TABLE OF CONTENTS

CHAPTER PAGENO
ListofFigures I

ListofTables II

Abstract III

1. INTRODUCTION 1 -3
1.1 Introduction 1

1.2 ProblemDefination 2

1.3 ProblemDescription 3

1.4 ProposedSolution 4

2. LITERATURESURVEY 4-6

2.1 Introduction

2.2 Review paper on

3. SYSTEMANALYSIS 7 -19

3.1 RequirementAnalysis 7

3.2 ExistingSystem 8

3.2.1Disadvantages 8

3.3 ProposedSystem 8

3.3.1Advantages 8

3.4 FeasibilityStudy 9

3.5 RequirementSpecifications 9

3.6 AbouttheTechnology 10-19

 CHAPTER PAGE NO

4. SYSTEM DESIGN 20 -38

4.1 Module Description 20

4.2 Data Design 20-27

4.3 UML Diagrams 28

4.3.1 Class Diagram 28-29

4.3.2 Use case Diagram 29-33

4.3.3 Sequence Diagram 33

4.3.4 Collaboration Diagram 34

4.3.5 Activity Diagram 35

4.4 Data Flow Diagram 36-37

4.5 System Flow Diagram 37-38

5. IMPLENTATION 39– 56

6. TESTING 58 – 66

6.1 Unit Testing 60

6.2 Functional Testing 60
6.3 System Testing 60
6.4 Integration Testing 60
6.5User Acceptance Testing 61
6.6 Performance Testing 62
6.8 Test cases 62-66
7. OUTPUT SCREENS 67 -74

8. CONCLUSION & FUTURE ENHANCEMENT 75

References 76-78
 LIST OF FIGURES

Sl No Fig No LIST OF FIGURES [Link]

14
1 3.6.1 Client-Server Architecture

16
2 3.6.2. Remote Server

I
Sl No Table No Table Name Page No

1. 6.7.1 Admin 63

2. 6.7.2 User 63

3. 6.7.3 Registration 64

II
ONLINE BOOKS REFERENCE
 ABSTRACT
A reference work is a book or periodical (or electronic equivalent) to which one can refer for information.
The information is intended to be found quickly when needed. Reference works are usually referred to for
particular pieces of information, rather than read beginning to end. The writing style used in these works is
informative. Many reference works are compiled by a team of contributors whose work is coordinated by one
or more editors rather than by an individual author. Indices are commonly provided in many types of reference
work.
In comparison, a reference book or reference-only book in a library is one that may only be used in the library
and may not be borrowed from the library. Many such books are reference works (in the first sense), which
are, usually, used briefly or photocopied from, and therefore, do not need to be borrowed. Keeping reference
books in the library assures that they will always be available for use on demand. Some reference-only books
are too valuable to permit borrowers to take them out. Some libraries consist entirely, or to a large extent, of
books which may not be borrowed.
A reference work is useful to its users if they attribute some degree of trust.

III
 Introduction
CHAPTER 1

INTRODUCTION

1.1 Introduction

Our project is an activity which aims to give students a learning experience

with the chance to synthesize their knowledge from different areas of learning.
As we provide the information about the exams like competitive and
Government etc., it helps users to browse the site.
The main objective of our project is to:
Provide the information of the exam
Provide the previous model papers
Provide the books (with links)
Users can download the books

Users can clarify their doubts from this site as there is a forum session where
one user who a doubt can ask and the other users who know the answers can
give the reply them with appropriate answer.

1.1 PROBLEMDEFINITION
The main aim of the project entitled “ONLINE BOOKS REFERENCE” is a website which
provides books for the competitive exams. This project is developed with five layers, which
are:

Security
User details
Exam details
Books detail
Model papers

1.2 PROPOSEDSOLUTION
 Introduction
A social networking service is an online service, platform, or site that focuses on
facilitating the building of social networks or social relations among people who, for
example, share interests, activities, backgrounds, or real-life connections. A social
network service consists of a representation of each user (often a profile), his/her
social links and a variety of additional services. Most social network services are web
based and provide means for users to interact over the Internet, such as e-mail and
instant message. Our prototype application enables multiple associated users to
specify their authorization policies and privacy preferences to co-control a shared data
item.
 A multiparty access control model was formulated, along with a multiparty
policy specification scheme and corresponding policy evolutionmechanism.
 The proposed system shows a novel solution for collaborative management of
shared data inOSN’s
 A flexible access control mechanism in a multi-user environment like OSN’s
should allow multiple controllers, who are associated with the shared data, to
specify access controlpolicies.
 In addition to the owner of data, other controller, including the contributor,
stakeholder and disseminator of data, regulate the access of shareddata.
 CHAPTER 3

SYSTEM ANALYSIS

3.1 REQUIREMENT ANALYSIS

HARDWARE REQUIREMENTS

Processor : Any Processor Speed 1.1 GHz(min)

RAM : 1 GB(min)

HardDiskCapacity : 40 GB(min)

Monitor : AnyMonitor

Keyboard : StandardKeyboard

Mouse : Two ButtonMouse

SOFTWARE REQUIREMENTS

OperatingSystem : Windows XP/7/8/LINUX

ScriptingLanguage : PHP

FrontEnd : HTML, CSS , JavaScript andBootstrap

Database : MYSQL

WebServer : Apacheserver

Tool : Net Beans8.2.2

3.2 EXISTINGSYSTEM

The existing work could model and analyze access control requirements with
respect to collaborative authorization management of shared data in OSNs. The need
of joint management for data sharing, especially photo sharing, in OSNs has been
recognized by the recent work provided a solution for collective privacy management
in OSNs. Their work considered access control policies of a content that is co-owned
by multiple users in an OSN, such that each co-owner may separately specify her/his
own privacy preference for the shared content.

Multiparty Access Control For Online Social Networks Page 7

 System Analysis

3.2.1 DISADVANTAGES OF EXISTINGSYSTEM

 Although OSNs currently provide simple access control mechanisms allowing

users to govern access to information contained in their own spaces, users,
unfortunately, have no control over data residing outside theirspaces.
 For instance, if a user posts a comment in a friend’s space, she/he cannot
specify which users can view thecomment.
 Without accepting the request the stranger can sendmessages
3.3 PROPOSEDSYSTEM

In this paper, we pursue a systematic solution to facilitate collaborative

management of shared data in OSNs. We begin by examining how the lack of
multiparty access control (MPAC) for data sharing in OSNs can undermine the
protection of user data. Some typical data sharing patterns with respect to multiparty
authorization in OSNs are also identified. Based on these sharing patterns, an MPAC
model is formulated to capture the core features of multiparty authorization
requirements that have not been accommodated so far by existing access control
systems and models for OSNs

3.3.1 ADVANTAGES OF PROPOSEDSYSTEM

 Regulate access over shared data, representing authorization requirements
from multiple associated users. A proof-of-concept implementation of our
solution called Controllers has been discussed as well, followed by the
usability study and system evaluation of our [Link]
 , a flexible access control mechanism in a multi-user environment like OSNs
should allow multiple controllers, who are associated with the shared data, to
specify access controlpolicies.
 As we identified previously in the sharing patterns in addition to the owner of
data, other controllers ,including group of users could collude with one
another so as to manipulate the final access controldecision.
3.4 FEASIBILITYSTUDY

A feasibility analysis usually involves a thorough assessment of the operational

(need), financial and technical aspects of a proposal. Feasibility study is the test of the
system proposal made to identify whether the user needs may be satisfied using the
current software and hardware technologies, whether the system will be cost effective
from a business point of view and whether it can be developed with the given
budgetary constraints. A feasibility study should be relatively cheap and done at the
earliest possible time. Depending on the study, the decision is made whether to go
ahead with a more detailed analysis. When a new project is proposed, it normally
goes through feasibility assessment. Feasibility study is carried out to determine
whether the proposed system is possible to develop with available resources and what
should be the costconsideration.

3.5 REQUIREMENTSPECIFICATIONS

Requirements for Multiparty Access Control: In order to support access control in

community-cantered systems, in addition to classic security and usability
requirements considered in many access control systems (e.g., correctness, safety,
reachability, feasibility etc. ad hoc non-functional requirements must be met. We
derive a list of such requirements based on the key characteristics of community-
centered systems that we have discussed in the previous section (see Table II). The
identified requirements can be organized in three main classes. The first class
includes requirements related to policy specification in the context of community and
its dynamic nature. The second class of requirements is related to the governance of
shared resources. Finally, the last class of requirements promotes the usability of
access control systems and the transparency of access decision making for the
members of community-centered systems (who are usually layusers).

We discuss each class of requirements separately and link them with the specific
characteristics of community-centered collaborative systems.

Requirements for Policy Specification: Access control models should be able to

handle the complexity and dynamics of community-centered systems (R1 and R2). To
this end, an access control model should provide elements that facilitate the
specification of access control policies in the context of community-centered systems
multi-party access control, when a binary relationship between the resource owner
and requester is not sufficient Inour bio data example, this requirement translates to
supporting access control policies against the different interpersonal relationships
between the patient and his family and the possibly complex dynamics of
communities. We will discuss proposals aiming to achieve those requirements in
Section

Requirements for Governance: Multi-party systems like community-centered

systems require mechanisms for the collaborative administration of shared resources
(R3). Of particular interest is the ability to reconcile or solve possible conflicts due to
multiple administrators managing the same resource (R4). It is worth noting that
generic policy conflicts are a long-standing issue in access control

Requirements for Usability and Transparency: Usability of access control systems

is even more critical and challenging to achieve in community-centered systems. The
complex nature of community-centered environments, where resources can be
managed by several users, can make the specification and configuration of access
preferences even more challenging and error-prone than in generic access control
systems. Policy specification should be assisted by supporting interfaces that can help
offset the burden from lay users, and address potential dependencies and
inconsistencies it may also be an indication of the limited maturity of this research
field. In particular, the extent to which mechanisms for community-based access
control are actually applicable.

3.6 ABOUT THETECHNOLOGY

PHP
PHP, one of the Web’s most popular programming languages. According to
Net craft PHP was running on more than 20 million Web servers in July 2007. At the
time of writing, it is the fourth most popular programming language in the world
according to TIOBE beaten only by Java, C, and C++. With the introduction of
version 5.3, there’s never been a better time to learn [Link] is a programming
language for building dynamic, interactive Web sites. As a general rule, PHP
programs run on a Web server, and serve Web pages to visitors on request. One of the
key features of PHP is that you can embed PHP code within HTML Web pages,
making it very easy for you to create dynamic content quickly. What exactly does the
phrase “dynamic, interactive Web sites” mean? A dynamic Web page is a page whose
contents can change automatically each time the page is viewed. Contrast this with a
static Web page, such as a simple HTML file, which looks the same each time it’s
displayed Mean while, an interactive Web site is a site that responds to input from its
visitors. A Web forum is a good example users can post new messages to the forum,
which are then displayed on the site for all to see. Another simple example is a
“contact us” form, where visitors interact with the page by filling out and sending a
form, which is then emailed to the Webmaster.

FEATURES OF PHP:

• Simple
• Secure
• Portable

SIMPLE:
It is simple for professional programmer to learn & they can use it effectively.
If we already know structure oriented programming, then learning php is very easy.

SECURE:
As we know many people are affected by viral infection when they download
an executable file or program. Rather than, virus programs we have malicious
programs that can gather private information, such as credit card number, bank
account balances & passwords by searching the contents of your computers local file
system.

PORTABLE:

As already we have discussed about compatibility of operating system,

computers, chips. In Internet the programs have to be dynamically downloaded to all
the various types of platforms like windows for wamp, Linux for lamp and support all
platforms using xampp.

DataBase Management System (DBMS): A Database is an integrated

collection of user related data stored with minimum redundancy, serves many
users/applications quickly and efficiently.
 A database system is basically a computerized record keeping system,
i.e. it is a computerized system whose overall purpose is to maintain information and
make that information available on demand.

DBMS is a collection of inter-related data and set of programs that

allow several users to access and manipulate data. Its main purpose is to provide users
with an abstract view of the data, i.e. the system hides certain details of how the data
is stored andmaintained.

Database Management System is divided into 4 main components

• Database.
• Hardware.
• Software.
• User.

Database: It consists of collection of persistent data that is used by the application

system.

Hardware: The processor(s) and associated main memory that are used to support
the execution of database systemsoftware.

Software: The layer between the physical database and the users that handles all
requests from the user for access to the database.

User: There are three types of users

• ApplicationProgrammers

• EndUser

• Database Administrator(DBA)

TYPES OF DBMS:

There are four major categories of DBMS data models.

• Hierarchical
• Network
• Inverted
• Relational
RELATIONAL DATABASE MANAGEMENT SYSTEMS
Database Management System has evolved from hierarchical to network to
relational models. Today, the most widely accepted database model is the relational
model. The relational database management system uses only its relational
capabilities to manage the information stored in the database. The relational model
has three differentaspects.

• Structures.
• Operation.
• Integrityrules.
STRUCTURES:

They are well-defined objects that store the data of a database structure and
the data contained within them can be manipulated byoperations.

OPERATIONS:

They are clearly defined actions that allow users to manipulate the data and
structures of a database. The operations on a database must adhere to a predefined set
of integrity rules.

ARCHITECTURE:

Fig: 3.6.1 client-server architecture

Client-Server Architecture

The server platform runs on an operating system, naturally, and on that runs
the web server and the database system, MySQL. For us, the web server is
programmed in PHP, and I’ll give my reasons why that’s almost always my choice,
and that of lots of other people, too.

All of my examples will be for UNIX-like operating systems and Apache, and
I’ll make sure I’m clear about that when it matters. So, in essence, it’s the MP part of
LAMP (Linux, Apache, Mysql and Php) that we care about, with P standing for PHP.
Some 99% of everything in Server Operating System

 There are four areas of Windows differences at the PHPlevel.

1. Path and file namedifferences.

2. Different line endings in textfiles.

3. API (application program interface) differences that affect a few PHP functions.
They’re clearly noted in the PHPdocumentation.

4. Command lines executed from a PHP program or directly from the shell or
commandprocessor.

The chief path and file name differences are as follows:

Windows accepts forward slashes in paths in most PHP functions, but you
might get a backslash in a path supplied by a user interactively or when you read one
from a file. I usually convert backslashes to forward ones whenever I input a path on
Windows. Native However, both formats are common on both systems, so this isn’t
really a I’ve dealt with Mac OS and Windows differences a lot in my native
applications that run on those systems, but never in my PHP/MySQL applications,
because I’ve managed to avoid ever running on a Windows server. Your life may not
be so simple, however.

If you get commercial web hosting from one of the numerous commercial
shared-hosting companies, they’re almost always going to use Linux or BSD, with
Windows sometimes being an extra-cost option. Stick with the cheaper Linux or BSD
hosting.
 Web Server You’ll almost always use Apache as the web server on systems
and IIS on Window systems, although Apache also runs on Windows.

Apache configuration is hard to learn, but there are two saving graces for
PHP/Mysql programmers. You rarely have to do much with Apache directly, aside
from occasionally editing file to establish options for a directory. Apache is so widely
used that if you Google whatever issue you’re wrestling with, you’ll usually Usability
issues aside, Apache is efficient, reliable, cheap, well-documented, and ubiquitous, so
it’s my web server of choice, by a wide margin. Your primary interface with Apache
is with the file system that it uses. Every web site has a document root on the server,
and your PHP files need to go under that root directory, or in a subdirectory ofit.

If I copy the file [Link] to that directory with an FTP utility, I can run that
PHP program from a browser by requesting the URL. I usually run lots of
applications on my web site, so I put them in subdirectories under the document root,
and then direct users to a URL with a path after the domain name. For example, my
site Classic Cameras is located e-mail, and my customer doesn’t really care about the
cosmetics of theURL.

Database System There are lots of SQL database systems out there for web
applications, and I’ve used all the major ones, including Microsoft SQL Server,
Oracle, IBM DB2, Postgre SQL, and, of course, MySQL. The first three are excellent
commercial systems. PostgreSQL is an open source system, with origins much older
than MySQL, but it’s less widely used than MySQL, although many hosting
companies offer it as an option.

In the past, MySQL supported such a limited form of SQL that it was
annoying to use for a database professional spoiled by a more complete system like
Oracle or PostgreSQL. But recent versions have changed that, and I now find that it
has everything I want except for check conditions. My reason for preferring MySQL
is simply that I find life easier if I use just one set of platform technologies, and
because MySQL is always there and works extremely well, it’s always my first
choice.

Sun Microsystems bought MySQL in 2008, and Oracle bought Sun about two
years later, so now, somewhat ironically, Oracle owns MySQL. Despite some concern
that Oracle might neglect MySQL development and/or support in order not to
cannibalize Oracle sales, it hasn’t done so, and MySQL remains just as viable as ever.
Nonetheless,

Remote server architecture

Two processes (or tasks) are of concern on the server: the database (MySQL, for us)
and the web server (usually Apache or Microsoft IIS). The PHP processor runs under
control of the web server and executes the PHP files that compose the application.
The four labels in the server box correspond to the elements of the so-called LAMP
stack: operating system (Linux), web server (Apache), database (MySQL), and
language (PHP). As I’ll explain, the first doesn’t have to be Linux and the second
doesn’t have to be Apache. Generally, the last two don’t have to be MySQL and PHP,
but they are in this book, since that’s ourfocus.

Fig: 3.6.2 remote server.

There are usually lots of applications running on the client, but only the
browser that’s connected to the web server running the PHP application is of concern
to us. Since you’re a developer, you also care about the development platform, which
consists of two essential applications, at least: an editor that can create and modify
PHP files and a transfer utility that can copy those files to the web server, typically an
FTP (File Transfer Protocol) or SFTP (Secure File Transfer Protocol) utility,
SERVER PROGRAMMING LANGUAGE:

PHP is always there. I’ve never found a hosting company that didn’t offer it.
Java is sometimes an extra-cost option, if it’s available at all, and Python and Ruby
are often unavailable. PERL is as common as PHP, but it’s an even worse language.
It’s fast. It’s so widely used that there’s lots of optimization for it, especially when
used withApache.

It has an extraordinary collection of extensions that allow it to handle most

any web application. Every web service (Amazon, Facebook, Flicker, etc.) has a PHP
interface. Without supporting PHP, they know their support is incomplete. By
contrast, they can get away with ignoring for these reasons, [Link] that
PHP is used on almost 80% of websites.

So, the answer to why PHP, since I can and have used almost every language
that ever existed, is that it’s pleasant enough to use, always available, extremely well
supported, and nearly always has a function to There are three other languages you’ll
be using, as web application developers always use at least four languages.

The three others are

• HTML (includingCSS),
• JavaScript,and
• SQL, to talk to thedatabase.
HTML and JavaScript run in the browser; never on the server. SQL is passed
to the database from your PHP program, or sometimes used directly on the database,
so it’s a server language.

Design is the first step in moving from problem domain to the solution
domain. Design is essentially the bridge between requirements specification and the
finalsolution.

The goal of design process is to produce a model or representation ofa system,

which can be used later to build that system. The produced model is called the
“Design of the System”. It is a plan for a solution for thesystem.
HTML:

HTML is a hypertext mark-up language which is in reality a backbone of any

website. Every website can’t be structured without the knowledge of html. If we make
our web page only with the help of html, than we can’t add many of the effective
features in a web page, for making a web page more effective we use various
platforms such as CSS. So here we are using this language to make our web pages
more effective as well as efficient. And to make our web pages dynamic we are using
Java script.

CSS:
CSS Stands for "Cascading Style Sheet." Cascading style sheets are used to
format the layout of Web pages. They can be used to define text styles, table sizes,
and other aspects of Web pages that previously could only be defined in a page's
HTML. The basic purpose of CSS is to separate the content of a web document
(written in any mark up language) from its presentation (that is written using
Cascading Style Sheets). There are lots of benefits that one can extract through CSS
like improved content accessibility, betterflexibility.

JAVA SCRIPT
JavaScript is considered to be one of the most famous scripting languages of
all time. JavaScript, by definition, is a Scripting Language of the World Wide Web.
The main usage of JavaScript is to add various Web functionalities, Web form
validations, browser detections, creation of cookies and so on. JavaScript is one of the
most popular scripting languages and that is why it is supported by almost all web
browsers available today like Firefox,

We used the browser Opera or Internet Explorer. JavaScript is considered to

be one of the most powerful scripting languages in use today. It is often used for the
development of client-side web development. JavaScript is used to make web pages
more interactive and dynamic. JavaScript is a light weight programming language and
it is embedded directly into the HTML code. JavaScript, as the name suggests, was
influenced by many languages, especiallyJava.
PHP
PHP is a very powerful server-side scripting language for developing
dynamic web applications. Using PHP, one can build interactive and dynamic
websites with ease. PHP script can be embedded straight into the heart of html code.
PHP is compatible with various web servers like Apache and the Microsoft’s IIS as
well. All the PHP scripts are executed on the server and it supports various databases
like MySQL, Oracle, Solid, Generic ODBC etc; however, it is mostly used with
MySQL.

SQL
SQL stands for Structured Query Language. SQL lets us access and
manipulate databases. SQL is an ANSI (American National Standards Institute)
standard. SQL can execute queries against a database ,retrieve data from a database,
insert records in a database, update records in a database, delete records from a
database, create new databases , create new tables in a database , create stored
procedures in a database, create views in a database, set permissions on tables,
procedures, andviews.

Functional Requirements:

Functional requirements are associated with specific functions, tasks or

behaviours the system must support. The functional requirements address the quality
characteristic of functionality while the other quality characteristics are concerned
with various kinds of non-functional requirements. Because non-functional
requirements tend to be stated in terms of constraints on the results of tasks which are
given as functional requirements.
 CHAPTER 4

SYSTEM DESIGN

4.1 MODULE DESCRIPTION

Admin:

Admin can provide protection to the other user from the spamusers.
Admin can add a new admin. Admin can post and view the advertisements
Privacy concerns over data associated with multiple users and can view the
feedback of users and have control over the website. Here any change can be
made by the admin only. Leverage the features of existing logic solvers to
perform various analysis tasks and manage all users. Admin can manage new
groups and can post new events happening around him related to the society.
She/he can manage the messages send by the user and can manage the users
profile.

User:

Data associated with multiple users. The user can search for new friends and
can view the list of their friends and if any other user sends requests to him /her that
can be visible here. User can update their [Link] user can see the posts made by
the other users It allows users to share personal and public information and make
social connection with friends co-workers-colleagues ,family and even with strangers.
the user can view the advertisements posted by theusers.

4.2 DATADESIGN

4.2.1 Admin Table

Tabledescription:

This table contains details of admin

Primary key: adminid

Multiparty Access Control For Online Social Networks Page 20

 System Design

Fig4.2.1: admin

4.2.2 Advertisementstable

Table description: This table contains details of advertisements, and duration of

advertisements along with their images and links related to advertisements.

Primary key: advid

Fig4.2.2: advertisements
4.2.3 Albumstable

Table description: This table contains images made by the user.

Primary key: albumid

Fig4.2.3 albums

4.2.4 Commentstable

Table description: This table contains comments given by the user

Primary key: commentid

Fig4.2.4 comments
4.2.5 Eventstable

Table description: This table contains events added by the user.

Primary key: eventid

Fig4.2.5: events

4.2.6 Friendstable

Table description: This table contains information about the user’s friend list and
status of the friend request.

Primary key: friendid

Fig4.2.6: friends
4.2.7 Group memberstable

Table description: This table contains the related information about the groups
which are created by the user and if any user joins the group the related information
about the user will be saved in this table.

Primary key: memberid

Fig4.2.7: group members

4.2.8 Groupstable

Table description: The user creates the groups and also knows information
about the Group description.

Primary key: groupid

Fig4.2.8: groups
4.2.9 Imagestable

Table description: This table contains the images post by the user according to
their user id.

Primary key: imgid

Fig4.2.9: images

4.2.10 likestable

Table description: This table contains the likes of the user for the posted by the
other user.

Primary key: likeid

Fig4.2.10: likes
4.2.11 Messagestable

Table description: This table contains the messages between one user and
another user. The messages will be saved according to their user ids.

Primary key: msgid

Fig4.2.11: message

4.2.12 Profiletable

Table description: This table contains the details of the users

Primary key: profileid

Fig4.2.12: profile
4.2.13 videostable

Table description: This table contains the videos which are posted by the users
and these videos are saved in directory according to their corresponding user id’s.

Primary key: videoid

Fig4.2.13: videos

4.2.14 Wall Post Table

Table description: This table contains the post details which are posted by the
users according to their user id’s.

Primary key: postid

Fig4.2.14: wallpost
4.3 UMLDIAGRAMS:

UML stands for Unified Modelling Language are a third generation method
for specifying, visualizing and documenting the artefacts of an object oriented system
under development. Object modelling is the process by which the logical objects in
the real world (problem space) are represented (mapped) by the actual objects in the
program (logical or a mini world). This visual representation of the objects, their
relationships and their structures is for the ease of understanding. This is a step while
developing any product afteranalysis.

The goal from this is to produce a model of the entities involved in the project
which later need to be built. The representations of the entities that are to be used in
the product being developed need to be designed. Software design is a process that
gradually changes as various new, better and more complete methods with a broader
understanding of the whole problem in general come into existence.

The Unified Modelling Language encompasses a number of models.

a) Use casediagrams
b) Classdiagrams
c) Sequencediagrams
d) Collaborationdiagrams
e) Activitydiagrams

4.3.1 CLASSDIAGRAM

A “Class Diagram” shows a set of classes, interfaces and collaborations

and their relationships. These diagrams are most common diagram in modeling
object oriented systems. Class diagrams are the backbone of almost every object –
oriented methods, including UML. They describe the static structure of a system .An
object Class describes a group of objects with similar properties (attributes), common
behavior common relationships to the other objects, and commonsemantics.
Class diagram plays a major role inhume design. They represent Static Structure
of the System Basic Class Diagram Symbols and Notations: Classes represent an
abstraction of entities with the common characteristics. Associations represent the
relationships between classes. Illustrate classes with rectangles divided into
compartments
 Fig4.3.1: class diagram for multiparty access control

4.3.2 USECASEDIAGRAMS

Use cases describe the interactions that take place between actors and IT systems
during the execution of business processes:

Representation of Use case

A use case represents a part of the functionality of the IT system and enables the user.
Functionalities that exist in the IT system, but that are not accessed by means of use
cases, are not available to users. Even though the idea behind use cases is to describe
interactions, flows of batch processing, which generally do not include interactions,
can also be described as use cases. The actor of such a batch use case is then the one
who initiates batch processing.

Relationships:

Association: An association is a connection between an actor and a use case. An

association indicates that an actor can carry out a use case. Several actors at one use
case mean that each actor can carry out the use case on his or her own and not that the
actors carry out the use case together: According to UML, association only means
that an actor is involved in a use case. Use associations in a restrictedmanner.
Login/registration

Fig4.3.2.1: login/registration for multiparty access control

Home page

Fig4.3.2.2: home page for multiparty access control

Wall page

Fig4.3.2.3: wall page for multiparty access control

Profile page

Fig4.3.2.4: profile for multiparty access control

Blog page

Fig4.3.2.5: blog page for multiparty access control

Search friend

Fig4.3.2.6: search friends for multiparty access control

Friend list page

Fig4.3.2.7: friend list page for multiparty access control

Photo page

Fig4.3.2.8: photo page for multiparty access control

4.3.3 SEQUENCEDIAGRAM

Sequence diagram is an interaction diagram which is focuses on the time ordering of

messages. It shows a set of objects and messages exchanged between these objects.
This diagram illustrates the dynamic view of a system .Sequence diagrams belong to
a group of UML diagrams called Interaction Diagrams. Sequence diagrams describe
how objects interact over the course of time through an exchange ofmessages

Fig4.3.3: sequence diagram for multiparty access control

4.3.4 COLLABORATIONDIAGRAM

A collaboration diagram describes interactions among objects in terms of

sequenced messages. Collaboration diagrams represent a combination of information
taken from class, sequence, and use case diagrams describing both the static structure
and dynamic behavior of a system.

Fig4.3.4: collaboration diagram for multiparty access control

4.3.5 ACTIVITYDIAGRAM
An Activity Diagram is a behaviouraldiagram that shows the flow or
sequence of activities through a system. The terms activity diagram and process flow
are often used interchangeably. However, the term activity diagram is typically more
restrictive as it refers to one of thirteen standard Unified Model Language (UML)
diagrams.

User

Fig: [Link]: user activity diagram for multiparty access control

Admin

Fig: [Link]: Admin activity diagram for multiparty access control

4.4 DATAFLOWDIAGRAM

A data flow diagram is graphical tool used to describe and analyze movement
of data through a system. These are the central tool and the basis from which the
other components are developed. The transformation of data from input to output,
through processed, may be described logically and independently of physical
components associated with the system. These are known as the logical data flow
diagrams. The physical data flow diagrams show the actual implements and
movement of data between people, departments andworkstations.

fig4.4.1: level 0 user dataflow diagram for multiparty accesscontrol

fig4.4.2: level 1 user dataflow diagram for multiparty accesscontrol

 fig4.4.3: admin dataflow diagram multiparty access control

fig4.4.4: overall dataflow diagram for multiparty access control

4.5 SYSTEM FLOWDIAGRAM

System Flow Diagram is basically a graphical and sequential representation of

the major steps involved in a systematic process.
A SFD (System Flow Diagram) shows what kind of information will be input to and
output from the system, where the data will come from and go to, and where the data
will be stored. It gives a clear idea about the whole process, say it an application or a
normal data flow.

Fig4.5: system flow diagram for multiparty access control

 CHAPTER5

IMPLEMENTATION

SYSTEM ARCHITECTURE

We implemented a proof-of-concept Facebook application for the

collaborative management of shared data, called Controller. Our prototype application
enables multiple associated users to specify their authorization policies and privacy
preferences to co-control a shared data item. It is worth noting that our current
implementation was restricted to handle photo sharing in OSNs. Obversely, our
approach can be generalized to deal with other kinds of data sharing, such as videos
and comments, in OSNs as long as the stakeholder of shared data are identified with
effective methods like tagging or searching. MController, which is divided into two
major pieces, Facebook server and application server. The Facebook server provides
an entry point via the Facebook application page, and provides. References to photos,
friendships, and feed data through API calls. Facebook server accepts inputs from
users, then forwards them to the application server. The application server is
responsible for the input processing and collaborative management of shared data.
Information related to user data such as user identifiers, friend lists, user groups, and
user contents are stored in the application database. Users can access the
MControllerapplication through Facebook, which serves the application in an iFrame.
When access requests are made to the decision making portion in the application
server, results are returned in the form of access to photos or proper information about
access to photos.

Users can leverage the analysis services to perform complicated authorization

queries. MControlleris developed as a third-party Facebook application, which is
hosted in an Apache Tomcat application server supporting PHP and MySQL
database. MControllerapplication is based on the iFrame external application
approach. Using the Javascript and PHP SDK, it accesses users’ Facebook data
through the Graph API and Facebook Query Language. Once a user installs
MControllerin her/his Facebook space and accepts the necessary permissions,
MControllercan access a user’s basic information and contents. Especially,
MControllercan retrieve and list all photos, which are owned or uploaded bythe

Multiparty Access Control For Online Social Networks Page 39

 Implementation

user, or where the user was tagged. Once information is imported, the user accesses
MControllerthrough its application page privacy for photos that s/he is a controller, or
view photos s/he is allowed to access. A core component of MControlleris the
decision making module, which processes access requests and returns responses for
the requests. To evaluate an access request, the policies of each controller of the
targeted content are enforced first to generate a decision for the controller. Then, the
decisions of all controllers are aggregated to yield a final decision as the response of
the request. Multiparty privacy conflicts are resolved based on the configured conflict
resolution mechanism when aggregating the decisions of controllers. privacy setting,
a corresponding feedback is provided to indicate the potential authorization impact of
her/his choice. The controller can immediately determine how many users can see the
photo and should be denied, and how many users cannot see the photo and should be
allowed. MController can also display the details of all users who violate against the
controller’s privacy setting (See Figure 7 (d)). The purpose of such feedback
information is to guide the controller to evaluate the impact of collaborative
authorization. If the controller is not satisfied with the current privacy control, s/he
may adjust her/his privacy setting, contact the owner of the photo
on Facebook, where she/he can access queryinformation.

[Link]

<? Php

error reporting (1);

Session start ();

if (isset ($_SESSION [profileid]))

header("Location: [Link]");

include ("[Link]");

?>
<? Php

if($_POST [setid]==$_SESSION[setid])

if (isset($_POST["signup"]))

$sqllogin = mysqli_query ($con,"SELECT * FROM profile where emailid='$_POST

[emailid]' ");

if (mysqli_num_rows ($sqllogin) == 0)

$sql="INSERT INTO profile (firstname, lastname, emailid,

password, dob, gender)

VALUES ('$_POST [firstname]','$_POST [lastname]','$_POST

[emailid]','$_POST[password]','$_POST[dob]','$_POST[gender]')";

if (!mysqli_query($con,$sql))

die ('Error: ' .mysqli_error($con));

else

$msg ="<br> Registered successfully...";

else

?>
<script type="application/javascript">

alert ("This Email ID already exist in our database..");

</script>

<?php

if(isset($_POST["submitlogin"]))

$sqllogin = mysqli_query($con,"SELECT * FROM profile where

(username='$_POST[username]' or emailid='$_POST[username]') and
password='$_POST[password]'");

if(mysqli_num_rows($sqllogin) == 1)

$dt = date ("Y-m-d h:i:s");

$rs = mysqli_fetch_array ($sqllogin);

$update= mysqli_query ($con,"UPDATE profile SET last login='$dt'

WHERE (username='$_POST[username]' or emailid='$_POST[username]')");

$_SESSION [profileid] = $rs[profileid];

header ("Location: [Link]");

else

{
 $msglogin = "<br><font colour='red'>Failed to login..</font>";

if(isset($_POST["btnresetpassword"]))

$sqllogin = mysqli_query ($con,"UPDATE profile SET

password='$_POST[newpass]' where emailid='$_POST[emailidss]' ");

if(!$sqllogin)

$msgupdpass = "<br><font color =<'red'>Failed to login..</font>";

else

$msgupdpass = "<br>Password Updated successfully..";

include ("[Link]");

$_SESSION [setid] = rand();

?>

<! -- content -->

<div class="wrapper row3">

<div id="container">
 <!--
#####################################################################
########################### -->

<div id="homepage" class="clear">

<div class="two_third first">

<div class="push30"><imgsrc="images/snal/six_figure_mentors_mission.jpg"
alt="" width="1200" height="400"></div>

<!-- #### -->

<div class="divider2"></div>

<!-- #### -->

<div class="two_third first">

<article class="push30 clear">

<h2 class="nospace font-medium">Registration</h2>

<p>

<?php

if(strlen($msg) == 31)

echo "<h2>Registered successfully...</h2>";

else

?>

<form name="index form" method="post" action="" class="rnd5" on

submit="return validate()">
 <input type="hidden" name="setid" value="<?php echo $_SESSION[setid];
?>">

<label class="one third first" for="author">Firstname:</label><input

name=Firstname type=text />

<label class="one third first" for="author">Last name:</label><input

type=text name=last name />

<label class="one third first" for="author">email id: </label><input

type=text name=emailid />

<label class="one third first" for="author">password:</label><input

type=password name="password" />

<label class="one third first" for="author">re-enter password:</label>

<input type=password name=confirm password />

<?php

$tomorrow = mktime(0,0,0,date("m"),date("d"),date("Y")-18);

<label class="one third first" for="author">DOB: <input type="date" name="dob"

/></label>

<br>

<table >

<tr><td>gender:</td>

<td> female</td><td><input type=radio name=gender value="Female"/>

</td>

<td> male</td><td><input type=radio name=gender value="Male" /></td>

</tr>

</table>
 <label class="one third first" for="author"><input name=signup type=submit
value="Register" class="button small gradient red" /></label>

</form>

<?php

?>

</p>

</article>

</div>

<!-- #### -->

<div class="clear"></div>

</div>

<!-- #### -->

<div class="one_third">

<div class="tab-wrapper clear">

<ul class="tab-nav clear">

<li><a href="#tab-1">Sign In</a></li>

</ul>

<divclass="tab-container">

<!-- Tab Content-->

<div id="tab-1" class="tab-content clear">

 <form method="post" action="“name="submitform" on
submit="return validate1()">

<? php

if(isset($msglogin))

echo "<strong>$msglogin</strong>";

?>

<ul class="list arrow">

<li><strong>Username / Email ID</strong><input

name=username type=text size="30" /></li>

<li><strong>Password &nbsp;&nbsp;</strong><input
name=password type=password size="30" /></li>

<li></li>

</ul><input type=submit value=" Login” name="submitlogin"

class="button small gradient red"/>

</form>

</div>

<! -- / Tab Content -->

</div>

</div>

</div>

<div>&nbsp;</div>

<div class="one_third">
 <div class="tab-wrapper clear">

<ul class="tab-nav clear">

<li><a href="#tab-1">Forgot your Password</a></li>

</ul>

<div class="tab-container">

<!-- Tab Content -->

<div id="tab-1" class="tab-content clear">

<form method="post" action="" on submit="return validate2()"

name="recover form">

<?php

echo $msgupdpass;

if(isset($_POST[submitforgetpwd]))

?>

<ul class="list arrow">

<input type="hidden" name="emailidcondition" value="2" />

<li><strong>Email ID</strong><input name=emailidss type=text size="30"

value="<?php echo $_POST[emailids] ;?>" readonly /></li>

<li><strong>New Password</strong><input name=newpass type=password

size="30" /></li>

<li><strong>Confirm Password</strong><input name=confpass

type=password size="30" /></li>

</ul>
 <input type="submit" value="Reset Password" name="btnresetpassword"
size="30" class="button small gradient red" />

<?php }

else

?>

<ul class="list arrow">

<li><strong>Enter Email ID</strong>

<input type="hidden" name="emailidcondition" value="1" />

<input name=emailids type=text size="30" /></li>

<li></li>

</ul><input type=submit value=" Recover Password "

name="submitforgetpwd" class="button small gradient red"/>

<?php

?>

</form>

</div>

<! -- / Tab Content -->

</div>

</div>

</div>

</div>
 <!--
#####################################################################
########################### -->

<div class="clear"></div>

</div>

</div>

</div>

<?php

include ("[Link]");

?>

<script type="application/javascript">

function validate()

var letters = /^[A-Za-z ]+$/;

if([Link] == "")

alert("Please enter first name..");

[Link]();

return false;

else if(!([Link](letters)))

alert("Name must contain only letters");

[Link] ();

return false;

else if([Link] == "")

alert("Please enter last name..");

[Link] ();

return false;

else if(!([Link]. Match(letters)))

alert("Name must contain only letters");

[Link]();

return false;

else if([Link]=="")

alert("Email ID should not be empty");

[Link]();

return false;

else if([Link]=="")

{
 alert ("Password should not be

empty");

[Link] ();

return false;

else if([Link]<6 )

alert("Entered password should be more than 6 characters");

[Link]="";

[Link]="";

[Link]();

return false;

else if( [Link]> 15)

alert ("Entered password should be less than 15 character.");

[Link]="";

[Link]="";

[Link] ();

return false;

else if([Link] !=
[Link])
{
 alert("Password not matching..");

[Link]="";

[Link]="";

[Link]();

return false;

else if([Link] == "")

alert("Please enter date of birth..");

[Link]();

return false;

else if ( ([Link][0].checked == false ) &&

( [Link][1].checked == false ) )

alert("Please enter gender..");

return false;

else

return true;

}
</script>

<script type="application/javascript">

function validate1()

if([Link] == "")

alert("Please enter username..");

[Link]();

return false;

else if([Link]=="")

alert("Password should not be empty");

[Link]();

return false;

else

return true;

</script>

<script type="application/javascript">
//Coding to Reset password

function validate2()

If ([Link] == 1)

if([Link] == "")

alert("Please enter Emailid..");

[Link]();

return false;

else if([Link] == 2)

if([Link] == "")

alert("Please enter Emailid..");

[Link] ();

return false;

else if([Link]=="")

alert ("Password should not be empty");

 [Link] ();

return false;

else if([Link]<6 )

alert("Entered password should be more than 6

characters’");

[Link]="";

[Link]="";

[Link]();

return false;

else if( [Link]> 15)

alert("Entered password should be less than 15

character.");

[Link]="";

[Link]="";

[Link] ();

return false;

else if([Link] !=
[Link])

{
 alert("Password not matching..");

[Link]="";

[Link]="";

[Link] ();

return false;

else

return true;

</script>
 CHAPTER 6

TESTING
Testing is a process of executing a program with the intent of finding an error.
Testing is a crucial element of software quality assurance and presents ultimate
review of specification, design andcoding.

System Testing is an important phase. Testing represents an interesting anomaly for

the software. Thus a series of testing are performed for the proposed system before
the system is ready for user acceptancetesting.

A good test case is one that has a high probability of finding an as

undiscovered error. A successful test is one that uncovers an as undiscovered error.

Testing Objectives:

1) Testing is a process of executing a program with the intent of finding anerror

2) A good test case is one that has a probability of finding an as yet undiscovered
error
3) A successful test is one that uncovers an undiscoverederror

Testing Principles:

 All tests should be traceable to end userrequirements

 Tests should be planned long before testingbegins
 Testing should begin on a small scale and progress towards testing inlarge
 Exhaustive testing is notpossible
 To be most effective testing should be conducted by a independent thirdparty

The primary objective for test case design is to derive a set of tests that has the
highest livelihood for uncovering defects in software. To accomplish this objective
two different categories of test case design techniques are used. They are

 White boxtesting.
 Black boxtesting.

Multiparty Access Control For Online Social Networks Page 58

 Testing

White-box testing

White box testing focus on the program control structure. Test cases are
derived to ensure that all statements in the program have been executed at least once
during testing and that all logical conditions have been executed.

Block-box testing

Black box testing is designed to validate functional requirements without

regard to the internal workings of a program. Black box testing mainly focuses on the
information domain of the software, deriving test cases by partitioning input and
output in a manner that provides through test coverage. Incorrect and missing
functions, interface errors, errors in data structures, error in functional logic are the
errors falling in this category.

Testing strategies

A strategy for software testing must accommodate low-level tests that are
necessary to verify that all small source code segments has been correctly
implemented as well as high-level tests that validate major system functions against
customerrequirements.

Testingfundamentals

Testing is a process of executing program with the intent of finding error. A

good test case is one that has high probability of finding an undiscovered error. If
testing is conducted successfully it uncovers the errors in the software. Testing cannot
show the absence of defects, it can only show that software defects present.

Testing Information flow

Information flow for testing flows the pattern. Two class of input provided to
test the process. The software configuration includes a software requirements
specification, a design specification and source code.

Test configuration includes test plan and test cases and test tools. Tests are
conducted and all the results are evaluated. That is test results are compared with
expected results. When erroneous data are uncovered, an error is implied and
debugging commences.

6.1 UNITTESTING

Unit testing is essential for the verification of the code produced during the coding
phase and hence the goal is to test the internal logic of the modules. Using the
detailed design description as a guide, important paths are tested to uncover errors
with in the boundary of the modules. These tests were carried out during the
programming stage itself. All units of Vienna SQL were successfullytested.

6.2 FUNCTIONALTESTING

Functional testing is a quality assurance (QA) process and a type of black-box

testing that bases its test cases on the specifications of the software component under
test. Functions are tested by feeding them input and examining the output, and
internal program structure is rarely considered (unlike white-box testing). Functional
testing usually describes what the systemdoes.

Functional testing does not imply that you are testing a function (method) of your
module or class. Functional testing tests a slice of functionality of the whole system.

6.3 SYSTEMTESTING

System testing of software or hardware is testing conducted on a complete,

integrated system to evaluate the system's compliance with its specified requirements.
System testing falls within the scope of black-box testing, and as such, should require
no knowledge of the inner design of the code or logic

As a rule, system testing takes, as its input, all of the "integrated" software
components that have passed integration testing and also the software system itself
integrated with any applicable hardware system(s). The purpose of integration testing
is to detect any inconsistencies between the software units that are integrated together
(called assemblages) or between any of the assemblages and the hardware. System
testing is a more limited type of testing; it seeks to detect defects both within the
"inter-assemblages" and also within the system as a whole.
 6.4 INTEGRATIONTESTING

Integration testing (sometimes called integration and testing, abbreviated I&T)

is the phase in software testing in which individual software modules are combined
and tested as a group. It occurs after unit testing and before validation testing.
Integration testing takes as its input modules that have been unit tested, groups them
in larger aggregates, applies tests defined in an integration test plan to those
aggregates, and delivers as its output the integrated system ready for systemtesting.

6.5 USER ACCEPTANCETESTING

User acceptance is a type of testing performed by the Client to certify the

system with respect to the requirements that was agreed upon. This testing happens in
the final phase of testing before moving the software application to Market or
Production environment..

The main purpose of this testing is to validate the end to end business flow. It
does NOT focus on the cosmetic errors, Spelling mistakes or System testing. This
testing is carried out in separate testing environment with production like data setup.
It is a kind of black box testing where two or more end users will beinvolved

Who Performs UAT?

 Client

 Endusers
Prerequisites of User Acceptance Testing:

Following are the entry criteria for User Acceptance Testing:

 Business Requirements must beavailable.

 Application Code should be fullydeveloped
 Unit Testing, Integration Testing & System Testing should be
completed
 No Showstoppers, High, Medium defects in System Integration Test
Phase.
 Only Cosmetic error are acceptable beforeUAT
 Regression Testing should be completed with no majordefects
 All the reported defects should be fixed and tested beforeUAT
 Traceability matrix for all testing should becompleted
 UAT Environment must beready
 Sign off mail or communication from System Testing Team that the
system is ready for UATexecution

6.6 PERFORMANCETESTING

In software engineering, performance testing is in general, a testing practice

performed to determine how a system performs in terms of responsiveness and
stability under a particular workload. It can also serve to investigate, measure,
validate or verify other quality attributes of the system, such as scalability, reliability
and resource usage. Performance testing, a subset of performance engineering, is
a computer science practice which strives to build performance standards into the
implementation, design and architecture of asystem.

6.7 TEST CASES

A test case is a specification of the inputs, execution conditions, testing

procedure, and expected results that define a single test to be executed to achieve a
particular software testing objective, such as to exercise a particular program path or
to verify compliance with a specific requirement. Test cases underlie testing that is
methodical rather than haphazard. A battery of test cases can be built to produce the
desired coverage of the software being tested. Formally defined test cases allowthe
same tests to be run repeatedly against successive versions of the software, allowing
for effective and consistent regression testing.

Login

Test Case Description Expected Actual Output Result

Output

Valid Enter valid Enter in to Enter in to Success

login username and home page. home page.i.e.,

password [Link]

Invalid Enter invalid Message Enter in to Failure

Login username and showing home page.

Password. invalid user.

Table 6.7.1 login table

[Link] Description Expected Output Actual Result

Output

Check for all the features The screen must Contained Success

and their functionality on contain all features all features.

1.
the screen. mentioned.

2. Uploading of all online Updated bits must All specified Success

test bits must be done by be given in exams things are

admin, and also check to the users fulfilled.

comments functionality.

Table: 6.7.2 Admin Test Case

User’s Test Case

Test
Description Expected Output Actual Output Result
Case

Check if all the user’s

Users Displayed the user Displayed the users
services are specified Success
Services services correctly. services.
correctly or not.

Check if all the user’s

Users Displayed the user Services not
services are specified Failure
Services services displayed.
correctly.

Table 6.7.3 User’s test case

Formal test cases:

In order to fully test that all the requirements of an application are met, there
must be at least two test cases for each requirement: one positive test and one
negative test. If a requirement has sub-requirements, each sub-requirement must have
at least two test cases. Keeping track of the link between the requirement and the test
is frequently done using a traceability matrix. Written test cases should include a
description of the functionality to be tested, and the preparation required to ensure
that the test can beconducted.

A formal written test-case is characterized by a known input and by an

expected output, which is worked out before the test is executed. The known input
should test a precondition and the expected output should test a post condition.

Informal test cases

For applications or systems without formal requirements, test cases can be

written based on the accepted normal operation of programs of a similar class. In
some schools of testing, test cases are not written at all but the activities and results
are reported after the tests have been run. In scenario testing, hypothetical stories are
used to help the tester think through a complex problem or system. These scenarios
are usually not written down in any detail. They can be as simple as a diagram for a
testing environment or they could be a description written in prose. The idealscenario
test is a story that is motivating, credible, complex, and easy to evaluate. They are
usually different from test cases in that test cases are single steps while scenarios
cover a number of steps of the key.

Typical written test case format

A test case is usually a single step, or occasionally a sequence of steps, to test

the correct behaviour/functionality, features of an application. An expected result or
expected outcome is usually given.

Additional information that may be included:

 test case ID
 test casedescription
 test step or order of executionnumber
 relatedrequirement(s)
 test category
 author
 check boxes for whether the test can be or has beenautomated
 pass/fail
 remarks

Larger test cases may also contain prerequisite states or steps, and descriptions.

A written test case should also contain a place for the actual result.

These steps can be stored in a word processor document, spreadsheet, database or

other common repository.

In a database system, you may also be able to see past test results and who generated
the results and the system configuration used to generate those results.

Test suites often also contain

 Testsummary
 Configuration
 Besides a description of the functionality to be tested, and the preparation
required to ensure that the test can be conducted, the most time consuming part in the
test case is creating the tests and modifying them when the systemchanges.

Under special circumstances, there could be a need to run the test, produce
results, and then a team of experts would evaluate if the results can be considered as a
pass. This happens often on new products' performance number determination. The
first test is taken as the base line for subsequent test / product releasecycles.

Acceptance tests, which use a variation of a written test case, are commonly
performed by a group of end-users or clients of the system to ensure the developed
system meets the requirements specified or the contract. User acceptance tests are
differentiated by the inclusion of happy path or positive test cases to the almost
complete exclusion of negative test cases.
 CHAPTER7

OUTPUTSCREENS

7.1 Registrationpage

7.2 Homepage

Multiparty Access Control For Online Social Networks Page 67

 Output Screens

7.3 Profilepage

7.4 Changepassword
7.5 Wall postpage

7.6 Friendlist
7.7 Searchfriends

7.8 View friendrequest

7.9 Messagepage

7.10 Gallery
7.11 videos

7.12 Groupspage
7.13 View groups

7.14 Mygroups
7.15 Events

7.16 Logout page

 CHAPTER 8

CONCLUSION & FUTURE ENHANCEMENT

CONCLUSION

We have proposed a novel solution for collaborative management of shared

data in OSNs. A multiparty access control model was formulated, along with a
multiparty policy specification scheme and corresponding policy evaluation
mechanism. In addition, we have introduced an approach for representing and
reasoning about our proposed model. A proof-of-concept implementation of our
solution called Mcontrollerhas been discussed as well, followed by the usability study
and system evaluation of our method. As part of future work, we are planning to
investigate more comprehensive privacy conflict resolution approach and
analysis services for collaborative management of shared data in OSNs. Also, we
would explore more criteria to evaluate the features of our proposed MPAC model.
For example, one of our recent works has evaluated the effectiveness of MPAC
conflict resolution approach based on the trade off of privacy risk and sharing loss .In
addition, users may be involved in the control of a larger number of shared photos
and the configurations of the privacy preference may become time-consuming and
tedious tasks. Therefore, we would study inference-based techniques for
automatically configure privacy preferences in MPAC. Besides, we plan to
systematically integrate the notion of trust and reputation into our MPAC model and
investigate a comprehensive solution to cope with collusion attacks for providing a
robust MPAC service inOSNs.

FUTURE ENHANCEMENT

The proposed system is restricted to deal with photo sharing in online social
networks. The future work of this model can be extended to deal with different kinds
of files such as audio calls, video calls. Also, we would extend our work to address
security and privacy challenges for emerging information sharing services such as
location sharing and other social network platforms.

Multiparty Access Control For Online Social Networks Page 75

REFERENCES

[1] A. Besmer and H. Richter Lipford. Moving beyond untagging: Photo privacyin
a tagged world. In Proceedings of the 28thinternational
conference on Human factors in computing systems, pages 1563– 1572. ACM, 2010.

[2] L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda. All your contacts are belong to us:
automated identity theft attacks on social networks. In Proceedings of the 18th
international conference on World wide web, pages 551–560. ACM,2009.
[3] B. Carminati and E. Ferrari. Collaborative access control in online
social networks. In Proceedings of the 7thInternational
Conference on Collaborative Computing: Networking, Applications and
Worksharing (CollaborateCom), pages 231–240. IEEE, 2011.
[4] B. Carminati, E. Ferrari, and A. Perego. Rule-based access control for
social networks. In On the Move to Meaningful InternetSystems
2006: OTM 2006 Workshops, pages 1734–1744. Springer, 2006.
[5] B. Carminati, E. Ferrari, and A. Perego. Enforcing access control in web-
based social networks. ACM Transactions on Informationand
System Security (TISSEC), 13(1):1–38, 2009.
[6] E. Carrie. Access Control Requirements for Web 2.0 Security and [Link]
Proc. of Workshop on Web 2.0 Security &
Privacy (W2SP). Citeseer, 2007.
[7] J. Choi, W. De Neve, K. Plataniotis, and Y. [Link]
face recognition for improved face annotation in personal photo collections shared on
online social networks. Multimedia, IEEE
Transactions on, 13(1):14–28, 2011.
[8] J. Douceur. The sybil attack. Peer-to-peer Systems, pages 251–260,2002.
[9] L. Fang and K. LeFevre. Privacy wizards for social networking sites. In
Proceedings of the 19th international conference on World wideweb, pages 351–360.
ACM, 2010[16] P. Fong. Preventing sybil attacks by privilege attenuation: A design
principle for social network systems. In Security and Privacy (SP), 2011 IEEE
Symposium on, pages 263–278. IEEE,2011.
[10] P. Fong. Relationship-based access control: Protection model and policy
language. In Proceedings of the first ACM conference on Data andapplication

Multiparty Access Control For Online Social Networks Page 76

security and privacy, pages 191–202. ACM, 2011.
[11] P. Fong, M. Anwar, and Z. Zhao. A privacy preservation model for facebook-
style social network systems. In Proceedings of the 14th European conference on
Research in computer security, pages 303–320. Springer-Verlag,2009.
[12] J. Golbeck. Computing and applying trust in web-based social networks. Ph.D.
thesis, University of Maryland at College ParkCollege Park, MD, USA.2005.
[13] M. Harrison, W. Ruzzo, and J. Ullman. Protection in operatingsystems.
Communications of the ACM, 19(8):461–471, 1976.
[14] H. Hu, G.-J. Ahn, and J. Jorgensen. Detecting and resolving privacy conflicts for
collaborative data sharing in online social networks. In Proceedings of the 27th
Annual Computer Security Applications Conference, ACSAC ’11, pages 103–112.
ACM,2011.
[15] L. Jin, H. Takabi, and J. Joshi. Towards active detection of identity clone attacks
on online social networks. In Proceedings ofthe
first ACM conference on Data and application security and privacy, pages 27–38.
ACM, 2011.
[16] S. Kruk, S. Grzonkowski, A. Gzella, T. Woroniecki, and H. Choi. D-FOAF:
Distributed identity management with access rights delegation. The Semantic
Web– ASWC 2006, pages 140–154,2006.
[17] L. Lam and S. Suen. Application of majority voting to pattern recognition: an
analysis of its behavior and performance. Systems,Man
and Cybernetics, Part A: Systems and Humans, IEEE Transactions on, 27(5):553–
568, 2002.
[18] N. Li, J. Mitchell, and W. Winsborough. Beyond proof-ofcompliance: security
analysis in trust management. Journal of the ACM (JACM), 52(3):474–514,2005.
[19] N. Li and M. Tripunitara. Security analysis in role-based access control.
ACM Transactions on Information and SystemSecurity
(TISSEC), 9(4):391–420, 2006.
[20] N. Li, Q. Wang, W. Qardaji, E. Bertino, P. Rao, J. Lobo, and D. [Link]
control policy combining: theory meetspractice.

Multiparty Access Control For Online Social Networks Page 77

 1) Facebook Factsheet [online]. [Link] press/[Link]?
statistics
2) Wikipedia Social network [online]
[Link]
3) Facebook Developers.[Link]
4) Facebook Privacy Policy.[Link]
5) Facebook Statistics. [Link]
6) Google+ Privacy Policy. [Link]
7) OpenSocial Framework. [Link]
8) The Google+ Project.[Link]
9) Dentity Badge [Online].[Link]
10) Open Social Framework.[Link]

Multiparty Access Control For Online Social Networks Page 78