S TRUCTURE OF THE GUI

In the following we will give an overview of the structure of the GUI by showing a screenshot of the prototype. The GUI contains three tabbed panes. The screenshot in Figure 18 shows only the “Manipulate Data” tab, which is mostly relevant to be described here. (In order to have an overview of all parts of the GUI, see Appendix B)

The “Control Panel” tab contains a button for starting and stopping the cache. Moreover, when the cache is running, the cache configuration file would be shown in a text field area.

The “Cluster View” tab contains a table showing the list of cache nodes connected to the data gird. The “Manipulate Data” tab contains the major part of the GUI. As we can see in Figure 18, this tab contains a primitive file system. The table to the left contains a list of data that has been stored to the grid. The first column shows in which directory the files are stored, and the second column shows information about the data, such as the size of the data, the chunk size and the last modification time. When we store data to the grid, they are divided in chunks, so

“chunk_size” is simply the size of every chunk of data in bytes.

Figure 18 Manipulate data tab

At the right side of this tab the “Refresh View” button refreshes the data table. This button is used when another cache node joins the grid. When we click on this button, the files stored to the data grid would instantly be available in the table of the newly joined cache node. If the radio button “Store Data” is selected, it is possible to browse a file from the local machine, and by clicking the “OK” button a popup window appears, where it is possible to choose an existing folder or create a new folder for the data to be stored to the grid. If the radio button “Retrieve

‎5.6 Summary 51

Data” is selected, then we have to click on a file in the table. Then by clicking on the “OK”

button a file chooser window will be opened in order to specify where the data must be saved.

If the radio button “Remove Data” is selected, then it is possible to select one or more files from the data table to be removed from the grid. It is worth mentioning that whenever we manipulate data in the grid, the data stored to the disk is also simultaneously manipulated, because the caches are configured to have data persistency.

Then we have the functionality to create the key ring. When one of the radio buttons “Read Access” or “Read & Write Access” is selected, the user has to select one or more data from the table, and then he has to specify the name of the user, to whom he grants access permission.

Then by clicking on the button “Create” the key ring file is created and saved to disk. By selecting more files, the user can assign more access permissions to them, and if he does not change the “shared user’s name” field, then the previously created key ring would just be updated. The key ring can then be uploaded to the data grid. After selecting the key ring file from the table, the authorised user can select the radio button “Retrieve Key Ring”. Then the name of “Create” button would be changed to “Retrieve”. By clicking on it, the user would retrieve the key ring.

5.6 Summary

In this chapter we described how the developed design has been implemented. The implemen-tation can be divided in the following major parts:

Cryptography: Cryptography is the most important part of the system. It is the basis for the cryptographic access control mechanism. The system makes use of both symmetric and asymmetric encryption in a hybrid way. For the encryption/decryption of data, AES is used with the key length of 128 bits, and the CTR mode as mode of operation. The digital signature process is implemented by using RSA signature scheme, where SHA-512 is used as the hash algorithm. The process of signature has three steps, namely key pair generation, signing, and verifying.

Infinispan: The Infinispan data grid with its corresponding grid file system is provided by a 3-week course. Since it is similar to cloud storage systems, and it can actually be used as a cloud storage system, we have used it to apply the cryptographic access control mechanism to it.

Key Management: The system also supports file sharing, where a key exchange mechanism is used to control the access to users’ data. The system enables users to create a key ring containing the keys for his files. Depending on which level of access permission a user wants to assign to his file(s), the key ring can contain only two keys, namely symmetric and public keys, or all three keys. The key ring can then be distributed between shared clients, who can access the shared data.

GUI: The GUI contains three tabbed panes. In the Control Panel tab, users can start or stop the Infinispan cache. In the Cluster View tab, users can see a list of connected Infinispan cache nodes. In the Manipulate Data tab users can manipulate data, like storing, retrieving and

52 Implementation removing data. Moreover users are able to create key rings, which can be uploaded to the data grid. They can also retrieve existing key rings from the data grid.

‎6.1 Performance Evaluation 53

C ^HAPTER 6