Abstract
This project work sets out to improve the file management processes in organisations. It has been observed that the major problem of file management system is that accessibility and availability to stored files is limited to users in that particular environment which also limits the collaborative sharing of electronic data over a large network coverage or at distance. This usually determines the workflow of an organization, which negates the aim and objectives for which a particular organization was set up in the first place. The project work revealed that the traditional file management system is not flexible, extensible and interoperable and as such slows down the workflow, and not readily available outside the work environment thereby decreasing the output of any particular organization. Object Oriented Hypermedia and Design Methodology (OOHDM), was found efficient to Web applications as navigational views over an object model. Thus, this work is to be deployed on the cloud, using
1.1 Background of the Study
File management is the process of storing, accessing, retrieving and manipulating files. The necessity of moving a file from the RAM to a secondary storage calls for future reference (re-usability), availability (having this file ready and at hand at any time anywhere), safety (ensuring data integrity without the fear of loss or damage) and most times privacy (authentication and access control). This purpose is not fully achieved when files are saved just by the traditional file management system usually provided by the user?s operating system or the manual system. The traditional system is exposed to insecurity, unavailability, and data loss through viral attacks and other malicious software. This created the need of an additional system for saving files (back up mechanism), where files will be available with or without the user?s workstation, highly secured platform, and cost effective system.
Storage and access to files which has been a core concept of computing and information technology requires the moving of files to a better environment where availability and security is assured. The cloud system is a recent development which has dramatically changed the landscape of software development. It provides a simple interface where the user is abstracted from the underlying framework of the system. According to Hancleng (2009), Cloud computing is a model of enabling ubiquitous, convenient, on demand network access to shared pool of configurable computing resources (e.g networks, servers, storage, application and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Moving files to a cloud system has been a welcomed advancement in file management but has failed in addressing challenges. Some of these challenges include security and cost. Adopting Software as a Service (SaaS) as the befitting cloud computing model for this work does not only provide software availability but also provides an efficient means of billing users. The billing system will be monitored by the number of times the application will be used. That is, keeping a log of records, which in turn aids in monitoring any form of intrusion created by unauthorized access.
Conclusively, cloud computing and file management has „security? as its mediator. It is well understood that no one could take an additional step of moving files to the cloud system for
18
storage or backup if such files are not important. Therefore, every cloud computing system should make adequate provisions for security.
1.2 Statement of the Problem
In traditional file management platform, it was discovered that accessibility and availability to stored files is restricted to the user having the device present. Also in file sharing, it is restricted by distance and network coverage whereby the conventional network facilities use cables, infra-red rays, Bluetooth etc.
The traditional approach lacks the ability to detect intrusion of any sort thus creating insecurity. Again among the existing platforms for file sharing, file size limitations is another major problem.
The problem the researcher intends to solve in this work is to provide a collaborative office management system as a cloud service to enable file sharing and collaboration among users in a system (department) with no distance and storage space limitations.
1.3 Aim and Objectives of Study
The aim of this study is to design a collaborative office management system using Software as a Service Cloud computing Model. In order to achieve the desired aim, the following objectives were considered:
1. Provides a standard database system for storing user information that is compatible with virtually every operating system.
2. Deploying useful applications on cloud for managing files which eliminates the need for setup and installation of such application on user system.
3. Provide a more secured service through file encryption and log management.
1.4 Significance of the Study
The research work will offer enormous benefits to organization, companies and even individuals. Such benefits includes:
1. Provides security compliance and easy accessibility of information.
2. Cost effectiveness in running application.
19
3. Effective office experience in managing and sharing files
4. Creating awareness of cloud based file management system as it creates a better and effective resource management irrespective of the distance or storage capacity.
1.5 Scope of the Study
File management is broad and vast. This work will cover the generic file management approach such as creating, editing, updating etc. and also some additional security measures to enhance effective management. The security implementation of this work is limited to just the user integrity, authentication and authorization. These include:
a. Encrypting files on upload.
b. Storing files in its encrypted form.
c. Decrypting with the user private key.
d. Keeping log/Audit records.
1.6 Limitations of the Study
The researcher was limited to the above mentioned scope of study due to some factors such as:
1. Cloud computing being a new innovation poses the limitation of resources (materials) for this research.
2. Fund: not having a free access to the internet was another constraint as that was the main area our research was based. Funding subscriptions to internet providers to ensure a fast and consistent connectivity.
1.7 Definition of Terms
Advanced Encryption Standard (AES) Encryption – Is a symmetric-key block cipher algorithm for secure and classified data encryption and decryption.
Authentication – Is any process by which a system verifies the identity of a user he wishes to access its resources.
Authorization – The process of granting or denying access to a network resource.
20
Cloud – Is a communications network. The word “cloud” often refers to the internet, and more precisely to some datacenter full of servers that is connected to the internet.
Decryption – Is the process of taking encoded or encrypted text or data and converting it back into the format you or the computer can read and understand.
Encryption – Is the process of encoding messages or information in such a way that only authorized parties can read it.
Intrusion – The act of compromising a computer system in order to gain unauthorized access.
Man in the Cloud Attack (MITC) – Is an attack where the attacker secretly replays and possibly alters the communication between two parties who believe they are directly communicating with each other.
Network – A group of interconnected computers and peripherals that is capable of sharing software and hardware resources among users.
Software as a Service (SaaS) is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. SaaS is an on-demand software typically accessed via a web browser.
Session Hijacking – Is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer.
Structured Query Language (SQL) Injection – Is a computer attack in which malicious code is embedded in a poorly designed application and then passed to the backend database. The malicious data then produces database query or results or actions that should never have been executed.