Você está na página 1de 36

A Secured Cost-effective Multi-Cloud Storage in

Cloud Computing
Introduction to the area
The end of this decade is marked by a paradigm shift of the
industrial information technology towards a pay-per-use service
business model known as cloud computing. Cloud data storage
redefines the security issues targeted on customers outsourced
data (data that is not stored/retrieved from the costumers own
servers). In this work we observed that, from a customers point
of view, relying upon a solo SP for his outsourced data is not very
promising. In addition, providing better privacy as well as
ensuring data availability, can be achieved by dividing the users
data block into data pieces and distributing them among the
available SPs in such a way that no less than a threshold number
of SPs can take part in successful retrieval of the whole data
block. In this paper, we propose a secured cost-effective multicloud storage (SCMCS) model in cloud computing which holds an
economical distribution of data among the available SPs in the
market, to provide customers with data availability as well as
secure storage. Our results show that, our proposed model
provides a better decision for customers according to their
available budgets.
Literature survey
Exiting System
The end of this decade is marked by a paradigm shift of the
industrial information technology towards a subscription based or
pay-per-use service business model known as cloud computing.
This paradigm provides users with a long list of advantages, such
as provision computing capabilities; broad, heterogeneous
network access; resource pooling and rapid elasticity with
measured services. Huge amounts of data being retrieved from
geographically distributed data sources, and non-localized datahandling requirements, create such a change in technological as

well as business model. One of the prominent services offered in


cloud computing is the cloud data storage, in which, subscribers
do not have to store their data on their own servers, where
instead their data will be stored on the cloud service providers
servers. In cloud computing, subscribers have to pay the service
providers for this storage service. This service does not only
provides flexibility and scalability for the data storage, it also
provide customers with the benefit of paying only for the amount
of data they need to store for a particular period of time, without
any concerns for efficient storage mechanisms and
maintainability issues with large amounts of data storage. In
addition to these benefits, customers can easily access their data
from any geographical region where the Cloud Service Providers
network or Internet can be accessed. Cloud data storage also
redefines the security issues targeted on customers outsourced
data (data that is not stored/retrieved from the costumers own
servers).
Problem in the existing system
In Existing System we observed that, from a customers point of
view, relying upon a solo SP (Service Provider) for his outsourced
data is not very promising. In addition, providing better privacy as
well as ensure data availability, can be achieved by dividing the
users data block into data pieces and distributing them among
the available SPs in such a way that no less than a threshold
number of SPs can take part in successful retrieval of the whole
data block.
Available solution and their features
Since the inception of Information Technology, it has played an
important part in ensuring that companies and businesses run
smoothly. Information Technology has provided various types of
services which are secure, reliable, and available every time. In
order to obtain the highest quality cloud computing, business
owners have turned to its characteristics and features in order to

acquire this service. Cloud computing has become attractive to


end users and customers because of these salient characteristics.

A key characteristic of cloud computing is its quick scalability.


Upgrades and changes to the services are done instantaneously
and easily enabling the cloud computing service to be resilient. A
business owner can easily request for additional bandwidth, data
storage, processing speed, and additional users or licenses. There
is no need to do project implementation, procurement, and
project costing because the system just needs the business owner
to place an order to the cloud computing vendor.
With the cloud computing service, everything is measurable. The
business owner can obtain a specific number of user license per
software, and a fixed network bandwidth and data space which
fits the businesss demands. This feature makes the cost of cloud
computing predictable. It also defines accurately the inclusions in
the service. If the business owner avails of such service, his
employees can experience different services online with large
data spaces; various new software; multi-value added services;
various processing techniques; and ease of accessibility to a
capable and rich network.
An important feature of cloud computing is its ability to let the
business owner decide on his current and future needs. If he
expands his business, he can easily request for additional services
which can match his needs. Cloud computing also makes
available various hardware or software resources. A business
owner can access such resources on demand. Cloud hosting is
also more reliable because it manages the whole cloud thereby
allowing a business owners website more data spaces,
bandwidth, and more resources depending on the sites needs.
Resources of websites which are not accessed currently are freed

and moved to sites which are in dire need of additional


bandwidth, data space, and other resources.
Data is share within a server therefore the provider must ensure
that each account is secured, that only authorized users in one
account can access it. Loss of data is also avoided because the
supplier must ensure that every hardware or software resources
are high end because there are a lot of clients relying on the
service. Backup is also sophisticated in cloud computing. A
business owner need not worry about backup responsibilities
because the supplier has taken steps to put up a great system for
backup. Disk failure or server crash wont create much problem
because the supplier can easily restore the latest backup.

Problem Definition
Problem definition
Privacy preservation and data integrity are two of the
most critical security issues related to user data. In conventional
paradigm, the organizations had the physical possession of their
data and hence have an ease of implementing better data
security policies. But in case of cloud computing, the data is
stored on an autonomous business party that provides data
storage as a subscription service. The users have to trust the
cloud service provider (SP) with security of their data. In, the
author discussed the criticality of the privacy issues in cloud
computing, and pointed out that obtaining information from a
third party is much easier than from the creator himself. Following
the pattern of paradigm shift, the security policies also evolved
from

the

conventional

cryptographic

schemes

applied

in

centralized and distributed data storage, for enabling the data


privacy.

Proposed solution
In this project, we proposed an economical distribution of
data among the available SPs in the market, to provide customers
with data availability as well as secure storage. In our model, the
customer divides his data among several SPs available in the
market, based on his available budget. Also we provide a decision
for the customer, to which SPs he must chose to access data, with
respect to data access quality of service offered by the SPs at the
location of data retrieval. This not only rules out the possibility of
a SP misusing the customers data, breaching the privacy of data,
but can easily ensure the data availability with a better quality of
service.
Our proposed approach will provide the cloud computing
users a decision model, that provides a better security by
distributing the data over multiple cloud service providers in such
a way that, none of the SP can successfully retrieve meaningful
information from the data pieces allocated at their servers. Also,
in addition, we provide the user with better assurance of
availability of data, by maintaining redundancy in data
distribution. In this case, if a service provider suffers service
outage or goes bankrupt, the user still can access his data by
retrieving it from other service providers.

Development process

A waterfall model is a means of making the development


process more visible. Because of the cascade from one phase to
another, this model is known as the waterfall model

Requiremen
ts
System and
Software

Implementati
on

Integration
and System

testing

Operation
and
Maintenanc

There are numerous variations of this process model. The


principal stages of the model map onto the fundamental
development activities:

1. Requirements analysis and definition. The systems services,


constraints and goals are established by consultation with
system users. Both users then define them in a manner, which
is understandable and development staff.
2. System and software design. The systems design process
partitions the requirements to either hardware or software
systems. It establishes an overall system architecture. Software
design involves representing the software system functions in a
form that may be transformed into one or more executable
programs.
3. Implementation and unit testing. During this stage, the
software design is realized as a set of programs or program
unit. Unit testing involves verifying that each unit meets its
specification.
4. Integration and system. The individual program units or
programs are integrated and tested as a complete system to
ensure that the software requirements have been met. After
testing, the software system is delivered to the customer.
5. Operation and maintenance. Normally this is the longest life
cycle phase. The system is installed and put into practical use.
Maintenance involves correcting errors which were not
discovered in earlier stages of the life cycle, improving the
implementation of system units and enhancing the systems
services as new requirements are discovered.

Advantages of proposed solution

Without any concerns for efficient storage mechanisms and


maintainability issues with large amounts of data storage.
Cloud data storage also redefines the security issues
targeted on customers outsourced data.
Software requirement specification
Purpose, scope
We consider the storage services for cloud data storage between
two entities, cloud users (U) and cloud service providers (SP). The
cloud storage service is generally priced on two factors, how
much data is to be stored on the cloud servers and for how long
the data is to be stored. In our model, we assume that all the data
is to be stored for same period of time.
We consider p number of cloud service providers (SP), each
available cloud service provider is associated with a QoS factor,
along with its cost of providing storage service per unit of stored
data (C). Every SP has a different level of quality of service (QoS)
offered as well as a different cost associated with it. Hence, the
cloud user can store his data on more than one SPs according to
the required level of security and their affordable budgets.

Product overview
We consider the storage services for cloud data storage between
two entities, cloud user and cloud service providers. The cloud
storage service is generally priced on two factors, how much data
is to be stored on the cloud servers and for how long the data is
to be stored. In our model, we assume that all the data is to be
stored for same period of time. We consider number of cloud
service providers each available cloud service provider

is

associated with a factor, along with its cost of providing storage


service per unit of stored data. Every has a different level of
quality of service offered as well as a different cost associated
with it. Hence, the cloud user can store his data on more than one
according to the required level of security and their affordable
budgets.

Functional requirement
Cloud computing is the one of the most overused buzzwords in
IT. Similar to many other new and emerging technologies,
vendors are trying to cash in on the hype by over promising and
under delivering. Not defining a clear and complete set of
requirements for cloud computing is a recipe for disappointment.
Requirements are needed to ensure alignment with your business
processes and compatibility with your system architecture.
Developing requirements for cloud computing is similar to other
projects, but also differs in many ways. In addition to functional
requirements, it is necessary to define many types of
supplemental requirements unique to cloud computing, such as:
Governance
Who will own the application?
What governance structure is needed?
Who pays for the solution?
What are the responsibilities of IT?
What are the responsibilities of the Business Unit?
What operational mechanisms are needed to support the
solution?
Accessibly
Who is responsible for setting up new users?
Who will have access to the system?

Architectural integration
How do we integrate this into our existing infrastructure?
How will we monitor performance?
Deployment and test responsibilities
Who is responsible for designing and testing the solution?
Who is responsible for training the users?
Data integration
How do we extract data and import to our data warehouse?
How do we integrate with our existing ERP systems?
How do we integrate with our external suppliers?
Security
What are the security implications for our organization?
Do we have any auditing requirements?
Will the solution integrate with our single user log in?
Performance requirement
Guaranteed performance
Guaranteed performance means that, in the face of a abrupt
increase in traffic to an
unexpected level, which can degrade its performance due to
overload to cloud system, a
cloud system autonomously selects a provider that offers an SLA
that satisfies the
consumers demands, and distributes its load to other cloud
systems, thereby continuing
to provide guaranteed service performance for consumers. It also
means guaranteeing
the performance for a higher-priority processing by means of
temporarily delegating the
workload of low-priority processing tasks to other cloud systems.
Guaranteed availability

Guaranteed availability means that, when damaged by a disaster


and threatened to
continuity of services provided by a cloud system, a cloud system
recovers the services
(disaster recovery) by interworking with cloud systems located in
areas unaffected by
the disaster, thereby continuing to provide the guaranteed
services as before the
disaster. If it is difficult to recover services in such a way as to
provide guaranteed
quality for all the services, it is important to recover services
according to priority of
each services, such as continues to provide the guaranteed
quality for high priority
services and attempts to satisfy the a part of quality requirements
only on a best-effort basis.
Convenience of service cooperation
Convenience of service cooperation means to improve
convenience that, when several
related procedures need to be completed, such as when applying
for a passport, a cloud
system cooperates applying service and all the related procedural
services in such a way
that the consumer can see all the services involved as a one-stop
service.
Exception handling
Missing or defective exception handling provisions have caused
many failures in critical software intensive systems even though
they had undergone extensive review and test.
The failures occurred under conditions that had not been covered
in the reviews and tests because of incomplete or imprecise

system requirements. To curb this cause of failures the paper


addresses the generation of system requirements for exception
handling.
The systems most in need of precise exception handling
requirements are real-time control systems because in these
there is usually no opportunity to roll back and try a second time.
In keeping with the EWICS TC7 convention [1] such systems are in
the following called critical systems. They are found in aerospace,
process control, and increasingly in automotive applications.
Software for critical systems is expected to protect against a wide
range of anomalies that can include
Unusual environmental conditions
Erroneous inputs from operators
Faults in the computer(s), the software and communication lines
The portions of the programs that are charged with providing this
protection are called exception handling provisions or exception
handlers. Their purpose is (a) to detect that an anomalous
condition has been encountered and (b) to provide a recovery
path that permits continued system operation, sometimes with
reduced capabilities. In critical systems a large part of the
software can be devoted to exception handling and in some cases
a substantial part of the failures in these systems have been
traced to deficiencies in the exception handlers.
Thus, exception handling is an important part of software
development and of the verification and validation activities.
The programmer views exception handling as a task that requires
detecting an abnormal condition, stopping the normal execution,
saving the current program state, and locating the resources
required for continuing the execution. An example of the issues

dealt with at that level is the following program construct and the
comment that follows it:
public void someMethod() throws Exception{
}
This method is a blank one; it does not have any code in it. How
can a blank method throw exceptions? Java does not stop you
from doing this.
Acceptance criteria
Acceptance criteria define the boundaries of a user story, and are
used to confirm when a story is completed and working as
intended.
For the above example, the acceptance criteria could include:
1.

A user cannot submit a form without completing all the


mandatory fields

2.

Information from the form is stored in the registrations


database

3.
4.

Protection against spam is working


An acknowledgment email is sent to the user after
submitting the form.
As you can see, the acceptance criteria are written in simple
language, just like the user story. When the development team
has finished working on the user story they demonstrate the
functionality to the Product Owner, showing how each criterion is
satisfied.

Including acceptance criteria as part of your user stories has


several benefits:

they get the team to think through how a feature or piece of


functionality will work from the users perspective
they remove ambiguity from requirements
they form the tests that will confirm that a feature or piece
of functionality is working and complete.
Glossary of terms
Backup: Refers to making copies of data so that these additional
copies may be used to restore the original after a data loss event.
These additional copies are typically called "backups." Backups
are useful primarily for two purposes: (1) to restore a state
following a disaster (called disaster recovery), and (2) to restore
small numbers of files after they have been accidentally deleted
or corrupted.
Bandwidth: The amount of data that can be transmitted in a
fixed amount of time. For digital devices, the bandwidth is usually
expressed in bits per second (bps) or bytes per second. For analog
devices, the bandwidth is expressed in cycles per second, or Hertz
(Hz). The amount of data that can travel through a circuit. This is
measured in bits per second. The larger the bandwidth, the more
data you can get through in a shorter period of time. Think of this
as the difference between a small diameter hose and a larger
one. Youll have the advantage in a water fight with the larger
hose.
Bit: Short for binary digit, the smallest unit of information on a
machine. A single bit can hold only one of two values: 0 or 1. More
meaningful information is obtained by combining consecutive bits
into larger units. For example, a byte is composed of 8
consecutive bits.

Blog: Short for Web log, a blog is a Web page that serves as a
publicly accessible personal journal for an individual. Typically
updated daily, blogs often reflect the personality of the author.
Browser: Short for Web browser, a software application used to
locate and display Web pages. The most popular browser is
Microsoft Internet Explorer a graphical browser, which means
that it can display graphics as well as text. In addition, most
modern browsers can present multimedia information, including
sound and video, though they require plug-ins for some formats.
Cloud Computing: Cloud computing is the use of computing
resources (hardware and software) that are delivered as a service
over a network (typically the Internet). The name comes from the
use of a cloud-shaped symbol as an abstraction for the complex
infrastructure it contains in system diagrams. Cloud computing
entrusts remote services with a user's data, software and
computation.
Convergence: The condition or process of combining
complementary technologies such as telecommunications,
networking and multimedia.
Cookies: The main purpose of cookies is to identify users and
possibly prepare customized Web pages for them. When you
enter a website using cookies, you may be asked to fill out a form
providing such information as your name and interests. This
information is packaged into a cookie and sent to your Web
browser which stores it for later use. The next time you go to the
same website, your browser will send the cookie to the Web
server. The server can use this information to present you with
custom Web pages. So, for example, instead of seeing just a
generic welcome page you might see a welcome page with your
name on it.
Customer Relationship Management (CRM): A database that
stores all customer information for easy retrieval.

Cyber attack: The leveraging of a target's computers and


information technology, particularly via the Internet, to cause
physical, real-world harm or severe disruption.
DHCP: Short for Dynamic Host Configuration Protocol, DHCP is
software that automatically assigns temporary IP addresses to
client stations logging onto an IP network. It eliminates having to
manually assign permanent "static" IP addresses. DHCP software
runs in servers and routers.
Digitizing: The process of converting data, images, audio, video,
etc. into a digital (binary) form.
DNS - Domain Name System: Computers on the Internet are
kept separate by the use of names and addresses. These
addresses are usually expressed as a sequence of four sets of
numbers separated by a decimal (for example 172.18.1.0).
Because this would be difficult to remember and also hard to type
in without making a mistake, we use the www.address.com style
names for us humans. Theyre translated into the numbering
system.
DSL: Short for Digital Subscriber Lines, DSL technologies use
sophisticated modulation schemes to pack data onto copper
wires. They are sometimes referred to as last-mile technologies
because they are used only for connections from a telephone
switching station to a home or office, not between switching
stations.
Dynamic Sites: Through the use of Database programming, this
type of website offers more than a static site since it can
constantly be updated from any where theres access to the
internet. This type of site is also necessary if e-commerce is to be
considered, search functions are require and secure transactions
of any type are to be conducted.
Electronic Commerce: Often referred to as simply e-commerce,
business that is conducted over the Internet using any of the
applications that rely on the Internet, such as e-mail, instant
messaging, and shopping carts. Electronic commerce can be

between two businesses transmitting funds, goods, services


and/or data or between a business and a customer.
Electronic Funds Transfer: Often abbreviated as EFT, it is the
paperless act of transmitting money through a secure computer
network. Popular EFT providers are VeriSign and PayPal.
Electronic discovery: or e-discovery, is a type of cyber forensics
and describes the process by where law enforcement can obtain,
secure, search and process any electronic data for use as
evidence in a legal proceeding or investigation. Electronic
discovery may be limited to a single computer or a network-wide
search.
Encryption: The translation of data into a secret code.
Encryption is the most effective way to achieve data security. A
way of coding the information in a file or e-mail message so that if
it is intercepted by a third party as it travels over a network it
cannot be read. Only the persons sending and receiving the
information have the key and this makes it unreadable to anyone
except the intended persons.
Ethernet: The format that all computers use to talk to each
other. Used in conjunction with Internet Protocol.
File Transfer Protocol (FTP): This is the system that allows you
to copy files from computers around the world onto your
computer. Also see Unlimited FTP.
Firewall: A system designed to prevent unauthorized access to
or from a private network. Firewalls can be implemented in both
hardware and software, or a combination of both. Firewalls are
frequently used to prevent unauthorized Internet users from
accessing private networks connected to the Internet, especially
intranets. All messages entering or leaving the intranet pass
through the firewall, which examines each message and blocks
those that do not meet the specified security criteria.
Hacker: A person who enjoys exploring the details of computers
and how to stretch their capabilities. A malicious or inquisitive

meddler who tries to discover information by poking around. A


person who enjoys learning the details of programming systems
and how to stretch their capabilities, as opposed to most users
who prefer to learn the minimum necessary.
HTML (Hypertext Mark Up Language): Thats the
programming language thats universally accepted for internet
programming.
HTTP (HyperText Transfer Protocol): The underlying protocol
used by the World Wide Web. HTTP defines how messages are
formatted and transmitted, and what actions Web servers and
browsers should take in response to various commands. For
example, when you enter a URL in your browser, this actually
sends an HTTP command to the Web server directing it to fetch
and transmit the requested Web page. These are the rules in
which a web users browser accesses files from a web server.
HTTPS: Same as above, using rules from a secure web server.
Hub: A common connection point for devices in a network. Hubs
are commonly used to connect segments of a LAN. A hub contains
multiple ports. When a packet arrives at one port, it is copied to
the other ports so that all segments of the LAN can see all
packets.
Identity theft: Identity theft occurs when somebody steals your
name and other personal information for fraudulent purposes.
Identity theft is a form of identity crime (where somebody uses a
false identity to commit a crime).
Internet Protocol (IP): The format that all computers use to talk
over the Internet.
IP Address: Short for Internet Protocol address, an IP address is
the address of a device attached to an IP network (TCP/IP
network). Every client, server, and network device must have a
unique IP address for each network connection (network
interface). Every IP packet contains a source IP address and a
destination IP address. An IP network is somewhat similar to the

telephone network in that you have to have the phone number to


reach a destination. The big difference is that IP addresses are
often temporary. Each device in an IP network is either assigned a
permanent address (static IP) by the network administrator or is
assigned a temporary address (dynamic IP) via DHCP software.
ISP (Internet Service Provider): A company that provides
access to the Internet. For a monthly fee, the service provider
gives you a software package, username, password, and access
phone number. Equipped with a high-speed device, you can then
log on to the Internet and browse the World Wide Web, and send
and receive e-mail.
Key Words: See Meta Tags
Local Area Network (LAN): An Ethernet switch and the cables
that go to computers that are geographically close together.
Meta Tags: A list of approximately thirty (30) words that are Key
to helping search engines find your website. This list should be
made in the order of importance as well as common misspellings
since its a human entering the search words into a search
engine. For example: Harbor Freight: Harbor, Harbour, Freight,
Frieght
Network: A group of two or more computer systems linked
together. There are many types of computer networks, including:
local-area networks (LANs) where the computers are
geographically close together (that is, in the same building); and
wide-area networks (WANs) where the computers are farther
apart and are connected by telephone lines or wireless radio
waves.
ODBC (Open Database Connectivity): A standard database
access method developed with the goal to make it possible to
access any data from any application, regardless of which
database management system (DBMS) is handling the data.
Phishing: A form of Internet fraud that aims to steal valuable
information such as credit cards, SSNs, user IDs, and passwords. A

fake website is created that is similar to that of a legitimate


organization, typically a financial institution such as a bank or
insurance company. An email is sent requesting that the recipient
access the fake website (which will usually be a replica of a
trusted site) and enter their personal details, including security
access codes.
Private Cloud: Private cloud is custom cloud infrastructure for an
individual organization that can be managed internally or by an IT
service company such as ITX, and can be hosted internally or
collocated depending on the businesses security and risk
tolerance. Undertaking a private cloud project requires a degree
of engagement between the organization and the IT company to
virtualize the business environment.
At ITX we are confident, knowledgeable and can build trust with a
business to ensure the best possible private cloud environment.
When it is done right, it can have a positive impact on a business.
Working together with a trusted company like ITX will allow each
step of the engineered design to be addressed; security, risk
tolerance, back-up and recovery, etc., to avoid possible
vulnerabilities. Unlike public cloud options, private clouds do not
share server resources with other customers, but use resources
dedicated to only one business. A private cloud lets you capitalize
on existing IT investments while making IT more dynamic.
Public Cloud: Public cloud applications, storage, and other
resources are made available to the general public by a service
provider such as what ITX offers in Microsoft Office 365.
Generally, public cloud service providers like Microsoft own and
operate the infrastructure and offer access only via Internet.
Public clouds share server resources and other standard resources
such as CPU, RAM, and drive space.
If your business is comfortable with sharing resources, then a
public cloud could be the computing model for your business.
Public clouds are beneficial for newer companies and start-ups not
wanting the heavy expenses of IT gear and established
companies with aging infrastructure. Or businesses that see the

cloud value; well understood and widely used, and that public
clouds do not require rethinking your IT from the ground up.
Pure IP: Digital phone system that digitizes analog speech into
bits to transmit them along with data bits over a unified network.
QoS (Quality of Service): A term used when describing IP
phone systems, QoS is a guaranteed or predictable level of
bandwidth, transmission speed, and freedom from dropped
packets, delay, jitter, and error that is necessary to ensure
adequate performance of particular applications.
Security: In the computer industry, refers to techniques for
ensuring that data stored in a computer cannot be read or
compromised by any individuals without authorization. Most
security measures involve data encryption and passwords. Data
encryption is the translation of data into a form that is
unintelligible without a deciphering mechanism. A password is a
secret word or phrase that gives a user access to a particular
program or system.
Server: This is where your website programming actually resides.
Think of this as one very, huge hard drive! A computer or device
on a network that manages network resources. For example, a file
server is a computer and storage device dedicated to storing files.
Any user on the network can store files on the server. A print
server is a computer that manages one or more printers. A
network server is a computer that manages network traffic. A
database server is a computer system that processes database
queries.
URL (Uniform Resource Locator): A URL is the global address
of documents and other resources on the World Wide Web. This is
your street address that no one else can have. Its your
www.yourname.com.
Virtual Private Network (VPN): A secure connection created
over a public network by using tunneling-mode encryption.

Web App: Short for Web Application. An application that is


accessed via web browser over a network such as the Internet or
an intranet. It is also a computer software application that is
coded in a browser-supported language (such as HTML,
JavaScript, Java, etc.) and reliant on a common web browser to
render the application executable.
Web-based Interface: Using any common browser such as
Microsoft Explorer.
Wide Area Network (WAN): Two or more Ethernet LANs
connected with long-distance data lines.
Technology requirement
Hardware requirements:
1 GB RAM
2 GB of free hard disk space
Intel P4 or Higher
Software requirements:
Java development kit 1.6.0(jdk1.6.0) or above
MS SQL Server 2008
Languages
Java 2 Enterprise Edition (J2EE)
o Java Server pages.
o Java Swing
o RMI
o JDBC
o SQL

System design
Use Case Model

Detailed design
High level design

Data Flow Diagram

Low level design

Relational model and Flowchart and pseudo code

Implementation
The goal of the coding phase is to translate the design into
code in the given programming language. The coding steps
translate the detailed design of the system into programming
language. The translation process continues when the compiler
accepts source code as input and produces machine dependent
object code as output. Linking of object files are done to produce
the machine code.
Internal documentation is another important factor, to
facilitate others to understand the code and the logic.

Code review and walk through


Both reviews and walk through used to deliver the correct
codes. The code review is done as soon as the source code is
ready to be executed, this is to reduce syntax errors and also
check the coding standards.

Module Specifications
The modules specified in the design are implemented using
various .htm, .jsp and .class files. These files in the source
code shares the common routines and share data structures, to
establish the hierarchical relationship.

Compilation and building the executables


The source code for the system organized in various files is
compiled using the javac utility provided in the JAVA. The
application is made to run with the Run in internet explorer using
the address as http://localhost:8080/LIC present in ROOT
directory of Apache Tomcat Server
Testing & Result
Testing is a process, which reveals errors in program. It is the
major quality measure employed during software development.
During testing, the program is executed with a set of conditions
known as test cases and output is evaluated to determine
whether the program is performing as expected.
The Primary and Larger objective of testing is to deliver quality
software. Quality software is one that is devoid of errors and
meets with a customers stated requirements.
If errors are found, then the software must be debugged to
locate these errors in the various programs. Corrections are then
made. The program/system must be tested once again after
corrections have been implemented - this time with an additional
objective of finding out whether or not corrections in one part of
the system have introduced any new errors elsewhere in the
system.
Once all errors are found, then another objective must be
accomplished that is check whether or not the system is doing

what it is supposed to do. So another aspect of testing is that it


must also ensure that the system meets with user requirements.
Techniques of testing
Black Box Testing
White Box Testing
Equivalence Portioning
Boundary Value Analysis
Ad-hoc Testing

Specialized Testing done for this Project are


Volume Testing - This was done to determine whether or not the
system is able to handle a large volume of data. The volume was
a representative of the real life volume with some provision for
future growth.
Performance testing - This is corollary to volume testing. This
testing was done to focus on the performance of the System
under large volumes and not just the ability to handle it.
Security Testing - This attempts to verify that the protection
mechanisms built into the system, actually protects the system
from unauthorized access or not.

Regression Testing - This was basically done to see if any


changes are made to one part of a Program whether it affects
another part of System and also to check the deviations in
behavior of unchanged parts of system
Unit testing
Unit testing is normally considered as an adjunct to the coding
step. After source level code has been developed, reviewed and
verified for correspondence to component level design. A review
of design information provides guidance for establishing test
cases that are likely to uncover errors in each of the categories.
Unit testing is responsible for testing each module in software
structure independently.
Integration testing
Tested modules are put together and tested in their integrity.
Integration testing is a systematic technique for constructing the
program structure while at the same time conducting tests to
uncover errors associated with interfacing. The objectives are to
take unit tested components and build a program structure that
has been discarded by design.
Testing strategies
A testing strategy is general approach to the testing process
rather than a method of devising particular system or
components tests. Different strategies a may be adopted
depending on the type of system to be tested and the
development process used.

The testing strategies which discuss in this are:


Top-down testing where testing starts with the most abstract
component and works downwards.
Bottom-up testing where testing starts with the fundamental
components and works upwards.
Thread testing which is used for systems with multiple
processes where the processing of transaction threads its way
through these processes.
Stress testing which relies on stressing the system by going
beyond its specified limits and hence testing how well the system
can cope with over-load situations.
Back-to-back testing which is used when versions of systems
are available the systems are tested together and their outputs
are compared.
Large systems are usually tested using a mixture of these testing
strategies rather than any approach. Different strategies may be
needed for different parts of the system and at different stages in
the testing process.
Whatever testing strategy is adopted, it is always sensible to
adopt an incremental approach to sub-system and system testing.
Number of software testing strategies is proposed.
Testing begins at the module /well &works outward towards the
integration of the entire computer based system.
Different testing techniques are appropriate at different point of
time.

The developer of the s/w & independent test group conducts


testing.
Testing & debugging must be accommodated in any testing
strategy.
Conclusion
In this Project, we proposed a secured cost-effective multi cloud
storage (SCMCS) in cloud computing, which seeks to provide each
customer with a better cloud data storage decision, taking into
consideration the user budget as well as providing him with the
best quality of service (Security and availability of data) offered
by available cloud service providers. By dividing and distributing
customers data, our model has shown its ability of providing a
customer with a secured storage under his affordable budget.

Future Enhancement
For the future work , this research should be extended by adding
the ensuring the availability system in this project which in result
of availability of data in case of failure of data retrieving process.
And even the backup data server can fails so there is no cured
mention for this. So this drawback can be covered in next future
work of this project task.

Reference books, sites and other resources


1. https://www.google.co.in/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact
=8&ved=0CCIQFjAA&url=http%3A%2F
%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber
%3D5928887&ei=ybPIVJWHN4W3mAWvwoCQBw&usg=AFQj
CNFxHlaBKCW0UdD5-

0TiloSTRi_Ndw&bvm=bv.84607526,d.dGc
2. https://www.google.co.in/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact
=8&ved=0CDIQFjAC&url=http%3A%2F%2Fwww.ijser.org
%2Fresearchpaper%255CA-Secured-Cost-Effective-MultiCloud-Storage-in-CloudComputing.pdf&ei=ybPIVJWHN4W3mAWvwoCQBw&usg=AFQ
jCNFkDAaAFwg2t4Vq79js9Mx593pCqw&bvm=bv.84607526,d
.dGc
3. https://www.google.co.in/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=6&cad=rja&uact
=8&ved=0CEcQFjAF&url=http%3A%2F%2Fijarcet.org
%2Fwp-content%2Fuploads%2FIJARCET-VOL-2-ISSUE-4-14051409.pdf&ei=ybPIVJWHN4W3mAWvwoCQBw&usg=AFQjCNG
KsJ_qtmH6bq0zuq_cPF156bFZ9g&bvm=bv.84607526,d.dGc

Appendices
IEEE Reference Papers

[1] Amazon.com, Amazon s3 availablity event: July 20, 2008,


Online at http://status.aws.amazon.com/s3-20080720.html, 2008.
[2] A Mordern Language for Mathematical Programming, Online
at http://www.ampl.com.
[3] M. Arrington, Gmail Disaster: Reports of mass email
deletions, Online at
http://www.techcrunch.com/2006/12/28/gmail-disasterreportsofmass-email-deletions/, December 2006.

[4] P. S. Browne, Data privacy and integrity: an overview, In


Proceeding of SIGFIDET 71 Proceedings of the ACM SIGFIDET
(now SIGMOD), 1971.
[5] A. Cavoukian, Privacy in clouds, Identity in the Information
Society, Dec 2008.
[6] J. Du, W. Wei, X. Gu, T. Yu, RunTest: assuring integrity of
dataflow processing in cloud computing infrastructures, In
Proceedings of the 5th ACM Symposium on Information, Computer
and Communications Security (ASIACCS 10), ACM, New York, NY,
USA, 293-304.
[7] R. Gellman, Privacy in the clouds: Risks to privacy and
confidentiality from cloud computing, Prepared for the World
Privacy Forum, online at
http://www.worldprivacyforum.org/pdf/WPF Cloud Privacy
Report.pdf, Feb 2009.
[8] The Official Google Blog, A new approach to China: an
update, online at http://googleblog.blogspot.com/2010/03/newapproach-to-chinaupdate. html, March 2010.
[9] N. Gruschka, M. Jensen, Attack surfaces: A taxonomy for
attacks on cloud services, Cloud Computing (CLOUD), 2010 IEEE
3rd International Conference on, 5-10 July 2010.
[10] W. Itani, A. Kayssi, A. Chehab, Privacy as a Service: PrivacyAware Data Storage and Processing in Cloud Computing
Architectures, Eighth IEEE International Conference on
Dependable, Autonomic and Secure Computing, Dec 2009.
[11] M. Jensen, J. Schwenk, N. Gruschka, L.L. Iacono, On Technical
Security Issues in Cloud Computing, IEEE International
Conference on Cloud Computing, (CLOUD II 2009), Banglore,
India, September 2009, 109-116.

[12] J. Kincaid, MediaMax/TheLinkup Closes Its Doors, Online at


http://www.techcrunch.com/2008/-7/10/mediamaxthelinkupcloses-itsdorrs/, July 2008.
[13] B. Krebs, Payment Processor Breach May Be Largest Ever,
Online at http://voices.washingtonpost.com/securityfix/2009/01/
payment processor breach may b.html, Jan, 2009.
[14] M. Dijk, A. Juels, On the Impossibility of Cryptography Alone
for Privacy-Preserving Cloud Computing, HotSec 2010.
[15] P. Mell, T. Grance, Draft NIST working definition of cloud
computing, Referenced on June. 3rd, 2009, Online at
http://csrc.nist.gov/groups/SNS/cloud-computing/index.html, 2009.
[16] P. F. Oliveira, L. Lima, T. T. V. Vinhoza, J. Barros, M. Medard,
Trusted storage over untrusted networks, IEEE GLOBECOM
2010, Miami, FL. USA.
[17] A. Shamir, How to share a secret, Commun. ACM 22,
11(November 1979).
[18] S. H. Shin, K. Kobara, Towards secure cloud storage, Demo
for CloudCom2010, Dec 2010.
[19] C. Wang, Sherman S.-M. Chow, Q. Wang, K. Ren, W. Lou,
Privacypreserving public auditing for secure cloud storage, in
InfoCom2010, IEEE, March 2010