Escolar Documentos
Profissional Documentos
Cultura Documentos
Assignment 2
EBusiness System
PREPARED BY
Figure 1 represents the system architecture of Study Progress Monitor System. The users send
the request to server by the client application. The requests send to the server are to see the list
of students, subjects, assessment of subjects and grades for graded assessments. Threads are
used by server to response to the client request. Database Utility is used as a gateway to
access the client requests.
Subject
DatabaseUtility
Client Grade
Users
Assessment
Threads
GradedAsse
ssment
1
Test Plan
Test plans for the SPMS system are as follows:
Test Name Test Plan 1
Test View Student list
Objective
Test Data Nil.
Test Result
Status Success
2
Test Result
Status Success
Status Success
3
Test
Result
Status Success
Status Success
4
Test
Result
Status Success
Status Success
User Instructions
User instructions to use the SMPS System are as follows:
Start Server
Start the server by following given steps:
Find server.java file in SPMS project. SPMS Directory Source Packages
spmsServer.java
On right click Server.java displays run option which is used to run the server.
5
1. The server starts with the following output.
Start Client
To start the client follow the following steps:
1. Find client.java file in SPMS project. SPMS Directory Source Packages
spmsClient.java
2. On right click Client.java displays run option which is used to run the client.
6
Display Student
By entering 1 in the client output interface list of students is displayed.
Display Subjects
By entering 2 in the client output interface list of subjects is displayed as shown in figure:
7
Display assessments for a subject
By entering 3 in the client output interface list of assessments is displayed as shown in figure:
8
Display grades
By entering 5 in the client output interface and provide the student name which displays the
grades for the student.
9
SPMS System as Cloud based System
SMPS system can be extended to cloud based system which enables students. Parents and
Officials to access the system whenever and wherever needed by the use of various devices.
There are many security issues while deploying systems to cloud. There can be privacy and
security issues with SMPS System moving to cloud. The security threats can be categorized
into four categories.
Interruption: It arises due to denial of service to block the availability of System.
Modification: It arises due to unauthorized access which tampers the information.
Fabrication: It arises due to weak authentication, access control and authorization capabilities of
network.
Thus, there arises the need for additional security requirements for SMPS which should assure
Privacy, Integrity and availability of the system. Security threats can be prevented by applying
following techniques:
Authentication and Verification: It is the protection model for Interuptions.
Authorization validation: It is the protection model for Interception.
Fault tolerance mechanism: It is the protection model for Modification.
Data encryption: It is the protection model for Fabrication. It prevents the information
exposure and maintains the privacy of the data.
Auditing: It is a passive form of protection. Active log auditing is an example of Auditing.
It is also protection model for fabrication.
We can also use digital certificates with problem concerning authentication which allows
information to be send securely from clients to servers. Secure Socket Layer and Transport
Layer Security can be implemented for security concerns for transferring data across the
network.
There are Java language constructs which can be used for cyber security requirements are:
Java Cryptography Architecture(JCA):It is a security framework for core java api. It offers
set of APIs which can be used for digital signature, hash algorithms ,validations
encryptions and key generations. JCA engines can be found in java.security package.
Java Cryptography Extension: It is a security framework for strong encryption.
Cryptographic operations are classified into JCE engines. It provides encryption and
decryptions. It also produces secret keys used by encryptions and decryptions. It also
operates on Secret key objects. It has message authentication code functionality. It is
located in javax.crypto package.
Java Authentication and Authorization Service (JAAS) : It is used to have subject based
authentication and authorizations. It is used for users to reliably and securely determine
who is executing the program. It is also used to authorize the users to ensure that they
have the permissions to perform the particular task. SMPS System can use JAAS to
perform secure Authentication and authorization. SPMS System can use it by importing
javax.security.auth package.
10
Java Secure Socket Extension (JSSE): It is a API which provides secure SSL(Secure
Socket Layer) and TLS(Transport layer Security) support to java platform. With the use of
JSSE there is secure passage of information between client and server. JSSE can be
used in SPMS System by importing javax.net and javax.net.ssl packages.
References
JSSE Reference Guide for Java SE, 2017, viewed 16 May 2017,
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html
Java Authentication and Authorization Service (JAAS) Reference Guide, 2017, viewed 16 May
2017, http://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAASRefGuide.html
Java Cryptography Architecture (JCA) Reference Guide, 2017, viewed 16 May 2017,
http://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/CryptoSpec.html
R. K. Abercrombie, F. T. Sheldon and A. Mili, "Validating Cyber Security Requirements: A Case
Study," 2011 44th Hawaii International Conference on System Sciences, Kauai, HI, 2011, pp. 1-
10.doi: 10.1109/HICSS.2011.480
11