The Basics of Information Security

Question: Describe about The Basics of Information Security? Answer: Introduction The aim of this report is to present a software architecture report for the e-grading system for UoI. In the next parts of the report, there will be use case view of the system, physical and logical view including deployment and component and connector view. The architectural style, security architecture of the system will also be discussed. Background University of Intellect1 or UoI has decided to purchase a new e-grading information system for its student assessment process. The university has some legacy systems for keeping records of the student in Student Records Information System or SRIS, LDAP and Assessment Moderation System or AMS. The SRIS and LDAP is needed to be integrated with the new e-grading information system. On the other hand, the AMS will work independently though there will be a connection with the new information system. Use Case View Assessment administrator will add and modify modules, courses, register student to some module. On the other hand lecturers can submit marks of module and courses. Based on those marks submission the e-grading system will suggest decisions on the results of the student. These suggestions will be reported to the assessment administrator. Students will be able to review marks, view result etc. The system will send update messages to the students about updates on their marks, results etc. (Satzinger, Jackson, Burd, 2008) So, the actors of the e-grading system will be assessment administrator, lecturer and student. The use case view for the given scenario is, The primary secondary actors, pre-conditions, post conditions and triggers for each use case are summarized below, Use Case Primary actor Secondary actor Pre-condition Post-condition Trigger Add new Student Assessment Administrator Student N/A Details of a student will be added to the system. N/A Add Course Assessment Administrator N/A N/A Details of a new course will be added to the system. N/A Modify Course Assessment Administrator N/A The course should exist in the system. Details of the course will be updated. N/A Add Module Assessment Administrator N/A N/A Details of a new module will be added to the system. N/A Modify Module Assessment Administrator N/A The module should exist in the system. Details of the module will be updated. N/A Register to a Course Assessment Administrator Student The course and the student should exist in the system. The student will be registered to the course. N/A Submit marks of Modules Lecturer N/A N/A A lecturer adds marks of students for a module. N/A Submit Marks of Course Lecturer N/A N/A A lecturer submits marks of the students for a course. N/A Generate Reports N/A N/A The marks of the students should be available in the system. The system will generate reports for meetings. N/A Suggest Decisions N/A N/A The marks should be present in the system. The system will suggest decisions based on the conditions given to the system. N/A Calculate Module Score N/A N/A The scores of students for the module should be present in the system. The score for a module will be calculated and compared with some threshold value. Assessment administrator has asked the system to suggest decision. Calculate credit N/A N/A The scores of a module should be present in the system. The credit a module will be calculated. Marks in a module 40% Check year of the student N/A N/A Marks in a module 40% The system will check the current year of the student. Accumulated credits credits for student's level Award Degree N/A N/A Accumulated credits credits for student's level The student will be awarded a degree The student is a final year student. Proceed to Next Level N/A N/A The student is a non-final year student. The student will proceed to the next level. The student is a non-final year student. Get DC N/A N/A Marks in module 40%. Average level mark = 40%. The student will get discretionary compensation and pass the year. Marks in module 40%. Average level mark = 40%. Get AC N/A N/A The number of credits achieved by a student the number of credits in their level-à ¢Ã¢â€š ¬Ã‚  20 credits; and the level average mark 40%; and all non-à ¢Ã¢â€š ¬Ã‚ pass module marks are between 30 and 39 The student will get automatic compensation of a failed module and classification will be calculated as level 3. The number of credits achieved by a student the number of credits in their level-à ¢Ã¢â€š ¬Ã‚  20 credits; and the level average mark 40%; and all non-à ¢Ã¢â€š ¬Ã‚ pass module marks are between 30 and 39 Re-sit in Failed Modules N/A N/A The student fails to get AC, DC and has failed in the module. The student will have to re-sit in the failed modules. N/A Repeat year with Attendance N/A N/A Student has failed in the course. The student will have to repeat the modules with attendance. N/A Review Marks Student N/A Marks should be available in the system A student will be able to review his/ her marks. N/A View Result Student N/A N/A A student will be able to see the results. N/A Send Update Message Student N/A The contact number or email id of the students should be present in the system. SMS or Email will be sent to the students. These will contain updates about their marks or results. N/A Physical and Logical View Physical and logical views are more related to the deployment and execution time behavior of a system. Rather than focusing on functionalities, in this case more focus is given on how the system component will be deployed in real time, during execution how those will interact with one another, how those will communicate etc. These views become more meaningful when the system is developed and runs. Deployment view Deployment view of software architecture is focused on the different facets of the system that will be important parts of the system after testing and while transition to go live stage. In deployment view, physical and hardware environment of the targeted system is considered. Thus, facilities like processing nodes, disk storage, other systems, network interconnections etc. are useful. On the other hand, technical details of the environment, like requirement specification of each node of the system, runtime environment of the software elements etc. are also useful. The deployment environment considered in a deployment view may not be obvious to all stakeholder during preparing the deployment view. It will be meaningful to them after deployment of the system. (Bass, Clements, Kazman, 2003) The deployment view of the e-grading system has been given below. The systems like LDAP, SRIS etc. are needed to be connected to the e-grading system and that has been shown in the deployment view. In this deployment view, it shows, that the architecture will follow some client server architecture. There will be a backend webserver for the student e-grading system. It will communicate with the application server by RMI. The application server will have different components of the e-grading system. In turns the application server will interact with university student database, SRIS, LDAP and AMS systems. Component and Connector View A component and connector view contains two types of elements, components and connectors. A component is a computational unit, data store etc. and those are needed during execution in the system. On the other hand, a connector is an interaction between components. Thus, in component and connector view of a system the run time structure of the system is depicted. It shows, what components will intact with other components during runtime environment. Components are the nodes of a component connector view and connectors are shown as edges. (Vogel, Arnold, Chughtai, Kehrer, 2011) Architectural Style Architectural style focuses on a system based on some large scale use of the system. A style can be focused on conceptual, executional or implementation views of a system. Sometimes, a particular principle of a system, can constraint the architectural style of a system. Mainly, it focuses on organization of the components of the system, manipulation of data, communication among the components etc. In the e grading system for UoI, web based architecture style has been used. Web architecture style has been selected as the e-grading system will be developed based on some web browser based interface. Security Architecture Security is important for a software. To implement different security features into a software, it is needed to incorporate security mechanisms into the architecture of the software. There are different types of attacks to the system. If there is some vulnerability in the software itself then attacking those systems become easier for the attackers. Thus implementation of security is needed from the very beginning. A software security architecture is like a framework for the security design of the software. Any software security architecture will have four security stages of information security. Those stages are protection, prevention, detection and reaction. All this can be documented in the security design architecture. (Clements, et al., 2010) A good security design architecture can be applied multiple times in a software design. There is no need to reinvent some security design for each module or each component of the system design architecture. The security architecture should cover all aspects of information security that are related to the software. There are differences between a security policy adopted by some organization and the security architecture adopted by the same organization. A security architecture will have a set of security standards and policies. There will be rules about access control, test plan design and boundary checking, testing process necessary to certify an application etc. Collectively all these will help in security decision making and building an organization wide security architecture. (Fernandez-Buglioni, 2013) In software development the rules from the security architecture will be followed up. For example, there will be clear implementation of access control, authentication etc. The test plans will be designed in such a way that these security principles will be tested. (Ramachandran, 2002) The security architecture view of e-grading system is, As illustrated in the security architecture view, it should focus on organization of the components of the system, strategies, building decisions, data structures and algorithms, functionalities of the system, error handling and processing, fault tolerance etc. Different security modules like authenticator, session manager, authorizer, cache management, cryptography and encryption etc. are managed by the security manager of the system. Conclusion In the software architectural document different views of the student e-grading system have been discussed. The main views like use case view, physical and logical view and security architecture views have been discussed. Use case view gives information about functionalities and behavior of the system. It describes how different actors and other external systems interacts with the e-grading system. It also shows what the main functionalities of the system are and how those are connected to different actors. While describing physical and logical views, there are two different views, deployment view and component and connector views. These views are more related to the deployment and implementation aspects of the system. These views shows how different components of the system are communicating and connected with one another, how other systems like SRIS, AMS, and LDAP etc. are connected to the e-grading system etc. There is a brief description of the architectural style of the system. Then there is a discussion on security architecture and security architecture view of the system. References Ambler, S. W. (2005). The Elements of UML(TM) 2.0 Style. Cambridge University Press. Andress, J. (2014 ). The Basics of Information Security. Syngress. Babers, C. (2006). Architecture Development Made Simple. Lulu. Bass, L., Clements, P., Kazman, R. (2003). Software Architecture in Practice. Addison-Wesley Professional. Clements, P., Bachmann, F., Bass, L., Garlan, D., Ivers, J., Little, R., . . . Stafford, J. (2010). Documenting Software Architectures. Pearson. Dennis, A., Wixom, B. H., Tegarden, D. (2011). Systems Analysis and Design with UML 2.0. John Wiley Sons, Inc. Fernandez-Buglioni, E. (2013). Security Patterns in Practice. John Wiley Sons. Grady, J. O. (2010). System Requirements Analysis. Academic Press. McGraw, G. (2006). Software Security. Addison-Wesley Professional. Microsoft (MSDN). (2013). UML Use Case Diagrams: Guidelines. Retrieved March 20, 2015, from https://msdn.microsoft.com/en-us/library/dd409432.aspx Ramachandran, J. (2002). Designing Security Architecture Solutions. John Wiley Sons. Rosenberg, D., Scott, K. (2001). Applying Use Case Driven Object Modeling with UML. Addison-Wesley Professional. Rozanski, N., Woods, E. (2011). Software Systems Architecture. Addison-Wesley. Satzinger, J. W., Jackson, R. B., Burd, S. D. (2008). Systems Analysis and Design in a Changing World. Cengage Learning. Shelly, G., Rosenblatt, H. J. (2011). Systems Analysis and Design (9th ed.). Cengage Learning. Vogel, O., Arnold, I., Chughtai, A., Kehrer, T. (2011). Software Architecture. Springer.