You are on page 1of 60

HASBE: A Hierarchical Attribute-Based Solution for Flexible and

Scalable Access Control in Cloud Computing

A PROJECT REPORT
in the partial fulfillment for the award of the degree
of

BACHELOR OF TECHNOLOGY
in

INFORMATION TECHNOLOGY

MAY 2013

BONAFIDE CERTIFICATE

ABSTRACT
Cloud computing has emerged as one of the most influential paradigms in the IT
industry in recent years. Since this new computing technology requires users to entrust
their valuable data to cloud providers, there have been increasing security and privacy
concerns on outsourced data. Several schemes employing attribute-based encryption
(ABE) have been proposed for access control of outsourced data in cloud computing;
however, most of them suffer from inflexibility in implementing complex access control
policies. In order to realize scalable, flexible, and fine-grained access control of
outsourced data in cloud computing, in this paper, we propose hierarchical attribute-setbased encryption (HASBE) by extending ciphertext-policy attribute-set-based encryption
(ASBE) with a hierarchical structure of users. The proposed scheme not only achieves
scalability due to its hierarchical structure, but also inherits flexibility and fine-grained
access control in supporting compound attributes of ASBE. In addition, HASBE employs
multiple value assignments for access expiration time to deal with user revocation more
efficiently than existing schemes.
We formally prove the security of HASBE based on security of the ciphertextpolicy attribute-based encryption (CP-ABE) scheme by Bethencourt et al. and analyze its
performance and computational complexity. We implement our scheme and show that it
is both efficient and flexible in dealing with access control for outsourced data in cloud
computing with comprehensive experiments.

10

TABLE OF CONTENTS

CHAPTER

TITLE

PAGE NO.

LIST OF FIGURES

ii

LIST OF ABBREVATIONS

iii

INTRODUCTION
1.1 About the Project

08

SYSTEM ANALYSIS
2.1 Existing system

09

2.2 Proposed system

09

2.3 System Design

10

REQUIREMENTS SPECIFICATION
3.1 Introduction

12

3.2 Hardware and Software specification

12

3.3 Technologies Used

13

3.4Technologies Used
3.4.1 Java

13
13

3.4.1.1 Introduction to java

13

3.4.1.2 Working of java

15

SYSTEM DESIGN
3.5 Block Diagram

11

SYSTEM DESIGN DETAILED

5.1 Modules

26

5.2 Module explanation

26

CODING AND TESTING


6.1 Coding

31

6.2 Coding standards

31

6.3 Test procedure

34

6.4 Test data and output

35

REFERENCES

78

SNAP SHOTS

12

LIST OF FIGURES
4

System Design

5.2

Patterns of the peer-peer edges

5.2

Patterns of the service-provider edges

5.2

Discovering missing links in internet

13

LIST OF ABBREVATIONS

JDKJava Development Toolkit.


TCPTransmission Control Protocol.
IP

Internet Protocol.

HTTP

Hyper Text Transfer Protocol

14

CHAPTER 1
INTRODUCTION

Aim:
The main aim of this project is to increase the performance of cloud based on
Attribute Based Solution concepts and to provide additional security for cloud using
ASBE.

Synopsis:
Cloud computing has emerged as one of the most influential paradigms in the IT
industry in recent years. Since this new computing technology requires users to entrust
their valuable data to cloud providers, there have been increasing security and privacy
concerns on outsourced data. Several schemes employing attribute-based encryption
(ABE) have been proposed for access control of outsourced data in cloud computing;
however, most of them suffer from inflexibility in implementing complex access control
policies. In order to realize scalable, flexible, and fine-grained access control of
outsourced data in cloud computing, in this paper, we propose hierarchical attribute-setbased encryption (HASBE) by extending cipher text-policy attribute-set-based encryption
(ASBE) with a hierarchical structure of users. The proposed scheme not only achieves
scalability due to its hierarchical structure, but also inherits flexibility and fine-grained
access control in supporting compound attributes of ASBE.
In addition, HASBE employs multiple value assignments for access expiration
time to deal with user revocation more efficiently than existing schemes. We formally
prove the security of HASBE based on security of the cipher text-policy attribute-based
encryption (CP-ABE) scheme by Bethencourt et al. and analyse its performance and
15

computational complexity. We implement our scheme and show that it is both efficient
and flexible in dealing with access control for outsourced data in cloud computing with
comprehensive experiments.

CHAPTER 2
SYSTEM ANALYSIS

2.1 EXISTING SYSTEM


In the past, software had to be installed in an infrastructure close to end users.
In existing system, dont have security for datas. In case any of the corruption
might be happened on cloud mean we cant get the original informations
everything going to be lost.
There is no privilege for end users, data owner and data consumer.

2.2 PROPOSED SYSTEM


This Proposed system Customize Hierarchical Attribute Based
Solution.
We provide a security for datas based on public key and
master key with the help of Domain Authority and Trusted
Authority.
Here we are giving Attribute based privileges for data owners
and data consumers.

16

CHAPTER 3

REQUIREMENT SPECIFICATIONS
3.1 INTRODUCTION
The requirements specification is a technical specification of requirements for
the software products. It is the first step in the requirements analysis process it lists the
requirements of a particular software system including functional, performance and
security requirements. The requirements also provide usage scenarios from a user, an
operational and an administrative perspective. The purpose of software requirements
specification is to provide a detailed overview of the software project, its parameters and
goals. This describes the project target audience and its user interface, hardware and
software requirements. It defines how the client, team and audience see the project and its
functionality.

3.2 HARDWARE AND SOFTWARE SPECIFICATION


3.2.1 HARDWARE REQUIREMENTS
Hard Disk

40GB and Above

17

RAM

1GB and Above

Processor

Pentium IV and Above

3.2.2 SOFTWARE REQUIREMENTS

Windows XP

Xampp

JDK 1.6

Servlet, Jsp

MySql 3.2

3.5 TECHNOLOGIES USED


3.5.1 JAVA
It is a Platform Independent. Java is an object-oriented programming language developed
initially by James Gosling and colleagues at Sun Microsystems. The language, initially
called Oak (named after the oak trees outside Gosling's office), was intended to replace
C++, although the feature set better resembles that of Objective C.

3.5.1.1 INTRODUCTION TO JAVA


Java has been around since 1991, developed by a small team of Sun Microsystems
developers in a project originally called the Green project. The intent of the project was
to develop a platform-independent software technology that would be used in the
18

consumer electronics industry. The language that the team created was originally called
Oak.
The first implementation of Oak was in a PDA-type device called Star Seven (*7)
that consisted of the Oak language, an operating system called GreenOS, a user interface,
and hardware. The name *7 was derived from the telephone sequence that was used in
the team's office and that was dialed in order to answer any ringing telephone from any
other phone in the office.
Around the time the First Person project was floundering in consumer
electronics, a new craze was gaining momentum in America; the craze was called "Web
surfing." The World Wide Web, a name applied to the Internet's millions of linked HTML
documents was suddenly becoming popular for use by the masses. The reason for this
was the introduction of a graphical Web browser called Mosaic, developed by ncSA. The
browser simplified Web browsing by combining text and graphics into a single interface
to eliminate the need for users to learn many confusing UNIX and DOS commands.
Navigating around the Web was much easier using Mosaic.
It has only been since 1994 that Oak technology has been applied to the Web.
In 1994, two Sun developers created the first version of Hot Java, and then called Web
Runner, which is a graphical browser for the Web that exists today. The browser was
coded entirely in the Oak language, by this time called Java. Soon after, the Java
compiler was rewritten in the Java language from its original C code, thus proving that
Java could be used effectively as an application language. Sun introduced Java in May
1995 at the Sun World 95 convention.

19

Web surfing has become an enormously popular practice among


millions of computer users. Until Java, however, the content of information on the
Internet has been a bland series of HTML documents. Web users are hungry for
applications that are interactive, that users can execute no matter what hardware or
software platform they are using, and that travel across heterogeneous networks and do
not spread viruses to their computers. Java can create such applications.

3.3.1.1 WORKING OF JAVA


For those who are new to object-oriented programming, the concept of a class will
be new to you. Simplistically, a class is the definition for a segment of code that can
contain both data (called attributes) and functions (called methods).
When the interpreter executes a class, it

looks for a particular method by the

name of main, which will sound familiar to C programmers. The main method is passed
as a parameter an array of strings (similar to the argv[] of C), and is declared as a static
method.
To output text from the program, we execute the println method of System.out,
which is javas output stream. UNIX users will appreciate the thoery behind such a
stream, as it is actually standard output. For those who are instead used to the Wintel
platform, it will write the string passed to it to the users program.
Java consists of two things :

20

Programming language
Platform

3.3.1.2 THE JAVA PROGRAMMING LANGUAGE


Java is a high-level programming language that is all of the following:

Simple

Object-oriented

Distributed

Interpreted

Robust

Secure

Architecture-neutral

Portable

High-performance

Multithreaded

Dynamic

21

The code and can bring about changes whenever felt necessary. Some of the standard
needed to achieve the above-mentioned objectives are as follows:
Java is unusual in that each Java program is both co implied and interpreted. With a
compiler, you translate a Java program into an intermediate language called Java byte
codes the platform independent codes interpreted by the Java interpreter. With an
interpreter, each Java byte code instruction is parsed and run on the computer.
Compilation happens just once; interpretation occurs each time the program is executed.
This figure illustrates how it works:

Fig.3.1
You can think of Java byte codes as the machine code instructions for the Java
Virtual Machine (JVM). Every Java interpreter, whether its a Java development tool
or a Web browser that can run Java applets, is an implementation of JVM. That JVM can
also be implemented in hardware. Java byte codes help make write once, run anywhere
possible.

22

You can compile your Java program into byte codes on any platform that has a Java
compiler. The byte codes can then be run on any implementation of the JVm. For
example, that same Java program can e run on Windows NT, Solaris and Macintos

Java program

interpreter

complier

interpreter

23

interpreter

PC-Compatible
macintosh

Sun Ultra Solaris

Power

Windows NT
System 8

3.3.1.3 THE JAVA PLATFORM


A platform is the hardware or software environment in which a program runs. The
Java platform differs from most other platforms in that its a software-only platform that
runs on top of other, hardware-based platforms. Most other platforms are described as a
combination of hardware and operating system.

24

The Java platform has two components :


The Java Virtual Machine (JVM)
The Java Application Programming Interface (Java API)

Youve already been introduced to the JVM. Its the base for the Java platform
and is ported onto various hardware-based platforms.
The Java API is a large collection of ready-made software components that
provide many useful capabilities, such as graphical user interface (GUI) widgets. The
Java API is grouped into libraries (packages) of related components. The following
figure depicts a Java program, such as an application or applet, thats running on the Java
platform. As the figure shows, the Java API and Virtual Machine insulates the Java
program from hardware dependencies.

Fig.3.3
As a platform-independent environment, Java can be a bit slower than native
code. However, smart compliers, weel-tuned interpreters, and just-in-time byte complilers
can bring Javas performance close to that of native code without threatening protability.

25

3.5.1.2 WORKING OF JAVA


For those who are new to object-oriented programming, the concept of a
class will be new to you. Simplistically, a class is the definition for a segment of code that
can contain both data and functions.
When the interpreter executes a class, it looks for a particular method by the
name of main, which will sound familiar to C programmers. The main method is passed
as a parameter an array of strings (similar to the argv[] of C), and is declared as a static
method.
To output text from the program, we execute the println method of
System.out, which is javas output stream. UNIX users will appreciate the theory behind
such a stream, as it is actually standard output. For those who are instead used to the
Wintel platform, it will write the string passed to it to the users program.

Introduction TO JSP
Java Server Pages or JSP for short is Sun's solution for developing dynamic web
sites. JSP provide excellent server side scripting support for creating database driven web
applications. JSP enable the developers to directly insert java code into jsp file, this
makes the development process very simple and its maintenance also becomes very easy.
JSP pages are efficient, it loads into the web servers memory on receiving the request
very first time and the subsequent calls are served within a very short period of time.
In today's environment most web sites servers dynamic pages based on user
request. Database is very convenient way to store the data of users and other things.
JDBC provide excellent database connectivity in heterogeneous database environment.
Using JSP and JDBC its very easy to develop database driven web application.

26

Java is known for its characteristic of "write once, run anywhere." JSP pages are
platform independent. Your port your .jsp pages to any platform.

The Life Cycle of a JSP Page


A JSP page services requests as a servlet. Thus, the life cycle and many of the
capabilities of JSP pages (in particular the dynamic aspects) are determined by Java
Servlet technology and much of the discussion in this chapter refers to functions
described in Chapter 10.
When a request is mapped to a JSP page, it is handled by a special servlet that
first checks whether the JSP page's servlet is older than the JSP page. If it is, it translates
the JSP page into a servlet class and compiles the class. During development, one of the
advantages of JSP pages over servlets is that the build process is performed automatically.

Translation and Compilation


During the translation phase, each type of data in a JSP page is treated differently.
Template data is transformed into code that will emit the data into the stream that returns
data to the client. JSP elements are treated as follows:

Directives are used to control how the Web container translates and executes the
JSP page.

Scripting elements are inserted into the JSP page's servlet class. See JSP Scripting
Elements for details.

Elements of the form <jsp:XXX ... /> are converted into method calls to JavaBeans
components or invocations of the Java Servlet API.

For a JSP page named pageName, the source for a JSP page's servlet is kept in the file
J2EE_HOME/repository/host/web/
context_root/_0002fpageName_jsp.java

27

For example, the source for the index page (named index.jsp) for
the date localization example discussed at the beginning of the chapter would be named
J2EE_HOME/repository/host/web/date/_0002findex_jsp.java

Both the translation and compilation phases can yield errors that are only
observed when the page is requested for the first time. If an error occurs while the page is
being translated (for example, if the translator encounters a malformed JSP element), the
server will return a ParseException, and the servlet class source file will be empty or
incomplete. The last incomplete line will give a pointer to the incorrect JSP element.
If an error occurs while the JSP page is being compiled (for example, there is a syntax
error in a scriptlet), the server will return a JasperException and a message that
includes the name of the JSP page's servlet and the line where the error occurred.
Once the page has been translated and compiled, the JSP page's servlet for the most part
follows the servlet life cycle described in the section Servlet Life Cycle:
1. If an instance of the JSP page's servlet does not exist, the container:
a. Loads the JSP page's servlet class
b. Instantiates an instance of the servlet class
c. Initializes the servlet instance by calling the jspInit method
2. Invokes the _jspService method, passing a request and response object.
If the container needs to remove the JSP page's servlet, it calls the jspDestroy method.

28

Execution
You can control various JSP page execution parameters using by page directives. The
directives that pertain to buffering output and handling errors are discussed here. Other
directives are covered in the context of specific page authoring tasks throughout the
chapter.

Buffering
When a JSP page is executed, output written to the response object is automatically
buffered. You can set the size of the buffer with the following page directive:
<%@ page buffer="none|xxxkb" %>

A larger buffer allows more content to be written before anything is actually sent back to
the client, thus providing the JSP page with more time to set appropriate status codes and
headers or to forward to another Web resource. A smaller buffer decreases server memory
load and allows the client to start receiving data more quickly.

Handling Errors
Any number of exceptions can arise when a JSP page is executed. To specify that the
Web container should forward control to an error page if an exception occurs, include the
following page directive at the beginning of your JSP page:
<%@ page errorPage="file_name" %>
The Duke's Bookstore application page initdestroy.jsp contains the directive
<%@ page errorPage="errorpage.jsp"%>
The beginning of errorpage.jsp indicates that it is serving as an error page with the
following page directive:

29

<%@ page isErrorPage="true|false" %>

This directive makes the exception object (of type javax.servlet.jsp.JspException)


available to the error page, so that you can retrieve, interpret, and possibly display
information about the cause of the exception in the error page.

Introduction for MySQL


MySQL is a relational database management system (RDBMS) that runs as a
server providing multi-user access to a number of databases. MySQL is officially
pronounced My Sequel. It is named after developer Michael Widenius' daughter, My.
The SQL phrase stands for Structured Query Language.

The MySQL development project has made its source code available under the
terms of the GNU General Public License, as well as under a variety of proprietary
agreements. MySQL was owned and sponsored by a single for-profit firm, the Swedish
company MySQL AB, now owned by Oracle Corporation.

Free-software projects that require a full-featured database management system


often use MySQL. Where the project may lead to something in commercial use, the
license terms need careful study. Some free software project examples: Joomla,
WordPress, phpBB, Drupal and other software built on the LAMP software stack.
MySQL is also used in many high-profile, large-scale World Wide Web products,
including Wikipedia, Google and Facebook.

Platforms and interfaces

30

MySQL is written in C and C++. Its SQL parser is written in yacc, and a homebrewed lexical analyzer named sql_lex.cc.MySQL works on many different system
platforms, including AIX, BSDi, FreeBSD, HP-UX, eComStation, i5/OS, IRIX, Linux,
Mac OS X, Microsoft Windows, NetBSD.
Many programming languages with language-specific APIs include libraries for
accessing MySQL databases. These include MySQL Connector/Net for integration with
Microsoft's Visual Studio (languages such as C# and VB are most commonly used) and
the ODBC driver for Java. In addition, an ODBC interface called MyODBC allows
additional programming languages that support the ODBC interface to communicate with
a MySQL database, such as ASP or ColdFusion. The HTSQL - URL based query method
also ships with a MySQL adapter, allowing direct interaction between a MySQL database
and any web client via structured URLs. The MySQL server and official libraries are
mostly implemented in ANSI C/ANSI C++.
MySQL is primarily an RDBMS and therefore ships with no GUI tools to
administer MySQL databases or manage data contained within. Users may use the
included command-line tools, or download MySQL frontends from various parties that
have developed desktop software and web applications to manage MySQL databases,
build database structure, and work with data records.
MySQL can be built and installed manually from source code, but this can be
tedious so it is more commonly installed from a binary package unless special
customizations are required. On most Linux distributions the package management
system can download and install MySQL with minimal effort, though further
configuration is often required to adjust security and optimization settings.Though
MySQL began as a low-end alternative to more powerful proprietary databases, it has
gradually evolved to support higher-scale needs as well.
It is still most commonly used in small to medium scale single-server
deployments, either as a component in a LAMP based web application or as a standalone
database server. Much of MySQL's appeal originates in its relative simplicity and ease of
use, which is enabled by an ecosystem of open source tools such as phpMyAdmin.

31

Uses
MySQL is a popular choice of database for use in web applications, and is a
central component of the widely used LAMP web application software stackLAMP is
an acronym for "Linux, Apache, MySQL, PHP". Its popularity is closely tied to the
popularity of PHP. MySQL is used in some of the most frequently visited web sites on the
Internet, including Flickr, Nokia.com, YouTube and as previously mentioned; Wikipedia,
Google and Facebook.

Introduction to Servlet
A servlet is a Java programming language class used to extend the capabilities of
servers that host applications accessed via a request-response programming model.
Although servlets can respond to any type of request, they are commonly used to extend
the applications hosted by Web servers. Thus, it can be thought of as a Java Applet that
runs on a server instead of a browser.
A Servlet is a Java class in Java EE that conforms to the Java Servlet API, a
protocol by which a Java class may respond to requests. They are not tied to a specific
client-server protocol, but are most often used with the HTTP protocol. Therefore, the
word "Servlet" is often used in the meaning of "HTTP Servlet".Thus, a software
developer may use a servlet to add dynamic content to a Web server using the Java
platform. The generated content is commonly HTML, but may be other data such
as XML. Servlets are the Java counterpart to non-Java dynamic Web content technologies
such as CGI and ASP.NET. Servlets can maintain state in session variables across many
server transactions by using HTTP cookies, or URL rewriting.
To deploy and run a Servlet, a Web container must be used. A Web container is
essentially the component of a Web server that interacts with the servlets. The Web

32

container is responsible for managing the lifecycle of servlets, mapping a URL to a


particular servlet and ensuring that the URL requester has the correct access rights.
The servlet API, contained in the Java package hierarchy javax.servlet, defines
the expected interactions of the Web container and a servlet
A Servlet is an object that receives a request and generates a response based on
that request. The basic servlet package defines Java objects to represent servlet requests
and responses, as well as objects to reflect the servlet's configuration parameters and
execution environment. The package javax.servlet.http defines HTTP-specific subclasses
of the generic servlet elements, including session management objects that track multiple
requests and responses between the Web server and a client. Servlets may be packaged in
a WAR file as a Web application.
Servlets can be generated automatically from Java Server Pages (JSP) by
the JavaServer Pages compiler. The difference between Servlets and JSP is that Servlets
typically embed HTML inside Java code, while JSPs embed Java code in HTML. While
the direct usage of Servlets to generate HTML (as shown in the example below) is
relatively rare nowadays, the higher level MVC web framework in Java EE (JSF) still
explicitly uses the Servlet technology for the low level request/response handling via the
FacesServlet. A somewhat older usage is to use servlets in conjunction with JSPs in a
pattern called "Model 2", which is a flavor of the model-view-controller pattern.
Servlets belong in WEB-INF/classes. On this machine, the source is in Java
source in /var/www/hosts/www.caucho.com/webapps/resin-3.0/WEB-INF/classes. WEBINF/classes is the standard location for servlets and other Java classes. Resin
automatically reloads and recompiles servlets, beans, and classes placed in WEBINF/classes. You should make some changes and add errors to become familiar with
Resin's recompilation and the error reporting.

Introduction for XAMPP:


33

Definitions of XAMPP on the Web:


* XAMPP (or) is a free and open source cross-platform web server package,
Consisting mainly of the Apache HTTP Server, MySQL database,
and interpreters for scripts had written in the PHP and Perl programming languages.

Introduction
At the beginning it is important to answer why to choose XAMPP among so
many server packages available? Well, there are two strong advantages of it. First - it's
configuration is so easy, that even a child can do it. It particularly is minimized to unzip
archive and run setup batch. Second - XAMPP is extremely portable! Moving it from one
directory or drive to another requires only one run of setup_xampp.bat. You can even
install it on USB stick and have your private web server along with your apps go
anywhere with you and to be available on any computer; you plug your USB stick to!
As I read other Wiki articles on how many problems people have with installing and
configuring other servers or server pack I think it can be simplier than with XAMPP.
Differences betweens setup version (EXE) and setup-less version (ZIP) are at least
questionable (half the size for the first one) and I still can't figure out how do the achieve
it? :) But for this tutorial and for advantages of portability we will use ZIP version.

Installing XAMPP
Well... there is actually no installation. Just unzip archive grabbed from Apache
Friends website to a directory of your choice, execute setup_xampp.bat inside unzipped
folder once and answer to a few simple questions (including one, if you want to make
XAMPP portable - i.e. put on a USB stick).
After that, execute xampp_control.exe to run any web server component (like Apache,
MySQL) you need or to install it as system service. If you pass this step, you can open
your browser and point it to localhost to see XAMPP welcome page, which consist of
some modules for checking / granting security to your webapps run under this server. If
everything is double checked and all issues all solved, you may delete contents of httpd
subfolder in you XAMPP directory.
34

Installing Yii
I assume that you've already grabbed zip file containing newest edition of
Yii. If you are already familiar with Yii, you may obey demos folder, but it might be wise
to run at least once a requirements to see, if your fresh XAMPP installation satisfy all
yours and Yii's needs? For this purpose, copy contents of archive to httpd subfolder in
you XAMPP directory and go to localhost in your web browser.
If everything is fine, you may move Yii outside web accessible directory, as
it is advised in documentation, and update bootstrap index.php file in your webapps to
point to correct file. In my situation I put contents of an archive in the same directory as
httpd subfolder (i.e. main XAMPP folder) and rename framework directory to yii.
Therefore my bootstrap file looks like this:

COMPANIES:Using an eyeOS solution for your company can provide you lots of benefits. From
porting your existent apps to your new system to provide you a quality support, you will
be able to choose between the best services to provide your company the perfect solution.

PUBLIC:For public environments, eyeOS can provide a system where, once a user has
signed up, he/she can access the network from any of the public points, having his/her
personal desktop and files. A single eyeOS Server can handle hundreds of thousands of
users! You can visit public environment

Own Cloud Operating System With EyeOS

A cloud OS simply refers to an operating system (or an interface filled with a


complete suite of desktop applications) that resides on the Web and you can access to it
anytime, anywhere as long as you have an Internet connection.
While there are plenty of cloud OS out there that you can sign up and use for free, there
might be instances where you want to have your own dedicated cloud OS. First of all,
35

signing up a free account with third-party cloud OS often means that you have limited
file storage space and all your data are stored in other peoples server. Next, the
connection speed is dependent on the number of active users at any time. The more
popular the site is, the slower it will get when you are using it.
If what you want is your own dedicated Web OS that you can use to manage your online
stuff, and also to provide an environment to collaborate with your colleagues/partners,
then eyeOS is the software for you.
EyeOS is free and open source cloud OS software that you can install on your own Web
server.
One thing that I like about eyeOS is its small file size and ease of installation. The whole
package is only 2.5MB in size, and the installation required almost zero configuration
(well, there are still several steps involved) and anyone who know how to use a FTP
program can get it up and running in no time.

1. Introduction
1.1 Purpose
This project is to avoid the malpractice and give security for datas based on
Hierarchical Attribute Based Encryption.

Project Scope
Cloud computing has emerged as one of the most influential paradigms in the IT
industry in recent years. Since this new computing technology requires users to entrust
their valuable data to cloud providers, there have been increasing security and privacy
concerns on outsourced data. Several schemes employing attribute-based encryption
(ABE) have been proposed for access control of outsourced data in cloud computing;

36

however, most of them suffer from inflexibility in implementing complex access control
policies. In order to realize scalable, flexible, and fine-grained access control of
outsourced data in cloud computing, in this paper, we propose hierarchical attribute-setbased encryption (HASBE) by extending cipher text-policy attribute-set-based encryption
(ASBE) with a hierarchical structure of users. The proposed scheme not only achieves
scalability due to its hierarchical structure, but also inherits flexibility and fine-grained
access control in supporting compound attributes of ASBE. In addition, HASBE employs
multiple value assignments for access expiration time to deal with user revocation more
efficiently than existing schemes. We formally prove the security of HASBE based on
security of the cipher text-policy attribute-based encryption (CP-ABE) scheme by
Bethencourt et al. and analyse its performance and computational complexity. We
implement our scheme and show that it is both efficient and flexible in dealing with
access control for outsourced data in cloud computing with comprehensive experiments.

2.

Overall Description

2.1Product Perspective
Cloud users store the datas and retrieve the datas from cloud server. Domain
Authority and Trusted Authority monitor data owner and data consumer and secure the
datas. User depend upon his privileges retrieve the datas.

2.2 Product Features


To address the critical challenge of keeping cloud secure, Attribute based encryption
is proposed. A Hierarchical Attribute-Based Solution for Flexible and Scalable Access
Control in Cloud Computing

2.3

User Classes and Characteristics

37

There are two main areas that are related to our proposal in this paper:
1) DomainAuthority: Responsible for find the user attributes to give privileges for
users.
2) TrustedAuthority: Responsible for encrypting the datas and give approval for
data consumers.

2.4 Design and Implementation Constraints


2.5.1 Constraints in Analysis
Constraints as Informal Text
Constraints as Operational Restrictions
Constraints Integrated in Existing Model Concepts
Constraints as a Separate Concept
Constraints Implied by the Model Structure

2.5.2 Constraints in Design


Determination of the Involved Classes
Determination of the Involved Objects
Determination of the Involved Actions
Determination of the Require Clauses
Global actions and Constraint Realization

2.5.3 Constraints in Implementation


The traditional method to protect sensitive data outsourced to third
parties is to store encrypted data on servers, while the decryption keys are disclosed to
authorize users only. However, there are several drawbacks about this trivial solution.

38

First of all, such a solution requires an efficient key management mechanism to distribute
decryption keys to authorized users, which has been proven to be very difficult. Next, this
approach lacks scalability and flexibility; as the number of authorized users becomes
large, the solution will not be efficient anymore. In case a previously legitimate user
needs to be revoked, related data has to be re-encrypted and new keys must be distributed
to existing legitimate users again. Last but not least, data owners need to be online all the
time so as to encrypt or re-encrypt data and distribute keys to authorize users.

3. System Features
We extend ASBE with a hierarchical structure to effectively delegate the trusted
authoritys private attribute key generation operation to lower-level domain authorities.
By doing so, the workload of the trusted root authority is shifted to lower-level domain
authorities, which can provide attribute key generations for end users. Thus, this
hierarchical structure achieves great scalability. Yu et al.s scheme, however, only has one
authority to deal with key generation, which is not scalable for large-scale cloud
computing applications.

4. External Interface Requirements

4.1 User Interfaces


1. Cloud service is designed through jsp.
2. System gets the input and delivers through the GUI based.

4.2 Hardware Interfaces

ISDN

39

You can connect your AS/400 to an Integrated Services Digital


Network (ISDN) for faster, more accurate data transmission. An ISDN is a public
or private digital communications network that can support data, fax, image, and
other services over the same physical interface. Also, you can use other protocols
on ISDN, such as IDLC and X.25.

4.3Software Interfaces
This software is interacted with the TCP/IP protocol, Socket and listening
on unused ports.
This software is also interacted with the SMTP protocol, sending and
receiving on SMTP protocol.

4.4Communication Interfaces
1. TCP/IP protocol.
2. SMTP

5. Other Nonfunctional Requirements


5.1 Performance Requirements
We introduced the HASBE scheme for realizing scalable, flexible, and finegrained access control in cloud computing. The HASBE scheme seamlessly incorporates
a hierarchical structure of system users by applying a delegation algorithm to ASBE.
HASBE not only supports compound attributes due to flexible attribute set combinations,
but also achieves efficient user revocation because of multiple value assignments of
attributes. We formally proved the security of HASBE based on the security of CP-ABE
by Bethencourt et al.. Finally, we implemented the proposed scheme, and conducted
comprehensive performance analysis and evaluation, which showed its efficiency and
advantages over existing schemes.

40

5.2Safety Requirements

1. The software may be safety-critical. If so, there are issues associated with its

integrity level
2. The software may not be safety-critical although it forms part of a safetycritical system. For example, software may simply log transactions.
3. If a system must be of a high integrity level and if the software is shown to be
of that integrity level, then the hardware must be at least of the same integrity
level.
4. There is little point in producing 'perfect' code in some language if hardware
and system software (in widest sense) are not reliable.
5. If a computer system is to run software of a high integrity level then that
system should not at the same time accommodate software of a lower integrity
level.
6. Systems with different requirements for safety levels must be separated.
7. Otherwise, the highest level of integrity required must be applied to all systems
in the same environment.

5.3Security Requirements
Do not block the some available ports through the windows firewall

5.4 Software Quality Attributes

41

Functionality: are the required functions available, including Interoperability


and security

Reliability: maturity, fault tolerance and recoverability


Usability: how easy it is to understand, learn, and operate the software System
Efficiency: performance and resource behavior.
Maintainability: Maintaining the software.
Portability: can the software easily be transferred to another environment,
Including install

ability

CHAPTER 4

Architecture:

42

Privileges

Attribute Based
Application

Owner File

Domain Authority

Consumer
File

Check

Trusted Authority
Approve

Cloud OS

Cloud Users

Fig: 4.1
4.1 Sequence Diagram:

43

4.2 Use Case Diagram:

44

4.3 Activity Diagram:

45

Collaboration Diagram:

46

47

DATA FLOW DIAGRAM:


First Level:

Installation
Xampp Server

Domain
Authority

Cloud OS

Second Level:

Attribute Based
Encryption
Cloud OS

Trusted
Authority

Key

Cloud Server
48

Third Level:

Data
Owner

Trusted
Authority

Cloud OS
Data
Consumer

Cloud
Server

49

Class Diagram

50

CHAPTER 5

SYSTEM DESIGN
5.1 MODULES

Cloud Architecture Design


Domain Authority Check and Attribute Based Encryption
Shared resources and Trusted Authority
5.2 MODULE EXPLANATION:

Cloud Architecture Design


Cloud

computing

has

computational

and

sociological

implications. In computational terms cloud computing is described as a


subset of grid computing concerned with the use of special shared
computing resources. For this reason it is described as a hybrid model
exploiting computer networks resources, chiefly Internet, enhancing
the features of the client/server scheme. From a sociological standpoint
on the other hand, by delocalizing hardware and software resources
cloud computing changes the way the user works as he/she has to
interact with the "clouds" on-line, instead of in the traditional standalone mode.

Domain Authority Check and Attribute Based Encryption

51

The cloud service provider manages a cloud to provide


data storage service. Data owners encrypt their data files and store
them in the cloud for sharing with data consumers. To access the
shared data files, data consumers download encrypted data files of
their interest from the cloud and then decrypt them. Each data
owner/consumer is administrated by a domain authority. A domain
authority is managed by its parent domain authority. Each domain
authority is responsible for managing the domain authorities at the
next level or the data owners/consumers in its domain.

Shared resources and Trusted Authority


The trusted authority acts as the root of trust and authorizes the
top-level domain authorities. A domain authority is trusted by its
subordinate domain authorities or users that it administrates, but may
try to get the private keys of users outside its domain. Users may try to
access data files either within or outside the scope of their access
privileges, so malicious users may collude with each other to get
sensitive files beyond their privileges. The trusted authority is
responsible for generating and distributing system parameters and
root master keys as well as authorizing the top-level domain
authorities. A domain authority is responsible for delegating keys to
subordinate domain authorities at the next level or users in its domain.
Each user in the system is assigned a key structure which specifies the
attributes associated with the users decryption key.

52

CHAPTER 6
CODING AND TESTING
6.1 CODING
Once the design aspect of the system is finalizes the system enters into the coding
and testing phase. The coding phase brings the actual system into action by converting
the design of the system into the code in a given programming language. Therefore, a
good coding style has to be taken whenever changes are required it easily screwed into
the system.
6.2 CODING STANDARDS
Coding standards are guidelines to programming that focuses on the physical
structure and appearance of the program. They make the code easier to read, understand
and maintain. This phase of the system actually implements the blueprint developed
during the design phase. The coding specification should be in such a way that any
programmer must be able to understand the code and can bring about changes whenever
felt necessary. Some of the standard needed to achieve the above-mentioned objectives
are as follows:
Program should be simple, clear and easy to understand.
Naming conventions
Value conventions
Script and comment procedure
Message box format

53

Exception and error handling


6.2.1 NAMING CONVENTIONS
Naming conventions of classes, data member, member functions, procedures etc.,
should be self-descriptive. One should even get the meaning and scope of the variable by
its name. The conventions are adopted for easy understanding of the intended message
by the user. So it is customary to follow the conventions. These conventions are as
follows:
Class names
Class names are problem domain equivalence and begin with capital letter and have
mixed cases.
Member Function and Data Member name
Member function and data member name begins with a lowercase
letter with each subsequent letters of the new words in uppercase and the rest of letters in
lowercase.
6.2.2 VALUE CONVENTIONS
Value conventions ensure values for variable at any point of time. This involves the
following:
Proper default values for the variables.
Proper validation of values in the field.
Proper documentation of flag values.

54

6.2.3 SCRIPT WRITING AND COMMENTING STANDARD


Script writing is an art in which indentation is utmost important. Conditional and
looping statements are to be properly aligned to facilitate easy understanding. Comments
are included to minimize the number of surprises that could occur when going through
the code.
6.2.4 MESSAGE BOX FORMAT
When something has to be prompted to the user, he must be able to understand it
properly. To achieve this, a specific format has been adopted in displaying messages to
the user. They are as follows:

X User has performed illegal operation.

! Information to the user.

6.3 TEST PROCEDURE


SYSTEM TESTING
Testing is performed to identify errors. It is used for quality assurance.
Testing is an integral part of the entire development and maintenance process. The goal of
the testing during phase is to verify that the specification has been accurately and
completely incorporated into the design, as well as to ensure the correctness of the design
itself. For example the design must not have any logic faults in the design is detected
before coding commences, otherwise the cost of fixing the faults will be considerably

55

higher as reflected. Detection of design faults can be achieved by means of inspection as


well as walkthrough.
Testing is one of the important steps in the software development phase. Testing
checks for the errors, as a whole of the project testing involves the following test cases:
Static analysis is used to investigate the structural properties of the Source code.
Dynamic testing is used to investigate the behavior of the source code by
executing the program on the test data.

6.4 TEST DATA AND OUTPUT


6.4.1 UNIT TESTING
Unit testing is conducted to verify the functional performance of each modular
component of the software. Unit testing focuses on the smallest unit of the software
design (i.e.), the module. The white-box testing techniques were heavily employed for
unit testing.
6.4.2 FUNCTIONAL TESTS
Functional test cases involved exercising the code with nominal input
values for which the expected results are known, as well as boundary values and special
values, such as logically related inputs, files of identical elements, and empty files.
Three types of tests in Functional test:
Performance Test
Stress Test

56

Structure Test

6.4.3 PERFORMANCE TEST


It determines the amount of execution time spent in various parts of the unit,
program throughput, and response time and device utilization by the program unit.

6.4.4 STRESS TEST


Stress Test is those test designed to intentionally break the unit. A Great deal can
be learned about the strength and limitations of a program by examining the manner in
which a programmer in which a program unit breaks.
6.4.5 STRUCTURED TEST
Structure Tests are concerned with exercising the internal logic of a program and
traversing particular execution paths. The way in which White-Box test strategy was
employed to ensure that the test cases could Guarantee that all independent paths within a
module have been have been exercised at least once.
Exercise all logical decisions on their true or false sides.
Execute all loops at their boundaries and within their operational bounds.
Exercise internal data structures to assure their validity.
Checking attributes for their correctness.
Handling end of file condition, I/O errors, buffer problems and textual
errors in output information

6.4.6 INTEGRATION TESTING

57

Integration testing is a systematic technique for construction the program


structure while at the same time conducting tests to uncover errors associated with
interfacing. i.e., integration testing is the complete testing of the set of modules which
makes up the product. The objective is to take untested modules and build a program
structure tester should identify critical modules. Critical modules should be tested as
early as possible. One approach is to wait until all the units have passed testing, and then
combine them and then tested. This approach is evolved from unstructured testing of
small programs. Another strategy is to construct the product in increments of tested units.
A small set of modules are integrated together and tested, to which another module is
added and tested in combination. And so on. The advantages of this approach are that,
interface dispenses can be easily found and corrected.
The major error that was faced during the project is linking error. When all the
modules are combined the link is not set properly with all support files. Then we checked
out for interconnection and the links. Errors are localized to the new module and its
intercommunications. The product development can be staged, and modules integrated in
as they complete unit testing. Testing is completed when the last module is integrated and
tested.

6.5 TESTING TECHNIQUES / TESTING STRATERGIES


6.5.1 TESTING
Testing is a process of executing a program with the intent of finding an error. A
good test case is one that has a high probability of finding an as-yet undiscovered error.

58

A successful test is one that uncovers an as-yet- undiscovered error. System testing is the
stage of implementation, which is aimed at ensuring that the system works accurately and
efficiently as expected before live operation commences. It verifies that the whole set of
programs hang together. System testing requires a test consists of several key activities
and steps for run program, string, system and is important in adopting a successful new
system. This is the last chance to detect and correct errors before the system is installed
for user acceptance testing.
The software testing process commences once the program is created and the
documentation and related data structures are designed. Software testing is essential for
correcting errors. Otherwise the program or the project is not said to be complete.
Software testing is the critical element of software quality assurance and represents the
ultimate the review of specification design and coding. Testing is the process of executing
the program with the intent of finding the error. A good test case design is one that as a
probability of finding an yet undiscovered error. A successful test is one that uncovers an
yet undiscovered error. Any engineering product can be tested in one of the two ways:
6.5.1.1 WHITE BOX TESTING
This testing is also called as Glass box testing. In this testing, by knowing
the specific functions that a product has been design to perform test can be conducted that
demonstrate each function is fully operational at the same time searching for errors in
each function. It is a test case design method that uses the control structure of the
procedural design to derive test cases. Basis path testing is a white box testing.
Basis path testing:

59

Flow graph notation


Cyclometric complexity
Deriving test cases
Graph matrices Control
6.5.1.2 BLACK BOX TESTING
In this testing by knowing the internal operation of a product, test can
be conducted to ensure that all gears mesh, that is the internal operation performs
according to specification and all internal components have been adequately exercised. It
fundamentally focuses on the functional requirements of the software.
The steps involved in black box test case design are:

Graph based testing methods

Equivalence partitioning

Boundary value analysis

Comparison testing

6.5.2 SOFTWARE TESTING STRATEGIES:


A software testing strategy provides a road map for the software developer.
Testing is a set activity that can be planned in advance and conducted systematically. For
this reason a template for software testing a set of steps into which we can place specific
test case design methods should be strategy should have the following characteristics:

60

Testing begins at the module level and works outward toward the
integration of the entire computer based system.
Different testing techniques are appropriate at different points in time.
The developer of the software and an independent test group conducts
testing.
Testing and Debugging are different activities but debugging must be
accommodated in any testing strategy.
6.5.2.1 INTEGRATION TESTING:
Integration testing is a systematic technique for constructing the program
structure while at the same time conducting tests to uncover errors associated with.
Individual modules, which are highly prone to interface errors, should not be assumed to
work instantly when we put them together. The problem of course, is putting them
together- interfacing. There may be the chances of data lost across on anothers sub
functions, when combined may not produce the desired major function; individually
acceptable impression may be magnified to unacceptable levels; global data structures
can present problems.
6.5.2.2 PROGRAM TESTING:
The logical and syntax errors have been pointed out by program testing.
A syntax error is an error in a program statement that in violates one or more rules of the
language in which it is written. An improperly defined field dimension or omitted
keywords are common syntax error. These errors are shown through error messages
generated by the computer. A logic error on the other hand deals with the incorrect data
fields, out-off-range items and invalid combinations. Since the compiler s will not deduct
61

logical error, the programmer must examine the output. Condition testing exercises the
logical conditions contained in a module. The possible types of elements in a condition
include a Boolean operator, Boolean variable, a pair of Boolean parentheses A relational
operator or on arithmetic expression. Condition testing method focuses on testing each
condition in the program the purpose of condition test is to deduct not only errors in the
condition of a program but also other a errors in the program.
6.5.2.3 SECURITY TESTING:
Security testing attempts to verify the protection mechanisms built in to a system
well, in fact, protect it from improper penetration. The system security must be tested for
invulnerability from frontal attack must also be tested for invulnerability from rear attack.
During security, the tester places the role of individual who desires to penetrate system.
6.5.2.4 VALIDATION TESTING
At the culmination of integration testing, software is completely assembled as a
package. Interfacing errors have been uncovered and corrected and a final series of
software test-validation testing begins. Validation testing can be defined in many ways,
but a simple definition is that validation succeeds when the software functions in manner
that is reasonably expected by the customer. Software validation is achieved through a
series of black box tests that demonstrate conformity with requirement. After validation
test has been conducted, one of two conditions exists.
* The function or performance characteristics confirm to specifications and are accepted.
* A validation from specification is uncovered and a deficiency created.

62

Deviation or errors discovered at this step in this project is corrected prior to


completion of the project with the help of the user by negotiating to establish a method
for resolving deficiencies. Thus the proposed system under consideration has been tested
by using validation testing and found to be working satisfactorily. Though there were
deficiencies in the system they were not catastrophic
6.5.2.5 USER ACCEPTANCE TESTING
User acceptance of the system is key factor for the success of any system. The
system under consideration is tested for user acceptance by constantly keeping in touch
with prospective system and user at the time of developing and making changes
whenever required. This is done in regarding to the following points.

Input screen design.

Output screen design.

Source Code

63

Screenshots:

64

REFERENCES
[1] R. Buyya, C. ShinYeo, J. Broberg, and I. Brandic, Cloud computing and emerging it
platforms: Vision, hype, and reality for delivering computing as the 5th utility, Future
Generation Comput. Syst., vol. 25, pp. 599616, 2009.
[2]

Amazon

Elastic

Compute

Cloud

(Amazon

EC2)

[Online].

Available:

http://aws.amazon.com/ec2/
[3] Amazon Web Services (AWS) [Online]. Available: https://s3.amazonaws. com/

65

[4] R. Martin, IBM brings cloud computing to earth with massive new data centers,
InformationWeek

Aug.

2008

[Online].

Available:

http://

www.informationweek.com/news/hardware/data_centers/209901523
[5] Google App Engine [Online]. Available: http://code.google.com/appengine/
[6] K. Barlow and J. Lane, Like technology from an advanced alien culture: Google
apps for education at ASU, in Proc. ACM SIGUCCS User Services Conf., Orlando, FL,
2007.
[7] B. Barbara, Salesforce.com: Raising the level of networking, Inf. Today, vol. 27, pp.
4545, 2010.
[8] J. Bell, Hosting EnterpriseData in the CloudPart 9: InvestmentValue Zetta, Tech.
Rep., 2010.
[9] A. Ross, Technical perspective: A chilly sense of security, Commun. ACM, vol. 52,
pp. 9090, 2009.

[10] D. E. Bell and L. J. LaPadula, Secure Computer Systems: Unified Exposition and
Multics Interpretation the MITRE Corporation, Tech. Rep., 1976.
[11] K. J. Biba, Integrity Considerations for Secure Computer Sytems The MITRE
Corporation, Tech. Rep., 1977.
[12] H. Harney, A. Colgrove, and P. D. McDaniel, Principles of policy in secure
groups, in Proc. NDSS, San Diego, CA, 2001.

66

[13] P. D. McDaniel and A. Prakash, Methods and limitations of security policy


reconciliation, in Proc. IEEE Symp. Security and Privacy, Berkeley, CA, 2002.
[14] T. Yu and M. Winslett, A unified scheme for resource protection in automated trust
negotiation, in Proc. IEEE Symp. Security and Privacy, Berkeley, CA, 2003.
[15] J. Li, N. Li, and W. H. Winsborough, Automated trust negotiation using
cryptographic credentials, in Proc. ACM Conf. Computer and Communications Security
(CCS), Alexandria, VA, 2005.

67

You might also like