1.0Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Distributed Time-Sensitive Task Selection in Mobile Crowd Sensing</title>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="css/style.css" type="text/css" media="all" />
<script type="text/javascript" src="js/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="js/jquery.jcarousel.js"></script>
<script src="js/cufon-yui.js" type="text/javascript" charset="utf-8"></script>
<script src="js/Chaparral_Pro.font.js" type="text/javascript" charset="utf-8"></script>
<script type="text/javascript" src="js/jquery-func.js"></script>
<link rel="shortcut icon" type="image/x-icon" href="css/images/favicon.ico" />
</head>
<%
if(request.getParameter("mg")!=null){
%>
<script>alert('Login Sucessfully..!')</script>
}
<%}
if(request.getParameter("msg1")!=null){%>
<script>alert('Owner Registration Failed..!')</script>
}
<%
}
%>
<%
if(request.getParameter("m3")!=null){%>
<script>alert('username already exists')</script>
}
<%}
if(request.getParameter("")!=null){%>

57
<script>alert('Owner Registration Failed..!')</script>
}
<%
}
%>
<body>
<!-- START PAGE SOURCE -->
<div id="header">
<br>
<div class="shell">
<h1>Distributed Time-Sensitive Task Selection in Mobile Crowd Sensing</h1>
<div class="search">
</div>
</div>
</div>
<div id="navigation">
<div class="shell">
<ul>
<li><a href="ownerhome.jsp">HOME</a></li>
<li><a href="owner_upload.jsp">Upload Task</a></li>
<li><a class="active" href="owner_viewtask.jsp">View Task</a></li>
<li><a href="owner_assign_reward.jsp">Assign Reward</a></li>
<li><a href="owner_download.jsp">Delivery Status</a></li>
<li><a href="logout.jsp">Logout</a></li>
</ul>
</div>
</div>
<div id="featured">
<div class="shell">
<div class="slider-carousel">
<ul>
<li>
<div class="info">
<p> We provide a new efficient RDPC protocol based on homomorphichash function.
The new scheme is provably secure against forgery attack, replace attack and replay
attack based on a typical security model . To support data dynamics , an operation
record table (ORT) is introduced to track operations on file block. We further give
a new optimized implementation for the ORT whichmake the cost of accessing ORT
nearly constant. Moreover, wemake the comprehensive

58
performance analysis which shows that our scheme has advantages in computation and
communication costs. Prototype implementation and experiments exhibit that thescheme
is feasible for real applications.
</p>
</div>
<div class="image"> <a href="#"><img src="css/images/1.png" alt="" /></a>
</div>
<div class="cl">&nbsp;</div>
</li>
<li>
<div class="info">
<p>
We provide a new efficient RDPC protocol based on homomorphic hash function. The
new scheme is provably secure against forgeryattack , replace attack and replay attack
based on a typical security model . To support data dynamics , an operation record table
(ORT) is introduced to track operations on file blocks.
We further give a new optimized implementation for the ORT whichmakes the cost of
accessing ORT nearly constant . Moreover , we make the comprehensive performance
analysis which shows our scheme has advantages in computation and communication
costs. Prototype implementation and experiments exhibit that the scheme is feasible for
real applications.</p>
</div>
<div class="image"> <a href="#"><img src="css/images/2.jpg" alt="" /></a>
</div>
<div class="cl">&nbsp;</div>
</li>
</ul>
</div>
</div>
</div>
<%
String username = session.getAttribute("user").toString();
String task = request.getParameter("task");
String location = request.getParameter("location");
Connection con = null;
con = Dbconnection.getConnection();
PreparedStatement pst=con.prepareStatement("select * from taskhandler
wherelocation = '"+location+"' ");
ResultSet rs=pst.executeQuery();
%>

59
<div id="main">
<div class="shell">
<div id="main-boxes">
<center>
<p align="justify">
<p><font color="black" size="5"> Assign Task </font></p><br/>
<form name="myform" autocomplete="off"action="owner_viewtask2.jsp"
method="post" onsubmit="return validateform()">
<table align="center" width="321">
<tr>
<td width="191" height="43"><font color="black">User Name </td>
<td width="218"><input autocomplete="off" value="<%=username%>"
name="username" required="" placeholder="User Name" /></td>
</tr>
<tr>
<td height="43"><font color="black">Task </td>
<td width="218"><input type="text" value="<%=task%>" name="task"required=""
placeholder="Password" /></td>
</tr>
<tr>
<td height="43"><font color="black"> Location</td>
<td><input name="location" autocomplete="off" value="<%=location%>" required="
" placeholder="Email ID"/></td>
</tr>
<tr>
<td height="43"><font color="black">Select Task Handler</td>
<td><select name="th" style="width:170px;" required="">
<option>--Select--</option>
<%
while(rs.next()){
%>
<option><%=rs.getString("username")%></option>
<%
}
%>
</select></td>
</tr>
<tr>
<td height="43" rowspan="3">
<p>&nbsp;</p></td>

60
<td align="left" valign="middle"> <p>&nbsp;
</p>
<p>
<input name="submit" type="submit" value="Assign" />
</p>
<div align="right">
</div></td>
</tr>
</table>
</form>
</p>
</center>
</div>
<div class="cl">&nbsp;</div>
</div>
</div>
<div class="footer">
<div class="shell">
<p class="rf"></a></p>
<div style="clear:both;"></div>
</div>
</div>
<script type="text/javascript">pageLoaded();</script>
<!-- END PAGE SOURCE -->
</body>
</html>

Task handler:

<%@page import="java.util.Random"%>
<%@page import="java.sql.*"%>
<%@page import="Distributed.Dbconnection"%>
<%@ page session="true" %>
<%@page import="Distributed.Mail"%>
<%
String username = request.getParameter("username");
String password = request.getParameter("password");
try{
Connection con=Dbconnection.getConnection();

61
Random s = new Random();
int otp = s.nextInt(10000 - 5000) +25000 ;
Statement st = con.createStatement();
ResultSet rs = st.executeQuery("select * from taskhandler where
email='"+username+"' and password='"+password+"'");
if(rs.next())
{
String user = rs.getString("username");
session.setAttribute("user",user);
String email = rs.getString("email");
session.setAttribute("email",email);
response.sendRedirect("taskhandlerhome.jsp?m1");
}
else
{
response.sendRedirect("taskhandler.jsp?msg1=LoginFail");
}
}
catch(Exception e)
{
System.out.println("Error in emplogact"+e.getMessage());
}
%>

SAMPLE CODE

<%@page import="Efficient.decryption"%>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.ResultSet"%>
<%@page import="java.sql.PreparedStatement"%>
<%@page import="databaseconnection.databasecon"%>
<%@page import="java.sql.Connection"%>
<!-- /*

Template Name: Log Files

Template Author: Untree.co
Tempalte URI: https://untree.co/
License: https://creativecommons.org/licenses/by/3.0/

62
*/ -->
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="author" content="Untree.co">
<link rel="shortcut icon" href="favicon.png">
<meta name="description" content="" />
<meta name="keywords" content="" />
<link href="https://fonts.googleapis.com/css?family=Inter:300,400,500,600,700,900"
rel="stylesheet">
<link rel="stylesheet" href="fonts/icomoon/style.css">
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/jquery-ui.css">
<link rel="stylesheet" href="css/owl.carousel.min.css">
<link rel="stylesheet" href="css/owl.theme.default.min.css">
<link rel="stylesheet" href="css/owl.theme.default.min.css">
<link rel="stylesheet" href="css/jquery.fancybox.min.css">
<link rel="stylesheet" href="css/bootstrap-datepicker.css">
<link rel="stylesheet" href="fonts/flaticon/font/flaticon.css">
<link rel="stylesheet" href="css/aos.css">
<link rel="stylesheet" href="css/style.css">
<title>Log Files </title>
</head>

<body data-spy="scroll" data-target=".site-navbar-target" data-offset="300">

<div class="site-wrap">
<div class="site-mobile-menu site-navbar-target">
<div class="site-mobile-menu-header">
<div class="site-mobile-menu-close mt-3">
<span class="icon-close2 js-menu-toggle">
</span>
</div>
</div>
<div class="site-mobile-menu-body"></div>
</div>
<div class="top-bar py-2" id="home-section">
<div class="container">
<div class="row">

63
<div class="col-md-6 text-center text-lg-right order-lg-2">
<ul class="social-media m-0 p-0">
<li><a href="#" class="p-2"><span class="icon-facebook"></span></a></li>
<li><a href="#" class="p-2"><span class="icon-twitter"></span></a></li>
<li><a href="#" class="p-2"><span class="icon-instagram"></span></a></li>
<li><a href="#" class="p-2"><span class="icon-linkedin"></span></a></li>
</ul>
</div>

<div class="col-md-6 text-center text-lg-left order-lg-1">

<p class="mb-0 d-inline-flex">
<span class="mr-3"><a href="tel://#" class="d-flex align-items-center">
<spanclass="icon-phone mr-2"></span><span>+1 234 5678 9101</span></a></span>
<span><a href=tel://# class="d-flex align-items-center">
<span class="icon-envelope mr-2">
</span>
<span>info@domain.com</span>
</a>
</span>
</p>
</div>
</div>
</div>
</div>

<header class="site-navbar py-4 js-sticky-header site-navbar-target"role="banner">

<div class="container">
<div class="row align-items-center">
<div class="col-11 col-xl-2">
<h1 class="mb-0 site-logo">< href="index.html" class="mb-0">Log Files<span
class="text- primary">.</span> </a></h1>
</div>
<div class="col-12 col-md-10 d-none d-xl-block">
<nav class="site-navigation position-relative text-right" role="navigation">
<ul class="site-menu main-menu js-clone-nav mr-auto d-none d-lg-block">
<li><a href="uhome.jsp" class="nav-link">Home</a></li>
<li><a href="uvf.jsp" class="nav-link">View Files</a></li>
<li><a href="d1.jsp" class="nav-link">Download</a></li>
<li><a href="index.html" class="nav-link">Logout</a></li>

64
 </ul>
</nav>

</div> <div class="d-inline-block d-xl-none ml-md-0 mr-auto py-3" style="position: relative;

top: 3px;"><a href="#" class="site-menu-toggle js-menu-toggle text- black"><span class="
icon-menu h3"></span></a></div>

</div>
</div>
</header>
<%
//String email=session.getAttribute("email").toString();
%>
<section class="site-section">
<div class="container">
<br><br>
<%
String filename=request.getParameter("filename");
//String password=request.getParameter("password");
String email=request.getParameter("email");
String user=request.getParameter("user");
String skey=request.getParameter("skey");
String str = "";
String content = "";
//String status=request.getParameter("server");
Connection co = databasecon.getconnection();
Statement st = co.createStatement();
ResultSet rs = st.executeQuery("select * from upload wherefilename=
"+filename+"' and email='"+email+"' "); if(rs.next())
{
str = rs.getString("cipher");
content = new decryption().decrypt(str, skey);

//content2 = new decryption().decrypt(part2data, skey1);

}
%>
<br><br><br><br>
<center><br>
<center><br>
<h5>View Data</h5><br>
<form style="width: 30%;" action="d4.jsp" method="post" >
<!-- Email input -<div class="form-outline mb-4">

65
<input type="text" name="filename" value="<%=filename%>" readonly=""
id="form2Example1" placeholder="Filename" required="" class="form- control" />
</div>
<div class="form-outline mb-4">
<input type="text" name="content" value="<%=content%>" readonly="" id="form2Example1"
placeholder="Filename" required="" class="form- control" />

</div>
<!-- Password input -->
<!-- Submit button -->
<button type="submit" class="btn btn-primary">Submit</button>
</form>
</center>
</div>
</div>
</section>
</div> <!-- .site-wrap -->
<script src="js/jquery-3.3.1.min.js"></script>
<script src="js/jquery-migrate-3.0.1.min.js"></script>
<script src="js/jquery-ui.js"></script>
<script src="js/popper.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<script src="js/owl.carousel.min.js"></script>
<script src="js/jquery.stellar.min.js"></script>
<script src="js/jquery.countdown.min.js"></script>
<script src="js/bootstrap-datepicker.min.js"></script>
<script src="js/jquery.easing.1.3.js"></script>
<script src="js/aos.js"></script>
<script src="js/jquery.fancybox.min.js"></script>
<script rc="js/jarallax.min.js"></script>
<script src="js/jarallax-element.min.js"></script>
<script src="js/lozad.min.js"></script>
<script src="js/modernizr.min.js"></script>
<script src="js/three.min.js"></script>

66
<script src="js/TweenMax.min.js"></script>
<script src="js/OBJLoader.js"></script>
<script src="js/ParticleHead.js"></script>
<script src="js/jquery.sticky.js"></script>
<script src="js/typed.js"></script>
<script>
var typed = new Typed('.typed-words', {
strings: ["Web Apps"," WordPress"," Mobile Apps"],typeSpeed: 80,

backSpeed: 80,

backDelay: 4000,

startDelay: 1000,loop: true,

showCursor: true

});

</script>

<script src="js/main.js">

</script>

67
 CHAPTER: 5

TESTING &VALIDATION

INTRODUCTION:

Testing is the debugging program is one of the most critical aspects of the computer programming
triggers, without programming that works, the system would never produce an output of which it
was designed. Testing is best performed when user development is asked to assist in identifying
all errors and bugs. The sample data are used for testing. It is not quantity but quality of the data
used the matters of testing. Testing is aimed at ensuring that the system was accurately an
efficiently before live operation commands.

Testing objectives:

The main objective of testing is to uncover a host of errors, systematically and with minimum
effort and time. Stating formally, we can say, testing is a process of executing a program with
intent of finding an error.

1 A successful test is one that uncovers an as yet undiscovered error.

2 A good test case is one that has probability of finding an error, if it exists.
3 The test is inadequate to detect possibly present errors.
4 The software more or less confirms to the quality and reliable standards.

Levels of Testing:

Code testing:

This examines the logic of the program. For example, the logic for updating various sample data
and with the sample files and directories were tested and verified.

68
Specification Testing:

Executing this specification starting what the program should do and how it should performed
under various conditions. Test cases for various situation and combination of conditions in all the
modules are tested.

Unit testing:

In the unit testing we test each module individually and integrate with the overall system. Unit
testing focuses verification efforts on the smallest unit of software design in the module. This is
also known as module testing.

The module of the system is tested separately. This testing is carried out during programming
stage itself. In the testing step each module is found to work satisfactorily as regard to expected
output from the module. There are some validation checks for fields also. For example the
validation check is done for varying the user input given by the user which validity of the data
entered. It is very easy to find error debut the system.

Each Module can be tested using the following two Strategies:

1. Black Box Testing

2. White Box Testing

BLACK BOX TESTING

What is Black Box Testing?

Black box testing is a software testing technique in which functionality of the software under test
(SUT) is tested without looking at the internal code structure, implementation details and
knowledge of internal paths of the software. This type of testing is based entirely on the software
requirements and specifications.

In Black Box Testing we just focus on inputs and output of the software system without bothering
about internal knowledge of the software program.

69
The above Black Box can be any software system you want to test. For example: an operating
system like Windows, a website like Google, a database like Oracle or even your own custom
application. Under Black Box Testing, you can test these applications by just focusing on the inputs
and outputs without knowing their internal code implementation.

Black box testing – Step:

Here are the generic steps followed to carry out any type of Black Box Testing.

 Initially requirements and specifications of the system are examined.

 Tester chooses valid inputs (positive test scenario) to check whether SUT processes them
correctly. Also, some invalid inputs (negative test scenario) are chosen to verify that the
SUT is able to detect them.
 Tester determines expected outputs for all those inputs.
 Software tester constructs test cases with the selected inputs.
 The test cases are executed.
 Software tester compares the actual outputs with the expected outputs.
 Defects if any are fixed and re-tested.

Types of Black Box Testing

There are many types of Black Box Testing but following are the prominent ones -

 Functional testing – This black box testing type is related to functional requirements of a
system; it is done by software testers.
 Non-functional testing – This type of black box testing is not related to testing of a specific
functionality, but non-functional requirements such as performance, scalability, usability.
 Regression testing – Regression testing is done after code fixes, upgrades or any other
system maintenance to check the new code has not affected the existing code.

70
WHITE BOX TESTING

White Box Testing is the testing of a software solution's internal coding and infrastructure. It
focuses primarily on strengthening security, the flow of inputs and outputs through the application,
and improving design and usability. White box testing is also known as clear, open, structural, and
glass box testing.

It is one of two parts of the "box testing" approach of software testing. Its counterpart, black box
testing, involves testing from an external or end-user type perspective. On the other hand,
Whitebox testing is based on the inner workings of an application and revolves around internal
testing. The term "white box" was used because of the see-through box concept. The clear box or
white box name symbolizes the ability to see through the software's outer shell (or "box") into its
inner workings. Likewise, the "black box" in "black box testing" symbolizes not being able to see
the inner workings of the software so that only the end-user experience can be tested

What do you verify in White Box Testing?

White box testing involves the testing of the software code for the following:

 Internal security holes

 Broken or poorly structured paths in the coding processes
 The flow of specific inputs through the code
 Expected output
 The functionality of conditional loops
 Testing of each statement, object and function on an individual basis

The testing can be done at system, integration and unit levels of software development. One of the
basic goals of white box testing is to verify a working flow for an application. It involves testing
a series of predefined inputs against expected or desired outputs so that when a specific input does
not result in the expected output, you have encountered a bug.

71
How do you perform White Box Testing?

To give you a simplified explanation of white box testing, we have divided it into two basic steps.
This is what testers do when testing an application using the white box testing technique:

STEP 1: UNDERSTAND THE SOURCE CODE

The first thing a tester will often do is learn and understand the source code of the application.
Since white box testing involves the testing of the inner workings of an application, the tester must
be very knowledgeable in the programming languages used in the applications they are testing.
Also, the testing person must be highly aware of secure coding practices. Security is often one of
the primary objectives of testing software. The tester should be able to find security issues and
prevent attacks from hackers and naive users who might inject malicious code into the application
either knowingly or unknowingly.

Step 2: CREATE TEST CASES AND EXECUTE

The second basic step to white box testing involves testing the application’s source code for proper
flow and structure. One way is by writing more code to test the application’s source code. The
tester will develop little tests for each process or series of processes in the application. This method
requires that the tester must have intimate knowledge of the code and is often done by the
developer. Other methods include manual testing, trial and error testing and the use of testing tools
as we will explain further on in this article.

72
Test Case 1
Below stable shows the test case for the admin. The details if admin is stored in the
database such as admin name, admin name etc. Admin is responsible for handling the
transactions. The admin sets password and username. Weather all the passwords and
usernames are correct not is checked. Because by using these details the user will login
in into the cloud and can view the details of file stored.

Test Case 1
The test case 1 tests the login of admins. The passwords and username is given if the
correct password and usernames are entered the login will be successful. If any wrong
in passwords and username the login will be denied.
Table 1

Sl # Test Case: - UTC-1

Name of Test: - owner login

Items being tested: - Validation for owner login

Sample Input: - Fill form

Details stored in database if wrong details are given

Expected output: - check validation

Actual output: - Validation verified details stored in db

Remarks: - Pass.

73
Test Case 2
The test case 2 is for checking the users. Again, for the user’s password and user
name is given based on only the correct input the users will be able to login

Table 2

Sl # Test Case: - UTC-2

Name of Test: - upload data to cloud

Items being tested: - Upload data to cloud show in cloud

Sample Input: - Text file

View upload details in database

Expected output: -

Actual output: - Cloud can view data

Remarks: - success.

74
 Table 3

Sl# Test Case: - ITC-1

Name of Test: - Error verification

Itembeing tested: - Cloud error check

Sample Input: - Upload file to cloud

If error show error else no error

Expected output: -

Error status to log manager

Actual output: -

Remarks: - Pass.

Test case 3
The test case 3 shows for the file upload and it is being stored in different cloud
which is called block generation and storing and hence this file is divided and
stored. If the storage and block generation is not successful than we can store the
file

75
 Table 4

Sl# Test Case: - STC-1

Name of Test: - Cloud store data

Itembeing tested: - Check tasks upload by cloud and execute task

Sample Input: - Encrypted data

Expected output: - Data decrypted send to user

Actual output: - user can download data

Remarks: - Pass

Test case 4

Test case 4 is for file upload where the uploaded is downloaded. During downloadif
any one of the clouds fails the recovery should start automatic. If the recovery is
successful all the blocks will be generated and merged together. With the help of
network coding the blocks are stored in the cloud

76
 CHAPTER: 6

SCREEN SHOTS:

77
SECURE CLOUD COMPUTING:

78
VIEW FILES:

79
FILE STATUS:

80
UPLOADING FILES:

81
REQUESTS:

82
VERIFY AND DOWNLOAD:

83
VERIFICATION:

84
 CHAPTER: 7

CONCLUSION

In this project, for the first time, we design an efficient and practical protocol for securely out
sourcinglarge-scale NLP switch nonlinear constraints. The transformation technique is applied
to protect thesensitive input/output information. In addition, we adopt the generalized reduced
gradient methodto solve the transformed NLP.A set of large-scale simulations are performed to
evaluate the performance of proposed mechanism , and results demonstrate its high practicality
and efficiency. It is expected that the proposed protocol can not only be deployed independently,
butalso serves as a building block to solve more sophisticated problems in the real world...

85
 CHAPTER: 8
REFERENCES

1. Barbosa, M., Farshim, P.: Delegatable homomorphic encryption with applications to secure
outsourcing of computation. In: Proceedings of the 12th conference on Topics in Cryptology.
pp. 296–312 (2012)
2. Bazaraa, M.S., Sherali, H.D., Shetty, C.M.: Nonlinear programming: theory and algorithms.
John Wiley & Sons (2013)
3. Bertsekas, D.P.: Nonlinear programming. Athena scientifific Belmont (1999)
4. Chen, F., Xiang, T., Lei, X., Chen, J.: Highly effiffifficient linear regression outsourcing to a
cloud. IEEE Transactions on Cloud Computing 2(4), 499–508 (2014)
5. Chen, F., Xiang, T., Yang, Y.: Privacy-preserving and verififiable protocols for scientifific
computation outsourcing to the cloud. Journal of Parallel and Distributed Computing 74(3),
2141–2151 (2014)
6. Chen, X., Huang, X., Li, J., Ma, J., Lou, W., Wong, D.S.: New algorithms for secure
outsourcing of large-scale systems of linear equations. IEEE Transactions on Information
Forensics and Security 10(1), 69–78 (2015)
7. Chen, X., Li, J., Ma, J., Tang, Q., Lou, W.: New algorithms for secure outsourcing of modular
exponentiations. IEEE Transactions on Parallel and Distributed Systems 25(9), 2386–2396
(2014)
8. Chung, K.M., Kalai, Y., Vadhan, S.: Improved delegation of computation using fully
homomorphic encryption. In: Proceedings of the 30th annual conference on Advances in
cryptology. pp. 483–501. Springer-Verlag (2010)
9. Du, W., Li, Q.: Secure and effiffifficient outsourcing of large-scale nonlinear programming.
In: Communications and Network Security (CNS), 2017 IEEE Conference on. IEEE (2017)
10. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-
fifirst Annual ACM Symposium on Theory of Computing. pp. 169–178. STOC ’09, ACM,
New York, NY, USA (2009)
11. Kalai, Y., Raz, R., Rothblum, R.: How to delegate computations: the power of no-signaling
proofs Katz, J., Lindell, Y.: Introduction to modern cryptography. CRC press (2014)
12. Lei, X., Liao, X., Huang, T., Li, H.: Cloud computing service: The case of large matrix
Determinant computation. IEEE Transactions on Service Computing 8(5), 688–700 (2015)
13. Lei, X., Liao, X., Huang, T., Li, H., Hu, C.: Outsourcing large matrix inversion computation
to a public cloud. IEEE Transactions on Cloud Computing 1(1), 1–1 (2013)

86
14. Murugesan, S., Bojanova, I.: Encyclopedia of Cloud Computing. John Wiley & Sons (2016)
15. Ren, K., Wang, C., Wang, Q.: Security challenges for the public cloud. IEEE Internet
Computing 16(1), 69–73 (2012)
16. Shen, W., Yin, B., Cui, X., Cheng, Y.: A distributed secure outsourcing scheme for solving
linear algebraic equations in ad hoc clouds. IEEE Transactions on Cloud Computing (2017)
17. Sutskever, I., Martens, J., Dahl, G., Hinton, G.: On the importance of initialization and
momentum in deep learning. In: International conference on machine learning. pp. 1139–
1147 (2013)
18. Wang, C., Ke, R., Wang, J.: Secure and practical outsourcing of linear programming in cloud
computing
19. Wang, C., Ren, K., Wang, J., Wang, Q.: Harnessing the cloud for securely outsourcing large-
scale systems of linear equations. IEEE Transactions on Parallel and Distributed Systems
24(6), 1172–1181 (2013)
20. Zhou, L., Li, C.: Outsourcing large-scale quadratic programming to a public cloud. IEEE
Access 3, 2581–2589 (2015)

87