Date post: | 03-Jan-2016 |
Category: |
Documents |
Upload: | nathan-stafford |
View: | 213 times |
Download: | 0 times |
Template Based Approach for Developing a Prototype of
Role Based Security Systems
Moinuddin Khaja GhouseMasters Report, Final Defense
Major Professor: Dr Bill HankleyCommittee Members: Dr Scott Deloach, Dr Mitchell Neilsen
Department of Computing and Information SciencesKansas State University
Background
Presentation Structure• Role Based Security – A Brief Introduction
• The Approach
• A Sample Application
• Evaluation
Role Based Security– Importance– General Concepts
• Discretionary Access Check (DAC)• Mandatory Access Check (MAC)• Role Based Access• Roles and Operations
Role Based Security– Characteristics
• A Collection of job functions• Role Hierarchy• Role Authorization• Role Activation• Role Execution• Dynamic separation of duty• Operation Authorization
Approach Adopted:– Operations– Tasks – Roles– Users and Privileges– Target Applications
Approach: Design– Class Diagram– Use Case Diagram– Sequence Diagram
Class Diagram: -Number : int-Name : char-Description : char
Operation-Number : int-Name : char-Description : char-Operations : char
Task
-Number : int-Name : char-Description : char-Tasks : char
Role
-ID : int-LOGIN_NAME : char-PASSWD : char-ROLES : char
Users
1..*
1..*
1 *
Use Case: Administrator
Administrator
Add Users
Modify Users
Assign Roles
«uses»
Define RolesAssign Tasks to
roles
1
*
*
1
*
1
«uses»
DefineTasksAssign Operations
to Tasks
1
*
«uses»
«uses»
Sequence: Administrator
Administrator AdminOperations.aspx server xml store
Top Package::Administrator
AddOperation()
AddOperation()
write xml node()
success(0/1)
display message
display message
Add task/role()
add task/role()
write xml node()
success(0/1)
display message
display message
Add User()
DataBase
AddUser(Userinfo)
sql command()
return result
success message
success message
Sequence: User Actions
UserX
WebPage RoleInfo.cs Application
actionX
hasAccess(actionx)
statusif( status == yes ) perform action
xml store Database
read xml()
operations set
getRoles()
set of user roles
A Sample Application– Introduction– System Users (Business Titles)
• Requester• Diagnostician• Billing Person• External Expert
Design of the Application
Use Case: Requester
Requester
submit sample
handle sample
1
*
1
*copy sample
edit sample
delete sample
view sample
request analysis
view invoice
send payment
1
*
1
*
1
*
view analysis1
*
«uses»
«uses»
«uses»
«uses»
Use Case: Diagnostician
Diagnostician
handle sample
handle analysis
view invoice
delete sample
edit sample
view sample
view analysis
enter analysis
modify analysis
1
*
1 *1
*
«uses»
«uses»
«uses»
«uses»
«uses»
«uses»
Class Diagram
+SubmitSample()() : int+ViewSample()() : object+EditSample()() : void+DeleteSample()() : int
Sample
+GetAnalysis()() : object+EnterAnalysis()() : int+ModifyAnalysis()() : int
Analysis
+GetInvoice()() : object+CreateInvoice()() : int+SendInvoice()() : void
Invoice
+ViewPayments()() : object+RecordPayment()() : int+SendPayment()() : void
Payments
+GeneralQueryInteger()() : int+GeneralQueryString()() : string+GeneralQueryDataSet()() : object+GeneralStringArray()() : object
DBSupport
+GetCurrentRoles(string)() : object+HasAccess(string,string)() : bool+ViewUserRoles()() : string
RoleInfo
-ID : int-LOGIN_NAME : string-PASSWD : string-EMAIL : string
R_USERS-ID : int-ID_R_USERS : int-SAMPLE_NUMBER : string-HOST/PEST : string-DATE : string
R_SAMPLE
-ID : int-ID_R_USERS : int-ID_R_SAMPLE : int-ANALYSIS : string
R_ANALYSIS-ID : int-ID_R_SAMPLE : int-AMOUNT : float-PAYMENT_INFO : char
R_PAYMENTS
1
*1
*
1
*
1
*
1 *
Database objects
Server Side classes
Client pages
State Diagram:
New Sample Created
sample available for viewing and modification
waiting for analysis
diagnostician analysis
waiting for referral opinion
sample with analysis
waiting for invoice response
sample in paid mode
completed mode
/ On Submitting the sample
/ add all analysis done
/ send an invoice tothe requester
/ recieve a payment
/ insert payment info in the database
/ sample accessed by diagnostician
/ ask for opinion
/ respond with analysis
Sequence: Requester
Requester submitSample handleDB handleSample handleAnalysis handleInvoice handlePayments
SubmitSample()
insert sample data
sample data inserted in DB
request for viewing a sample
request analysis done
get analysis
return analyis
display current analysis done
Request Invoice View
return invoice data
show invoice data
Send Payment
show sample info
Top Package::Requester
GetSample()
return sample info
show the requested sample
edit sample information
edtiing actionshow edited sample information
get invoice info
record paymentsconfirmation of payment
Sequence: Diagnostician
Diagnostician handleSample handleDB handleAnalysis handleInvoice
request to view a sample
get sample info
return sample info
show sample
enter analysis
insert analysis in db
return success
show updated analysis
request for viewing invoice
request for invoice data
show invoice data
return invoice data
Top Package::Diagnostician
Schema Diagram:
R_ANALYSIS
PK ID
FK1 ID_R_USERSFK2 ID_R_SAMPLE
ANALYSISSUGGESTIONSMOD_DATE
R_SAMPLEMETHODS
PK ID
FK1 ID_R_SAMPLEMETHOD_NAMEAMOUNT
R_METHODSLIST
PK ID
METHOD_NAMEAMOUNT
R_USERS
PK ID
LOGIN_NAMEPASSWORDLAST_NAMEFIRST_NAMEEMAILPHONEADDRESS1ADDRESS2CITYSTATEROLES
R_PAYMENTS
PK ID
FK1 ID_R_SAMPLEAMOUNTPAYMENT_INFO
R_SAMPLE
PK ID
FK1 ID_R_USERSSAMPLE_NUMBERHOSTPESTDATE_COLLECTEDLOCATIONDESCRIPTIONNON_SYSTEM_USEREMAILPHONEADDRESS1ADDRESS2CITYSTATESTATUSTOTAL_AMOUNTAMOUNT_DUE
Evaluation– Performance– Usability– Pros and Cons– Lessons Learnt