Enhanced security student
Self-service system

Contents

Chapter 1 Introduction to the study 3 1.1 Background of the project 3 1.1.1 Overview 3 1.1.2 Problem context 3 1.1.3 Rationale 4 1.1.4 Target Users 5 1.2 Scope and objectives 5 1.3 Project plan 6 1.3.1 System Functionality 6 1.3.2 Deliverables 7 1.3.3 Project Scheduling 8 1.3.4 Assumptions and Constraints 9 CHAPTER 2: LITERATURE REVIEW 10 2. Domain Research 10 2.1 Real Life Self-service system case studies 10 2.2 Protecting data in a self-service system 13 2.2.1 Data Encryption: 14 What is data encryption? 14 Types of Data encryption: 14 Types of data encryption methods: 15 2.2.2 Digital Signature 16 2.2.3 Firewalls 17 Network layer Firewall: 18 Application layer firewall: 18 Proxies: 19 2.24 Intrusion Detection System (IDS) 20 3. Technical Research 23 3.1 Language 23 JavaScript 23 PHP 24 VB.Net 24 3.2 Databases 25 MS Access 25 MS SQL Server 25 MySQL 26 Language and database justification: 26 3.3 System architecture 27 3.4 Methodology 29 Spiral Model 32 Methodology Justification 32 References: 34

Chapter 1 Introduction to the study 1.1 Background of the project 1.2.1 Overview

The paper is based on the improvement of the service at the administration office through the implementation of a new system to replace the traditional way currently used to deliver such services to the student community. It focuses mainly on the development and implementation of this system, the advantage and disadvantage of both the old and new platform of service delivery in the office (Ankit Fadia, 2003).

Information systems have been used to solve both simple and complex problems in many organizations, the use of computer in offices have proved to be more advantageous than otherwise. Information technology enables people to communicate swiftly and efficiently through sharing information i.e sending and receiving of emails, transfer and storage of large volumes of data in electronic forms (Rajesh,2002)

1.2.2 Problem context

Personal data in the wrong hands can be a very dangerous thing, this data can be immediately used or in the future. In most cases this information is used to steal from the victim. Once one has your phone number, home address and other personnel details; they can easily use the same against you to commit all sorts of crimes. The information they should be confidential when accessed by even your friends in a school setting can cause emotional stress people may know more about you of which they shouldn’t (Rajesh, 2002)

The problem with current model is service delivery in that the students queue whenever they want to inquire anything from the administration. Here the staffs available are few and efficiency is an issue as the students tends to select the personnel to handle their cases. This is because few perform better than if attended by others this result in longer queues when the preferred staff is on duty. The same scenario is evident during the peak inquiry hours that is from noon to around three in the evening.

After submission of your query the student has to keep checking in for the feedback. Since ther is no schedule followed, a student can check it number of times before they receive the feedback and if unsatisfied the process begins once again and again till he gets final feedback. This is time consuming and uses lots of paper resources of which information is never secure due to the following reasons : Lack of Integrity:

The witnesses form both the side , that is the staff member handling the document may decide to share the same with other unauthorized employees in the office . secondly when the students are crowded and dis organized there might be some sort of confusion and the documents may accidently be taken by other students.

No privacy:
There is no privacy of the information as the document pass through many department during the process and unlike the computerized method some specific data such as student name, age and class report cannot be filtered in other departments for instance marks scored in a certain unit being seen in the games department (Hassantga ,2013)

No confidentiality:
When a query is directed to the reistrar all the people handling the documents including the secretaries have access to the same.

1.2.3 Rationale

Data privacy is a right to all people is every organization and confidentiality is ethical, but most professional many a time fail to honour there code of conduct. They assume that in a learning institution setting students data is never sensitive. Some tend to ignore the regulations in place to govern the security of such information. However this might not be the major security bridges for the leakages, sometimes it happens unintentionally due to unavoidable reasons. Time wasted is never recovered and current procedure involved have proved to be more time resource consuming in terms of time and paper work. An electronic system is necessary for these inconveniences to be avoided (Bryan, n. d).

1.2.4 Target Users

The enhanced security self service target the students and the administration staff members . It aims at reducing the time spend by both during the inquiry process. It also boost the security and integrity of the information exchange between the students and various departments in the administrations. Other intitutions using similar systems have drastically reduced the cost of the most of the processes, for instance of using letters to have an inquiry in a given department one just has to login remotely using the user nambe and password the chat?send some inquiries to the adminitration. There is no paperwork and this reduces the cost as no purchase of tonnes of papers, on the other hand this prometes conservation of our forests as they are the main sources of raw materials for paper manufacture. Customisation of the system can lead to intgration of the other stakeholders of the institution to limitedly access the assential resources in this sytem enhancing their productivity.

1.2 Scope and objectives

The main aim of the project is to produce and implement a more efficient and secure mode of communication between the students and the staff to reduce the time and activities involved in the inquiry process and in the long run conserving the environment (Bryan, n. d).

It targets at complete elimination of paper work at the service unit in the administration through the use of green environment technology. Paper work costs the stakeholders in terms of ink, papers and other stationary not forgetting the transfer and storage cost. After spending such resources the security of the information is never guaranteed and any given time. (Bryan, n. d).
By implementing the remotely accessed query 'inquiry system it will ease the workload, crowds and the long queues at the service unit office This will ensure the procedures involved in submission of enquiryirequest are more convenient to students as well as easy handling of the same enquiries requests by the staff members thus increased performance efficiency.

Instead of checking in at the office every now and then the student can use ticketing service in the system to check the progress of their requests at any time and get timely feedback on time. The system will not include the use of videos as a mode of communication.

The system will deploy strong encryption features to enable only authorized people to access specific information through the use of usemame and password which will be given to registered valid members of the institution. There shall be a backup storage location for all the data This is to be provided by a cloud computing provider of choice, this will be a precaution incase the entire local storage equipment malfunction or get physical damage.

1.3 Project plan

This involves the procedures that will be followed to put the new system in place. All the activities are put on a time budget to avoid late implementations or last minute rush on the execution of the project

1.3.1 System Functionality

The backbone of this project is to provide a cost effective self-service system that will ensure that personal data is secure and save from third parties. The aim is to offer a self-service system functionality by creating an easy-to-use web based user interface that is unavailable currently. For one to user the system he has to login the username allocated and password to the portal login page. If one does not remember the password the system allows him to acquire and new one through the official email address. The students are allowed to access the system from any part of the world through the internet while the administrative staff users can either be restricted to use the portals within the school intranet (Bryan, n. d). The system is centralized to enhance security this also allows easy auditing of the system to blow the employees performance while the use the system. The system has encryption and decryption capabilities of which all files or messages sent cannot be view by unintended persons.

The system will allow students to access it remotely at any time. The system is dynamic and subject to any further changes unlike the native way where an increase of students with inquiry cases causes overcrowding and long queues but for the system it can handle a large number of enquiries at the same time and as per the demands.

With automated address clearing the staff members will not at any given time manually update the addresses this process is an equivalent to the physical sorting of old files of papers and storing or destroying the ones that are no longer useful. Effective dating it the system will help in keeping the history and any trail of changes thus enabling system audit whenever need be. This makes the use of such system transparent and in case anything goes wrong it is possible to track the problem, unlike the paper based system whenever the staff misplaces a file or letter the student my lack prove to hold the responsible for such an inconvenience.

The existence of student profiles enables them to know the type of data available for the administrations for instance when the change their address the system updates the same automatically while the native procedure does not allow such changes as once submitted and can only change information by resubmitting the new one this means the process starts once again hence more time consuming.

1.3.2 Deliverables

After the project is complete the should be a complete documentation explaining how the project is supposed to be used and explanations on some trouble shooting procedures. It shows the literature reviews for similar systems and their successes, future improvements can also be recommended on the same documentation. This project requires a minimum od the following equipment;

1.3.2.1 Hardware

1. At least 10 computers (2GB RAM 250GB hard disk,2GHZ CPU and supporting Windows Vista or later) 2. A server with at least 6GB RAM and 10GB storage space. 3. Routers and other networking hardwares

13.2.2 Softwares 1. VB.net 2. MS Office 2013 3. My SQL 4. Cloud Management Softwares (to be provided by the provider)

1.3.3 Project Scheduling

1.3.3.1 Research

With the help of the instructors most of the research resources will be acquired online and from the school library. Further research on encr9sition shall be done with help from local or international IT security companies.

L3.3.2 Analysis

This will be basically studying the existing procedures and similar systems already working then defining the actual requirements and specifications of the system to be desiped. The best method to use in the analysis is through engagement of the end users in interviews and answering of questionnaires

L3.3.3 Design

This is the actual writing of the code for the whole system. The major programing language to be used Visual basic.

1.3.3.4 Testing

This involves the pilot testing for all the functions of the system. It aims at removing of all bugs from the system before it is fully put in place.

1.3.3.5 Implementation

All the data is to be converted to digital and saved into the system. Staff and students are registered and taught how to use it efficiently. They are allocated the usemames and passwords to ensure that all accounts are secure. They will be required to fill details on their profiles before they continue using it.

1.3.3.6 Documentation

This is where all the information concerning the system are written, this will help the users and or the technicians who will be maintaining the system in their day to day work. It also contains the version of the software, the patents and future suggestions on its improvements.

1.3.3.7 Maintenance and Upgrading

This will be an ongoing process whenever need arises.

1.3.4 Assumptions and Constraints

1. The system will be totally secure if the users use the right standards of password and avoid sharing the same. 2. All data sent via the self-sen-ice system are well encrypted and can only be viewed by the right parties. 3. The main challenge for this system is that it may require its administrators to constantly maintain the systems and this can bring business to a halt 1 the whole school. Sometimes it takes long periods of hours to a number of days and this might resolve to the use of the native papers system.

CHAPTER 2: LITERATURE REVIEW

This chapter mainly analyses the major existing literature on the security of the paper based model of inquiry and give justification as to how this project is important to existing subject of study and real life problem solving (Cascade, 2009)
2. Domain Research

2.1 Real Life Self-service system case studies

HR self-service system

A Self –service information system in HR scenario will empower managers and employees. (Cascade, 2009)

Some typical HR functions that HR would like to offer as a self –service to its employees are: * Request for leave * Online pay slips retrieval * Online Timesheets * Attendance * Online appraisals * Tax planning * Personal portfolio * Training and development

HR functions that HR would like to offer as a self –service to its Mangers are: * Leave Authorization * Add and verify attendance * Assigning goals and duties * Managing Time sheets * Training management * Performance reviews * Reporting

Benefits of implementing HR self-service systems: * Real time information Access * Retrieval of current and accurate knowledge * It ensure best practices in the organization * Reduces paperwork and ensures more efficiency and accuracy * Information security * Easy Auditing * Reduces the number of enquires for basic information. * Provides an 24/7 system availability * It help to adhere process to company policies * Good return on investment for the department.

Banking Self-service system:

A self – service banking system will empower its customers.

The Banking functions that a Bank would like to offer to its customers are: * Balance Enquiry * Net Balance for all accounts * Funds Transfer * Bills Pay * Prepaid Mobile or DTH recharge * Opening a fixed or recurring deposit * Credit card payments * ATM cash withdrawal and deposits * Cheque book request

Benefits of implementing banking self-service:

* 27/7 Banking available * Reduces employee’s effort at the bank branch. * Reduces the paperwork * Reduces customer effort to visit the branch for transactions. * Instant cash withdrawal facility * Bills pay and other recharges, a click away

Conclusion:

After studying the successful implementation of these self-service systems we have arrived to following conclusion:

* This system helps to provide enhanced work accuracy and efficiency. * Provides seamless availability of the services. * Reduces the Human effort. * Help to save paper and benefits the environment. * Speeds up the domain process. * Offer high data security * Provides high level of data integrity. * Provide important features for easy scalability of the current system. * Delivers high performance.

2.2 Protecting data in a self-service system

The Data security:

In this system, the effect of the lack of security in very evident. Since the problem solution is not only automation but the protection of data as well. As we put Student information on the data network, it becomes vulnerable to many hacking attacks. Therefore to identify a secure system we need to first figure out the answers of some questions:

What are we protecting?
What are the authorization levels?
What are security restrictions?

Major Security Problems:

* User access control * Vulnerable internet connection * Unauthorized access to data. * Corruption of internal database. * Denial of service attack * Delay of intranet traffic due to crypto mismanagement

Solutions

* Data encryption * Digital Signature * Firewalls * Intrusion detection

2.2.1 Data Encryption:

What is data encryption?

This is a process of encoding data on one end and decoding it to other end with the help of encryption and decryption keys, the encryption turns the message text in unreadable format. The Keys defines how messages are encoded and how can it be decoded. (Ankit Fadia, 2003)

Benefits of encryption:

* It is an economic way of protecting data.
Data encryption locally and on the network is the most reliable and economic way of protecting data. Even if the data is stolen from the network, it is available in the unreadable form and cannot be made readable without decryption key.

* Surety of complete data security.
The data protection is 100% sure. I gives a piece of mind to the user and administrator. It is a foolproof solution in case of data leakage.

* Data can be protected even if the hardware systems are been stolen
There are the encryption discs available, which can keep data encrypted even on the local hard drive. Even if the hardware is stolen, data remains protected with encryption.

* Protects unauthorized access to the information.
Encryption helps to set access passwords, recovery questions and special identity techniques, which allows only authorized user to access data.

Types of Data encryption:

There are 3 types of Encryption. 1. Secret Key Symmetric encryption. 2. Public key encryption 3. One way encryption.

Secret Key Symmetric encryption

This is relatively simple type of encryption, first used by Julius Cesar. In which both the parties have password information in advance. The best example is when we exchange data between two mobile via Bluetooth and also in some of the bank transactions (OTP- one time password), this encryption is widely used.
The main disadvantage of this encryption is, the password has to be sent to other party. And the communication mode should be very secure.

Public Key encryption:

A public key encryption system is that the public and private keys are connected in such a way that only the public key can be used to encrypt messages and only the matching private key can be used to decrypt them This encryption is been used in our student information system, in case data is accessed over the network.

The main disadvantage of this system is that we need to know the recipient's public key to encrypt a message for him or her and this requires a global registry of public keys.

One way encryption:

This encryption will help to keep the password file, digital signature etc. encrypted. The required password is stored in the encrypted form, in hash encoding. When user enters the password, its compared with the password stored and accordingly access is granted or denied.

The system like our Student information portal will use different kinds of one way authentications, before it actually reveals the required data. This is mainly used with our system when we access student data locally.

Types of data encryption methods:

* Software based Data encryption * Hardware Based Data encryption

Software based data encryption:
In this type of data encryption, we will have software for our hardware like hard drive, flash drive etc. to facilitate data encryption. This software allows the users to create an encrypted Cellar on the drive, all the file are encrypted and stored in this area.
The main disadvantage of this system is it makes data transfer slow, as it uses system resources (CPU,RAM) and is data transfer is time consuming.

Hardware Based Data encryption: This system is better than Software based data encryption system. As data transfer is faster and stable as it does not uses system resources and hardware used is robust and resistant to physical damage. The encryption is done at storage device level only. The encryption is done at storage device level only But this system is costlier then Software based data encryption because of high manufacturing cost of hardware .

2.2.2 Digital Signature

Digital Signature is a type of cryptography, a mathematical structure for representing the genuineness of a digital message or document.
How it works?
Creation: The digital signature is based on the hash value computation. The hash value is calculated using a base number, using a Hash algorithm..
Verification: A digital signature is verified by comparing the reference of the original message and the given public key. This determines whether the provided digital signature was created for the same message using the private key.

Benefits of Using Digital signature: * They authenticate the source of the message. * It confirms the identity of the sender. * It ensures that message received / delivered is unaltered. * A digital signature has legal importance .An entity cannot deny the document being signed by the digital signature.

2.2.3 Firewalls

A Firewall is software installed between Local area Network and Wide area network to assess network traffic. It controls incoming traffic and validates the nature of it . If the traffic is legitimate it will pass through, otherwise it will be rejected before entering in the network. (Karanjit Siyan, 1996)
Firewall
Firewall

Firewall
Wan
Wan
LAN
LAN

Our domain
Our domain
A firewall system:

Violation
Violation
Firewall system
Firewall system

Authorized access
Authorized access

Types of firewall:

* Network layer * Application layer * Proxies

Network layer Firewall:

This firewall works on the Network layer of OSI model, where packet transfer mainly happens. This firewall works as a packet filter.
It has predefined rules for the data transfer, as set by the administrator. This firewall will validate the packets as per these rules and control the packet transfer.
There are two types of network layer firewalls:
Statefull :
This firewall work on a state table rules set.
Whenever packet comes to the destination network it will use network state information like active sessions, TCP and UDP ports, IP address etc. If the packet does not matches the state table information it will be evaluated with the rules set for the new connections. If the rule set matches, the packet transfer is allowed.

Stateless:
This is a faster way of packet transfer ,as it is not based on session and also consumes less memory and system resources. But on the other hand it cannot make more complex decisions on stage communications between hosts have reached. But they are very effective in filtering stateless network protocols.
Application layer firewall:

This protocols works on the application layer of the TCP/IP protocol.
Main features of this firewall: * It can effectively control viruses and worms by restricting malignant packets. * It blocks the inappropriate packets and usually drop them then and there. * It will assess connection establishment also. * It does socket level filtering between application layer and lower OSI layers. * It work more like application packet filters, rather than port based filter.

Proxies:

Proxies have several security benefits. * This firewall helps to hide machines behind the proxies. * It uses caching to speed up the processing. * It prevents multiple downloads and saves bandwidth. * It can create and audit data transfer logs. * It can block undesired sites. * It scans inbound and outbound contents

2.24 Intrusion Detection System (IDS)

An IDS is a device or a software that is placed between a firewall and World wide web. It monitors, detects and responds to network policy violation and other malicious activities.
Its analysis and detects the symptoms of security problems by collecting various information from system and network resources. (Rajesh K.S 2002)

Switch
Switch
Firewall
Firewall
IDS
IDS
Internet
Internet

LAN
LAN

Intrusion detection System

Benefits of IDS: * It monitors server, routers and other critical system resources. * It helps administrator to alter, organize and understand complex OS audit trails and other logs * Provide user friendly interface to the administrator. * It comes with a vast database of security threats. * It can distinguish and report modifications to data files.

Types of IDS: * Host - Based (HIDS) * Network – Based (NIDS) * Hybrid

Host IDS

Features of HIDS:
Advantages:
* It works in switched networking environment * Can also operate efficiently in encrypted environs * It can detects and collects the most relevant information, faster than any other IDS
Disadvantage
* It uses system resources of the host server. * Does not have capabilities to protect complete infrastructure.

Network IDS

Features of NIDS:
Advantage:
* It does packet level analysis. * It can support large infrastructure and enterprises. * It works on the amount of traffic not on the amount of infrastructure. * Does not depend on system resources. * Provides better solution against Denial of service attack.

Disadvantage: * Cannot work in encrypted network environment. * Not compatible with modern switched networks. * It cannot efficiently handle high-speed networks. * It detects attack based on its predefined database and sometimes does not respond to new types of attacks.
Hybrid IDS

It is the combination of network and host based IDS. This provides the advantages of both systems. It is useful in all network and system environments. It enhances the IDS capabilities detect attack patterns.
The main disadvantage is there is no industry standard to define this hybridisation and it is difficult to implement as well

IDS techniques

* Misuse detection * Target Monitoring * Anomaly detection * Stealth Probes

Misuse Detection:
It’s a simple model to understand the abnormal behaviour of network activities. It’s simple to update and work with. But at time it in unable to recognise unknown attacks, out of its attack definition database.

Target Monitoring:
It works on encrypted network. Its main purpose is to generate an encrypted file and compare it with the original one periodically. It does not require monitoring and is easy to implement.

Anomaly detection
This technique collects data from various system resources over the time and creates a norm based on the set data pattern. If it sees violation of the norms it will immediately raise and alert.

Stealth Probes
This technique uses wide area sampling to detect threats. It will collect variety of data from the system and checks its behaviour for a long period. It will foresee the possible attacks on the network.
3. Technical Research

3.1 Language

The basic necessity to implement this system is to have a good front end application on the web for the student to enter and modify their data. The programming languages that can best cater this requirement is: * JavaScript * PHP * VB.Net
JavaScript

It is a client side scripting language with following features: * Interface to interact with the user on the web. * Supported by all major browsers * Its dynamic * Can alter document content * Type safe
Advantages of java script: * Client Site processing
JavaScript supports client site scripting. It support user level validation at client side which allows efficient user of system resources and does strains the bandwidth. * Easy to Understand
It is easy to understand and program. The syntax is also very close to English. The syntax is similar to C. * Support extended functionalities.
It enables developers to write snippets of JavaScript which can provide extended functionality to web pages.
Disadvantage of JavaScript: * The extended functionality makes it vulnerable to malicious code to be append in the interface. That opens lot of threats to security. * Different layout engines will, interpret JavaScript code differently. This can lead to inconsistency in interface and functionality

PHP

It’s a server side scripting language which is mainly used for developing web application and web services.
Advantages of PHP: * Open source scripting language. * Simple and easy to learn * Supports both structural and object oriented programming. * It is support by most of the web servers. * It supports plug ins from most of the databases. * Easy to deploy * Cost effective solution
Disadvantage:
* Security flaws and unidentified vulnerabilities, since it is open source.

VB.Net
It’s an object oriented programming language with GUI based development environment.

Advantages:

* Very simple programming Language. * Works on IDE, Interactive development environment. * Easy to develop and modify in its Graphical user interface environment. * Its Object oriented programming language. * It uses XML to communication between network layers * It offers robust security features. * The CLR feature in VB.net takes care of garbage collection i.e it releases the memory as soon as object is no more in use. This helps in optimal use of system resources.

3.2 Databases

The databases that can support multiple queries and process data efficiently in this scenario is: * MS Access * MS SQL * My SQL

MS Access

Microsoft Office Access is a database management system from Microsoft, for small databases.
It combines the relational Microsoft Jet Database Engine with a GUI and software-development tools
Main Features: * Easy to use. * Can store database up to 2 GB. * People with basic computer knowledge can also use this database. * It can be remotely accessed. * Provide access control feature. * Good for small database requirement.

MS SQL Server

Microsoft SQL Server is a relational database management system (RDBMS) developed by Microsoft. It’s a software hose primary function is to store and retrieve data as requested by other applications. This RDBMS supports data for the applications housed locally or remotely over the network.

Features: * Its scalable can handle huge amount of data. * Does not gives very user access to raw data * Administrator can apply user level validation and access control. * Very secure * Maintains transaction logs and allows data to roll back to original version.

MySQL

It’s an open source Relational Database System which can be used by the developers under General Public License.

The Main features of My SQL are: * It’s easy to use, since it supports basic SQL functions * It’s secure: supports password encryption and other data security measures. * It’s inexpensive: since its open source. * It’s faster in data processing * It give very high performance because of its unique storage engine architecture * Highly scalable and flexible, it can supports large number of embedded applications. * It supports most of the operating systems * It also supports most of the development interfaces.

Language and database justification:

After a complete analysis of Programming languages and database, we would like to settle with the combination that can support: * High data security * Scalability * Optimum utilization of system resources. My SQL and Visual .net will be best fit for this system development. ( Novell Doc: NW 6.5 SP8)
On the other hand when we connect .Net framework and MySQL database we will have all the advantages of using ADO.Net

What is ADO.Net?
It is a software components used by the programmers to retrieve and modify data from a Relational database source. (Hassantga ,2013)
Benefits of ADO.Net: * It allows programmers to write data access codes, which is useful even if the database has been changed. * It makes the system highly scalable by representing whole database or even a data table as disconnected object. * Interoperability. It uses XML to transmit data, which makes it platform independent and highly interoperable. * High performance. * It can pass through firewalls as well.

4.3 System architecture

User Interface:
The system will have majorly 3 components. The user interface is programmed in VB.net. These interfaces are programmed to provide a media to students to gather information regarding their queries.

System Components:

1. Academics * Academics records * Results * Degree information * Scholarships * Admission desk 2. Finances * Account receivables * Cash receipts * Other expenses * Scholar ships 3. Administrative * Faculty information * Campus arrangements * Admission desk * Student information

Data Security and Validations:
This layer will validate information coming from the user interface and check for user’s access control as well. The validated information is then passed to the database for information gathering.

Once the query was received by the database it generates the massage /document, which is digitally signed by the web server. This digital signature ensures the authenticity of the data and also confirms its integrity. If the message is altered or tempered during the communication, the digital signature appears invalid at the time of decryption.

Network Layer:
The network layer will contain: * Routers and switches for network communication. * IDS and firewalls for network security

Database Infrastructure
All the student information will house here in a Database Management System. We will implement My SQL as our Relational database management system (RDMS).
This system will manage student data and process queries as per their requirement (queries received from interface components).

User Interface
(VB.Net)
User Interface
(VB.Net)
Academics
Form

Academics
Form

Finance
Form

Finance
Form

Administrative
Form
Form
Administrative
Form
Form

Data Access control rule set
Data Access control rule set
Networking Layer
Networking Layer
Data security
(Encryption and decryption of digital signature )
Data security
(Encryption and decryption of digital signature )

Database infrastructure
Database infrastructure

MY SQL
MY SQL

System Architecture
System Architecture

3.4 Methodology
System analysis methodologies: * Structured analysis and design method (SSDM)Waterfall model * Spiral Model

Structured analysis and design method (SSDM) Waterfall model
It is a waterfall model that works on the analysis and design of the information systems.
(Mike Goodland, 1995)

Stages in SSDM:

Stage 0: Feasibility study
This stage determines whether the proposed information system is feasible in all aspects or not.
The feasibility study is done in following areas : * Technical – If system can be achieved with the technology available in the market? * Financial -- If system building, component procurement and implementation cost fits the assigned funds for the project. * Organizational – If the proposed new system is compliant with current practices. * Ethical – If the proposed system is socially acceptable.

To answer these questions the users and experts from each domain are interviewed and a detailed report is deduced to determine system feasibility.

Stage 2: Current system analysis
This stage is very important phase of SSDM. In this phase an analyst studies the current system environment by interviews, questionnaires, observation and existing documentation of the current system.

The phase helps to understand system better as it: * Helps to learn prevailing business terminologies * It proved the basic requirements for the new system. * To analyze inefficiencies and flaws in the current system. * System data model can be made. * System boundaries can be identified and defined.

Stage 3: Business system options

Is this stage a analyst determines several business options and present it the user. They hold interviews, presentations and group discussions to figure out:

* Extend of system automation * Different levels of access control * System architecture * Total implementation expenses * The influence of the new system

Stage 4: Technical system option
Once the business system is identified, analyst figures out different technical option to implement the proposed system. This phase will mainly focussed on :

* Hardware architecture and configuration * software to be used * Training and staffing requirements * Physical space to be occupied by new system and its limitations * How human and computer will interact?

Stage 5: Logical design:

This stage will determine the data processing logic in the system. In this stage the analyst will work towards, planning of the computer and human interaction.
This stage will mainly focus on: * System directories * Logical data structure * Logical process modelling for system and user interactions * Stress & Bending moment.

Stage 6: Physical design:

This is the final stage where all logical specifications are converted into real software and hardware. This is a highly technical stage where software, hardware and logical processes are integrated to complete a system implementation, for example logical data structure are applied to the Database management software.

Spiral Model

The Spiral model is derived from waterfall model only but it includes high level of risk analysis and is good for large and mission critical projects only.

A spiral model has following phases:

1. Planning: In this phase a complete requirement analysis is conducted for the project. 2. Risk analysis: Risks are identified and alternate solution is suggested. 3. Evolution: Lets customer to access the output of the system before it continues to next spiral. 4. Engineering: This the last phase of development lifecycle in which the final version of software is developed and tested.

Methodology Justification

We would advocate SSDM here, for implementation of Student self-service system as compared to Spiral model. The reason being: (Bryan Cohen, n. d)

1. The spiral model will be very costly to implement. 2. Its time consuming. 3. Spiral model is good for high risk projects. 4. SSDM is very structured way of designing and implementing an information system. 5. With such thorough steps to understand system requirements in SSDM, it is almost impossible to misunderstand any information.

References:

* Ankit Fadia 2003, Network Security, Macmillan India Ltd. * Benefits of ADO.NET. 2013. Benefits of ADO.NET. [ONLINE] Available at:http://msdn.microsoft.com/en-us/library/3y0bb1zd(v=VS.80).aspx. [Accessed 21 June 2013].

* Bryan Cohen, n. d., Advantages & Disadvantages of SSADM | eHow. 2013. Advantages & Disadvantages of SSADM | eHow. [ONLINE] Available at: http://www.ehow.com/list_6781448_advantages-disadvantages-ssadm.html. [Accessed 20 June 2013].

* Cascade, 2009, Guide To Rolling Out Self-Service HR Systems. 2013. Guide To Rolling Out Self-Service HR Systems. [ONLINE] Available at: http://www.ncc.co.uk/article/?articleref=600008&hilight=Guide+To+Rolling+Out+Self-Service+HR+Systems+2009+. [Accessed 21 June 2013].

* Hassantga ,2013, MySqlBackup.NET - MySQL Backup Solution for C#, VB.NET, ASP.NET - CodeProject. 2013. MySqlBackup.NET - MySQL Backup Solution for C#, VB.NET, ASP.NET - CodeProject. [ONLINE] Available at:http://www.codeproject.com/Articles/256466/MySqlBackup-NET-MySQL-Backup-Solution-for-Csharp-V. [Accessed 21 June 2013].

* Karanjit Siyan, 1996. Internet Firewalls and Network Security. Edition. New Riders Pub. * Mike Goodland, 1995. SSADM Version 4: A Practical Approach. Edition. McGraw-Hill Publishing Co.. * Novell Doc: NW 6.5 SP8: Novell MySQL Administration Guide - Benefits of MySQL. 2013. Novell Doc: NW 6.5 SP8: Novell MySQL Administration Guide - Benefits of MySQL. [ONLINE] Available at: http://www.novell.com/documentation/nw65/web_mysql_nw/data/aj5bj52.html. [Accessed 21 June 2013].

* Rajesh K.S 2002, Cisco security Bible, Hungry Minds, INC , New York.