Docstoc

add

Document Sample
add Powered By Docstoc
					Ben Gurion University
Deutsche Telekom Labs



  The Program in Software Engineering




  Remote backup and
  recovery service for
  Android device owners

  ADD DOCUMENT


         Authors:            Limor Segev
                             Eran Frieman
                             Carmel Karni

         Date:               9 February
                             2013
Table of Content
1. Use Cases ................................................................................................................... 3
      High level use cases view of the system: ............................................................... 3
2 Data Model ............................................................................................................... 12
   2.1 Description of Data Objects............................................................................... 12
   2.2 Data Objects Relationships ................................................................................ 12
   2.3 Databases ........................................................................................................... 13
3 Behavioral Analysis .................................................................................................. 15
   3.1 Sequence Diagrams ........................................................................................... 15
   3.2 Events ................................................................................................................ 19
   3.3 States .................................................................................................................. 19
4 Object-Oriented Analysis ......................................................................................... 20
   4.1 Class Diagrams .................................................................................................. 20
   4.2 Class Description ............................................................................................... 22
   4.3 Packages ............................................................................................................ 27
   4.4 Unit Testing ....................................................................................................... 27
5 System Architecture .................................................................................................. 30
6 User Interface Draft .................................................................................................. 31
7 Testing ...................................................................................................................... 37
   Speed, Capacity & Throughput ............................................................................... 37
   Reliability ................................................................................................................ 37
   Availability .............................................................................................................. 37
8 Task List ................................................................................................................... 38
9 Prototype ................................................................................................................ 39
1. Use Cases
    The Use cases of the system are:

       1.   Install and Register
       2.   Login
       3.   Intercept Install Event.
       4.   Backup application.
       5.   Handset recovery.
       6.   Handle Android malware detection
       7.   Manager Login
       8.   Produce reports


    High level use cases view of the system:
   Install and Register
Use Case ID         1
Primary Actor       Owner (User)
Brief Description   The user registers to the server (including a login)
Trigger             The user installs the system application
Preconditions       The server is active
Flow of Events      #       Actor                      System
                            The user downloads
                    1       the application
                            The user installs the
                    2       apk file of the
                            application.
                                                       Asks the user for registry data:
                    3
                                                       Name, password
                            Enters the relevant
                    4       details and confirms
                                                       Agent sends the username
                                                       and password to the server
                    5                                  along with the device IME
                                                       number.
                                                       The server writes the data to
                    6                                  the database
                                                       The server sends confirmation
                    7                                  to the user.
Post-conditions     -     The new user is registered to the system – i.e – his details
                          were written to the db.
Alternative flows   6.a     - The user name that was entered already exists in the
and exceptions              database.
                            - The server notify the user and asks for new user name
   Login (first use after installation)
Use Case ID         2
Primary Actor       Owner
Brief Description   The owner login to the server for the first time after the software
                    was installed. The owner had previously registered to the
                    system.
Trigger             The owner asks to login.
Preconditions       The application is installed on the device. The user is already
                    registered in the server, and needs to login since he replaced
                    his device or had to re-install the backup and recovery
                    application.
Flow of Events      #       Actor                     System
                            User hit the login
                    1       button
                                                      The agent asks the user for
                    2                                 username and password
                            Enters the relevant
                    3       details and confirms
                                                      Agent sends the username
                                                      and password to the server
                    4                                 along with the device IME
                                                      number.
                                                      The server confirms username
                                                      and password using the DB. If
                                                      the IME doesn't match the one
                    5                                 stored, it creates a new entry
                                                      in the DB, associated with the
                                                      user, with the new IME.
                                                      Server sends confirmation to
                    6                                 the agent
Post-conditions     -   The agent has the username, password and IME number
                        stored.
                    -   The server has the new IME number, in case the user has a
                        new device.
   Intercept Install Event
Use Case ID         3
Primary Actors      Owner
Brief Description   The Agent detects that a new application has been installed,
                    asks the user if he wants to back it up. If so, sends the
                    appropriate files to the server.
Trigger             The user installed a new application.
Preconditions       The Agent is enabled.
Flow of Events      #           Actor                System
                                Install an
                    1           application.
                    2                                Agent identify the installation
                                                      Agent asks the owner whether
                    3
                                                      to backup the application
                                Confirms the
                    4           backup.
                                                     Agent gets the apk file, and
                    5                                the apk signature.
                                                     Agent login to the server and
                                                     send the apk file signature.
                    6
                                                     (the rest is continued in use
                                                     case 4)
Post-conditions     The application has been installed and was backed up on the
                    server.
Alternative flows           The agent was configured to auto-backup, so it skips
                    3.a
and exceptions              directly to step 5 without asking the user.
                            The user decide not to backup the app, the app is not
                    4.a
                            backed up.
   Backup Application
Use Case ID         4
Primary Actors      Server
Brief Description   The server receives an application signature from the agent,
                    checks if the files already exist in his data base. In case that it
                    does not, the server gets the apk file and stores it. The server
                    then adds the appropriate records to its data base.
Trigger             Agent sends apk signature to the server (including implicit login)
Preconditions       The server is active. The Agent has logged in to the server and
                    sent the apk file signature, the user approved to backup the
                    application.
Flow of Events      #            Actor                      System
                                                            The server searches for
                    1                                       the apk signature in the
                                                            database
                                                            The server doesn't find an
                                                            apk with this signature in
                    2                                       the database, so it
                                                            requests the full apk from
                                                            the agent.
                                 The agent send
                    3            apk file and data to
                                 the server
                                                            The server stores
                                                            application data in the db,
                                                            update the user backup-
                    4                                       list and updates the
                                                            application status to be
                                                            "UNCHECKED"
                                                            The server sends
                    5                                       confirmation to the agent
                                 The agent informs
                                 the user that the
                    6            backup was
                                 completed
                                 successfully.
Post-conditions     -     The application is backed up on the server.
                    -     The application is associated with the user's backup-list.
                             The application exists in the database:
                             1) The server just updates the user backup list without
                                asking for the apk file from the agent.
                    2.a      2) In case that the application is marked in the
                                database as malicious, the server informs the user
                                about it, advice him to remove it, and ask him if the
                                application should be in his recovery list.
   Handset recovery
Use Case ID         5
Primary Actors      Owner
Brief Description   The user decides to recover specific applications. The agent
                    receives the user's recovery list from the server and then
                    performs a recovery to the ones that the user selected.
Trigger             The user asked to perform a recovery.
Preconditions       The applications designed to be recovered has a backup on the
                    server and are associated with the user’s backup list.
Flow of Events      #            Actor                 System
                                 Asks to do an
                    1            application
                                 recovery.
                                                       The agent performs login, and
                    2                                  asks for his recovery list
                                                       The recovery list is presented
                    3                                  to the user
                                 Chooses
                                 specific
                    5            applications to
                                 be recovered
                                                       Agent asks for the specific
                    6                                  applications from the server.
                                                       Server sends relevant
                    7                                  applications apk files.
                                                       Agent sends confirmation to
                    8                                  the server
                                                       Agent performs recovery of
                    9                                  the desired applications.
                                                       Agent informs the user of a
                    10                                 successful recovery.
Post-conditions     The applications have been recovered.
Alternative flows           The agent receives a corrupted file from the server (e.g.
                    7.a
and exceptions              due to connection problems).
                            The agent request for resending of the information from
                            the server.
                            The server detects malicious application in the user
                    7.b
                            recovery list.
                            The server informs it to the agent, who asks the user if
                            he wishes to recover a malicious application.
   Handle Android Malware Detection
Use Case ID         6
Primary Actor       Threats Detection system (an external application that interact
                    with our system), owner
Brief Description   The Threats Detection system detects an infection in a specific
                    application stored on the server.
Trigger             The Threats Detection system had detected an infection in an
                    application and notified the server.
Preconditions       The Threats detection system is active, server is active and the
                    database contains applications.
Flow of Events      #     Actors                     System
                          Sends a notification
                    1     about an infected
                          application
                                                     Server finds the infected
                                                     application id inside the
                    2                                database (according to it's
                                                     status – "INFECTED")
                                                     Locates all device owners ids
                    3                                which installed this application
                                                     The server adds the
                    4                                application details to the
                                                     malicious applications table
                                                     Sends notification to all of the
                                                     relevant device owners,
                    5                                instructing them to recover
                                                     their device to previous state.
                                                     The server asks the device
                                                     owners if they want the
                    6                                malicious application to be on
                                                     their recovery list for future
                                                     recoveries
Post-conditions     -   All of the relevant device owners received a notification
                        about the threat that was detected
                    -   The device owners choose whether or not to keep the
                        malicious application in their recovery lists.
                    -   The infected application was documented and handled by
                        the server
   Manager Login
Use Case ID         7
Primary Actor       System Manager
Brief Description   The manager login to the server in order to get information
                    stored
Trigger             The manager asked to login
Preconditions       The server is active; the manager started the GUI application.
Flow of Events      #       Actor                      System
                            Manager hit the
                    1       login button
                                                       The server asks the manager
                    2                                  for a username and password
                            Enters the relevant
                    3       details and confirms
                                                       The server confirms username
                    4                                  and password using the DB
                                                       Server sends confirmation to
                    5                                  the GUI
Post-conditions     -     The manager is logged in
Alternative flows           - the server finds that the login data hasn’t matched the
and exceptions      4.a     data stored inside the database
                            - the server notifies the user and goes back to step 2.
   Produce Reports
Use Case ID         8
Primary Actor       System Manager
Brief Description   The system manager asks the server to produce reports based
                    on the data stored in the database.
                    This is a generic use case that demonstrates the process which
                    is identical for each type of report.
Trigger             The system manager asked for a report
Preconditions       The system manager started the manager-GUI application.
Flow of Events      #     Actors                    System
                          Sends a request to
                    1     produce a specific
                          report.
                                                    Server parse the request and
                    2                               sends back the desired
                                                    information
                          Parse the data
                          received from the
                    3     server and present
                          the requested
                          report.
Post-conditions     -   The desired report is presented
2 Data Model
2.1 Description of Data Objects
     ClientAgent
     userName :String
     password :String
     deviceIME: long
     serverUpdateInterval :int
     loggedIn : boolean
     autoBackup : boolean
     serviceRunning : boolean

     The application has no need of complex data objects, since:

     1) The server keeps all of the relevant users and applications data in a MySQL data-base.
     2) The only information that the client application needs to keep is the configurations made
        by the user and login data:
             a. Login data in order to perform auto login when he needs to send an application
                 for backup or receive recovery data (this includes the username, password and
                 device IME number).
             b. The agent also keeps a number serverUpdateInterval which represent the time
                 interval in which the agent will check if any of the user's installed applications
                 had been detected as malicious.
             c. Configuration data – which includes:
                      1. loggedIn – is the agent loggedIn to the server
                      2. autoBackup – should the agent backup applications automatically, or
                           should he ask the user.
                      3. serviceRunning – is the service (agent) currently active.




2.2 Data Objects Relationships
     Non applicable, since there is only one date object.
2.3 Databases

     Entity Relations Diagram:
Users
UserName                  Password                   Registration              LastUse

APKs
Name             Signature         Added At          Status             Size             Location

Users-APKs
UserName               APKName                 Added At                   Notified


Managers
UserName           Password           Registration            LastUse          E-Mail

Users-Devices
UserName           IMEnumber

Rollbacks
UserName           rollbackDate

Transactions:
Client Transactions:
     Registration – creates a new entry in the Users table.
     Login – changes the LastUse column in the appropriate Users entry.
                According to the project costumer definition, it is not needed to prevent users from
                performing parallel logins with the same username and password.
     Backup – Creates a new entry in the Users-APKs table and may create a new entry in the
        APKs table, if one doesn’t already exist.
     Change Password – changes the password column in the appropriate Users entry.
     Check updates - changes the LastUse column in the appropriate Users entry (uses login)
     Ask For Apk list – receives
Manager Transactions:
     Creation – creates a new manager entry in the managers table.
     Login - changes the LastUse column in the appropriate Managers entry.
     Get Report - receive a data for a specific report (out of few reports defined in advance)
Malware detection system interface:
       Change Status – changes the status column in the relevant APKs entry, the status can be one
        of three values: UNCHECHED/CHECKED/INFECTED (default value is UNCHECKED).
       Alert User- assigns true to the Notified column (default value is false) in the appropriate
        Users-APKs entry
3 Behavioral Analysis
3.1 Sequence Diagrams
A standard sequence diagram for message handling at the server side we will call it "server (High
Level)" in other sequence diagrams:




Register
*server side actions are described above.
Login
*server side actions are described above.




Intercept Install Event + BackUp
*server side actions are described above.
Handset recovery
*server side actions are described above.




Handle Android Malware Detection
Manager Login
*server side actions are described above.




Produce Reports
*server side actions are described above.
3.2 Events

     New application installation: A user tries to install a new Application on the android
     machine; the installation is discovered by the agent which then sends the user data
     and the apk signature to the server. In case that the signature already exists on the
     server, it updates the database. If the server is unfamiliar with the signature than the
     server asks for the full apk file, which then is being sent by the client-agent.
     Upon receiving the apk the server register it on the DB and the scenario ends.

     An application is detected as malware: The malware detection application
     discovers that one of the applications is a malicious and informs the servers about it;
     upon notification, the server changes the status of the application in the relevant field
     of the database. Each client with the relevant application installed will receive the
     information about the malicious program once it logs in and checks for updates on the
     server.

3.3 States
            The server is always active.

            Client/Agent:


                      Active

                                 Logged-In




                               Logged-Out
                      Inactive
4 Object-Oriented Analysis
4.1 Class Diagrams

     The client-agent class diagram
The client-manager class diagram




The server class diagram
4.2 Class Description

     Below there is a description of the main classes, and for each class a detailed
     explanation of the main methods.

     Server Side
     Class Reactor
     This class is the server’s reactor for requests sent from remote clients (such as the ClientAgent
     and the manager gui which is located in a remote computer).
     The server has an IP and port (i.e – a server socket channel) through which it receives
     requests, parses them and reacts.
     This class handles server operations that are related to backup and recovery of user's apks and
     also management requests (such as producing reports).
     The reactor is always running and waiting for connection requests.
     The reactor creates a thread-pool which will be used in order to handle messages
     from clients (which will be handled by threads) .
     The Reactor creates instances of the ConnectionAcceptor upon accepting connection requests.
     Finally, MessageProcessorTask thread gets the message sent by the user and using the
     Protocol parses it.

     Class ConnectionAcceptor
     This class creates a socket channel for the communication with the client who wants to
     establish a connection with the server.
     The main method here is "accept()" which creates the socket channel that will be used
     exclusively by the server to communication with the client during the current connection
     scenario.

     Class ConnectionHandler
     This class uses the socket channel in order to read the messages sent from the client.
     For each message, it creates an instance of MessageProcessorTask that will handle the
     message.

     Class ReactorData
     This class is a singleton which is used by the other classes in order to get the selector and
     executor (thread-pool) when needed.

     Class Protocol (implements ServerProtocol)
     This class has only one method, which is parse(String message). This method is highly
     important since it decides according to the content of the message what should happen next.
     A result of the parsing could be a database query, a response to the gui-client of the server or a
     response to the Client-Agent.
            Preconditions – the Reactor thread is up and running and a connection with a
                specific client has been established.
            A response of some sort is returned to the client.

     Class SqlInterface

     Description – the class in wrapper around sql queries used to access the SQL server in order to
     get or set data.
     Precondition - all the methods require the server to be active.

     queryAdminLogin (admin,password);
          Description – this method gets username and password and checks that they match an
            entry in the DB
       Post-conditions – if a matching record is found in the database, the manager is
        marked as logged in.
queryUsersList(string applicationName)
     Description – this method gets returns a list of all the users who has the given
        application in their applications list.
     Post-conditions – the list of users is retrieved.

queryAppList(String username)
     Description – this method gets returns a list of all the APK's that are part of the given
       user backup list.
     Post-condition- the list of applications is retrieved.

queryGetApp(String apkName)
     Description – this method returns the application that matches the given application
        name.

queryIsExist(string Signature)
     Description – this method checks whether an apk with the given signature exists on
        the server.

queryAddApkUser(String apkName, String username)
     Description – this method adds the application to the user list of APK's and vice
       versa.
     Pre conditions –the user is registered.
     Post Conditions – the DB is updated and the user is registered as holding the
       specified application, if the application was not backed up on the server, it now does.

queryLogin(string username, string password)
     Description – this method gets username and password and checks that they match an
        entry in the DB
     Post Conditions – the users is marked as logged in.

queryAddUser(String username, String password)
     Description – this method gets username and password and adds the specified user to
       the DB.
     Preconditions – the user does not exist in the DB
     Post conditions –the user exists in the DB.

queryUsersReport()
     Description – Returns the data about the users in order to produce users report.
queryApksReport()
     Description – Returns the data about the apks in order to produce applications report.
queryUsersApksReport()
     Description – Returns the data about the users-apks in order to produce users-
        applications report.
queryRollbacksReport()
     Description – Returns the data about the rollbacks made in order to produce rollbacks
        report.
queryMalwaresReport()
     Description – Returns the data about the malwares detected in order to produce
        Malwares report.


Client Side
Class AgentComManager
This class is responsible for the communication with the server. It knows how to connect to
the server and send / receive messages. The ClientAgent class uses the methods of this class as
“black box”, and does not know anything about the implementation of the communication.
The method sendMessage() is called after one of the other methods is initiated and then it
prepares a message and send it to the server.

Class ClientAgent
ClientAgent class is the backbone of the client application it is responsible for the agent
operations and behavior on the device.
It delegates messages from the android client to the server through the class
AgentComManager.
The main functionalities of the class are:
               Receive an apk detected by the listener and sends them to the server (via
                  delegation) for backup.
               Handle registration and login needed in order to exchange data with the
                  server.
               Handle recovery requests.


Register(username, password)
      Description - This method is used in order to register the user in the server's DB for
         future backup of apks and recovery requests. It is called only once at the first time
         that the agent service is initiated. The registration is done by calling the register
         method of the AgentComManager.
      Precondition – the agent is installed on the device and running
      Post-condition – the user is registered in the server DB, the agent keeps the username
         and password given by the user in order to communicate with the server.
login(username, password)
      Description - This method is called when a user which is not a regular user of the
         system or a first time user tries to login into the system. It delegates the login through
         the login method of the AgentComManager.
      Preconditions – the agent was registered in the server and holds a username and
         password for identification, the agent is currently active.
      Post-condition – the agent logged in successfully
alertBackup(boolean)
      Description - This method is called when the user is asked whether he would like to
         backup a certain application.
      Preconditions – The Agent has detected an application that was installed and the
         agent was configured to manual backup.
      Post-condition – The agent acts according to the user wish.
backUp(apk File);
      Description – this method is called after the listener had detected an installation. The
         apk file is sent to the server via TCP/IP.
      Preconditions – the agent is active and logged in to the server.
      Post-condition – the apk file was sent to the server successfully.
chooseApps(List<apk> apps);
      Description – this method is called in when the user selects applications in order to
         recover them on his device.
      Precondition – the agent was registered in the server.
      Post-condition – the list of applications is chosen in order to do recovery.
configure(List configurationFields);
      Description – gets a new set of agent configuration, made by the user in the gui, and
         set the agent internal configuration fields accordingly.
      Precondition – the backup and recovery application is installed.
      Post-condition – the configuration fields are set according to the new definitions.
checkUpdates();
      Description – checks for updates about malwares in the server, in order to do that it
         calls the checkUpdates() method of AgentComManager.
      Precondition – the backup and recovery application is installed and the user is
         registered and logged in.
      Post-condition – the agent got updates and alerted the user in case necessary.
compare(List phoneApks, List serverApks);
      Description – compares the applications list on the phone to the application list
         backed up on the server it uses the method getBackedupApks() from the
         AgentComManager.
      Precondition –the backup and recovery application is installed and the user is
         registered and logged in.
      Post-condition – the list of differences between the backed up applications and the
         applications installed is presented to the user.
getBackedupApks();
      Description – gets the list of applications from the server using the
         getBackedupApks() method of the AgentComManager.
      Precondition - the backup and recovery application is installed and the user is
         registered and logged in.
      Post-condition – the list of backed up applications is retrieved from the server.
doRecovery(application list);
      Description – this method is called after a recovery request was made by the user. It
         gets a list of applicaton names from the user and installs them on the device
      Preconditions – the agent is active and logged in to the server, recovery data exists on
         the server.
      Post-condition – the application had been re-installed on the device.
alertUser(String appName);
      Description – this method is called after the agent had been notified by the server that
         a malware was detected on his device, instructing him to recover/remove the
         application.
      Preconditions – the agent is active and logged in to the server.
      Post-condition – the user had been notified.

Class Listener
This class detects installations of new apks and forward them to backup(apk File) method of
the clientAgent class.

Class Restorer
This class handles restoration of an application file (apk) on the device.
It has only one major method – restore(apk file).
Restore(apk file)
       Description – this method receives an apk file which the user decided he wants to
          restore on his device. The apk file is sent from the server and this method is
          responsible for re-installing it on the device.
       Preconditions – the agent is active and it was able to receive a valid apk file from the
          server
       Post-conditions – the apk is installed on the device.

Manager (also client side)
Class ManaerGuiFacade
This class is built according to the façade design pattern.
It is a layer between the manager management Gui and the rest of the “logic” of the
application.
It provides an interface of methods which the Gui can provoke, so that the Gui doesn’t has to
know how the logic is implemented, and hence the coupling between the logic and the Gui
decreases.

Class ComManager
This class is the manager communication manager with the server.
It has all of the implementation of addressing the server in order to send or receive data, while
the logic class ManagerLogic does not know anything about it, and uses this class as “black-
box”.
All of the methods of this class are called from the parallel methods in ComManager.
The methods prepare requests and send them to the server using the method sendMessage().
Class ManagerLogic
This class is part of the server logic layer, it gets users requests from the Gui through the
façade, and sends them to the server using the delegation class ComManager.
The class main methods are:
addManager(String name, String password);
     Description – this method adds a new manager to the database in the server. In order
         to do so, it calls addManager() in ComManager class.
     Preconditions – the server is running.
     Post-conditions – the new manager is added to the database.
produceUsersReport();
     Description – this method is called when the manager wants to produce the users
         report, in order to do that, the method produceUsersReport() of the class
         ComManager is called.
     Preconditions – the server is running, the manager is logged in.
     Post-conditions – the report data is sent back from the server.
produceApksReport();
     Description – this method is called when the manager wants to produce the
         applications report, in order to do that, the method produceApksReport() of the class
         ComManager is called.
     Preconditions – the server is running, the manager is logged in.
     Post-conditions – the report data is sent back from the server.
produceUsersApksReport();
     Description – this method is called when the manager wants to produce the users-
         applications report, in order to do that, the method produceUsersApksReport() of the
         class ComManager is called.
     Preconditions – the server is running, the manager is logged in.
     Post-conditions – the report data is sent back from the server.
produceRollbacksReport();
     Description – this method is called when the manager wants to produce the rollbacks
         report, in order to do that, the method produceRollbacksReport() of the class
         ComManager is called.
     Preconditions – the server is running, the manager is logged in.
     Post-conditions – the report data is sent back from the server.
produceMalwaresReport();
     Description – this method is called when the manager wants to produce the malwares
         report, in order to do that, the method produceMalwaresReport() of the class
         ComManager is called.
     Preconditions – the server is running, the manager is logged in.
     Post-conditions – the report data is sent back from the server.
Login(String name, String password);
     Description – this method is called when the manager tries to login. This method
         calls the login(String username, String password) of the ComManager class.
     Preconditions – the server is running.
     Post-conditions – the manager is logged in (marked in the database), or an error
         message is sent if the login data is incorrect.
4.3 Packages
       The backup and recovery project will have the following packages:
       (every       is a package, every          is a stand-alone application.
       Inside every package a          is a class).




4.4 Unit Testing
Class ClientAgent
Num    Method Name                Test scenario                                  Expected output
0      Register                   User information                               OK
1      Register                   User information with missing fields           An appropriate
                                                                                 error report
2      Register                   User name of an already registered             An appropriate
                                  user                                           error message
3      Login                      User name and password of an existing          OK
                                  user
4      Login                      User name and password of a non                Error message
                                  existing user
5      Login                      Wrong User name or password of an              Error message
                                  existing user
6      backupAPK                  install a new apk that was never               The server asks to
                                  installed on the client and is unfamiliar      get the apk from
                                  to the server                                  the client.
7      backupAPK                  Install a new apk that was never               Server sends an
                                  installed on the client and is familiar to     OK message.
                                  the server
8      backupAPK                  Run a new apk that was previously              Server sends an
                             installed on the client.                     OK message.
9     doRecovery             Installing an app, deleting it, asking for   A list of apps to
                             recovery                                     recover including
                                                                          the one deleted.
10    chooseApps             Ask for recovery, choose a program           The program is
                             from the list                                installed on the
                                                                          android machine
11    checkUpdates + alert   Install an app, set the application to be    Get the
      user                   "malicious" , check for updates,             appropriate msg.
12    AlertBackup            See that the agent is configured the         Get an alert about
                             client to manual backups, and install a      new application
                             new application.                             being installed.
13    getBackedUpApks        Install some apk's, ask to see the           Get a list of the
                             backed up apk's                              APK's that were
                                                                          backed up.
14    getBackedUpApks        ask to see the backed up apk's on a          Get an empty list
                             machine were no apk's were backed up

Class AgentComManager
Num   Method Name            Test scenario                                Expected output
0     Register               User information                             OK
1     Register               User information with missing fields         An appropriate
                                                                          error report
2     Register               User name of an already registered           An appropriate
                             user                                         error message
3     Login                  User name and password of an existing        OK
                             user
4     Login                  User name and password of a non              Error message
                             existing user
5     Login                  Wrong User name or password of an            Error message
                             existing user
6     SendSignature          Send a signature of an APK that exist        False
                             on the server
7     SendSignature          Send a signature of an APK that exist        True
                             on the server
8     sendApk                Send apk to the server                       APK exists on the
                                                                          server.
9     getApk                 Send an unknown signature to the             Null
                             server
10    getApk                 Send an a known signature to the             Get the APK.
                             server
11    checkUpdates + alert   Install an app, set the application to be    Get the
      user                   "malicious" , check for updates,             appropriate msg.
12    checkUpdates           Send a check updates message                 Get a list of
                                                                          updates.
13    getBackedupApks()      Install some apks, run                       A list of the APKs .
                             getBackedupApks


Class ManagmentLogic
Num   Method Name                 Test scenario                            Expected output
1     Login                       User name and password of an             OK
                                  existing manager
2     Login                       User name and password of a non          Error message
                                  existing manager
3     Login                       Wrong User name or password of           Error message
                                  an existing manager
4     Add manager                 Login, add a manager already in the      Error message
                                    system
5      Add manager                  Login, add a manager, log in with     The correct GUI
                                    the newly created manager             screen
For the following tests we will prepare a well known DB:
6      ProduceUserReport            ProduceUserReport                     Get back the
                                                                          expected report
7      ProduceAPKsReport            ProduceAPKsReport                     Get back the
                                                                          expected report
8      ProduceUserAPKSReports       ProduceUserAPKSReports                Get back the
                                                                          expected report
9      ProduceRollbackReports       ProduceRollbackReports                Get back the
                                                                          expected report
10     ProducemalwareReports        ProducemalwareReports                 Get back the
                                                                          expected report
For the following tests there will be an empty DB
11     ProduceUserReport            ProduceUserReport                     Get back an
                                                                          empty Report
12     ProduceAPKsReport            ProduceAPKsReport                     Get back an
                                                                          empty Report
13     ProduceUserAPKSReports       ProduceUserAPKSReports                Get back an
                                                                          empty Report
14     ProduceRollbackReports       ProduceRollbackReports                Get back an
                                                                          empty Report
15     ProducemalwareReports        ProducemalwareReports                 Get back an
                                                                          empty Report

Class ComManager
Num    Name                         Test scenario                         Expected output
1      Login                        User name and password of an          OK
                                    existing manager
2      Login                        User name and password of a non       Error message
                                    existing manager
3      Login                        Wrong User name or password of        Error message
                                    an existing manager
4      Add manager                  Login, add a manager already in the   Error message
                                    system
5      Add manager                  Login, add a manager, log in with     True
                                    the newly created manager
For the following tests we will prepare a well known DB:
6      ProduceUserReport            ProduceUserReport                     A list of users
7      ProduceAPKsReport            ProduceAPKsReport                     A list of apks
8      ProduceUserAPKSReports ProduceUserAPKSReports                      A list of pairs
                                                                          <apk,user>
9      ProduceRollbackReports       ProduceRollbackReports                A list of rollbacks
10     ProducemalwareReports        ProducemalwareReports                 A list of malicious
                                                                          APK's
For the following tests there will be an empty DB
11     ProduceUserReport            ProduceUserReport                     Empty list
12     ProduceAPKsReport            ProduceAPKsReport                     Empty list
13     ProduceUserAPKSReports ProduceUserAPKSReports                      Empty list
14     ProduceRollbackReports       ProduceRollbackReports                Empty list
15     ProducemalwareReports        ProducemalwareReports                 Empty list

Class SQLInterface:
For the following tests we will prepare a well known DB:
Num Name                           Test scenario                 Expected output
1      QueryIsExist                 Signature of a known apk     True
2      QueryIsExist                 Signature of an unknown      Flase
                                     apk
3    QueryAddApkUser +               Add an apk not existing            The installed APK is in the
     QueryGetAppList                 yet, get app list.                 list.
4    QueryAddApkUser +               Add an apk that is already         The installed APK is in the
     QueryGetAppList                 in the user list , get app list.   list only once.
5    QueryAddUser                    Add an already existing            False
                                     user
6    QueryAddUser                    Add a new user                     True
7    queryLogin                      Try to login with wrong            False
                                     password
8    queryLogin                      Try to login with a wrong          False
                                     username
9    queryLogin                      Try to login with a correct        True
                                     user and password
10   queryAdminLogin                 Try to login with wrong            False
                                     password
11   queryAdminLogin                 Try to login with a wrong          False
                                     username
12   queryAdminLogin                 Try to login with a correct        True
                                     user and password
13   QuerryUserReport                QueryUserReport on                 Empty list
                                     empty DB
14   QuerryAPKsReport                QueryAPKsReport on                 Empty list
                                     empty DB
15   QuerryUserAPKSReports           QueryUserAPKSReports               Empty list
                                     on empty DB
16   QuerryRollbackReports           QueryRollbackReports on            Empty list
                                     empty DB
17   QuerryUserReport                QueryUserReport                    The expected list
18   QuerryAPKsReport                QueryAPKsReport                    The expected list
19   QuerryUserAPKSReports           QueryUserAPKSReports               The expected list
20   QuerryRollbackReports           QueryRollbackReports               The expected list
21   QuerryGetApp                    QuerryGetApp with a non            Null
                                     existing apk name
22   QuerryGetApp                    QuerryGetApp with an               Get the correct apk
                                     existing apk name
23   queryApplist                    QueryApplist with a non            Null
                                     existing user name
24   queryApplist                    QueryApplist with a user           Empty list
                                     that has no backed up
                                     apps
25   queryApplist                    QueryApplist with a user           The correct list.
                                     with some backed app
26   QueryAlertAboutApk              QueryAlertAboutApk with            The field in the apk has
                                     an apk name                        changed..




5 System Architecture
     Sql Server:
     The sql server is a server that runs mySql .
     Android recovery server:
     This server is deployed on a designated computer that is accessible from the internet. and can
     communicate with the sql server (the two can be in the same or different computers).
     This server also holds all the APK files that were backed up
     Client:
     The client is installed on every android device that wishes to use the recovery server utilities.
     The installation is done by using an APK file.
         Management interface:
         An application installed on a manager’s computer. The application communicate with the
         server and allow the manager to produce reports and statistics.

6 User Interface Draft
Client GUI:
The client GUI enables the device user to control the behavior of the backup and recovery service.
The service is allows manual configuration of it features.

This is a sketch of the main service screen:




This screen allows the user to navigate and control all of the applications features.
Inputs: the user selects the desired feature.
Outputs: the desired screen is presented
(following is a description of each screen)

This is a sketch of the configuration screen:




Inputs: the user can use the radio buttons in order to set the service to auto-backup of applications, he
can also enable/disable the agent, change his password
This is a sketch of the registration screen:




Inputs: the user enters username and password and hit the “register” button.
Outputs: a confirmation message is presented.
The agent connects to the server and sends the registration data.

This is a sketch of the login screen:




Inputs: the user enters username and password and hit the “login” button.
Outputs: a confirmation message is presented.
The agent connects to the server and sends the login data.
The login option will normally be used in case that the user switched devices or had to set his device to
factory settings. The user installs the backup and recovery service and then logins (since he is already
registered).
This is a sketch of the recovery screen:




Inputs: once the user selects the “recovery” feature in the main service screen, the agent connects to the
server and gets a list of all of the applications which were backed-up on the server for him. The user
can manually select/unselect which applications he would like to recover.
Outputs: a confirmation message is sent, all of the selected applications becomes re-installed on the
device.

This is a sketch of the applications list screen:
Manager GUI:
The Manager GUI is used by the system managers, and enables them management operations, such as:
 - adding new user (manager)
 - producing reports

 This is a sketch of the login screen:




Inputs: Username, password
Output: In case that the username and password were correct the main screen is presented, otherwise an
alert is shown.

This is a sketch of the main screen:




Inputs: the user selects the desired action
Outputs: the desired screen is presented

This is the manager addition screen:




Inputs: username, password
Outputs: a success message
This is the reports screen:




Inputs: the user selects the desired report
Outputs: the report is presented

The reports
.

7 Testing

NoN-Functional requirements:
The following requirements that were declared on the ARD document will be checked:

         Speed, Capacity & Throughput
                 Ninety five percent of all backup transaction will be completed within 10
                  seconds.

         Reliability
                 The system will support data recovery, including transmission-error
                  correction.

         Availability
                 The server will be active at all times, waiting for agents requests or
                  notifications from the Threats Detection System.

In order to test the system for its ability to comply with those requirements we will build a simulation
environment that will simulate multiple connections to the server including the transmission of APK's
to/from the server, the system will run for a significant time and will save relevant data such as
transmission time, response time, failed connection and so on, which will enable us to see if the server
comply with the demands.

The other non-functional requirements could not be tested as they are either subjective by nature (The
system would be extremely user-friendly) or facts that are easy to asses (The information sent between
the server and the agents will be encrypted).

If the threat detecting software will not be ready on time, we will simulate such a system.
     8 Task List
ID     Title             Est.     Est.     Description                    Real    Real     subtasks
                         Start    Finish                                  start   Finish
                         date     Date                                    date    date
1      Server            1.4      15.4     Handles the connection                          1) Server
       Communication                       with the client, and with                       protocol
                                           the manager via TCP/IP.                         2) server
                                                                                           Reactor
2      Manager Gui       15.4     30.4     The Manger interface for                        1. Stand
                                           work with the server                            alone
                                                                                           interface for
                                                                                           managers
                                                                                           2. Facade
3      Server SQL        1.5      5.5      Creating a database + The                       1. Creating
                                           server methods which                            a My Sql
                                           communicate with the sql,                       DB
                                           these methods wrap                              2. creating
                                           queries to the sql                              an interface
                                                                                           to sql
4.     Agent             6.5      20.5     The agent installed on the                      1.GUI
                                           android machine.                                2.Listener
                                                                                           3. Restorer
5      Prototype         In parallel       The Prototype consist of
                         With tasks 1- 4   partial functionality of the
                                           system. All of the major
                                           components will be
                                           available. (See details in
                                           the section 9 of this
                                           document).
1.1    Server protocol   1.4      8.4      Parses the messages
                                           received from the client or
                                           the manager (via the
                                           Manager Gui)
1.2    Server reactor    9.4      15.4     Handles the connection to
                                           different clients
                                           simultaneously via the
                                           Reactor design pattern
2.1    Stand alone       15.4     20.4     Creating a stand alone
       interface for                       program to be used on
       managers                            managers computers
                                           which will have a GUI for
                                           the manager to use and
                                           will communicate with the
                                           server via Façade 2.2.
2.2    Façade            20.4     23.4     Creating a Façade that will
                                           bridge between the
                                           manager program (2.1)
                                           GUI and will send the
                                           appropriate messages to
                                           the server.
2.3    Reports           24.4     30.4     Getting reports and
                                           showing them to the user.
3.1    My Sql DB         1.5      3.5      Creating a DB with the
                                           appropriate Tables and
                                           fields
3.2    SQL Interface     4.5      5.5      Creating methods which
                                           will wrap sql queries and
                                           will be used to gather or
                                             insert information into the
                                             db
4.1     Gui               6.5       8.5      Gui for the user of the
                                             android
4.2     Listener          9.5       15.5     A process that runs in the                     1.listener
                                             background and identify                        2.backup
                                             APK installation and                           handler
                                             communicate with the
                                             server for backup
4.2.1   Listener          9.5       12.5     A process that runs in the
                                             background and identify
                                             APK's Installations.
4.2.2   Backup handler    13.5      15.5     Handles the
                                             communication with server
                                             and backup of APKs'
4.3     Restorer          16.5      20.5     Handles the restoration of
                                             APK's from the server



        9 Prototype
  The prototype of the project will contain the major components of the project:
  The server will have full functionality, meaning that the MySql DB will be available, and the
  server will be able to handle requests from users.

  Besides the server the prototype will enable:
               Backup: The prototype application will support full scenario of installation
                  detection by the agent: the agent will detect an installationintent, and send
                  the apk to the server in order to backup, and associate it with the user
                  backup-list.
               Recovery: The agent will ask for restoration of an apk that is stored on the
                  server. At this stage the application recovery request will be hard coded
                  (meaning that the user will not be able to ask for a recovery list from the
                  server and select the desired apks from it).
               Gui:
                  a. Management Gui - there will be a simple report presenting what
                     applications had been backedup and for which users.
                  b. Agent Gui – All of the Gui screens will exist, but some will have deprecated
                    functionality.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:2/10/2013
language:English
pages:39