template based approach for developing a prototype of role based security systems moinuddin khaja...
TRANSCRIPT
![Page 1: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/1.jpg)
Template Based Approach for Developing a Prototype of
Role Based Security Systems
Moinuddin Khaja GhouseMasters Report, Final Defense
Major Professor: Dr Bill HankleyCommittee Members: Dr Scott Deloach, Dr Mitchell Neilsen
Department of Computing and Information SciencesKansas State University
![Page 2: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/2.jpg)
Background
![Page 3: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/3.jpg)
Presentation Structure• Role Based Security – A Brief Introduction
• The Approach
• A Sample Application
• Evaluation
![Page 4: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/4.jpg)
Role Based Security– Importance– General Concepts
• Discretionary Access Check (DAC)• Mandatory Access Check (MAC)• Role Based Access• Roles and Operations
![Page 5: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/5.jpg)
Role Based Security– Characteristics
• A Collection of job functions• Role Hierarchy• Role Authorization• Role Activation• Role Execution• Dynamic separation of duty• Operation Authorization
![Page 6: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/6.jpg)
Approach Adopted:– Operations– Tasks – Roles– Users and Privileges– Target Applications
![Page 7: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/7.jpg)
Approach: Design– Class Diagram– Use Case Diagram– Sequence Diagram
![Page 8: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/8.jpg)
Class Diagram: -Number : int-Name : char-Description : char
Operation-Number : int-Name : char-Description : char-Operations : char
Task
-Number : int-Name : char-Description : char-Tasks : char
Role
-ID : int-LOGIN_NAME : char-PASSWD : char-ROLES : char
Users
1..*
1..*
1 *
![Page 9: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/9.jpg)
Use Case: Administrator
Administrator
Add Users
Modify Users
Assign Roles
«uses»
Define RolesAssign Tasks to
roles
1
*
*
1
*
1
«uses»
DefineTasksAssign Operations
to Tasks
1
*
«uses»
«uses»
![Page 10: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/10.jpg)
Sequence: Administrator
Administrator AdminOperations.aspx server xml store
Top Package::Administrator
AddOperation()
AddOperation()
write xml node()
success(0/1)
display message
display message
Add task/role()
add task/role()
write xml node()
success(0/1)
display message
display message
Add User()
DataBase
AddUser(Userinfo)
sql command()
return result
success message
success message
![Page 11: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/11.jpg)
Sequence: User Actions
UserX
WebPage RoleInfo.cs Application
actionX
hasAccess(actionx)
statusif( status == yes ) perform action
xml store Database
read xml()
operations set
getRoles()
set of user roles
![Page 12: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/12.jpg)
A Sample Application– Introduction– System Users (Business Titles)
• Requester• Diagnostician• Billing Person• External Expert
![Page 13: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/13.jpg)
Design of the Application
![Page 14: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/14.jpg)
Use Case: Requester
Requester
submit sample
handle sample
1
*
1
*copy sample
edit sample
delete sample
view sample
request analysis
view invoice
send payment
1
*
1
*
1
*
view analysis1
*
«uses»
«uses»
«uses»
«uses»
![Page 15: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/15.jpg)
Use Case: Diagnostician
Diagnostician
handle sample
handle analysis
view invoice
delete sample
edit sample
view sample
view analysis
enter analysis
modify analysis
1
*
1 *1
*
«uses»
«uses»
«uses»
«uses»
«uses»
«uses»
![Page 16: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/16.jpg)
Class Diagram
+SubmitSample()() : int+ViewSample()() : object+EditSample()() : void+DeleteSample()() : int
Sample
+GetAnalysis()() : object+EnterAnalysis()() : int+ModifyAnalysis()() : int
Analysis
+GetInvoice()() : object+CreateInvoice()() : int+SendInvoice()() : void
Invoice
+ViewPayments()() : object+RecordPayment()() : int+SendPayment()() : void
Payments
+GeneralQueryInteger()() : int+GeneralQueryString()() : string+GeneralQueryDataSet()() : object+GeneralStringArray()() : object
DBSupport
+GetCurrentRoles(string)() : object+HasAccess(string,string)() : bool+ViewUserRoles()() : string
RoleInfo
-ID : int-LOGIN_NAME : string-PASSWD : string-EMAIL : string
R_USERS-ID : int-ID_R_USERS : int-SAMPLE_NUMBER : string-HOST/PEST : string-DATE : string
R_SAMPLE
-ID : int-ID_R_USERS : int-ID_R_SAMPLE : int-ANALYSIS : string
R_ANALYSIS-ID : int-ID_R_SAMPLE : int-AMOUNT : float-PAYMENT_INFO : char
R_PAYMENTS
1
*1
*
1
*
1
*
1 *
Database objects
Server Side classes
Client pages
![Page 17: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/17.jpg)
State Diagram:
New Sample Created
sample available for viewing and modification
waiting for analysis
diagnostician analysis
waiting for referral opinion
sample with analysis
waiting for invoice response
sample in paid mode
completed mode
/ On Submitting the sample
/ add all analysis done
/ send an invoice tothe requester
/ recieve a payment
/ insert payment info in the database
/ sample accessed by diagnostician
/ ask for opinion
/ respond with analysis
![Page 18: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/18.jpg)
Sequence: Requester
Requester submitSample handleDB handleSample handleAnalysis handleInvoice handlePayments
SubmitSample()
insert sample data
sample data inserted in DB
request for viewing a sample
request analysis done
get analysis
return analyis
display current analysis done
Request Invoice View
return invoice data
show invoice data
Send Payment
show sample info
Top Package::Requester
GetSample()
return sample info
show the requested sample
edit sample information
edtiing actionshow edited sample information
get invoice info
record paymentsconfirmation of payment
![Page 19: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/19.jpg)
Sequence: Diagnostician
Diagnostician handleSample handleDB handleAnalysis handleInvoice
request to view a sample
get sample info
return sample info
show sample
enter analysis
insert analysis in db
return success
show updated analysis
request for viewing invoice
request for invoice data
show invoice data
return invoice data
Top Package::Diagnostician
![Page 20: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/20.jpg)
Schema Diagram:
R_ANALYSIS
PK ID
FK1 ID_R_USERSFK2 ID_R_SAMPLE
ANALYSISSUGGESTIONSMOD_DATE
R_SAMPLEMETHODS
PK ID
FK1 ID_R_SAMPLEMETHOD_NAMEAMOUNT
R_METHODSLIST
PK ID
METHOD_NAMEAMOUNT
R_USERS
PK ID
LOGIN_NAMEPASSWORDLAST_NAMEFIRST_NAMEEMAILPHONEADDRESS1ADDRESS2CITYSTATEROLES
R_PAYMENTS
PK ID
FK1 ID_R_SAMPLEAMOUNTPAYMENT_INFO
R_SAMPLE
PK ID
FK1 ID_R_USERSSAMPLE_NUMBERHOSTPESTDATE_COLLECTEDLOCATIONDESCRIPTIONNON_SYSTEM_USEREMAILPHONEADDRESS1ADDRESS2CITYSTATESTATUSTOTAL_AMOUNTAMOUNT_DUE
![Page 21: Template Based Approach for Developing a Prototype of Role Based Security Systems Moinuddin Khaja Ghouse Masters Report, Final Defense Major Professor:](https://reader031.vdocument.in/reader031/viewer/2022032806/56649f075503460f94c1cbc3/html5/thumbnails/21.jpg)
Evaluation– Performance– Usability– Pros and Cons– Lessons Learnt