Security and Privacy-Enhancing in

Multi Cloud Architectures

Under the Guidance of
Mr .RAMESH BABU , M.Tech
Asst.Prof ,CSE Dept
Presented by:
K .Yamuna (10701A05b3)
S .Reshma (10701A0564)
N .Swarajitha (10701A0593)
E .Sanjeev prem kumar (10701A0569)
A .Siddartha (11705A0519)




Abstract
Existing System
Disadvantages.
Proposed System
Advantages
Module
System Requirements
Design
Result
Conclusion




Abstract:
Security challenges are still among the biggest obstacles
when considering the adoption of cloud services.
This triggered a lot of research activities, resulting in a
quantity of proposals targeting the various cloud
security threats.
Cloud computing is a
subscription-based service
where you can obtain network
storage space and computing
resources.

When considering using a cloud service, the user must be
aware of the fact that all data given to the cloud provider leave
the own control and protection sphere.
Even more, if deploying data-processing applications to the
cloud (via IaaS or PaaS), a cloud provider gains full control on
these processes.


1.Third party auditors are not control the all security risks.
2. Misuse the cloud services
3. Attackers are going to alter and manipulations of data.


One idea on reducing the risk for data and applications in a public
cloud is the simultaneous usage of multiple clouds.
Several approaches employing this paradigm have been proposed
recently.
It provides four distinct models in the form of abstracted
multicloud architectures.
Achieves the data integrity.
Reduce the attacker risks
It gives the confidentiality
List of the modules:
Replication of applications.
Partition of application System into tiers.
Partition of application logic into fragments.
Partition of application data into fragments.


Instead of executing a particular application on one specific
cloud, the same operation is executed by distinct clouds. By
comparing the obtained results, the cloud user gets evidence
on the integrity of the result.
Instead of trusting one cloud service provider totally, the
cloud user only needs to rely on the assumption that the
cloud providers do not collaborate maliciously against
herself.


Replication of application system
Architecture.



Allows separating the logic from the data gives additional
protection against data leakage due to flaws in the
application logic.
It needs to be noted, that the security services provided by this
architecture can only be fully exploited if the execution of the
application logic on the data is performed on the cloud users
system.




Partition of application system into tiers
Architecture.





Allows distributing the application logic to distinct clouds.
This has two benefits.
o First, no cloud provider learns the complete application logic.
o Second, no cloud provider learns the overall calculated result
of the application. Thus, this leads to data and application
confidentiality.

Partition of application logic into fragments
Architecture




Allows distributing fine-grained fragments of the data to
distinct clouds.
None of the involved cloud providers gains access to all the
data, which safeguards the datas confidentiality.
HARDWARE REQUIREMENTS:

System : Any Processor above 500 MHz.
Hard Disk : 40 GB.
Floppy Drive : 1.44 Mb.
Monitor : 15 VGA Color.
Mouse : Logitech.
RAM : 512 MB.


Language : JDK (1.7.0)
Frontend : JSP, Servlets
Backend : Oracle10g
IDE : my eclipse 8.6
Operating System : windows XP
Owner
Login id
Password
Update files
User
Login id
Password
Download

Owner
Logincheck Home Profile UploadFiles UploadFileStatus Queries Security Logout
1 : Logincheck()
2 : if valid()
3 : not valid
4 : ViewProfile()
5 : Uploadfiles()
6 : ViewAllUploadedFiles()
7 : filestatus
8 : ViewQueries()
9 : GiveSolution
10 : ChangePassword()
11 : Logout()
12 : AgainLogin()
User
Logincheck Home Profile AccessFilefromCloud AccessFiles Queries Security Logout
1 : Logincheck()
2 : if valid()
3 : ViewProfile()
4 : not valid
5 : UpdateProfile
6 : ViewAllUploadedFilesfromserver()
7 : GetKey()
8 : DownloadFiles
9 : filestatus
10 : PostQueries()
11 : ViewSolution
12 : ChangePassword()
13 : Logout()
14 : AgainLogin()
Owner
Authentication
Home
Profile
Uploadfiles
UploadFileStatus
ViewAllUpdatedFiles FileStaus
Queries
ViewQueries
GiveSolutions
ChangePassword
Logout
if fails
if success
User
Authentication
Home
Profile
AccessDetails
AccesssFileFromCloud
GetKey
DownloadFile
Queries
PostQueries
ViewSolutions
ChangePassword
Logout
if fails
if success
owner
Home
Profile ViewProfile
Uploadfiles
UploadFileStatus
ViewAllUploadedFiles
FileStatus
ViewQueries
GiveSolution
ChangePassword
Logout
<<include>>
<<include>>
User
Home
Profile
ViewProfile
AccessFilesFromCloud
GetKey
DownloadFiles
Queries
ViewSolution
ChangePassword
Logout
UpdateProfile
PostQuery
AccessDetails
ViewAllFilesFromServer
Unit Testing
Integration Testing
System Testing
Black Box Testing
White Box Testing

Test Case Name

Test Case Description
Test Steps
Step Expected Actual
Login Validate Login To verify that Login name on login page must
be greater than 1 characters
enter login name less than 1 chars (say a) and
password and click Submit button
an error message Login not less than 1
characters must be displayed
enter login name 1 chars (say a) and password
and click Submit button
Login success full or an error message
Invalid Login or Password must be
displayed
Pwd Validate Password To verify that Password on login page must be
greater than 1 characters
enter Password less than 1 chars (say nothing)
and Login Name and click Submit button
an error message Password not less
than 1 characters must be displayed
Login Page Test Case
Pwd02 Validate Password
To verify that
Password on login
page must be allow
special characters
enter Password with special
characters(say !@hi&*P)
Login Name and click
Submit button
Login success full or an
error message Invalid
Login or Password
must be displayed
Llnk Verify Hyperlinks To Verify the Hyper
Links available at left
side on login page
working or not
Click Sign Up Link Home Page must be
displayed
Click Sign Up Link Sign Up page must be
displayed
Click New Users Link New Users Registration
Form must be
displayed




Test Case Name

Test Case Description
Test Steps
Step Expected Actual
Registration Validate User Name To verify that User name on Registration page
must be Declared
enter User name click Submit button an error message User Name Must be
Declared
Validate Password To verify that Password on Registration page
must be Declared
enter Password click Submit button an error message Password Must be
Declared
Validate First Name To verify that First Name on Registration page
must be Declared
enter First Name click Submit button an error message First Name Must be
Declared
Validate Last Name To verify that Last Name on Registration page
must be Declared
enter Last Name click Submit button an error message Last Name Must be
Declared
Registration Page Test Case
The use of multiple cloud providers for gaining security and
privacy benefits is nontrivial.
For instance, using the n clouds approach (and its integrity
guarantees) in combination with sound data encryption (and its
confidentiality guarantees) may result in approaches that
suffice for both technical and regulatory requirements.

[1] P. Mell and T. Grance, The NIST Definition of Cloud Computing,
Version 15, Natl Inst. of Standards and Technology, Information
Technology Laboratory, vol. 53, p. 50, http://csrc.nist.gov/groups/
SNS/cloud-computing/, 2010.
[2] F. Gens, IT Cloud Services User Survey, pt.2: Top Benefits &
Challenges, blog, http://blogs.idc.com/ie/?p=210, 2008.
[3] Gartner, Gartner Says Cloud Adoption in Europe Will Trail U.S.
by at Least Two Years, http://www.gartner.com/it/page.
jsp?id=2032215, May 2012.
[4] J.-M. Bohli, M. Jensen, N. Gruschka, J. Schwenk, and L.L.L. Iacono,
Security Prospects through Cloud Computing by Adopting
Multiple Clouds, Proc. IEEE Fourth Intl Conf. Cloud Computing
(CLOUD), 2011.
[5] D. Hubbard and M. Sutton, Top Threats to Cloud Computing
V1.0, Cloud Security Alliance, http://www.
cloudsecurityalliance.org/topthreats, 2010.
[6] M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono, On
Technical Security Issues in Cloud Computing, Proc. IEEE Intl
Conf. Cloud Computing (CLOUD-II), 2009.
[7] T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, Hey, You,
Get Off of My Cloud: Exploring Information Leakage in Third-
Party Compute