GENERATING CLOUD MONITORS FROM MODELS TO

SECURE CLOUDS

A Mini Project Report Submitted to

JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY,

HYDERABAD

In Partial Fulfilment of the requirement For the Award of the Degree of

BACHELOR OF TECHNOLOGY
in
ELECTRONICS AND COMMUNICATION ENGINEERING
Submitted by
1. GAMPA VYSHNAVI (H.T.N0: 20N01A0436)
2. DAMARAPALLI ANUSHA (H.T.N0:20N01A0421)
3. GUJJETI SAIRAM (H.T.N0: 20N01A0444)
4. GUDA ABHILASH (H.T.N0: 20N01A0442)
5. GUNDELLI AJAY (H.T.N0: 20N01A0445)

Under the supervision of

Dr. K. RAVI KUMAR
Associate Professor

Department of Electronics and Communication Engineering

SREE CHAITANYA COLLEGE OF ENGINEERING
(Affiliated to JNTUH, HYDERABAD)
THIMMAPUR, KARIMNAGAR, TELANGANA-505 527

JUNE-2024
 SREE CHAITANYA COLLEGE OF
ENGINEERING
(Affiliated to JNTUH, HYDERABAD)
THIMMAPUR, KARIMNAGAR, TELANGANA-505 527
Department of Electronics and Communication Engineering

CERTIFICATE

This is to certify that the major project report entitled “GENERATING CLOUD
MONITORS FROM MODELS TO SECURE CLOUDS” is being submitted by
GAMPA VYSHNAVI (20N01A0436), DAMARAPALLI ANUSHA
(20N01A0421), GUJJETI SAIRAM (20N01A0444), GUDA ABHILASH
(20N01A0442) and GUNDELLI AJAY (20N01A0445) for partial fulfillment of the
requirement for the award of the degree of Bachelor of Technology in Electronics and
Communication Engineering discipline to the Jawaharlal Nehru Technological
University, Hyderabad during the academic year 2023 - 2024 is a bonafide work carried
out by them under my guidance and supervision.
The result embodied in this report has not been submitted to any other University or
institution for the award of any degree or diploma.

Project Guide Head of the Department

DR. K. RAVI KUMAR DR. S. NARESH KUMAR
Associate Professor Associate Professor & HOD
Department of ECE Department of ECE

EXTERNAL EXAMINER
i
 DECLARATION

We, GAMPA VYSHNAVI (20N01A0436), DAMARAPALLI ANUSHA

(20N01A0421), GUJJETI SAIRAM (20N01A0444), GUDA ABHILASH
(20N01A0442) and GUNDELLI AJAY (20N01A0445) are students of Bachelor of
Technology in Electronics and Communication Engineering, during the academic year
2023-2024, hereby declare that the work presented in this Project Work entitled
GENERATING CLOUD MONITORS FROM MODELS TO SECURE CLOUDS is
the outcome of our own bona fide work and is correct to the best of our knowledge and this
work has been undertaken taking care of Engineering Ethics and carried out under the
supervision of Dr. K. RAVI KUMAR, Associate Professor.

It contains no material previously published or written by another person nor material

which has been accepted for the award of any other degree or diploma of the university or
other institute of higher learning, except where due acknowledgment has been made in the
text.

1. GAMPA VYSHNAVI (H.T.N0: 20N01A0436)

2.DAMARAPALLIANUSHA (H.T.N0:20N01A0421)
3. GUJJETI SAIRAM (H.T.N0:20N01A0444)
4. GUDA ABHILASH (H.T.N0: 20N01A0442)
5. GUNDELLI AJAY (H.T.N0: 20N01A0445)

Date:

Place:

ii
 ACKNOWLEDGEMENT
The Satisfaction that accomplishes the successful completion of any task would be incomplete
without the mention of the people who make it possible and whose constant guidance and
encouragement crown all the efforts with success.

We would like to express our sincere gratitude and indebtedness to our project
supervisor Dr. K. RAVI KUMAR, Associate Professor, Department of Electronics and
Communication Engineering, Sree Chaitanya College of Engineering, LMD Colony,
Karimnagar for his/her valuable suggestions and interest throughout the course of this project.

We also thankful to Head of the department DR. S. NARESH KUMAR, Associate

Professor & HOD, Department of Electronics and Communication Engineering, Sree
Chaitanya College of Engineering, LMD Colony, Karimnagar for providing excellent
infrastructure and a nice atmosphere for completing this project successfully.

We Sincerely extend our thanks to DR. G. VENKATESWARLU, Principal, Sree

Chaitanya College of Engineering, LMD Colony, Karimnagar, for providing all the facilities
required for completion of this project.

We convey our heartfelt thanks to the lab staff for allowing me to use the required
equipment whenever needed.

Finally, we would like to take this opportunity to thank our family for their support
through the work.

We sincerely acknowledge and thank all those who gave directly or indirectly their
support in completion of this work.

1. GAMPA VYSHNAVI
2. DAMARAPALLI ANUSHA
3. GUJJETI SAIRAM
4. GUDA ABHILASH
5. GUNDELLI AJAY

iii
 ABSTRACT

Authorization is an important security concern in cloud computing environments. It

aims at regulating an access of the users to system resources. A large number of resources
associated with REST APIs typical in cloud makes an implementation of security requirements
challenging and error-prone. To alleviate this problem, in this paper we propose an
implementation of security cloud monitor. We rely on model-driven approach to represent the
functional and security requirements. Models are then used to generate cloud monitors. The
cloud monitors contain contracts used to automatically verify the implementation. We use
Django web framework to implement cloud monitor and OpenStack to validate our
implementation

iv
 TABLE OF CONTENTS

CHAPTER NO. TITLE PAGE NOS.

Certificate i
Declaration ii
MSR certificate
Acknowledgement iii
Abstract iv
Table of Contents v-vi
List of Figures vii

CHAPTER-1 INTRODUCTION 1-2

1.1 EXISTING SYSTEM 2
1.2 PROPOSED SYSTEM 3
1.3 OBJECTIVES 3
CHAPTER-2 LITERATURE SURVEY 4-6

CHAPTER-3 MODULES AND INPUT AND OUTPUT DESIGN

3.1 MODULES 7-8
3.2 INPUT DESIGN 8
3.2.1 OBJECTIVES OF INPUT DESIGN 8-9
3.3 OUTPUT DESIGN 9
CHAPTER-4 SYSTEM DESIGN
4.1 SYSTEM ARCHITECTURE 10
4.2 DATA FLOW DIAGRAM 10-13
4.3 UML DIAGRAM 13
4.3.1 GOALS OF UML 14
4.4 USE CASE DIAGRAM 14-16

4.5 CLASS DIAGRAM 17

4.6 SEQUENCE DIAGRAM 17-18

v
 4.7 ACTIVITY DIAGRAM 18-19
CHAPTER-5 SOFTWARE ENVIRRONMENT
5.1 PYTHON 20-29
5.2 DJANGO 30-41
5.2.1 CREATE A PROJECT 31-34
5.2.2 CREATE AN APPLICATION 34-41

CHAPTER-6 SYSTEM STUDY

6.1 FEASIBILITY STUDY

6.1.1 ECONOMICAL FEASIBILITY 42

6.1.2 TECHNICAL FEASIBILITY 42
6.1.3 SOCIAL FEASIBILITY 42

CHAPTER-7 SYSTEM TEST

7.1 TYPES OF TESTS 43-44
7.2 SYSTEM TEST 44-45
7.3 SAMPLE TEST CASE 46

CHAPTER-8 OUTPUTS 47-52

CHAPTER-9 CONCLUSION 53

REFERENCES 54-55

vi
 LIST OF FIGURES
Name of figures Page no.
Fig 4.1: SYSTEM ARCHITECTURE 10
Fig 4.2.1 FLOW CHART OF USER FUNCTION 11

Fig 4.2.2 FLOW CHART OF CLOUD FUNCTION 12

Fig 4.2.3 FLOW CHART OF ADMIN FUNCTION 13

Fig 4.4.1 USE CASE DIAGRAM OF USER 15

Fig 4.4.2 USE CASE DIAGRAM OF CLOUD 16

Fig 4.4.3 USE CASE DIAGRAM OF ADMIN 16

Fig 4.5 CLASS DIAGRAM 17

Fig 4.6 SEQUENCE DIAGRAM 18

Fig 4.7 ACTIVITY DIAGRAM 19

Fig 5.1.2 BLOCK DIAGRAM OF DJANGO 30

Fig 7.5 SAMPLE TEST CASE 46

Fig 8.1 HOME PAGE 47

Fig 8.2 USER LOGIN 47

Fig 8.3 USER REGISTER 48

Fig 8.4 ADMIN LOGIN 48

Fig 8.5 ADMIN APPROVE USER 49

Fig 8.6 USER APP CREATION 49

Fig 8.7 USER APP CHECK 50

Fig 8.8 CLOUD LOGIN 50

Fig 8.9 CLOUD APPROVE APP 51

Fig 8.10 USER UPLOADED FILE 51

Fig 8.11 CLOUD VIEW UPLOADED FILES OF USER 52

vii
 CHAPTER 1

INTRODUCTION

INTRODUCTION

In many companies, private clouds are considered to be an important element of data

center transformations. Private clouds are dedicated cloud environments created for the internal
use by a single organization. According to the Cloud Survey 2017 ,private clouds are adopted
by 72% of the cloud users, while the hybrid cloud adoption (both public and private) accounts
for 67%. The companies, adopting private clouds, vary in size from 500 to more than 2000
employees. Therefore, designing and developing secure private cloud environments for such a
large number of users constitutes a major engineering challenge. Usually, cloud computing
services offer REST APIs (REpresentational State Transfer Application Programming
Interface) to their consumers. REST APIs, e.g., AWS, Windows Azure, OpenStack, define
software interfaces allowing for the use of their resources in various ways.

The REST architectural style exposes each piece of information with a URI, which
results in a large number of URIs that can access the system. Data breach and loss of critical
data are among the top cloud security threats. The large number of URIs further complicates
the task of the security experts, who should ensure that each URI, providing access to their
system, is safeguarded to avoid data breaches or privilege escalation attacks. Since the source
code of the Open Source clouds is often developed in a collaborative manner, it is a subject of
frequent updates. The updates might introduce or remove a variety of features and hence, violate
the security properties of the previous releases. It makes it rather unfeasible to manually check
correctness of the APIs access control implementation and calls for enhanced monitoring
mechanisms. In this paper, we present a cloud monitoring framework that supports a semi-
automated approach to monitoring a private cloud implementation with respect to its
conformance to the functional requirements and API access control policy. Our work uses UML
(Unified Modeling Language) models with OCL (Object Constraint Language) to specify the
behavioral interface with security constraints for the cloud implementation. The behavioral
interface of the REST API provides an information regarding the methods that can be invoked
on it and pre- and post-conditions of the methods. In the current practice, the pre- and post-
conditions are usually given as the textual descriptions associated with the API methods. In our

1
work, we rely on the Design by Contract (DbC) framework , which allows us to define security
and functional requirements as verifiable contracts.

Our methodology enables creating a (stateful) wrapper that emulates the usage
scenarios and defines security-enriched behavioural contracts to monitor cloud. Moreover, the
proposed approach also facilitates the requirements traceability by ensuring the propagation of
the security specifications into the code. This also allows the security experts to observe the
coverage of the security requirements during the testing phase.

The approach is implemented as a semi-automatic code generation tool in Django – a

Python web framework – and validated using OpenStack as a case study. OpenStack is an open
source cloud computing framework providing IaaS (Infrastructure as a Service) . The validation
using OpenStack has shown promising results and motivates us to continue the tool
development described in this paper. The paper is organized as follows: section II motivates our
work. Section III gives an overview of our cloud monitoring framework. In section IV, we
present our design approach to modelling stateful REST services. The contract generation
mechanism is described in section V. Section VI presents the tool architecture and our work
with monitoring OpenStack. The related work and the conclusion are presented in sections VII
and VIII correspondingly.

1.1 EXISTING SYSTEM

The current state of cloud security often relies on reactive measures, with limited or
manual monitoring capabilities. Security measures may be fragmented, and there might be a
lack of real-time insights into the cloud environment. Misconfigurations and security incidents
may go unnoticed until they escalate, leading to increased vulnerabilities.

Disadvantages of existing system

Reactive Approach: The existing system often relies on reactive measures, addressing security
incidents after they occur, which can result in delayed responses and increased damage.

Fragmented Security Measures: Security measures may be fragmented, lacking a cohesive

and integrated approach, making it challenging to manage and respond comprehensively to
diverse security challenges.

Limited Insights: Lack of real-time insights into the cloud environment may result in delayed
identification and resolution of security vulnerabilities, exposing the organization to
unnecessary risks.
2
1.2 PROPOSED SYSTEM

PROPOSED SYSTEM in cloud monitoring and securing clouds allow for improved security
measures, ensuring that data and applications stored in the cloud are protected from
unauthorized access,Real-time Monitoring, Automation, Threat Intelligence Integration, Cost-
effectiveness.

Advantages of proposed system

Proactive Threat Detection: The proposed system introduces automated cloud monitoring
aligned with security models, enabling proactive identification and response to potential
security threats at an early stage.

Real-Time Monitoring and Alerts: Real-time monitoring and automated alerts provide a
proactive incident response mechanism, minimizing the impact of security incidents by
facilitating swift intervention.

Automated Configuration Management: Continuous configuration management is

automated, allowing for the prompt identification and rectification of misconfigurations,
reducing the likelihood of security vulnerabilities.

Data Protection and Privacy Measures: Implementation of measures to protect sensitive data
ensures the confidentiality and integrity of data, with immediate responses to unauthorized
access or modifications.

1.3 OBJECTIVES

Our main Objective to this approach is Identifying and mitigating security

vulnerabilities, Providing real-time threat intelligence, Improving overall cloud infrastructure
management, Facilitating automated remediation. Identify and respond to potential security
threats in the cloud environment at an early stage. Facilitate a proactive response mechanism
through real-time monitoring and automated alerts to minimize the impact of security incident.
Enable continuous monitoring of cloud configurations, promptly identifying and rectifying
misconfigurations to enhance overall security. Monitor user access and authentication activities
in real time to prevent unauthorized access attempts and strengthen access controls. Safeguard
sensitive data by identifying and responding to unauthorized access or modifications,
maintaining data integrity and confidentiality.

3
 CHAPTER 2

LITERATURE SURVEY

1) Model driven security for web services

AUTHORS: MM Alam et al.

Model driven architecture is an approach to increase the quality of complex software

systems based on creating high level system models that represent systems at different abstract
levels and automatically generating system architectures from the models. We show how this
paradigm can be applied to what we call model driven security for Web services. In our
approach, a designer builds an interface model for the Web services along with security
requirements using the object constraint language (OCL) and role based access control (RBAC)
and then generates from these specifications a complete configured security infrastructure in
the form of Extended Access Control Markup Language (XACML) policy files. Our approach
can be used to improve productivity during the development of secure Web services and quality
of resulting systems.

2) Run-time generation, transformation, and verification of access control models for self-
protection

AUTHORS: Chen, Bihuan; Peng, Xin; Yu, Yijun; Nuseibeh, Bashar and Zhao, Wenyun (2014).

A self-adaptive system uses runtime models to adapt its ar-chitecture to the changing
requirements and contexts. How-ever, there is no one-to-one mapping between the require-
ments in the problem space and the architectural elements in the solution space. Instead, one
refined requirement may crosscut multiple architectural elements, and its realization in volves
complex behavioral or structural interactions manifested as architectural design decisions. In
this paper we pro-pose to combine two kinds of self-adaptations: requirements-driven self-
adaptation, which captures requirements as goal models to reason about the best plan within the
problem space, and architecture-based self-adaptation, which cap-tures architectural design
decisions as decision trees to search for the best design for the desired requirements within the
contextualized solution space. Following these adaptations, component-based architecture
models are reconfigured using incremental and generative model transformations. Com-pared
with requirements-driven or architecture-based approaches, the case study using an online
4
shopping bench-mark shows promise that our approach can further improve the effectiveness
of adaptation (e.g. system throughput in this case study) and offer more adaptation flexibility

3. Towards development of secure systems using umlsec.

AUTHORS: Jan J¨urjens

We show how UML (the industry standard in object-oriented modelling) can be used to
express security requirements during system development. Using the extension mechanisms
provided by UML, we incorporate standard concepts from formal methods regarding multi-
level secure systems and security protocols. These definitions evaluate diagrams of various
kinds and indicate possible vulnerabilities.On the theoretical side, this work exemplifies use of
the extension mechanisms of UML and of a (simplified) formal semantics for it. A more
practical aim is to enable developers (that may not be security specialists) to make use of
established knowledge on security engineering through the means of a widely used notation

4. Cloud computing the business perspective

AUTHORS: Sean Marston et al

The evolution of cloud computing over the past few years is potentially one of the major
advances in the history of computing. However, if cloud computing is to achieve its potential,
there needs to be a clear understanding of the various issues involved, both from the
perspectives of the providers and the consumers of the technology. While a lot of research is
currently taking place in the technology itself, there is an equally urgent need for understanding
the business-related issues surrounding cloud computing. In this article, we identify the
strengths, weaknesses, opportunities and threats for the cloud computing industry. We then
identify the various issues that will affect the different stakeholders of cloud computing. We
also issue a set of recommendations for the practitioners who will provide and manage this
technology. For IS researchers, we outline the different areas of research that need attention so
that we are in a position to advice the industry in the years to come. Finally, we outline some
of the key issues facing governmental agencies who, due to the unique nature of the technology,
will have to become intimately involved in the regulation of cloud computing.

5
5. An Extensive Systematic Review on Model-Driven Development of Secure Systems

AUTHORS: PhuHNguyenetal

Model-Driven Security (MDS) is as a specialised Model-Driven Engineering research

area for supporting the development of secure systems. Over a decade of research on MDS has
resulted in a large number of publications. Objective: To provide a detailed analysis of the state
of the art in MDS, a systematic literature review (SLR) is essential. Method: We conducted an
extensive SLR on MDS. Derived from our research questions, we designed a rigorous,
extensive search and selection process to identify a set of primary MDS studies that is as
complete as possible. Our three-pronged search process consists of automatic searching, manual
searching, and snowballing. After discovering and considering more than thousand relevant
papers, we identified, strictly selected, and reviewed 108 MDS publications. Results: The
results of our SLR show the overall status of the key artefacts of MDS, and the identified
primary MDS studies. E.g. regarding security modelling artefact, we found that developing
domain-specific languages plays a key role in many MDS approaches. The current limitations
in each MDS artefact are pointed out and corresponding potential research directions are
suggested. Moreover, we categorise the identified primary MDS studies into 5 principal MDS
studies, and other emerging or less common MDS studies. Finally, some trend analyses of MDS
research are given. Conclusion: Our results suggest the need for addressing multiple security
concerns more systematically and simultaneously, for tool chains supporting the MDS
development cycle, and for more empirical studies on the application of MDS methodologies.
To the best of our knowledge, this SLR is the first in the field of Software Engineering that
combines a snowballing strategy with database searching. This combination has delivered an
extensive literature study on MDS.

6
 CHAPTER 3

MODULES AND INPUT AND OUTPUT DESIGN

3.1 MODULES

 user
 cloud
 admin
 Machine learning

User
It defines the access rights of the cloud users. A volume can be created, if the it has not
exceeded its quota of the permitted volumes and a user Authorization is an important security
concern in cloud computing environments. a POST request from the authorized user on the
volumes resource would create a new volume. a DELETE request on the volume resource by
an authorized user would delete the volume . if the user of the service is authorized to do so,
and the volume is not attached to any instance .It aims at regulating an access of the users to
system resources.
Cloud
The cloud monitors contain contracts used to automatically verify the implementation . A
cloud developer uses IaaS to develop a private cloud for her/his organization that would be used
by different cloud users within the organization. In some cases, this private cloud may be
implemented by a group of developers working collaboratively on different machines. We use
Django web framework to implement cloud monitor and OpenStack to validate our
implementation.
Admin
The cloud administrator using Keystone and users or user groups are assigned the roles in
these projects. It defines the access rights of the cloud users in the project. A volume can be
created, if the project has not exceeded its quota of the permitted volumes and a user is
authorized to create a volume in the project. Similarly, a volume can be deleted, if the user of
the service is authorized to do so, and the volume is not attached to any instance, i.e., its status
is not in-use.

7
Machine learning
Machine learning refers to the computer’s acquisition of a kind of ability to make
predictive judgments and make the best decisions by analyzing and learning a large number of
existing data. The representation algorithms include deep learning, artificial neural network,
decision tree, enhancement algorithm and so on. The key way for computers to acquire artificial
intelligence is machine learning. Nowadays, machine learning plays an important role in
various fields of artificial intelligence. Whether in aspects of internet search, biometric
identification, auto driving, Mars robot, or in American presidential election, military decision
assistants and so on, basically, as long as there is a need for data analysis, machine learning can
be used to play a role.
3.2 INPUT DESIGN

The input design is the link between the information system and the user. It
comprises the developing specification and procedures for data preparation and those steps are
necessary to put transaction data in to a usable form for processing can be achieved by
inspecting the computer to read data from a written or printed document or it can occur by
having people keying the data directly into the system. The design of input focuses on
controlling the amount of input required, controlling the errors, avoiding delay, avoiding extra
steps and keeping the process simple. The input is designed in such a way so that it provides
security and ease of use with retaining the privacy. Input Design considered the following
things:

 What data should be given as input?

 How the data should be arranged or coded?
 The dialog to guide the operating personnel in providing input.
 Methods for preparing input validations and steps to follow when error occur.

3.2.1 OBJECTIVES

1.Input Design is the process of converting a user-oriented description of the input into a
computer-based system. This design is important to avoid errors in the data input process and
show the correct direction to the management for getting correct information from the
computerized system.

2. It is achieved by creating user-friendly screens for the data entry to handle large volume of
data. The goal of designing input is to make data entry easier and to be free from errors. The
8
data entry screen is designed in such a way that all the data manipulates can be performed. It
also provides record viewing facilities.

3.When the data is entered it will check for its validity. Data can be entered with the help of
screens. Appropriate messages are provided as when needed so that the user will not be in maize
of instant. Thus the objective of input design is to create an input layout that is easy to follow

3.3 OUTPUT DESIGN

A quality output is one, which meets the requirements of the end user and presents
the information clearly. In any system results of processing are communicated to the users and
to other system through outputs. In output design it is determined how the information is to be
displaced for immediate need and also the hard copy output. It is the most important and direct
source information to the user. Efficient and intelligent output design improves the system’s
relationship to help user decision-making.

1. Designing computer output should proceed in an organized, well thought out manner; the
right output must be developed while ensuring that each output element is designed so that
people will find the system can use easily and effectively. When analysis design computer
output, they should Identify the specific output that is needed to meet the requirements.

2.Select methods for presenting information.

3.Create document, report, or other formats that contain information produced by the system.

The output form of an information system should accomplish one or more of the
following objectives.

 Convey information about past activities, current status or projections of the

 Future.
 Signal important events, opportunities, problems, or warnings.
 Trigger an action.
 Confirm an action.

9
 CHAPTER 4

SYSTEM DESIGN

4.1 SYSTEM ARCHITECTURE

Fig 4.1: System architecture

4.2 DATA FLOW DIAGRAM:

1.The DFD is also called as bubble chart. It is a simple graphical formalism that can be used to
represent a system in terms of input data to the system, various processing carried out on this
data, and the output data is generated by this system.
2. The data flow diagram (DFD) is one of the most important modeling tools. It is used to model
the system components. These components are the system process, the data used by the process,
an external entity that interacts with the system and the information flows in the system.

3. DFD shows how the information moves through the system and how it is modified by a series
of transformations. It is a graphical technique that depicts information flow and the
transformations that are applied as data moves from input to output.

10
DFD is also known as bubble chart. A DFD may be used to represent a system at any level of
abstraction. DFD may be partitioned into levels that represent increasing information flow and
functional detail.

Fig 4.2.1 flow chart of user function

11
Fig 4.2.2 flow chart of cloud function

12
Fig 4.2.3 flow chart of admin function

13
4.3 UML DIAGRAMS

UML stands for Unified Modeling Language. UML is a standardized general-purpose

modeling language in the field of object-oriented software engineering. The standard is
managed, and was created by, the Object Management Group.
The goal is for UML to become a common language for creating models of object
oriented computer software. In its current form UML is comprised of two major components:
a Meta-model and a notation. In the future, some form of method or process may also be added
to; or associated with, UML.
The Unified Modeling Language is a standard language for specifying, Visualization,
Constructing and documenting the artifacts of software system, as well as for business modeling
and other non-software systems.
The UML represents a collection of best engineering practices that have proven
successful in the modeling of large and complex systems.
The UML is a very important part of developing objects oriented software and the
software development process. The UML uses mostly graphical notations to express the design
of software projects.

4.3.1 GOALS:
The Primary goals in the design of the UML are as follows:
1. Provide users a ready-to-use, expressive visual modeling Language so that they can
develop and exchange meaningful models.
2. Provide extendibility and specialization mechanisms to extend the core concepts.
3. Be independent of particular programming languages and development process.
4. Provide a formal basis for understanding the modeling language.
5. Encourage the growth of OO tools market.
6. Support higher level development concepts such as collaborations, frameworks, patterns
and components.
7. Integrate best practices.

4.4 USE CASE DIAGRAM:

A use case diagram in the Unified Modeling Language (UML) is a type of behavioral
diagram defined by and created from a Use-case analysis. Its purpose is to present a graphical
14
overview of the functionality provided by a system in terms of actors, their goals (represented
as use cases), and any dependencies between those use cases. The main purpose of a use case
diagram is to show what system functions are performed for which actor. Roles of the actors in
the system can be depicted.

Fig 4.4.1 use case diagram of user

15
Fig 4.4.2 use case diagram of cloud

Fig 4.4.3 use case diagram of admin

16
4.5 CLASS DIAGRAM:

In software engineering, a class diagram in the Unified Modeling Language (UML) is a type of
static structure diagram that describes the structure of a system by showing the system's classes,
their attributes, operations (or methods), and the relationships among the classes. It explains
which class contains information.

Fig 4.5: class diagram

4.6 SEQUENCE DIAGRAM:

A sequence diagram in Unified Modeling Language (UML) is a kind of interaction diagram

that shows how processes operate with one another and in what order. It is a construct of a
Message Sequence Chart. Sequence diagrams are sometimes called event diagrams, event
scenarios, and timing diagrams.

17
 Fig 4.6: Sequence diagram

4.7 ACTIVITY DIAGRAM:

Activity diagrams are graphical representations of workflows of stepwise activities and actions
with support for choice, iteration and concurrency. In the Unified Modeling Language, activity
diagrams can be used to describe the business and operational step-by-step workflows of
components in a system. An activity diagram shows the overall flow of control.

18
Fig 4.7: Activity diagram

19
 CHAPTER 5

SOFTWARE ENVIRONMENT

5.1 PYTHON

Python is a general-purpose interpreted, interactive, object-oriented, and high-level

programming language. An interpreted language, Python has a design philosophy that
emphasizes code readability (notably using whitespace indentation to delimit code
blocks rather than curly brackets or keywords), and a syntax that allows programmers to express
concepts in fewer lines of code than might be used in languages such as C++or Java. It provides
constructs that enable clear programming on both small and large scales. Python interpreters
are available for many operating systems. CPython, the reference implementation of Python,
is open source software and has a community-based development model, as do nearly all of its
variant implementations. CPython is managed by the non-profit Python Software Foundation.
Python features a dynamic type system and automatic memory management. It supports
multiple programming paradigms, including object-
oriented, imperative, functional and procedural, and has a large and comprehensive standard
library.

Interactive Mode Programming

Invoking the interpreter without passing a script file as a parameter brings up the
following prompt −

$ python

Python 2.4.3 (#1, Nov 11 2010, 13:34:43)

[GCC 4.1.2 20080704 (Red Hat 4.1.2-48)] on linux2

Type "help", "copyright", "credits" or "license" for more information.

>>>

Type the following text at the Python prompt and press the Enter −
20
>>> print "Hello, Python!"

If you are running new version of Python, then you would need to use print statement with
parenthesis as in print ("Hello, Python!");. However in Python version 2.4.3, this produces the
following result −

Hello, Python!

Script Mode Programming

Invoking the interpreter with a script parameter begins execution of the script and continues
until the script is finished. When the script is finished, the interpreter is no longer active.

Let us write a simple Python program in a script. Python files have extension .py. Type the
following source code in a test.py file −

Live Demo

print "Hello, Python!"

We assume that you have Python interpreter set in PATH variable. Now, try to run this program
as follows −

$ python test.py

This produces the following result −

Hello, Python!

Let us try another way to execute a Python script. Here is the modified test.py file −

Live Demo
21
#!/usr/bin/python

print "Hello, Python!"

We assume that you have Python interpreter available in /usr/bin directory. Now, try to run this
program as follows −

$ chmod +x test.py # This is to make file executable

$./test.py

This produces the following result −

Hello, Python!

Python Identifiers

A Python identifier is a name used to identify a variable, function, class, module or other object.
An identifier starts with a letter A to Z or a to z or an underscore (_) followed by zero or more
letters, underscores and digits (0 to 9).

Python does not allow punctuation characters such as @, $, and % within identifiers. Python is
a case sensitive programming language. Thus, Manpower and manpower are two different
identifiers in Python.

Reserved Words

The following list shows the Python keywords. These are reserved words and you cannot use
them as constant or variable or any other identifier names. All the Python keywords contain
lowercase letters only.

22
and exec not

assert finally or

break for pass

class from print

continue global raise

def if return

del import try

elif in while

else is with

except lambda yield

Lines and Indentation

Python provides no braces to indicate blocks of code for class and function definitions or flow
control. Blocks of code are denoted by line indentation, which is rigidly enforced.

The number of spaces in the indentation is variable, but all statements within the block must be
indented the same amount. For example −

if True:

print "True"

else:

print "False"

Comments in Python

A hash sign (#) that is not inside a string literal begins a comment. All characters after the # and
up to the end of the physical line are part of the comment and the Python interpreter ignores
them.

23
 Live Demo

#!/usr/bin/python

# First comment

print "Hello, Python!" # second comment

This produces the following result −

Hello, Python!

You can type a comment on the same line after a statement or expression −

name = "Madisetti" # This is again comment

You can comment multiple lines as follows −

Following triple-quoted string is also ignored by Python interpreter and can be used as a
multiline comments:

'''

This is a multiline

comment.

'''

Command Line Arguments

Many programs can be run to provide you with some basic information about how they should
be run. Python enables you to do this with -h −

$ python -h

usage: python [option] ... [-c cmd | -m mod | file | -] [arg] ...

Options and arguments (and corresponding environment variables):

24
-c cmd : program passed in as string (terminates option list)

-d : debug output from parser (also PYTHONDEBUG=x)

-E : ignore environment variables (such as PYTHONPATH)

-h : print this help message and exit

You can also program your script in such a way that it should accept various options. Command
Line Arguments is an advanced topic and should be studied a bit later once you have gone
through rest of the Python concepts.

Python Lists

The list is a most versatile datatype available in Python which can be written as a list of comma-
separated values (items) between square brackets. Important thing about a list is that items in a
list need not be of the same type.

Creating a list is as simple as putting different comma-separated values between square

brackets. For example −

list1 = ['physics', 'chemistry', 1997, 2000];

list2 = [1, 2, 3, 4, 5 ];

list3 = ["a", "b", "c", "d"]

Similar to string indices, list indices start at 0, and lists can be sliced, concatenated and so on.

A tuple is a sequence of immutable Python objects. Tuples are sequences, just like lists. The
differences between tuples and lists are, the tuples cannot be changed unlike lists and tuples use
parentheses, whereas lists use square brackets.

Creating a tuple is as simple as putting different comma-separated values. Optionally you can
put these comma-separated values between parentheses also. For example −

tup1 = ('physics', 'chemistry', 1997, 2000);

25
tup2 = (1, 2, 3, 4, 5 );

tup3 = "a", "b", "c", "d";

The empty tuple is written as two parentheses containing nothing −

tup1 = ();

To write a tuple containing a single value you have to include a comma, even though there is
only one value −

tup1 = (50,);

Like string indices, tuple indices start at 0, and they can be sliced, concatenated, and so on.

Accessing Values in Tuples

To access values in tuple, use the square brackets for slicing along with the index or indices to
obtain value available at that index. For example −

Live Demo

#!/usr/bin/python

tup1 = ('physics', 'chemistry', 1997, 2000);

tup2 = (1, 2, 3, 4, 5, 6, 7 );

print "tup1[0]: ", tup1[0];

print "tup2[1:5]: ", tup2[1:5];

When the above code is executed, it produces the following result −

tup1[0]: physics

26
tup2[1:5]: [2, 3, 4, 5]

Updating Tuples

Accessing Values in Dictionary

To access dictionary elements, you can use the familiar square brackets along with the key to
obtain its value. Following is a simple example −

Live Demo

#!/usr/bin/python

dict = {'Name': 'Zara', 'Age': 7, 'Class': 'First'}

print "dict['Name']: ", dict['Name']

print "dict['Age']: ", dict['Age']

When the above code is executed, it produces the following result −

dict['Name']: Zara

dict['Age']: 7

If we attempt to access a data item with a key, which is not part of the dictionary, we get an
error as follows −

Live Demo

#!/usr/bin/python

dict = {'Name': 'Zara', 'Age': 7, 'Class': 'First'}

print "dict['Alice']: ", dict['Alice']

27
When the above code is executed, it produces the following result −

dict['Alice']:

Traceback (most recent call last):

File "test.py", line 4, in <module>

print "dict['Alice']: ", dict['Alice'];

KeyError: 'Alice'

Updating Dictionary

You can update a dictionary by adding a new entry or a key-value pair, modifying an existing
entry, or deleting an existing entry as shown below in the simple example −

Live Demo

#!/usr/bin/python

dict = {'Name': 'Zara', 'Age': 7, 'Class': 'First'}

dict['Age'] = 8; # update existing entry

dict['School'] = "DPS School"; # Add new entry

print "dict['Age']: ", dict['Age']

print "dict['School']: ", dict['School']

When the above code is executed, it produces the following result −

dict['Age']: 8

dict['School']: DPS School

Delete Dictionary Elements

28
You can either remove individual dictionary elements or clear the entire contents of a dictionary.
You can also delete entire dictionary in a single operation.

To explicitly remove an entire dictionary, just use the del statement. Following is a simple
example −

Live Demo

#!/usr/bin/python

dict = {'Name': 'Zara', 'Age': 7, 'Class': 'First'}

del dict['Name']; # remove entry with key 'Name'

dict.clear(); # remove all entries in dict

del dict ; # delete entire dictionary

print "dict['Age']: ", dict['Age']

print "dict['School']: ", dict['School']

This produces the following result. Note that an exception is raised because after del dict
dictionary does not exist any more −

dict['Age']:

Traceback (most recent call last):

File "test.py", line 8, in <module>

print "dict['Age']: ", dict['Age'];

TypeError: 'type' object is unsubscriptable

Note − del() method is discussed in subsequent section.

29
5.2 DJANGO

Django is a high-level Python Web framework that encourages rapid development and
clean, pragmatic design. Built by experienced developers, it takes care of much of the hassle of
Web development, so you can focus on writing your app without needing to reinvent the wheel.
It’s free and open source.

Django's primary goal is to ease the creation of complex, database-driven websites. Django
emphasizes reusability and "pluggability" of components, rapid development, and the principle
of don't repeat yourself. Python is used throughout, even for settings files and data models.

Fig 5.1.2. Block diagram of Django

30
Django also provides an optional administrative create, read, update and delete interface that is
generated dynamically through introspection and configured via admin models

5.2.1 Create a Project

Whether you are on Windows or Linux, just get a terminal or a cmd prompt and navigate to the
place you want your project to be created, then use this code −

$ django-admin startproject myproject

This will create a "myproject" folder with the following structure −

myproject/

manage.py

myproject/

__init__.py

settings.py

urls.py

wsgi.py

The Project Structure

The “myproject” folder is just your project container, it actually contains two elements −

manage.py − This file is kind of your project local django-admin for interacting with your
project via command line (start the development server, sync db...). To get a full list of command
accessible via manage.py you can use the code −

$ python manage.py help

The “myproject” subfolder − This folder is the actual python package of your project. It contains
four files −
31
__init__.py − Just for python, treat this folder as package.

settings.py − As the name indicates, your project settings.

urls.py − All links of your project and the function to call. A kind of ToC of your project.

wsgi.py − If you need to deploy your project over WSGI.

Setting Up Your Project

Your project is set up in the subfolder myproject/settings.py. Following are some important
options you might need to set −

DEBUG = True

This option lets you set if your project is in debug mode or not. Debug mode lets you get more
information about your project's error. Never set it to ‘True’ for a live project. However, this
has to be set to ‘True’ if you want the Django light server to serve static files. Do it only in the
development mode.

DATABASES = {

'default': {

'ENGINE': 'django.db.backends.sqlite3',

'NAME': 'database.sql',

'USER': '',

'PASSWORD': '',

'HOST': '',
32
 'PORT': '',

Database is set in the ‘Database’ dictionary. The example above is for SQLite engine. As stated
earlier, Django also supports −

MySQL (django.db.backends.mysql)

PostGreSQL (django.db.backends.postgresql_psycopg2)

Oracle (django.db.backends.oracle) and NoSQL DB

MongoDB (django_mongodb_engine)

Before setting any new engine, make sure you have the correct db driver installed.

You can also set others options like: TIME_ZONE, LANGUAGE_CODE, TEMPLATE…

Now that your project is created and configured make sure it's working −

$ python manage.py runserver

You will get something like the following on running the above code −

Validating models...

0 errors found

September 03, 2015 - 11:41:50

Django version 1.6.11, using settings 'myproject.settings'

Starting development server at http://127.0.0.1:8000/

33
Quit the server with CONTROL-C.

A project is a sum of many applications. Every application has an objective and can be reused
into another project, like the contact form on a website can be an application, and can be reused
for others. See it as a module of your project.

5.2.2 Create an Application

We assume you are in your project folder. In our main “myproject” folder, the same folder then
manage.py −

$ python manage.py startapp myapp

You just created myapp application and like project, Django create a “myapp” folder with the
application structure −

myapp/

__init__.py

admin.py

models.py

tests.py

views.py

__init__.py − Just to make sure python handles this folder as a package.

admin.py − This file helps you make the app modifiable in the admin interface.

models.py − This is where all the application models are stored.

34
tests.py − This is where your unit tests are.

views.py − This is where your application views are.

Get the Project to Know About Your Application

At this stage we have our "myapp" application, now we need to register it with our Django
project "myproject". To do so, update INSTALLED_APPS tuple in the settings.py file of your
project (add your app name) −

INSTALLED_APPS = (

'django.contrib.admin',

'django.contrib.auth',

'django.contrib.contenttypes',

'django.contrib.sessions',

'django.contrib.messages',

'django.contrib.staticfiles',

'myapp',

Creating forms in Django, is really similar to creating a model. Here again, we just need to
inherit from Django class and the class attributes will be the form fields. Let's add a forms.py
file in myapp folder to contain our app forms. We will create a login form.

myapp/forms.py

#-*- coding: utf-8 -*-

from django import forms

35
class LoginForm(forms.Form):

user = forms.CharField(max_length = 100)

password = forms.CharField(widget = forms.PasswordInput())

As seen above, the field type can take "widget" argument for html rendering; in our case, we
want the password to be hidden, not displayed. Many others widget are present in Django:
DateInput for dates, CheckboxInput for checkboxes, etc.

Using Form in a View

There are two kinds of HTTP requests, GET and POST. In Django, the request object passed as
parameter to your view has an attribute called "method" where the type of the request is set,
and all data passed via POST can be accessed via the request.POST dictionary.

Let's create a login view in our myapp/views.py −

#-*- coding: utf-8 -*-

from myapp.forms import LoginForm

def login(request):

username = "not logged in"

if request.method == "POST":

#Get the posted form

MyLoginForm = LoginForm(request.POST)

if MyLoginForm.is_valid():
36
 username = MyLoginForm.cleaned_data['username']

else:

MyLoginForm = Loginform()

return render(request, 'loggedin.html', {"username" : username})

The view will display the result of the login form posted through the loggedin.html. To test it,
we will first need the login form template. Let's call it login.html.

<html>

<body>

<form name = "form" action = "{% url "myapp.views.login" %}"

method = "POST" >{% csrf_token %}

<div style = "max-width:470px;">

<center>

<input type = "text" style = "margin-left:20%;"

placeholder = "Identifiant" name = "username" />

</center>

</div>

<br>

<div style = "max-width:470px;">

<center>
37
 <input type = "password" style = "margin-left:20%;"

placeholder = "password" name = "password" />

</center>

</div>

<br>

<div style = "max-width:470px;">

<center>

<button style = "border:0px; background-color:#4285F4; margin-top:8%;

height:35px; width:80%;margin-left:19%;" type = "submit"

value = "Login" >

<strong>Login</strong>

</button>

</center>

</div>

</form>

</body>

</html>

38
The template will display a login form and post the result to our login view above. You have
probably noticed the tag in the template, which is just to prevent Cross-site Request Forgery
(CSRF) attack on your site.

{% csrf_token %}

Once we have the login template, we need the loggedin.html template that will be rendered after
form treatment.

<html>

<body>

You are : <strong>{{username}}</strong>

</body>

</html>

Now, we just need our pair of URLs to get started: myapp/urls.py

from django.conf.urls import patterns, url

from django.views.generic import TemplateView

urlpatterns = patterns('myapp.views',

url(r'^connection/',TemplateView.as_view(template_name = 'login.html')),

url(r'^login/', 'login', name = 'login'))

When accessing "/myapp/connection", we will get the following login.html template rendered
−

Setting Up Sessions
39
In Django, enabling session is done in your project settings.py, by adding some lines to the
MIDDLEWARE_CLASSES and the INSTALLED_APPS options. This should be done while
creating the project, but it's always good to know, so MIDDLEWARE_CLASSES should have
−

'django.contrib.sessions.middleware.SessionMiddleware'

And INSTALLED_APPS should have −

'django.contrib.sessions'

By default, Django saves session information in database (django_session table or collection),

but you can configure the engine to store information using other ways like: in file or in cache.

When session is enabled, every request (first argument of any view in Django) has a session
(dict) attribute.

Let's create a simple sample to see how to create and save sessions. We have built a simple
login system before (see Django form processing chapter and Django Cookies Handling
chapter). Let us save the username in a cookie so, if not signed out, when accessing our login
page you won’t see the login form. Basically, let's make our login system we used in Django
Cookies handling more secure, by saving cookies server side.

For this, first lets change our login view to save our username cookie server side −

def login(request):

username = 'not logged in'

if request.method == 'POST':

40
 MyLoginForm = LoginForm(request.POST)

if MyLoginForm.is_valid():

username = MyLoginForm.cleaned_data['username']

request.session['username'] = username

else:

MyLoginForm = LoginForm()

return render(request, 'loggedin.html', {"username" : username}

Then let us create formView view for the login form, where we won’t display the form if cookie
is set −

def formView(request):

if request.session.has_key('username'):

username = request.session['username']

return render(request, 'loggedin.html', {"username" : username})

else:

return render(request, 'login.html', {})

Now let us change the url.py file to change the url so it pairs with our new view −

from django.conf.urls import patterns, url

from django.views.generic import TemplateView

urlpatterns = patterns('myapp.views',

url(r'^connection/','formView', name = 'loginform'),

url(r'^login/', 'login', name = 'login'))

41
 CHAPTER 6

SYSTEM STUDY

6.1 FEASIBILITY STUDY

The feasibility of the project is analyzed in this phase and business proposal is put
forth with a very general plan for the project and some cost estimates. During system analysis
the feasibility study of the proposed system is to be carried out. This is to ensure that the
proposed system is not a burden to the company. For feasibility analysis, some
understanding of the major requirements for the system is essential.Three key considerations
involved in the feasibility analysis are,

6.1.1 ECONOMICAL FEASIBILITY

This study is carried out to check the economic impact that the system will have on
the organization. The amount of fund that the company can pour into the research and
development of the system is limited. The expenditures must be justified. Thus the developed
system as well within the budget and this was achieved because most of the technologies used
are freely available. Only the customized products had to be purchased.

6.1.2 TECHNICAL FEASIBILITY

This study is carried out to check the technical feasibility, that is, the technical
requirements of the system. Any system developed must not have a high demand on the
available technical resources. This will lead to high demands on the available technical
resources. This will lead to high demands being placed on the client. The developed system
must have a modest requirement, as only minimal or null changes are required for implementing
this system.

6.1.3 SOCIAL FEASIBILITY

The aspect of study is to check the level of acceptance of the system by the user.
This includes the process of training the user to use the system efficiently. The user must not
feel threatened by the system, instead must accept it as a necessity. The level of acceptance by
the users solely depends on the methods that are employed to educate the user about the system
and to make him familiar with it. His level of confidence must be raised so that he is also able
to make some constructive criticism, which is welcomed, as he is the final user of the system.

42
 CHAPTER 7

SYSTEM TEST

The purpose of testing is to discover errors. Testing is the process of trying to discover
every conceivable fault or weakness in a work product. It provides a way to check the
functionality of components, sub assemblies, assemblies and/or a finished product It is the
process of exercising software with the intent of ensuring that the Software system meets its
requirements and user expectations and does not fail in an unacceptable manner. There are
various types of test. Each test type addresses a specific testing requirement.

7.1 TYPES OF TESTS

Unit testing
Unit testing involves the design of test cases that validate that the internal program
logic is functioning properly, and that program inputs produce valid outputs. All decision
branches and internal code flow should be validated. It is the testing of individual software units
of the application .it is done after the completion of an individual unit before integration. This
is a structural testing, that relies on knowledge of its construction and is invasive. Unit tests
perform basic tests at component level and test a specific business process, application, and/or
system configuration. Unit tests ensure that each unique path of a business process performs
accurately to the documented specifications and contains clearly defined inputs and expected
results.

Integration testing
Integration tests are designed to test integrated software components to determine
if they actually run as one program. Testing is event driven and is more concerned with the
basic outcome of screens or fields. Integration tests demonstrate that although the components
were individually satisfaction, as shown by successfully unit testing, the combination of
components is correct and consistent. Integration testing is specifically aimed at exposing the
problems that arise from the combination of components.

Functional test
Functional tests provide systematic demonstrations that functions tested are
available as specified by the business and technical requirements, system documentation, and
user manuals.

43
 Functional testing is centered on the following items:

Valid Input : identified classes of valid input must be accepted.

Invalid Input : identified classes of invalid input must be rejected.

Functions : identified functions must be exercised.

Output : identified classes of application outputs must be exercised.

Systems/Procedures : interfacing systems or procedures must be invoked.

Organization and preparation of functional tests is focused on requirements, key

functions, or special test cases. In addition, systematic coverage pertaining to identify Business
process flows; data fields, predefined processes, and successive processes must be considered
for testing. Before functional testing is complete, additional tests are identified and the effective
value of current tests is determined.

7.2 SYSTEM TEST

System testing ensures that the entire integrated software system meets
requirements. It tests a configuration to ensure known and predictable results. An example of
system testing is the configuration oriented system integration test. System testing is based on
process descriptions and flows, emphasizing pre-driven process links and integration points.

White Box Testing

White Box Testing is a testing in which in which the software tester has
knowledge of the inner workings, structure and language of the software, or at least its purpose.
It is purpose. It is used to test areas that cannot be reached from a black box level.

Black Box Testing

Black Box Testing is testing the software without any knowledge of the inner
workings, structure or language of the module being tested. Black box tests, as most other kinds
of tests, must be written from a definitive source document, such as specification or
requirements document, such as specification or requirements document. It is a testing in which
the software under test is treated, as a black box .you cannot “see” into it. The test provides
inputs and responds to outputs without considering how the software works.

44
Unit Testing

Unit testing is usually conducted as part of a combined code and unit test phase
of the software lifecycle, although it is not uncommon for coding and unit testing to be
conducted as two distinct phases.

Test objectives
 All field entries must work properly.
 Pages must be activated from the identified link.
 The entry screen, messages and responses must not be delayed.

Features to be tested
 Verify that the entries are of the correct format
 No duplicate entries should be allowed
 All links should take the user to the correct page.
Integration Testing
Software integration testing is the incremental integration testing of two or more
integrated software components on a single platform to produce failures caused by interface
defects.

The task of the integration test is to check that components or software applications, e.g.
components in a software system or – one step up – software applications at the company level
– interact without error.

Test Results: All the test cases mentioned above passed successfully. No defects encountered.

Acceptance Testing
User Acceptance Testing is a critical phase of any project and requires significant participation
by the end user. It also ensures that the system meets the functional requirements.

Test Results: All the test cases mentioned above passed successfully. No defects encountered.

45
7.3 SAMPLE TEST CASE

Remarks(IF
S.no Test Case Excepted Result Result
Fails)
If USER
USER If USER is not
1 registration Pass
REGISTERED registered.
successfully.
If USER name
and password is If USER name or
2 USER LOGIN correct then it Pass password is not
will getting valid correct.
page.
USER rights will If USER are not
3 ADMIN Pass
be accepted here. registered.
If USER is not
USER upload Choose or select
4 Pass select or SEND
files USER files
MESSAGES
USER app rights
If USER app are
5 cloud will be accepted Pass
not registered.
here.
User can edit
If file is not
6 user user uploaded Pass
available.
file
User can delete
If file is not
user user uploaded Pass
7 available.
file
User can
If file is not
8 user download user Pass
available.
uploaded file
User can upload
If file is not
9 user user uploaded Pass
available.
file

Fig 7.5 sample test case

46
 CHAPTER 8

OUTPUTS

Fig 8.1 home page

Fig 8.2 User login

47
 Fig 8.3 User register

Fig 8.4 Admin login

48
Fig 8.5 Admin approve user

Fig 8.6 User app creation

49
Fig 8.7 user app check

Fig 8.8 Cloud login

50
 Fig 8.9 Cloud approve app

Fig 8.10 User uploaded file

51
Fig 8.11 cloud view uploaded files of users

52
 CHAPTER 9

CONCLUSION

In this paper, we have presented an approach and associated tool for monitoring
security in cloud. We have relied on the model-driven approach to design APIs that exhibit
REST interface features. The cloud monitors, generated from the models, enable an automated
contract-based verification of correctness of functional and security requirements, which are
implemented by a private cloud infrastructure. The proposed semi-automated approach aimed
at helping the cloud developers and security experts to identify the security loopholes in the
implementation by relying on modelling rather than manual code inspection or testing. It helps
to spot the errors that might be exploited in data breaches or privilege escalation attacks. Since
open source cloud frameworks usually undergo frequent changes, the automated nature of our
approach allows the developers to relatively easily check whether functional and security
requirements have been preserved in new releases.

53
 REFERENCES

[1] Amazon Web Services. https://aws.amazon.com/. Accessed: 30.11.2017.

[2] Block Storage API V3 . https://developer.openstack.org/api-ref/ block-storage/v3/.

retrieved: 126.2017.

[3] Cloud Computing Trends: 2017 State of the Cloud Survey. https://www.
rightscale.com/blog/cloud-industry-insights/. Accessed: 30.11.2017.

[4] cURL. http://curl.haxx.se/. Accessed: 20.08.2013.

[5] Extensible markup language (xml). https://www.w3.org/XML/. Accessed: 27.03.2018.

[6] Keystone Security and Architecture Review. Online at https://www.openstack.org/summit/

openstack-summit-atlanta-2014/session-videos/presentation/keystonesecurity-and-
architecture-review. retrieved: 06.2017.

[7] Nomagic MagicDraw. http://www.nomagic.com/products/magicdraw/. Accessed:

27.03.2018.

[8] OpenStack Block Storage Cinder. https://wiki.openstack.org/wiki/ Cinder. Accessed:

26.03.2018.

[9] OpenStack Newton - Installation Guide. https://docs.openstack.org/ newton/install-guide-

ubuntu/overview.html. Accessed: 20.11.2017.

[10] urllib2 - extensible library for opening URLs. Python Documentation. Accessed:
18.10.2012.

[11] Windows Azure. https://azure.microsoft.com. Accessed: 30.11.2017. [

12] MM Alam et al. Model driven security for web services (mds4ws). In Multitopic
Conference, 2004. Proceedings of INMIC 2004. 8th International, pages 498–505. IEEE, 2004.

[13] Mohamed Almorsy et al. Adaptable, model-driven security engineering for saas cloud-
based applications. Automated Software Engineering, 21(2):187–224, 2014.

[14] Christopher Bailey et al. Run-time generation, transformation, and verification of access
control models for self-protection. In Proceedings of the 9th International Symposium on
Software Engineering for Adaptive and Self-Managing Systems, pages 135–144. ACM, 2014.

54
[15] Tim Berners-Lee et al. Hypertext transfer protocol–HTTP/1.0, 1996.

[16] Gaurav Bhatnagar and QMJ Wu. Chaos-based security solution for fingerprint data during
communication and transmission. IEEE Transactions on Instrumentation and Measurement,
61(4):876–887, 2012.

[17] David Ferraiolo et al. Role-based access control (rbac): Features and motivations. In
Proceedings of 11th annual computer security application conference, pages 241–48, 1995.

[18] Django Software Foundation. Django Documentation. Online Documentation of Django

2.0, 2017. https://docs.djangoproject.com/en/2.0/.

[19] Michal Gordon and David Harel. Generating executable scenarios from natural language.
In International Conference on Intelligent Text Processing and Computational Linguistics.
Springer, 2009.

[20] Robert L Grossman. The case for cloud computing. IT professional, 11(2):23–27, 2009.

55