Date post: | 28-Mar-2015 |
Category: |
Documents |
Upload: | prashanth-baskaran |
View: | 384 times |
Download: | 0 times |
SMIT
CHAPTER 1
1
SMIT
1.INTRODUCTION:
The term “cloud” appears to have its origins in network diagrams that represented the
internet, or various parts of it, as schematic clouds. “Cloud computing” was coined for what
happens when applications and services are moved into the internet “cloud.” It is a pool of
abstracted, highly scalable, and managed compute infrastructure capable of hosting end-
customer applications and billed by consumption. A paradigm in which information is
permanently stored in servers on the Internet and cached temporarily on clients that
include desktops, entertainment centers, table computers, notebooks, wall computers,
handhelds etc. Cloud computing may trace back to a time when computer systems remotely
time-shared computing resources and applications. More currently though, cloud computing
refers to the many different types of services and applications being delivered in the internet
cloud, and the fact that, in many cases, the devices used to access these services and
applications do not require any special applications.
1.1 CHARACTERISTICS:
Cloud computing has a variety of characteristics, with the main ones being:
1.1.1Shared Infrastructure:
Uses a virtualized software model, enabling the sharing of physical services, storage,
and networking capabilities. The cloud infrastructure, regardless of deployment model, seeks
to make the most of the available infrastructure across a number of users.
1.1.2 Dynamic Provisioning:
Allows for the provision of services based on current demand requirements. This is
done automatically using software automation, enabling the expansion and contraction of
service capability, as needed. This dynamic scaling needs to be done while maintaining high
levels of reliability and security.
2
SMIT
Network Access:
Needs to be accessed across the internet from a broad range of devices such as PCs,
laptops, and mobile devices, using standards-based APIs (for example, ones based on
HTTP). Deployments of services in the cloud include everything from using business
applications to the latest application on the newest smartphones.
Managed Metering:
Uses metering for managing and optimizing the service and to provide reporting and
billing information. In this way, consumers are billed for services according to how much
they have actually used during the billing period.
1.2SERVICE MODELS:
Once a cloud is established, how its cloud computing services are deployed in terms
of business models can differ depending on requirements. The primary service models being
deployed are commonly known as:
1.2.1 Software as a Service (SaaS):
Consumers purchase the ability to access and use an application or service that is
hosted in the cloud, where necessary information for the interaction between the consumer
and the service is hosted as part of the service in the cloud.
1.2.2Platform as a Service (PaaS):
Consumers purchase access to the platforms, enabling them to deploy their own
software and applications in the cloud. The operating systems and network access are not
managed by the consumer, and there might be constraints as to which applications can be
deployed.
3
SMIT
1.2.3 Infrastructure as a Service(IaaS):
Consumers control and manage the systems in terms of the operating systems,
applications, storage, and network connectivity, but do not themselves control the cloud
infrastructure.
Enduser application is delivered as a service. Platform and infrastructure is abstracted, and can deployed
and managed with less effort
Application platform onto which custom applications and services can be deployed. Can be built and deployed more inexpensively, although services need to be supported and managed.
Physical infrastructure is abstracted to provide computing, storage, and networking as a service, avoiding the expense and need for dedicated systems.
Fig 1.1 Service Model Types
4
Software as a Service(SaaS)
Platform as a Service(PaaS)
Infrastructure as a Service(IaaS)
SMIT
1.3 DEPLOYMENT MODELS:
Deploying cloud computing can differ depending on requirements, and the following
four deployment models have been identified, each with specific characteristics that support
the needs of the services and users of the clouds in particular ways:
1.3.1. Private Cloud:
The cloud infrastructure has been deployed, and is maintained and operated for a
specific organization. The operation may be in-house or with a third party on the premises.
1.3.2. Community Cloud:
The cloud infrastructure is shared among a number of organizations with similar
interests and requirements. This may help limit the capital expenditure costs for its
establishment as the costs are shared among the organizations. The operation may be in-house
or with a third party on the premises.
1.3.33. Public Cloud:
The cloud infrastructure is available to the public on a commercial basis by a cloud
service provider. This enables a consumer to develop and deploy a service in the cloud
with very little financial outlay compared to the capital expenditure requirements normally
associated with other deployment options.
1.3.4. Hybrid Cloud:
The cloud infrastructure consists of a number of clouds of any type, but the clouds
have the ability through their interfaces to allow data and/or applications to be moved from
one cloud to another. This can be a combination of private and public clouds that support the
requirement to retain some data in an organization, and also the need to offer services in the
cloud.
5
SMIT
CHAPTER 2
6
SMIT
2. LITERATURE REVIEW
2.1 Existing System
In the existing system, single server handles the multiple requests from the
user. Here the server has to process the both the request from the user simultaneously, so the
processing time will high. This may leads to loss of data and corrupted. The server cannot
process the query from the user a proper manner. So processing time gets increased. Software
update/patches could change security settings, assigning privileges too low, or even more
alarmingly too high allowing access to your data by other parties. Security concerns. Experts
claim that their clouds are 100% secure - but it will not be their head on the block when
things go awry. It's often stated that cloud computing security is better than most enterprises.
Control of data/system by third-party. Data - once in the cloud always in the cloud! It is not
sure that a deleted data from an user account, will exist. Implementation data integration
issues are rife due to the difficult.
7
SMIT
2.2 Proposed System:
Cloud Server utilizes the power of the internet so as to ease the access to
applications as well as add power of scalability and high availability. Where as Cloud Storage
is a way of effectively using the existing data storage technology and resources so as to make
them available over the Cloud. Cloud storage allows a great amount of flexibility in terms of
provisioning as per the changing and ever increasing storage requirements, it is easy to add
more space or even reduce as needs change; best of all aspects is that no upfront investments
are required. The applications can vary from storing files, emails, pictures, media files along
with critical databases and important data backup. It provide secure data while store and
retrieve. It can be used cryptographically encryption and decryption in data store and retrieve.
We have used in third party tool (TPA) to monitoring data store and retrieve between owner
and user. It sends the key to user for access data.
2.2.1. Advantages of proposed system:
1. The user will be given status by the data owner and according to it the user acts.
2. On acquiring status, the user has only limited functions which prohibit overwriting.
3. The data will be stowed in encrypted format so as to improve the integrity and
security.
4. For an encrypted data, a private key will be sent to the user for decryption.
8
SMIT
2.3 FEASIBILITY STUDY
Three types of feasibility study are studied. They are operational, technical and financial.
2.3.1 Operational Feasibility
The proposed system does not perform any harm to the clients.
1. The system performance in cloud computing area is excellent.
2. The system does not produce poor results.
2.3.2 Technical feasibility
The necessary technologies exist in this project for the areas:
1. The proposed system has the capacity to hold the data required by ubiquitous network
access.
2. It technically assures for accuracy, reliability and data security.
2.3.3 Financial Feasibility
1. The cost of hardware and software for the class application being considered.
2. The cost to conduct full system audit.
3. The benefits in the form of reduced cost or fewer costly errors.
9
SMIT
3.1 ARCHITECTURE DIAGRAM:
Public Data Auditing
Data Auditing FileAccess
Delegation
Issuing File Access
Fig 3.1 Architecture Diagram
10
Third Party Auditor
Owner Cloud Users
Cloud servers
SMIT
3.1.1 ARCHITECTURE DETAILS
3.1.1.1 Data Owner:
One who creates the data and stores it in cloud is known as data owners. The data
owner has the full rights over the data that has been uploaded in net. The data owner gives
status to the user who opts for the usage of the data.
3.1.1.2 Cloud Server:
It is virtual database where the data of the owner will be saved. All data stored here
will be in encrypted format so as to improve the data privacy and security. Unauthorized
personnel cannot access the data without the prior permission of the data owner.
3.1.1.3 Third Party Auditor:
TPA is the person which helps in auditing purpose of the data that are being stored in
cloud. In order to reduce the work load of data owner TPA has been used for monitoring
purpose.
3.1.1.4 Data User:
One who retrieves data from the cloud server with the prior permission of the data
owner is known to be data user. User request for accessing the data from its owner, on
acquiring the status the user acts according to it.
3.1.1.5 Decrypt:
The data stored in cloud will being changed to original format with the help of private
key given by the data owner by the data user.
11
SMIT
3.2 PROJECT FLOW DIAGRAM:
No
Data
Store data
Retrieve data No
12
Owner
Login
If valid
Encryption
Cloud
Server
User login
If valid
Access file
Decryption
User
Issue File access ctrl
User
SMITFIG 3.2 Data flow diagram
3.3 MODULES
3.3.1 Authentication
3.3.2 File Upload
3.3.3 File Management
3.3.4 User Request
3.3.5 Owner Response
3.3.6 File Downloading
3.3.7 Decryption
3.3.1 AUTHENTICATION:
In this module the verification of the user is done in order to avoid the unauthorized
personnel to create account and start using the data in an unintentional way.
13
Authentication
Rejected
Owner
SMIT
The user requests the data owner for accessing the data. The data owner in turn validates the
request from the user and sets the status accordingly. The data owner may or may not accept
the request given by the user. The status for the user is entirely depends upon the
transparency of the data user. More the reliability of the data user will lead to enjoy more
work permission of the particular data. If the data user fails to accomplish the required
reliability in authentication process, he may be subjected to limited access of data such as
read only. On registering to an owner, the user can access the data related or uploaded to that
particular owner. The user does not have consent about data that are being uploaded by other
data owner. If so the user has to register with that data owner separately.
3.3.2 FILE UPLOAD:
Use any information obtained from our site in an unethical manner. Any information
obtained such as Usernames, IP addresses, email, etc are only used in the administration of
our website and services. We may email our members about site related issues, events, etc.
Only in the case of illegal activity, harassment, or other questionable activities would your
information be shared with a third party. File serves lets you easily upload and share your
files with others online for free. Your files will get unlimited downloads. With their free
hosting account you can store up to 500.0GB worth of files. You can also upload files with a
Maximum file size 1024Mb. They allow you to upload multiple files at once to their free
web servers. This is currently our favorite free file upload site that we have discovered so far.
14
Accepted
Owner Login
Profile
Browse
SMIT
3.3.3 FILE MANAGEMENT:
The data that we work with on computers is kept in a hierarchical file system in which
directories have files and subdirectories beneath them. Although we use the computer
operating system to keep our image data organized, how we name files and folders, how we
arrange these nested folders, and how we handle the files in these folders are the fundamental
aspects of file management. The file management is fully secured, on specific owner and user
file transaction.
File management is ineffective without scheduled maintenance steps that
help clean, protect, and backup the hard drive and the various files and folders in it. This also
means exercising caution when downloading files from e-mail or the internet. Some key steps
comprising maintenance are: deleting or backing up unnecessary files such as, Netscape
cache files, .tmp files, old and/or large files you have not used in a long time; emptying the
recycle bin; at least a weekly scheduled virus scanning of your system and virus definition
updates; backing up critical data; maintaining an updated list of all software and data files on
your system; renaming files and folders cautiously; and, moving files and folders to
appropriate locations to maintain the integrity of the directory structure.
15
Upload
SMIT
3.3.4 USER REQUEST:
Priorly the data user does not have any control or access to data that are being
uploaded by the data owner. User may only view the data that are being uploaded in the
cloud, for accessing the data the user has to send request to the particular data owner who has
the required data that the user has. The user without access the data without registering to the
data owner. This ensures avoiding of unauthorized access of data by a third person. Here the
data owner has full authority over the data and also the user from which a REQUEST has
requested upon.
16
Select User
User Request
Login
Request for status
SMIT
3.3.5 OWNER RESPONSE:
Upon the user request, the data owner accepts or rejects the request given by the user.
If the request is rejected by the owner the user cannot access the files that are available in the
cloud. The data user is then prohibited from using the data that are uploaded in cloud server.
On the other side, if the data owner accepts the request given by the data user then the user is
allowed to view the files that have been uploaded in cloud. Again, here the owner has to set
the status for user regarding the usage of file. Status such as read and write are available in
setting the status of the user. Either one or both the available can be assigned to the user. In
read mode, the user can only view the data in a file while in write mode user can modify the
original content of the file.
17
Checks Request
Set Response
SMIT
3.3.6 FILE DOWNLOADING:
File serves lets you easily download and share your files with others online for free.
Your files will get unlimited downloads. With their free hosting account you can download
maximum file size 1024 Mb. It allows you to multiple files download their free web servers.
Specified user can able to download the file by using the decryption algorithm
from the cryptography method by their specified path. When the downloading process starts
the public key will send to the respected user’s mail id. By using that keys the user done the
download process.
YES NO
YES
18
User login
Status
End
Download
Key to ID
SMIT
3.3.7 DECRYPTION:
In decryption, the file downloaded from the cloud server with the assent of the data
owner it is subjected to decryption process to obtain the original form of it. The decryption
process is done with comfort of the private key that has been sent to the user’s mail id. After
then the original file is obtained by the user.
19
Decrypted File
Key
Decryption
SMIT
3.4 REQUIREMENT SPECIFICATION
3.4.1 HARDWARE SPECIFICATION
1. Hard Disk : 150 MB
2. RAM : 512 MB
3. Processor : Pentium 4
3.4.2 SOFTWARE SPECIFICATION
1. Operating System : Windows XP
2. Front End : MS-Front page
3. Back End : My SQL
3.5 ALGORITH USED
3.5.1 RSA ALGORITHM
The RSA algorithm is named after Ron Rivest, Adi Shamir, and Len Adleman, who
invented it in 1977. The basic technique was first discovered in 1973 by Clifford Cocks of
CESG (part of the British GCHQ) but this first was a secret until 1997. The patent taken out
by RSA labs has expired.
The RSA algorithm can be used for both public key encryption and digital signatures.
Its security is based on the difficulty of factoring large integers.
3.5.2 Key Generation Algorithm
1. Generate two large random primes, p and q, of approximately equal size such that
their product n=pq is of the required bit length, e.g. 1024 bits.
20
SMIT2. Compute n=pq and (φ) phi=(p-1)(q-1).
3. Choose an integer e, 1<e<phi, such that gcd(e,phi)=1.
4. Compute the secret exponent d, 1<d<phi, such that ed=1(mod phi).
5. The public key is (n,e) and the private key is (n,d). Keep all the values d, p, q and phi
secret.
i. n is known as the modulus.
ii. e is known as the public exponent or encryption exponent or just the
exponent.
iii. d is known as the secret exponent or decryption exponent.
3.5.3 Encryption
Sender A does the following:
1. Obtains the recipient B’s public key (n,e).
2. Represents the plaintext message as a positive integer m.
3. Computes the cipher text c=Me mod n.
4. Sends the cipher text c to B.
3.5.4 Decryption
Recipient B does the following:
1. Uses his private key (n,d) to compute M=Cd mod n.
2. Extracts the plaintext from the message representative m.
3.5.5 Summary of RSA:
n=pq, where p and q are distinct primes.
21
SMIT Phi, φ = (p-1)(q-1).
e< n such that gcd(e, phi)=1
d=e-1 mod phi.
C=Me mod n, 1<m<n.
M=Cd mod n.
3.6 UML DIAGRAMS
3.6.1 Use case diagram
Owner User
22
File Encryption
Cloud Server
User File Access
Third Party
Audit
Decryption
SMIT
3.6.2 Sequence Diagram
23
SMIT
SOURCE CODE
24
SMIT
3.7 SOURCE CODE
File Transfer:
<html>
<head></head>
<body background="../FileTransfer.jpg">
<p align="center"><u><b><font size="6" color="#000080">File Upload
</font></b></u> </p>
<form action="load.jsp" enctype="multipart/form-data" method="POST">
<div align="center">
<table border="0" width="70%" height="255" style="border-collapse: collapse">
<tr>
<td background="images/Earth-Upload-icon.png" bgcolor="#FFFFFF"> </td>
<td
width="432"> &nbs
p;
<input type="file" name="file1" style="font-weight: 700"><br>
<p> </td>
</tr>
</table>25
SMIT</div>
<p><br>
</p>
</form>
</body>
</html>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@ page import="java.io.*" %>
<%@page import="java.util.Date"%>
<%@page import="java.sql.*"%>
<%@page import="java.text.*"%>
<jsp:useBean id="h" class="model.Commanmodel"/>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
<script>
function fun()
26
SMIT {
document.frm.action="suc.jsp";
document.frm.submit(); }
</script>
</head>
<!-- upload.jsp -->
<%
String s=(String)session.getAttribute("ownername");
String contentType = request.getContentType();
int df=request.getContentType().length();
System.out.println("df value "+df);
if ((contentType != null) && (contentType.indexOf("multipart/form-data") >= 0))
{
DataInputStream in = new DataInputStream(request.getInputStream());
int formDataLength = request.getContentLength();
System.out.println("length "+formDataLength);
byte dataBytes[] = new byte[formDataLength];
int byteRead = 0;
int totalBytesRead = 0;
System.out.println("dsffffffffffffffffffffffffffffffffffffffffffffffffffffffff");
while (totalBytesRead < formDataLength)
27
SMIT{
byteRead = in.read(dataBytes, totalBytesRead, formDataLength);
totalBytesRead += byteRead; }
String file = new String(dataBytes);
String saveFile = file.substring(file.indexOf("filename=\"") + 10);
saveFile = saveFile.substring(0, saveFile.indexOf("\n"));
saveFile = saveFile.substring(saveFile.lastIndexOf("\\") + 1,saveFile.indexOf("\""));
int lastIndex = contentType.lastIndexOf("=");
String boundary = contentType.substring(lastIndex + 1,contentType.length());
System.out.println(boundary);
int pos;
pos = file.indexOf("filename=\"");
pos = file.indexOf("\n", pos) + 1;
pos = file.indexOf("\n", pos) + 1;
pos = file.indexOf("\n", pos) + 1;
int boundaryLocation = file.indexOf(boundary, pos) - 4;
int startPos = ((file.substring(0, pos)).getBytes()).length;
int endPos = ((file.substring(0, boundaryLocation)).getBytes()).length;
saveFile = "D:\\server\\"+s+"\\" + saveFile;
DateFormat dateFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
Date date1 = new Date();
28
SMIT dateFormat.format(date1);
String ff="upload";
Class.forName("com.mysql.jdbc.Driver");
Connection con =
DriverManager.getConnection("jdbc:mysql://localhost:3306/cloud", "root", "root");
Statement st = con.createStatement();
int state = st.executeUpdate("insert into ggg values('"+s+"','" + saveFile+ "','" +
saveFile.length() + "','" + date1 + "','" + ff+ "')");
//FileOutputStream fileOut = new FileOutputStream(saveFile);
//fileOut.write(dataBytes);
//fileOut.write(dataBytes, startPos, (endPos - startPos));
System.out.println("sart "+startPos);
System.out.println("end "+endPos);
int ps=endPos - startPos;
System.out.println("ps value");
saveFile+="~"+s;
int d=h.insres(dataBytes,saveFile,startPos,endPos);
System.out.println("d value"+d);
//fileOut.flush();
//fileOut.close();
System.out.println("File saved as " +saveFile);
}
29
SMIT%>
<body onload="fun()"><form name="frm"></form> </body>
</html>
import java.io.File;
import java.io.FileOutputStream;
import java.io.ObjectOutputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.crypto.Cipher;
public class Commanmodel {
int state;
byte[] inputBuf;
byte a;
public int insres(byte[] bb , String sf,int a,int b)
{
String dd[]=sf.split("~");
String save=dd[0];
String s=dd[1];
String ss1=save.substring(save.lastIndexOf("\\")+1);
30
SMIT System.out.println("save:::::::"+save);
System.out.println("ssssssssssssss:::::::::"+ss1);
System.out.println("b-a "+(b-a));
byte decryptedFileBytes[]=new byte[b-a];
int j=0;
for(int i=a;i<b;i++)
{
char c=(char) bb[i];
decryptedFileBytes[j]=(byte) c;
j++;
}
String ddf=save.substring(save.lastIndexOf("\\")+1,save.lastIndexOf("."));
String fe=ss1.substring(0, ss1.lastIndexOf("."));
System.out.println("fe:::::::"+ddf+":::::::::::::"+save);
// System.out.println("str:::::::::: "+m);
System.out.println("bytes "+decryptedFileBytes.toString());
try{
KeyPair keyPair = null;
try
{ KeyPairGenerator keyPairGenerator =
KeyPairGenerator.getInstance("RSA");
31
SMIT keyPairGenerator.initialize(1024);
keyPair = keyPairGenerator.generateKeyPair();
}catch (Exception e) {}
KeyPair keyPair0 = keyPair;
PrivateKey privateKey0 = keyPair0.getPrivate();
PublicKey publicKey0 = keyPair0.getPublic();
ObjectOutputStream objectOutputStream = new ObjectOutputStream( new
FileOutputStream(new File("D:\\server\\"+s+"\\key\\"+ddf+"priv.txt")) );
objectOutputStream.writeObject(privateKey0);
objectOutputStream.flush();
objectOutputStream.close();
objectOutputStream = new ObjectOutputStream( new FileOutputStream(new File("D:\\
server\\"+s+"\\key\\"+ddf+"pub.txt")) );
objectOutputStream.writeObject(publicKey0);
objectOutputStream.flush();
objectOutputStream.close();
//Encrypt
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey0);
// ENCRYPT Pub0
int decryptedFileBytesChunkLength = 100;
32
SMIT int numberenOfDecryptedChunks = (decryptedFileBytes.length-1) /
decryptedFileBytesChunkLength + 1;
int encryptedFileBytesChunkLength = 128;
int encryptedFileBytesLength = numberenOfDecryptedChunks *
encryptedFileBytesChunkLength;
byte[] encryptedFileBytes= new byte[ encryptedFileBytesLength ];
//Counters
int decryptedByteIndex = 0;
int encryptedByteIndex = 0;
for(int i = 0; i < numberenOfDecryptedChunks; i++)
{
if(i < numberenOfDecryptedChunks - 1)
{
encryptedByteIndex = encryptedByteIndex + cipher.doFinal(decryptedFileBytes,
decryptedByteIndex, decryptedFileBytesChunkLength, encryptedFileBytes,
encryptedByteIndex);
decryptedByteIndex = decryptedByteIndex + decryptedFileBytesChunkLength;
}
else
{
cipher.doFinal(decryptedFileBytes, decryptedByteIndex,
decryptedFileBytes.length - decryptedByteIndex, encryptedFileBytes, encryptedByteIndex);
}}
33
SMIT inputBuf=encryptedFileBytes;
System.out.println("in "+inputBuf.toString());
FileOutputStream fileOutputStream = new FileOutputStream(save);
fileOutputStream.write(encryptedFileBytes);
fileOutputStream.flush();
fileOutputStream.close();
// System.out.println("length: "+ decryptedFileBytes.length);
// System.out.println("length: "+ encryptedFileBytes.length);
System.out.println("Encryption done");
}catch (Exception e) {
e.printStackTrace();
}
System.out.println("encrypted");
return state;
}
}
34
SMIT
OUTPUT
35
SMIT
3.8 SCREENSHOTS
HOME PAGE
36
SMIT
OWNER’S LOGIN
37
SMIT
OWNER’S REGISTRATION
38
SMIT
OWNER’S LOGIN
39
SMIT
OWNER’S DETAILS
40
SMIT
FILE UPLOAD
41
SMIT
FILE’S DETAILS
42
SMIT
TABLE DESIGN
OWNER’S DETAILS
43
SMIT
UPLOADED FILE DETAILS
44
SMIT
USER PROFILE
45
SMIT
USER REGISTRATION
46
SMIT
USER LOGIN
47
SMIT
3.9 CONCLUSION
Cloud computing has been envisioned as the next-generation architecture
of enterprise IT. In contrast to traditional enterprise IT solutions, where the IT
services are under proper physical, logical, and personnel controls, cloud
computing moves the application software and databases to servers in large
data centers on the Internet, where the management of the data and services are
not fully trustworthy. This unique attribute raises many new security challenges
in areas such as software and data security, recovery, and privacy, as well as
legal issues in areas such as regulatory compliance and auditing, all of which
have not been well understood. In this article we focus on cloud data storage
security.
3.10 FUTURE WORK
1. Till now the trustiness is suspected for user but there may be anonymity of the cloud
service provider.
2. Multi writer model is achieved here that is user can change data and upload in the cloud.
48
SMIT
APPENDIX
49
SMIT
APPENDIX I
JSP
JSP may be viewed as a high-level abstraction of Java servlets. JSP pages are loaded
in the server and operated from a structured special installed Java server packet called a Java
EE Web Application, often packaged as a .war or .ear file archive.
JSP allows Java code and certain pre-defined actions to be interleaved with static web
markup content, with the resulting page being compiled and executed on the server to deliver
an HTML or XML document. The compiled pages and any dependent Java libraries use Java
bytecode rather than a native software format, and must therefore be executed within a Java
virtual machine (JVM) that integrates with the host operating system to provide an abstract
platform-neutral environment.
JSP syntax is a fluid mix of two basic content forms: scriptlet elements and markup.
Markup is typically standard HTML or XML, while scriptlet elements are delimited blocks of
Java code which may be intermixed with the markup. When the page is requested the Java
code is executed and its output is added, in situ, with the surrounding markup to create the
final page. JSP pages must be compiled to Java bytecode classes before they can be executed,
but such compilation is needed only when a change to the source JSP file has occurred.
Java code is not required to be complete (self contained) within its scriptlet element
block, but can straddle markup content providing the page as a whole is syntactically correct
(for example, any Java if/for/while blocks opened in one scriptlet element must be correctly
closed in a later element for the page to successfully compile). This system of split inline
coding sections is called step over scripting because it can wrap around the static markup by
stepping over it. Markup which falls inside a split block of code is subject to that code, so
markup inside an if block will only appear in the output when the if condition evaluates to
true; likewise markup inside a loop construct may appear multiple times in the output
depending upon how many times the loop body runs. The JSP syntax adds additional XML-
like tags, called JSP actions, to invoke built-in functionality. Additionally, the technology
50
SMITallows for the creation of JSP tag libraries that act as extensions to the standard HTML or
XML tags. JVM operated tag libraries provide a platform independent way of extending the
capabilities of a web server. Note that not all commercial Java servers are Java EE
specification compliant.
Features of JSP
1. Ease of use: - JSP pages are installed simply as web pages using natural structure of web
server document tree.
2. Platform independence: - JSP runs on virtually any environment that supports JAVA
servlets and hence it is compatible with any web browsers.
3. This version has new expression language (EL ) syntax that allows deferred evaluation of
expressions. It now enables using the expression to both get and set data and to invoke
methods, and facilitates customizing the resolution of a variable or property referenced by an
expression.
4. It supports resource injection through annotations to simplify configuring access to
resources and environment data.
5. Qualified functions now take precedence over the ternary operator when the "." operator in
use or we can say that ability to redefine the behavior of the "."Operator through a Property
Resolver API.
6. EL now supports "literal expressions". The expression which was previously considered to
be non-EL value text must now be considered an EL expression.
7. EL now supports Java 5.0 enumerations.
8. Ability to plug in Property Resolvers on a per-application and per-page basis.
51
SMIT
APPENDIX II
FRONT PAGE
FrontPage was initially created by the Cambridge, Massachusetts Company Vermeer
Technologies Incorporated, evidence of which can be easily spotted in filenames and
directories prefixed _vti_ in web sites created using FrontPage. Vermeer was acquired by
Microsoft in January 1996 specifically so that Microsoft could add FrontPage to its product
line-up allowing them to gain an advantage in the browser wars as FrontPage was designed
to author for their own browser, Internet Explorer. As a WYSIWYG editor, FrontPage is
designed to hide the details of pages' HTML code from the user, making it possible for
novices to easily create web pages and sites.
FrontPage's initial outing under the Microsoft name came in 1996 with the release of
Windows NT 4.0 Server and its constituent web server Internet Information Services 2.0.
Bundled on CD with the NT 4.0 Server release, FrontPage 1.1 would run under NT 4.0
(Server or Workstation) or Windows 95. Up to FrontPage 98, the FrontPage Editor, which
was used for designing pages was a separate application from the FrontPage Explorer which
was used to manage website folders. With FrontPage 2000, both programs were merged into
the Editor.
FrontPage used to require a set of server-side plug-in originally known as IIS Extensions. The
extension set was significantly enhanced for Microsoft inclusion of FrontPage into the
Microsoft Office line-up with Office 97 and subsequently renamed FrontPage Server
Extensions (FPSE). Both sets of extensions needed to be installed on the target web server for
its content and publishing features to work. Microsoft offered both Windows and Unix-based
versions of FPSE. FrontPage 2000 Server Extensions worked with earlier versions of
FrontPage as well. FPSE 2002 was the last released version which also works with FrontPage
2003 and was later updated for IIS 6.0 as well. With FrontPage 2003, Microsoft began
moving away from proprietary Server Extensions to standard protocols like FTP and
WebDAV for remote web publishing and authoring. FrontPage 2003 can also be used with
Windows SharePoint Services.
52
SMIT
Features
Some of the features in the last version of FrontPage include:
FrontPage 2003 consists of a new Split View option to allow the user to code in Code
View and preview in Design View without the hassle of switching from the Design
and Code View tabs for each review
Dynamic Web Templates (DWT) were included for the first time in FrontPage 2003
allowing users to create a single template that could be used across multiple pages and
even the whole Web site
Interactive Buttons give users a new easy way to create web graphics for navigation
and links, eliminating the need for a complicated image-editing package such as
Adobe Photoshop
The accessibility checker gives the user the ability to check if their code is standards
compliant and that their Web site is easily accessible for people with disabilities. An
HTML optimizer is included to aid in optimizing code to make it legible and quicker
to process
Intellisense, which is a form of autocompletion, is a key new feature in FrontPage
2003 that assists the user while typing in Code View. When working in Code View,
Intellisense will suggest tags and/or properties for the code that the user is entering
which significantly reduces the time to write code. The Quick Tag Editor shows the
user the tag they are currently in when editing in Design View. This also includes the
option to edit the specific tag/property from within the Tag Editor
Code Snippets give users the advantage to create snippets of their commonly used
pieces of code allowing them to store it for easy access whenever it is next needed
FrontPage 2003 includes support for programming in ASP.NET a server-side
scripting language that adds interactivity to Web sites and Web pages
FrontPage 2003 includes support macro in VBA.
53
SMIT
REFERENCES
54
SMIT
REFERENCES
[1] P. Mell and T. Grance, “Draft NIST Working Definition of Cloud Computing,” 2009;
http://csrc.nist.gov/groups/SNS/cloud-computing/index.html
[2] M. Armbrust et al “Above the Clouds: A Berkeley View of Cloud Computing,” Univ.
California, Berkeley, Tech. Rep. UCBEECS-2009-28, Feb. 2009.
[3] Amazon.com, “Amazon s3 Availability Event: July 20, 2008,” July 2008;
http://status.aws.amazon.com/s3-20080720.html
[4] M. Arrington, “Gmail Disaster: Reports of Mass Email Deletions,” Dec. 2006;
http://www.techcrunch.com/2006/12/28/gmail-disaster-reports-of-mass email-deletions/
[5] M. Krigsman, “Apple’s MobileMe Experiences Post-Launch Pain,” July 2008;
http://blogs.zdnet.com/projectfailures/?p=908
[6] A. Juels, J. Burton, and S. Kaliski, “PORs: Proofs of Retrievability for Large Files,” Proc.
ACM CCS ‘07, Oct. 2007, pp. 584–97.
[7] G.Ateniese et al et al., “Provable Data Possession at Untrusted Stores,” CCS ’07 , Oct.
2007, pp. 598–609.
[8] M. A. Shah et al., “Auditing to keep Online Storage Services Honest,” USENIX HotOS
‘07, May 2007.
[9] G. Ateniese et al ., “Scalable and Efficient Provable Data Possession,” ., “Scalable and
Efficient Provable Data Possession,” SecureComm ’08 , Sept. 2008.
[10] H. Shacham and B. Waters, “Compact Proofs of Retrievability,” Crypt ’08 , LNCS, vol.
5350, Dec. 2008, pp. 90–107.
55
SMIT
[11] K. D. Bowers, A. Juels, and A. Oprea, “Hail: A High-Availability and Integrity Layer
for Cloud Storage,” Proc. ACM CCS ’09 , Nov. 2009, pp. 187–98.
[12]C.Wang et al .,”Ensuring Data Storage Security in Cloud Computing,” IWQoS ‘09, July
2009, pp. 1–9.
[13] Q. Wang et al., “Enabling Public Verifiability and Data Dynamics for Storage Security
in Cloud Computing,” Proc. ESORICS ‘09
, Sept. 2009, pp. 355–70.
[14] C. Erway et al ., “Dynamic Provable Data Possession,” Proc. ACM CCS ’09 Nov. 2009,
pp. 213–22.
[15] C. Wang et al. ., “Privacy-Preserving Public Auditing for Storage Security in Cloud
Computing,” Proc. IEEE INFOCOM ‘10
Mar 2010
[16] R. C. Merkle, “Protocols for Public Key Cryptosystems,” Proc. IEEE Symp. Security
privacy 1980
[17] 104th United States Congress, “Health Insurance Portability and Accountability Act of
1996 (HIPAA),” 1996; http://aspe.hhs.gov/admnsimp/pl104191.htm
[18] D. Boneh et al., ., “Aggregate and Verifiably Encrypted Signatures from Bilinear Maps,”
Proc. EuroCrypt ‘03, LNCS, vol. 2656, May 2003, pp. 416–32.
56