cloud computing security from sngle to multi clouds full documentaion

110
A Project Report on CLOUD COMPUTING SECURITY FROM SINGLE TO MUTLI CLOUDS Project report submitted in partial fulfillment of the requirement for the award of the Degree of BACHELOR OF TECHNOLOGY IN COMPUTER SCIENCE AND ENGINEERING By N.VAMSEE DEEPAK 10W51A0537 P.JAGADEESH 10W51A0539 Y.SREENIVASULU REDDY 10W51A0551 N.REDDY PRASAD 10W51A0535 Under the Guidance of Y.SHABBIR ALI M.Tech(Ph.D) Associate.Proffessor Sir Vishveshwaraiah Institute of Science & Technology Department of Computer Science & Engineering

Upload: vamshi-chowdary

Post on 13-Jan-2015

937 views

Category:

Technology


1 download

DESCRIPTION

Computing Security From Sngle to multi Clouds Full Documentaion

TRANSCRIPT

Page 1: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

A Project Report on

CLOUD COMPUTING SECURITY FROM SINGLE TO MUTLI CLOUDS

Project report submitted in partial fulfillment of the requirement for the award of the Degree of

BACHELOR OF TECHNOLOGY

IN

COMPUTER SCIENCE AND ENGINEERING

By

N.VAMSEE DEEPAK 10W51A0537

P.JAGADEESH 10W51A0539

Y.SREENIVASULU REDDY 10W51A0551

N.REDDY PRASAD 10W51A0535

Under the Guidance of

Y.SHABBIR ALI M.Tech(Ph.D)

Associate.Proffessor

Sir Vishveshwaraiah Institute of Science & Technology

Department of Computer Science & Engineering

(Approved by AICTE, Affiliated to JNT University, Ananthapur,)

An ISO 9001-2008 Certified Institution

Angallu, Madanapalle-517325

2010-2014

Page 2: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

A Project Report on

CLOUD COMPUTING SECURITY FROM SINGLE TO MUTLI CLOUDS

Submitted in partial fulfillment of the requirement for the award of the Degree of

BACHELOR OF TECHNOLOGY

IN

COMPUTER SCIENCE AND ENGINEERING

By

N.VAMSEE DEEPAK 10W51A0537

P.JAGADEESH 10W51A0539

Y.SREENIVASULU REDDY 10W51A0551

N.REDDY PRASAD 10W51A0535

Under the Esteemed Guidance of

Y.SHABBIR ALI M.Tech(Ph.D)

Associate. Professor

Sir Vishveshwaraiah Institute of Science & Technology

Department of Computer Science & Engineering

(Approved by AICTE, Affiliated to JNT University, Ananthapur,)

An ISO 9001-2008 Certified Institution

Angallu, Madanapalle-517325

2010-2014

Page 3: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

SIR VISHVESHWARAIAH INSTITUTE OF SCIENCE & TECHNOLOGY

Affiliated to JNTU,Anantapur,Approved by AICTE

An ISO 9001-2008 Certified Institution

Angallu,Madanapalli-517325,Chittor(DT),A.P.

Ph:08571-280888,fax:280892,www.svtm.ac.in

Department of Computer Science & Engineering

CERTIFICATE

This is to certify that the project report entitled CLOUD COMPUTING SECURITY

FROM SINGLE TO MUTLI CLOUDS is a bonafide work carried out by N.VAMSEE DEEPAK

(10W51A0537), P.JAGADEESH (10W51A0539), Y.SREENIVASULU REDDY (10W51A0551),

N.REDDY PRASAD (10W51A0535) submitted in the partial fulfillment of the requirements for

the award of the degree, Bachelor of Technology in the stream of Computer Science &

Engineering in Sir Vishveshwaraiah of Institute of Science & Technology during the academic

year 2013-2014.

HEAD OF DEPARTMENT PROJECT GUIDE

Sri.T. Sunil Kumar Reddy M.Tech (Ph.D)., Sri.Y.Shabbir Ali M.Tech(Ph.D).,

Associate Professor Associate Professor

Submitted for the University for viva-voice Examination held on ___________________

INTERNAL EXAMINER EXTERNAL EXAMINER

Page 4: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

Acknowledgement

We are highly indebted to Sri. M.Prabhakar Reddy, Chairman of SVTM, Madanapalle for

providing us an excellent academic infrastructure to carry out our projects successfully.

We sincerely thank Sri. Dr. K.Sudhakar Reddy, Principal of our college for fostering an

excellent academic environment during our project work.

We express our heartfelt gratitude to Sri. Dr. L.Suderrshan Reddy, Director for Vishwam

Group of Institutions for his continuous support and also for his valuable suggestions

throughout the project work.

We express our deep sense of gratitude to Sri.T.Sunil Kumar Reddy, Head of the Computer

Science and Engineering Department for his pragmatic guidance and constant encouragement

throughout the project work.

We are thankful to Sri.Y.Shabbir Ali, for his guidance, valuable suggestions and uninterrupted

cooperation during my project work.

We also express our thanks to Sri.O.DevaKiran, Project Coordinator for his support and

encouragement that helped me to complete this project.

Page 5: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

We also wish to place on record our gratefulness to all the other faculty members and also to

our friends for their help and cooperation during our project work.

Finally, a word of gratitude to our family members who have been a constant source of

encouragement and love.

DECLARATION

We are hereby declare that the project report entitled “CLOUD COMPUTING

SECURITY FROM SINGLE TO MULTI CLOUDS” was done under the guidance of

Sri.Y.Shabbir Ali M.Tech(Ph.D)., is submitted in the partial fulfillment of the requirements of

the award of the degree of Bachelor of Technology in Computer Science & Technology during

2010-2014

Date:

Place:

BATCH MEMBERS

Name Roll Number Signature

N.VAMSEE DEEPAK 10W51A0537

P.JAGADEESH 10W51A0539

Y.SREENIVASULU REDDY 10W51A0551

N.REDDY PRASAD 10W51A0535

Page 6: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

ABSTRACT

The use of cloud computing has increased rapidly in many organizations. Cloud

computing provides many benefits in terms of low cost and accessibility of data. Ensuring the

security of cloud computing is a major factor in the cloud computing environment, as users

often store sensitive information with cloud storage providers but these providers may be

untrusted. Dealing with “single cloud” providers is predicted to become less popular with

customers due to risks of service availability failure and the possibility of malicious insiders in

the single cloud. A movement towards “multi-clouds”, or in other words, “interclouds” or

“cloud-of-clouds” has emerged recently. This project surveys recent research related to single

and multi-cloud security and addresses possible solutions. It is found that the research into the

use of multi-cloud providers to maintain security has received less attention from the research

community than has the use of single clouds. This work aims to promote the use of multi-cloud

due to its ability to reduce security risks that affect the cloud computing user.

Page 7: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

CONTENTS

NAME OF CONTENTS PAGE NO

1. INTRODUCTION 1

2. LITERATURE SURVEY 4

3. SYSTEM REQUIREMENT SPECIFICATION

3.1 System Analysis 7

3.2 System Study 9

3.3 Software Environment 21

4. SYSTEM DESIGN 29

5. IMPLEMENTATION 43

6. SYSTEM TESTING

6.1 Unit Testing 44

6.2 Integration Testing 45

6.3 Acceptance Testing 46

7. SAMPLE SCREENS 57

8. CONCLUSION AND FUTURE ENHANCEMENTS 58

9. BIBLIOGRAPHY 62

Page 8: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

LIST OF FIGURES

FIGURE NAME PAGE NO

3.3.1 Working of Java 11

3.3.2 Java platform 14

4.1 Data Flow Diagram 22

4.2 Sequence Diagram 23

4.3 Class Diagram 24

4.4 Component Diagram 25

4.5 Use case Diagram 26

4.6 Activity Diagram 27

4.7 ER Diagram 28

Page 9: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

CHAPTER 1Introduction

Page 10: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

INTRODUCTION

The use of cloud computing has increased rapidly in many organizations.

Subashini and Kavitha argue that small and medium companies use cloud computing

services for various reasons, including because these services provide fast access to their

applications and reduce their infrastructure costs.

Cloud providers should address privacy and security issues as a matter of high

and urgent priority. Dealing with “single cloud” providers is becoming less popular with

customers due to potential problems such as service availability failure and the possibility

that there are malicious insiders in the single cloud. In recent years, there has been a

move towards “multi-clouds”, “intercloud” or “cloud-of-clouds”.

This project focuses on the issues related to the data security aspect of cloud

computing. As data and information will be shared with a third party, cloud computing

users want to avoid an untrusted cloud provider. Protecting private and important

information, such as credit card details or a patient’s medical records from attackers or

malicious insiders is of critical importance. In addition, the potential for migration from a

single cloud to a multi-cloud environment is examined and research related to security

issues in single and multi-clouds in cloud computing are surveyed.

1

Page 11: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

CHAPTER 2Literature Survey

Page 12: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

2.LITERATURE SURVEY

Literature survey is the most important step in software development

process. Before developing the tool it is necessary to determine the time factor, economy

n company strength. Once these things r satisfied, ten next steps are to determine which

operating system and language can be used for developing the tool. Once the

programmers start building the tool the programmers need lot of external support. This

support can be obtained from senior programmers, from book or from websites. Before

building the system the above consideration r taken into account for developing the

proposed system.

We have to analysis the Knowledge and Data Engineering and Cloud:

2.1 Data & Knowledge Engineering (DKE)

Data & Knowledge Engineering (DKE) is a journal in database systems and

knowledge base systems. It is published by Elsevier. It was founded in 1985, and is held

in over 250 academic libraries.The editor-in-chief is P.P. Chen (Dept. of Computer

Science, Louisiana State University, USA) This particular journal publishes 12 issues a

year. All articles from the Data & Knowledge Engineering journal can be viewed on

indexing services like Scopus and

2.2 Knowledge engineering (KE)

KE is an engineering discipline that involves integrating knowledge into computer

systems in order to solve complex problems normally requiring a high level of human

expertise.

At present, it refers to the building, maintaining and development of knowledge-

based systems. It has a great deal in common with software engineering, and is used in

many computer science domains such as artificial intelligence, including databases, data

mining, expert systems, decision support systems and geographic information systems.

Knowledge engineering is also related to mathematical logic, as well as strongly involved

in cognitive science and socio-cognitive engineering where the knowledge is produced by

2

Page 13: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

socio-cognitive aggregates (mainly humans) and is structured according to our

understanding of how human reasoning and logic works.

Various activities of KE specific for the development of a knowledge-based system:

Assessment of the problem

Development of a knowledge-based system shell/structure

Acquisition and structuring of the related information, knowledge and specific

preferences (IPK model)

Implementation of the structured knowledge into knowledge bases

Testing and validation of the inserted knowledge

Integration and maintenance of the system

Revision and evaluation of the system.

Knowledge engineering principles

Since the mid-1980s, knowledge engineers have developed a number of principles,

methods and tools to improve the knowledge acquisition and ordering. Some of the key

principles are:

There are different:

Types of knowledge each requiring its own approach and technique.

Types of experts and expertise, such that methods should be chosen

appropriately.

Ways of representing knowledge, which can aid the acquisition, validation

and re-use of knowledge.

Ways of using knowledge, so that the acquisition process can be guided by

the project aims (goal-oriented).

Structured methods increase the efficiency of the acquisition process.

Knowledge Engineering is the process of eliciting Knowledge for any purpose be

it Expert system or AI development

3

Page 14: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

2.3 Introduction to Data Mining and Cloud

Data mining (also known as Knowledge Discovery in Databases - KDD) has been

defined as "The nontrivial extraction of implicit, previously unknown, and potentially

useful information from data" It uses machine learning, statistical and visualization

techniques to discover and present knowledge in a form which is easily comprehensible

to humans.

As data and information will be shared with a third party, cloud computing users want to

avoid an untrusted cloud provider. Protecting private and important information, such as

credit card details or a patient’s medical records from attackers or malicious insiders is of

critical importance. In addition, the potential for migration from a single cloud to a multi-

cloud environment is examined and research related to

security issues in single and multi-clouds in cloud computing are surveyed.

4

Page 15: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

CHAPTER 3System Requirement

Specification

Page 16: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

3.1 SYSTEM ANALYSIS

Existing System

Cloud providers should address privacy and security issues as a matter of high

and urgent priority. Dealing with “single cloud” providers is becoming less popular with

customers due to potential problems such as service availability failure and the possibility

that there are malicious insiders in the single cloud. In recent years, there has been a

move towards “multiclouds”, “intercloud” or “cloud-of-clouds”. possibility that there are

malicious insiders in the single cloud.

Proposed System

This project focuses on the issues related to the data security aspect of cloud 

computing. As data and information will be shared with a third party, cloud computing

users want to avoid an untrusted cloud provider. Protecting private and important

information, such as credit card details or a patient’s medical records from attackers or

malicious insiders is of critical importance. In addition, the potential for migration from a

single cloud to a multi-cloud environment is examined and research related to security

issues in single and multi-clouds in cloud computing are surveyed.

MODULE DESCRIPTION

Module Description:

1. Data Integrity

2. Data Intrusion

3. Service Availability

4.DepSKy System Model

5

Page 17: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

Data Integrity

One of the most important issues related to cloud security risks is data integrity.

The data stored in the cloud may suffer from damage during transition operations from or

to the cloud storage provider. Cachinet al. give examples of the risk of attacks from both

inside and outside the cloud provider, such as the recently attacked Red Hat Linux’s

distribution servers. One of the solutions that they propose is to use a Byzantine fault-

tolerant replication protocol within the cloud. Hendricks et al. State that this solution can

avoid data corruption caused by some components in the cloud. However, Cachinet

al.Claim that using the Byzantine fault tolerant replication protocol within the cloud is

unsuitable due to the fact that the servers belonging to cloud providers use the same

system installations and are physically located in the same place.

Data Intrusion

According to Garfinkel, another security risk that may occur with a cloud

provider, such as the Amazon cloud service, is a hacked password or data intrusion. If

someone gains access to an Amazon account password, they will be able to access all of

the account’s instances and resources. Thus the stolen password allows the hacker to

erase all the information inside any virtual machine instance for the stolen user account,

modify it, or even disable its services. Furthermore, there is a possibility for the user’s

email(Amazon user name) to be hacked (see for a discussion of the potential risks of

email), and since Amazon allows a lost password to be reset by email, the hacker may

still be able to log in to the account after receiving the new reset password.

Service Availability

Another major concern in cloud services is service availability. Amazon mentions

in its licensing agreement that it is possible that the service might be unavailable from

time to time. The user’s web service may terminate for any reason at any time if any

user’s files break the cloud storage policy. In addition, if any damage occurs to any

Amazon web service and the service fails, in this case there will be no charge to the

Amazon Company for this failure. Companies seeking to protect services from such

failure need measures such as backups or use of multiple providers.

6

Page 18: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

DepSKy System Model

The DepSky system model contains three parts: readers, writers, and four cloud storage

providers, where readers and writers are the client’s tasks. Bessani et al. explain the

difference between readers and writers for cloud storage. Readers can fail arbitrarily (for

example, they can fail by crashing, they can fail from time to time and then display any

behavior) whereas, writers only fail by crashing.

HARDWARE CONFIGURATION

Processor - Pentium –III

Speed - 1.1 Ghz

RAM - 256 MB(min)

Hard Disk - 20 GB

Key Board - Standard Windows Keyboard

Mouse - Two or Three Button Mouse

Monitor - SVGA

SOFTWARE CONFIGURATION

Operating System : Windows95/98/2000/XP

Application Server : Tomcat5.0/6.X

Front End : HTML, Java, JSP,AJAX

Scripts : JavaScript.

Server side Script : Java Server Pages.

Database Connectivity : Mysql

7

Page 19: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

3.2 SYSTEM STUDY

FEASIBILITY STUDY

The feasibility of the project is analyzed in this phase and business proposal is

put forth with a very general plan for the project and some cost estimates. During

system analysis the feasibility study of the proposed system is to be carried out. This is

to ensure that the proposed system is not a burden to the company. For feasibility

analysis, some understanding of the major requirements for the system is essential.

Three key considerations involved in the feasibility analysis are

ECONOMICAL FEASIBILITY

TECHNICAL FEASIBILITY

SOCIAL FEASIBILITY

ECONOMICAL FEASIBILITY

This study is carried out to check the economic impact that the system will have

on the organization. The amount of fund that the company can pour into the research and

development of the system is limited. The expenditures must be justified. Thus the

developed system as well within the budget and this was achieved because most of the

technologies used are freely available. Only the customized products had to be purchased.

TECHNICAL FEASIBILITY

This study is carried out to check the technical feasibility, that is, the technical

requirements of the system. Any system developed must not have a high demand on the

available technical resources. This will lead to high demands on the available technical

resources. This will lead to high demands being placed on the client. The developed

8

Page 20: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

system must have a modest requirement, as only minimal or null changes are required for

implementing this system.

SOCIAL FEASIBILITY

The aspect of study is to check the level of acceptance of the system by the user. This

includes the process of training the user to use the system efficiently. The user must not

feel threatened by the system, instead must accept it as a necessity. The level of

acceptance by the users solely depends on the methods that are employed to educate the

user about the system and to make him familiar with it. His level of confidence must be

raised so that he is also able to make some constructive criticism, which is welcomed, as

he is the final user of the system.

9

Page 21: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

3.3 Software Environment

Java Technology

Java technology is both a programming language and a platform.

The Java Programming Language

The Java programming language is a high-level language that can be

characterized by all of the following buzzwords:

3.2.1. Simple

3.2.2. Architecture neutral

3.2.3. Object oriented

3.2.4. Portable

3.2.5. Distributed

3.2.6. High performance

3.2.7. Interpreted

3.2.8. Multithreaded

3.2.9. Robust

3.2.10. Dynamic

3.2.11. Secure

With most programming languages, you either compile or interpret a program so

that you can run it on your computer. The Java programming language is unusual in that a

program is both compiled and interpreted. With the compiler, first you translate a

program into an intermediate language called Java byte codes —the platform-

independent codes interpreted by the interpreter on the Java platform. The interpreter

parses and runs each Java byte code instruction on the computer. Compilation happens

10

Page 22: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

just once; interpretation occurs each time the program is executed. The following figure

illustrates how this works.

You can think of Java byte codes as the machine code instructions for the Java

Virtual Machine (Java VM). Every Java interpreter, whether it’s a development tool or a

Web browser that can run applets, is an implementation of the Java VM. Java byte codes

help make “write once, run anywhere” possible. You can compile your program into byte

codes on any platform that has a Java compiler. The byte codes can then be run on any

implementation of the Java VM. That means that as long as a computer has a Java VM,

the same program written in the Java programming language can run on Windows 2000,

a Solaris workstation, or on an iMac.

11

Page 23: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

The Java Platform

A platform is the hardware or software environment in which a program

runs. We’ve already mentioned some of the most popular platforms like Windows

2000, Linux, Solaris, and MacOS. Most platforms can be described as a

combination of the operating system and hardware. The Java platform differs

from most other platforms in that it’s a software-only platform that runs on top of

other hardware-based platforms.

The Java platform has two components:

The Java Virtual Machine (Java VM)

The Java Application Programming Interface (Java API)

You’ve already been introduced to the Java VM. It’s the base for the Java

platform and is ported onto various hardware-based platforms.

The Java API is a large collection of ready-made software components that

provide many useful capabilities, such as graphical user interface (GUI) widgets.

The Java API is grouped into libraries of related classes and interfaces; these

libraries are known as packages. The next section, What Can Java Technology

Do? Highlights what functionality some of the packages in the Java API provide.

The following figure depicts a program that’s running on the Java platform.

As the figure shows, the Java API and the virtual machine insulate the program

from the hardware.

Native code is code that after you compile it, the compiled code runs on a

specific hardware platform. As a platform-independent environment, the Java

platform can be a bit slower than native code. However, smart compilers, well-

12

Page 24: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

tuned interpreters, and just-in-time byte code compilers can bring performance

close to that of native code without threatening portability.

What Can Java Technology Do?

The most common types of programs written in the Java programming language

are applets and applications. If you’ve surfed the Web, you’re probably already

familiar with applets. An applet is a program that adheres to certain conventions

that allow it to run within a Java-enabled browser.

However, the Java programming language is not just for writing cute, entertaining

applets for the Web. The general-purpose, high-level Java programming language

is also a powerful software platform. Using the generous API, you can write many

types of programs.

An application is a standalone program that runs directly on the Java platform. A

special kind of application known as a server serves and supports clients on a

network. Examples of servers are Web servers, proxy servers, mail servers, and

print servers. Another specialized program is a servlet. A servlet can almost be

thought of as an applet that runs on the server side. Java Servlets are a popular

choice for building interactive web applications, replacing the use of CGI scripts.

Servlets are similar to applets in that they are runtime extensions of applications.

Instead of working in browsers, though, servlets run within Java Web servers,

configuring or tailoring the server.

How does the API support all these kinds of programs? It does so with packages

of software components that provides a wide range of functionality. Every full

implementation of the Java platform gives you the following features:

1.The essentials: Objects, strings, threads, numbers, input and output, data

structures, system properties, date and time, and so on.

2. Applets: The set of conventions used by applets.

3. Networking: URLs, TCP (Transmission Control Protocol), UDP

(User Data gram Protocol) sockets, and IP (Internet Protocol) addresses.

13

Page 25: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

4. Internationalization: Help for writing programs that can be

localized for users worldwide. Programs can automatically adapt to

specific locales and be displayed in the appropriate language.

5. Security: Both low level and high level, including electronic

signatures, public and private key management, access control, and

certificates.

6. Software components: Known as JavaBeansTM, can plug into

existing component architectures.

7. Object serialization: Allows lightweight persistence and

communication via Remote Method Invocation (RMI).

8. Java Database Connectivity (JDBCTM): Provides uniform access to

a wide range of relational databases.

The Java platform also has APIs for 2D and 3D graphics, accessibility, servers,

collaboration, telephony, speech, animation, and more. The following figure

depicts what is included in the Java 2 SDK.

14

Page 26: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

How Will Java Technology Change My Life?

We can’t promise you fame, fortune, or even a job if you learn the Java

programming language. Still, it is likely to make your programs better and

requires less effort than other languages. We believe that Java technology will

help you do the following:

Get started quickly: Although the Java programming language is a

powerful object-oriented language, it’s easy to learn, especially for

programmers already familiar with C or C++.

Write less code: Comparisons of program metrics (class counts,

method counts, and so on) suggest that a program written in the Java

programming language can be four times smaller than the same program

in C++.

Write better code: The Java programming language encourages

good coding practices, and its garbage collection helps you avoid memory

leaks. Its object orientation, its JavaBeans component architecture, and its

wide-ranging, easily extendible API let you reuse other people’s tested

code and introduce fewer bugs.

Develop programs more quickly: Your development time may be

as much as twice as fast versus writing the same program in C++. Why?

You write fewer lines of code and it is a simpler programming language

than C++.

Avoid platform dependencies with 100% Pure Java: You can keep

your program portable by avoiding the use of libraries written in other

languages. The 100% Pure JavaTM Product Certification Program has a

repository of historical process manuals, white papers, brochures, and

similar materials online.

15

Page 27: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

Write once, run anywhere: Because 100% Pure Java programs are

compiled into machine-independent byte codes, they run consistently on

any Java platform.

Distribute software more easily: You can upgrade applets easily

from a central server. Applets take advantage of the feature of allowing

new classes to be loaded “on the fly,” without recompiling the entire

program.

ODBC

Microsoft Open Database Connectivity (ODBC) is a standard programming

interface for application developers and database systems providers. Before ODBC

became a de facto standard for Windows programs to interface with database systems,

programmers had to use proprietary languages for each database they wanted to connect

to. Now, ODBC has made the choice of the database system almost irrelevant from a

coding perspective, which is as it should be. Application developers have much more

important things to worry about than the syntax that is needed to port their program from

one database to another when business needs suddenly change.

Through the ODBC Administrator in Control Panel, you can specify the particular

database that is associated with a data source that an ODBC application program is

written to use. Think of an ODBC data source as a door with a name on it. Each door will

lead you to a particular database. For example, the data source named Sales Figures

might be a SQL Server database, whereas the Accounts Payable data source could refer to

an Access database. The physical database referred to by a data source can reside

anywhere on the LAN.

The ODBC system files are not installed on your system by Windows 95. Rather,

they are installed when you setup a separate database application, such as SQL Server

Client or Visual Basic 4.0. When the ODBC icon is installed in Control Panel, it uses a

file called ODBCINST.DLL. It is also possible to administer your ODBC data sources

through a stand-alone program called ODBCADM.EXE.

16

Page 28: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

From a programming perspective, the beauty of ODBC is that the application can

be written to use the same set of function calls to interface with any data source,

regardless of the database vendor. The source code of the application doesn’t change

whether it talks to Oracle or SQL Server. We only mention these two as an example.

There are ODBC drivers available for several dozen popular database systems. Even

Excel spreadsheets and plain text files can be turned into data sources. The operating

system uses the Registry information written by ODBC Administrator to determine which

low-level ODBC drivers are needed to talk to the data source (such as the interface to

Oracle or SQL Server). The loading of the ODBC drivers is transparent to the ODBC

application program. In a client/server environment, the ODBC API even handles many

of the network issues for the application programmer.

The advantages of this scheme are so numerous that you are probably thinking

there must be some catch. The only disadvantage of ODBC is that it isn’t as efficient as

talking directly to the native database interface. ODBC has had many detractors make the

charge that it is too slow. Microsoft has always claimed that the critical factor in

performance is the quality of the driver software that is used. In our humble opinion, this

is true. The availability of good ODBC drivers has improved a great deal recently. And

anyway, the criticism about performance is somewhat analogous to those who said that

compilers would never match the speed of pure assembly language. Maybe not, but the

compiler (or ODBC) gives you the opportunity to write cleaner programs, which means

you finish sooner. Meanwhile, computers get faster every year.

JDBC

In an effort to set an independent database standard API for Java; Sun

Microsystems developed Java Database Connectivity, or JDBC. JDBC offers a generic

SQL database access mechanism that provides a consistent interface to a variety of

RDBMSs. This consistent interface is achieved through the use of “plug-in” database

connectivity modules, or drivers. If a database vendor wishes to have JDBC support, he

or she must provide the driver for each platform that the database and Java run on.

17

Page 29: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

To gain a wider acceptance of JDBC, Sun based JDBC’s framework on ODBC.

As you discovered earlier in this chapter, ODBC has widespread support on a variety of

platforms. Basing JDBC on ODBC will allow vendors to bring JDBC drivers to market

much faster than developing a completely new connectivity solution.

JDBC was announced in March of 1996. It was released for a 90 day public

review that ended June 8, 1996. Because of user input, the final JDBC v1.0 specification

was released soon after.

The remainder of this section will cover enough information about JDBC for you to know

what it is about and how to use it effectively. This is by no means a complete overview of

JDBC. That would fill an entire book.

JDBC Goals

Few software packages are designed without goals in mind. JDBC is one that,

because of its many goals, drove the development of the API. These goals, in conjunction

with early reviewer feedback, have finalized the JDBC class library into a solid

framework for building database applications in Java.

The goals that were set for JDBC are important. They will give you some insight as to

why certain classes and functionalities behave the way they do. The eight design goals for

JDBC are as follows:

SQL Level API

The designers felt that their main goal was to define a SQL interface for Java.

Although not the lowest database interface level possible, it is at a low enough level

for higher-level tools and APIs to be created. Conversely, it is at a high enough level

for application programmers to use it confidently. Attaining this goal allows for future

tool vendors to “generate” JDBC code and to hide many of JDBC’s complexities

from the end user.

SQL Conformance

18

Page 30: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

SQL syntax varies as you move from database vendor to database vendor. In an

effort to support a wide variety of vendors, JDBC will allow any query statement to

be passed through it to the underlying database driver. This allows the connectivity

module to handle non-standard functionality in a manner that is suitable for its users.

JDBC must be implemental on top of common database interfaces

The JDBC SQL API must “sit” on top of other common SQL level APIs. This

goal allows JDBC to use existing ODBC level drivers by the use of a software

interface. This interface would translate JDBC calls to ODBC and vice versa.

Provide a Java interface that is consistent with the rest of the Java

system

Because of Java’s acceptance in the user community thus far, the designers feel

that they should not stray from the current design of the core Java system.

Keep it simple

This goal probably appears in all software design goal listings. JDBC is no

exception. Sun felt that the design of JDBC should be very simple, allowing for only

one method of completing a task per mechanism. Allowing duplicate functionality

only serves to confuse the users of the API.

Use strong, static typing wherever possible

Strong typing allows for more error checking to be done at compile time; also,

less error appear at runtime.

Keep the common cases simple

Because more often than not, the usual SQL calls used by the programmer are

simple SELECT’s, INSERT’s, DELETE’s and UPDATE’s, these queries should be

simple to perform with JDBC. However, more complex SQL statements should also

be possible.

19

Page 31: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

Finally we decided to proceed the implementation using Java Networking. And for dynamically updating the cache table we go for MS Access database.

Java has two things: a programming language and a platform.

Java is a high-level programming language that is all of the following

Simple Architecture-neutral

Object-oriented Portable

Distributed High-performance

Interpreted multithreaded

Robust Dynamic

Secure

Java is also unusual in that each Java program is both compiled and

interpreted. With a compile you translate a Java program into an intermediate

language called Java byte codes the platform-independent code instruction is

passed and run on the computer.

Compilation happens just once; interpretation occurs each time the

program is executed. The figure illustrates how this works.

You can think of Java byte codes as the machine code instructions for the

Java Virtual Machine (Java VM). Every Java interpreter, whether it’s a Java

development tool or a Web browser that can run Java applets, is an

implementation of the Java VM. The Java VM can also be implemented in

hardware.

20

Page 32: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

Java byte codes help make “write once, run anywhere” possible. You can

compile your Java program into byte codes on my platform that has a Java

compiler. The byte codes can then be run any implementation of the Java VM.

For example, the same Java program can run Windows NT, Solaris, and

Macintosh.

21

Page 33: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

CHAPTER 4System Design

Page 34: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

4.SYSTEM DESIGN

3.1 Data Flow Diagram

The Data-flow diagram is a graphical representation of the “flow” of data

through an information system. It differs from the flowchart. Flowchart as it shows

the data flow instead of the control flow of the program. A data-flow diagram can also

be used for the visualization of Data processing.

The system designer makes “a context level DFD” or Level 0, which shows the

“interaction”( data flows) between “the system” (represented by one process) and

“the system environment” (represented by terminators). The system is “decomposed

in lower-level DFD (Level 1)” into a set of “processes, data stores, and the data flows

between these processes and data stores.” Each process is then decomposed into an

even-lower-level diagram containing its sub processes.

22

Page 35: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

23

Page 36: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

4.2 Sequence Diagram

24

Page 37: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

4.3 Class Diagram

25

Page 38: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

4.4 Component Diagram

26

Page 39: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

4.5 Use case Diagram

27

Page 40: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

4.6 Activity Diagram

28

Page 41: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

4.7 ER-Diagram

29

Page 42: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

CHAPTER 5Implementation

Page 43: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

SAMPLE CODES

package databaseconnection;

import java.sql.*;

public class databasecon

{

static Connection con;

public static Connection getconnection()

{

try

{

Class.forName("com.mysql.jdbc.Driver");

con =

DriverManager.getConnection("jdbc:mysql://localhost:3306/singlecloud","root","mani");

}

catch(Exception e)

{

System.out.println("class error");

}

return con;

} }

30

Page 44: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

2-

<?xml version="1.0" encoding="ISO-8859-1" ?>

<!DOCTYPE taglib

PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.1//EN"

"http://java.sun.com/j2ee/dtds/web-jsptaglibrary_1_1.dtd">

<taglib>

<tlibversion>1.0</tlibversion>

<jspversion>1.1</jspversion>

<shortname>pg</shortname>

<uri>http://jsptags.com/tags/navigation/pager</uri>

<info>

The Pager Tag Library is the easy and flexible way to implement paging of

large data sets in JavaServer Pages (JSP). It can emulate all currently

known paging styles with minimal effort. It also includes re-usable index

styles that emulate the search result navigators of popular web sites

such as Google[sm], AltaVista® and Yahoo!. The Pager Tag Library does most

of the work for you by dynamically organizing your data set into pages and

generating a browsable index with virtually any look desired.

</info>

31

Page 45: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

<tag>

<name>pager</name>

<tagclass>com.jsptags.navigation.pager.PagerTag</tagclass>

<teiclass>com.jsptags.navigation.pager.PagerTagExtraInfo</teiclass>

<bodycontent>JSP</bodycontent>

<attribute>

<name>id</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

<attribute>

<name>url</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

<attribute>

<name>items</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

32

Page 46: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

<attribute>

<name>maxItems</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

<attribute>

<name>maxPageItems</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

<attribute>

<name>maxIndexPages</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

<attribute>

<name>isOffset</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

<attribute>

33

Page 47: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

<name>index</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

<attribute>

<name>export</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

<attribute>

<name>scope</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

</tag>

<tag>

<name>param</name>

<tagclass>com.jsptags.navigation.pager.ParamTag</tagclass>

<bodycontent>empty</bodycontent>

<attribute>

34

Page 48: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

<name>id</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

<attribute>

<name>name</name>

<required>true</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

<attribute>

<name>value</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

</tag>

<tag>

<name>item</name>

<tagclass>com.jsptags.navigation.pager.ItemTag</tagclass>

<bodycontent>JSP</bodycontent>

<attribute>

<name>id</name>

35

Page 49: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

</tag>

<tag>

<name>index</name>

<tagclass>com.jsptags.navigation.pager.IndexTag</tagclass>

<teiclass>com.jsptags.navigation.pager.IndexTagExtraInfo</teiclass>

<bodycontent>JSP</bodycontent>

<attribute>

<name>id</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

<attribute>

<name>export</name>

<required>false</required>

<rtexprvalue>false</rtexprvalue>

</attribute>

</tag>

36

Page 50: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

<tag>

<name>first</name>

<tagclass>com.jsptags.navigation.pager.FirstTag</tagclass>

<teiclass>com.jsptags.navigation.pager.JumpTagExtraInfo</teiclass>

<bodycontent>JSP</bodycontent>

<attribute>

<name>id</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

<attribute>

<name>export</name>

<required>false</required>

<rtexprvalue>false</rtexprvalue>

</attribute>

<attribute>

<name>unless</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

</tag>

37

Page 51: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

<tag>

<name>prev</name>

<tagclass>com.jsptags.navigation.pager.PrevTag</tagclass>

<teiclass>com.jsptags.navigation.pager.PageTagExtraInfo</teiclass>

<bodycontent>JSP</bodycontent>

<attribute>

<name>id</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

<attribute>

<name>export</name>

<required>false</required>

<rtexprvalue>false</rtexprvalue>

</attribute>

<attribute>

<name>ifnull</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

</tag>

38

Page 52: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

<tag>

<name>page</name>

<tagclass>com.jsptags.navigation.pager.PageTag</tagclass>

<teiclass>com.jsptags.navigation.pager.JumpTagExtraInfo</teiclass>

<bodycontent>JSP</bodycontent>

<attribute>

<name>id</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

<attribute>

<name>export</name>

<required>false</required>

<rtexprvalue>false</rtexprvalue>

</attribute>

</tag>

<tag>

<name>pages</name>

<tagclass>com.jsptags.navigation.pager.PagesTag</tagclass>

<teiclass>com.jsptags.navigation.pager.PageTagExtraInfo</teiclass>

<bodycontent>JSP</bodycontent>

39

Page 53: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

<attribute>

<name>id</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

<attribute>

<name>export</name>

<required>false</required>

<rtexprvalue>false</rtexprvalue>

</attribute>

</tag>

<tag>

<name>next</name>

<tagclass>com.jsptags.navigation.pager.NextTag</tagclass>

<teiclass>com.jsptags.navigation.pager.PageTagExtraInfo</teiclass>

<bodycontent>JSP</bodycontent>

<attribute>

<name>id</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

40

Page 54: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

<attribute>

<name>export</name>

<required>false</required>

<rtexprvalue>false</rtexprvalue>

</attribute>

<attribute>

<name>ifnull</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

</tag>

<tag>

<name>last</name>

<tagclass>com.jsptags.navigation.pager.LastTag</tagclass>

<teiclass>com.jsptags.navigation.pager.JumpTagExtraInfo</teiclass>

<bodycontent>JSP</bodycontent>

<attribute>

<name>id</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

41

Page 55: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

<attribute>

<name>export</name>

<required>false</required>

<rtexprvalue>false</rtexprvalue>

</attribute>

<attribute>

<name>unless</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

</tag>

<tag>

<name>skip</name>

<tagclass>com.jsptags.navigation.pager.SkipTag</tagclass>

<teiclass>com.jsptags.navigation.pager.PageTagExtraInfo</teiclass>

<bodycontent>JSP</bodycontent>

<attribute>

<name>id</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

42

Page 56: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

</attribute>

<attribute>

<name>export</name>

<required>false</required>

<rtexprvalue>false</rtexprvalue>

</attribute>

<attribute>

<name>ifnull</name>

<required>false</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

<attribute>

<required>true</required>

<rtexprvalue>true</rtexprvalue>

</attribute>

</tag>

s</taglib>

43

Page 57: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

CHAPTER 6Testing

Page 58: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

6. TESTING

6.1 System Testing

The purpose of testing is to discover errors. Testing is the process of trying to

discover every conceivable fault or weakness in a work product. It provides a way to

check the functionality of components, sub-assemblies, assemblies and/or a finished

product It is the process of exercising software with the intent of ensuring that the

Software system meets its requirements and user expectations and does not fail in an

unacceptable manner. There are various types of test. Each test type addresses a specific

testing requirement.

6.2Types of Testing

6.2.1 Functional testing

Functional tests provide a systematic demonstration that functions tested are

available as specified by the business and technical requirements, system documentation,

and user manuals.

Functional testing is centered on the following items:

Valid Input: Identified classes of valid input must be accepted.

Invalid Input: Identified classes of invalid input must be rejected.

Functions: Identified functions must be exercised.

Output: Identified classes of application outputs must be exercised.

Systems/Procedures: Interfacing systems or procedures must be invoked.

Organization and preparation of functional tests is focused on requirements, key

functions, or special test cases. In addition, systematic coverage pertaining to identify

Business process flows; data fields, predefined processes, and successive processes must

44

Page 59: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

be considered for testing. Before functional testing is complete, additional tests are

identified and the effective value of current tests is determined.

6.2.2.System Testing

System testing ensures that the entire integrated software system meets

requirements. It tests a configuration to ensure known and predictable results. An

example of system testing is the configuration oriented system integration test. System

testing is based on process descriptions and flows, emphasizing pre-driven process links

and integration points

6.2.3.Unit Testing

Unit testing is usually conducted as part of a combined code and unit test phase of

the software lifecycle, although it is not uncommon for coding and unit testing to be

conducted as two distinct phases.

6.2.4.Test strategy and approach

Field testing will be performed manually and functional tests will be written in

detail.

6.2.5.Test objectives

All field entries must work properly. Pages must be activated from the identified

link .The entry screen, messages and responses must not be delayed.

6.2.6 Features to be tested

Verify that the entries are of the correct format no duplicate entries should be

allowed. All links should take the user to the correct page.

6.3. INTEGRATION TESTING

Software integration testing is the incremental integration testing of two or more

integrated software components on a single platform to produce failures caused by

45

Page 60: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

interface defects. The task of the integration test is to check that components or software

applications.

E.g. components in a software system or – one step up – software applications at the

company level – interact without error.

6.4.ACCEPTANCE TESTING

User Acceptance Testing is a critical phase of any project and requires significant

participation by the end user. It also ensures that the system meets the functional

requirements.

Acceptance testing for intranet lives search tax management system:

Users have separate roles to modify the database tables.

Users should have the ability to modify the privilege for a screen.

Test Results: All the test cases mentioned above passed successfully. No defects

encountered.

6.5. Summary

The purpose of testing is to discover errors. Testing is the process of trying to

discover every conceivable fault or weakness in a work product. It provides a way to

check the functionality of components, sub-assemblies, assemblies and/or a finished

product It is the process of exercising software with the intent of ensuring that the

Software system meets its requirements and user expectations and does not fail in an

unacceptable manner. Functional tests provide a systematic demonstration that functions

tested are available as specified by the business and technical requirements, system

documentation, and user manuals. System testing ensures that the entire integrated

software system meets requirements. It tests a configuration to ensure known and

predictable results and

Finally all the test cases are passed no defects are encountered.

46

Page 61: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

CHAPTER 7Sample Screens

Page 62: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

Welcome Page

Client Register

47

Page 63: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

Client Login

File Upload

48

Page 64: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

File Stored in Multi-Cloud

File upload to Multi Cloud

49

Page 65: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

Cloud Owner Login

User File

50

Page 66: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

File Verify Owner

File Verified

51

Page 67: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

Provider Login

File verify

52

Page 68: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

Adding Information to Client File

53

Page 69: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

While verifying the File it Shown Error

After Verify

54

Page 70: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

Client verify File with Key

Client Verify Server 1

55

Page 71: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

Client Verify Server 2

Client Verify Server 3

56

Page 72: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

View Original File and Download

57

Page 73: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

CHAPTER 8Conclusions and

Future

Enhancement

Page 74: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

8.1 CONCLUSION

It is clear that although the use of cloud computing has rapidly increased, cloud

computing security is still considered the major issue in the cloud computing

environment. Customers do not want to lose their private information as a result of

malicious insiders in the cloud. In addition, the loss of service availability has caused

many problems for a large number of customers recently. Furthermore, data intrusion

leads to many problems for the users of cloud computing. The purpose of this work is

to survey the recent research on single clouds and multi-clouds to address the security

risks and solutions. We have found that much research has been done to ensure the

security of the single cloud and cloud storage whereas multi-clouds have received less

attention in the area of security. We support the migration to multi-clouds due to its

ability to decrease security risks that affect the cloud computing user.

8.2 Future Work

For future work, we aim to provide a framework to supply a secure cloud

database that will guarantee to prevent security risks facing the cloud computing

community. This framework will apply multi-clouds and the secret sharing algorithm

to reduce the risk of data intrusion and the loss of service availability in the cloud and

ensure data integrity.

58

Page 75: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

CHAPTER 9Bibliography

Page 76: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

REFERENCES

[1] (NIST), http://www.nist.gov/itl/cloud/.

[2] I. Abraham, G. Chockler, I. Keidar and D. Malkhi, "Byzantine disk paxos: optimal

resilience with Byzantine shared memory", Distributed Computing, 18(5), 2006, pp.

387-408.

[3] H. Abu-Libdeh, L. Princehouse and H. Weatherspoon, "RACS: a case for cloud

storage diversity", SoCC'10:Proc. 1st ACM symposium on Cloud computing, 2010,

pp. 229-240.

[4] D. Agrawal, A. El Abbadi, F. Emekci and A. Metwally, "Database Management as

a Service: Challenges and Opportunities", ICDE'09:Proc.25thIntl. Conf. on Data

Engineering, 2009, pp. 1709-1716.

[5] M.A. AlZain and E. Pardede, "Using Multi Shares for Ensuring Privacy in

Database-as-a-Service", 44th Hawaii Intl. Conf. on System Sciences (HICSS), 2011,

pp. 1-9.

[6] Amazon, Amazon Web Services. Web services licensing agreement,

October3,2006.

[7] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson and D.

Song, "Provable data possession at untrusted stores", Proc. 14th ACM Conf. on

Computer and communications security, 2007, pp. 598-609.

[8] A. Bessani, M. Correia, B. Quaresma, F. André and P. Sousa, "DepSky:

dependable and secure storage in a cloud-of-clouds", EuroSys'11:Proc. 6thConf. on

Computer systems, 2011, pp. 31-46.

[9] K. Birman, G. Chockler and R. van Renesse,"Toward a cloud computing research

agenda", SIGACT News, 40, 2009, pp. 68-80.

59

Page 77: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

[10] K.D. Bowers, A. Juels and A. Oprea, "HAIL: A high-availability and integrity

layer for cloud storage", CCS'09: Proc. 16th ACM Conf. on Computer and

communications security, 2009, pp. 187-198.

[11] C. Cachin, R. Haas and M. Vukolic, "Dependable storage in the Intercloud",

Research Report RZ, 3783, 2010.

[12] C. Cachin, I. Keidar and A. Shraer, "Trusting the cloud", ACM SIGACT News,

40, 2009, pp. 81-86.

[13] C. Cachin and S. Tessaro, "Optimal resilience for erasure-coded Byzantine

distributed storage", DISC:Proc. 19thIntl.Conf. on Distributed Computing, 2005, pp.

497-498.

[14] M. Castro and B. Liskov, "Practical Byzantine fault tolerance", Operating

Systems Review, 33, 1998, pp. 173-186.

[15] G. Chockler, R. Guerraoui, I. Keidar and M. Vukolic, "Reliable distributed

storage", Computer, 42, 2009, pp. 60-67.

[16] Clavister, "Security in the cloud", Clavister White Paper, 2008.

[17] A.J. Feldman, W.P. Zeller, M.J. Freedman and E.W. Felten, "SPORC: Group

collaboration using untrusted cloud resources", OSDI, October2010, pp. 1-14.

[18] S.L. Garfinkel, "Email-based identification and authentication: An alternative to

PKI?", IEEE Security and Privacy, 1(6), 2003, pp. 20-26.

[19] S.L. Garfinkel, "An evaluation of amazon’s grid computing services: EC2, S3,

and SQS", Technical Report TR-08-07, Computer Science Group, Harvard

University, Citeseer, 2007, pp. 1-15.

[20] E. . Goh, H. Shacham, N. Modadugu and D. Boneh, "SiRiUS: Securing remote

untrusted storage",NDSS: Proc. Network and Distributed System Security

Symposium, 2003, pp. 131–145.

60

Page 78: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

[21] G.R. Goodson, J.J. Wylie, G.R. Ganger and M.K. Reiter, "Efficient Byzantine-

tolerant erasure-coded storage",DSN'04: Proc.Intl. Conf. on Dependable Systems and

Networks,2004, pp.1-22.

[22] E. Grosse, J. Howie, J. Ransome, J. Reavis and S. Schmidt, "Cloud computing

roundtable", IEEE Security & Privacy, 8(6), 2010, pp. 17-23.

[23] J. Hendricks, G.R. Ganger and M.K. Reiter, "Lowoverhead byzantine fault-

tolerant storage", SOSP'07: Proc. 21st ACM SIGOPS symposium on Operating

systems principles, 2007, pp. 73-86.

[24] A. Juels and B.S. Kaliski Jr, "PORs: Proofs of retrievability for large files", CCS

'07: Proc. 14th ACM Conf. on Computer and communications security, 2007, pp. 584-

597.

[25] S. Kamara and K. Lauter, "Cryptographic cloud storage", FC'10: Proc.

14thIntl.Conf. on Financial cryptograpy and data security,2010, pp. 136-149.

[26] H. Krawczyk, M. Bellare and R. Canetti, "HMAC: Keyed-hashing for message

authentication", Citeseer, 1997, pp. 1-11.

[27] P. Kuznetsov and R. Rodrigues, "BFTW 3: why? when? where? workshop on the

theory and practice of byzantine fault tolerance", ACM SIGACT News, 40(4),2009,

pp. 82-86.

[28] L. Lamport, R. Shostak and M. Pease, "The Byzantine generals problem", ACM

Transactions on Programming Languages and Systems, 4(3), 1982, pp. 382-401.

[29] P.A. Loscocco, S.D. Smalley, P.A. Muckelbauer, R.C. Taylor, S.J. Turner and J.F.

Farrell, "The inevitability of failure: The flawed assumption of security in modern

computing environments", Citeseer, 1998, pp. 303-314.

[30] P. Mahajan, S. Setty, S. Lee, A. Clement, L. Alvisi, M. Dahlin and M. Walfish,

"Depot: Cloud storage with minimal trust", OSDI'10: Proc. of the 9th USENIX Conf.

on Operating systems design and implementation, 2010, pp. 1-16.

61

Page 79: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

[31] U. Maheshwari, R. Vingralek and W. Shapiro, "How to build a trusted database

system on untrusted storage", OSDI'00: Proc. 4thConf. On Symposium on Operating

System Design & Implementation, 2000, p. 10.

[32] D. Malkhi and M. Reiter, "Byzantine quorum systems", Distributed Computing,

11(4),1998, pp. 203-213.

[33] J.-P. Martin, L. Alvisi and M. Dahlin, "Minimal byzantine storage", DISC '02:

Proc. of the 16thIntl. Conf. on Distributed Computing, 2002, pp. 311-325.

[34] H.Mei, J. Dawei, L. Guoliang and Z. Yuan, "Supporting Database Applications

as a Service", ICDE'09:Proc. 25thIntl.Conf. on Data Engineering,

2009, pp. 832-843.

BOOKS

[1] ‘Software Engineering’,Roger.S.Pressman Mc.Graw Hill

[2] ‘The Unified Modeling Language User Guide’, Grady Booch, James Rumbaugh,

Ivar Jacobson.

[3] ‘Sotware Project Management’.Walker Rayce.

WEBSITES

http://java.sun.com

http://www.sourcefordgde.com

http://www.networkcomputing.com/

http://www.roseindia.com/

http://www.java2s.com/

62

Page 80: Cloud Computing Security From Sngle to multi Clouds Full Documentaion

63