Overview

2Object-Oriented Analysis and Design with the Unified Process

Overview Many System inputs and outputs do not require much human

intervention Electronic transmissions or paper outputs to external agents

Integrity and Security Controls protect the system and its data Integrity Controls validate data Security Controls protect the system from outside threats

System Interfaces can have technical requirements that pose high risk Design high-risk elements in early elaboration phases

◘ Security controls (secure transactions, encryption, digital certificates)

Design low risk elements in construction phases◘ Reports, Integrity Controls


SYSTEMS INTERFACES Most Object-Oriented Systems involves extensive Input and Output and many

people and organizations require access to Data stored by a System. Information Systems capture Inputs and produces Outputs, and Inputs and

outputs occur where there are “Interfaces” between the System and its environment.

- User Interfaces handle inputs and Outputs that involve a System User directly.

- System Interfaces handle Inputs and Outputs that require minimal Human intervention.

Many of the Systems Interfaces are not as obvious to the end-users.

Systems Analyst requires a deep understanding of the existing Systems, Databases and Network technologies involving I/O design Systems that incorporates all I/O needs.


Identifying System Interfaces System Interfaces are broadly as any Inputs and Outputs with

minimal or no human intervention. - Such as standard Outputs e.g. Billing notices, Reports, Printed forms, Electronic outputs to other automated Systems.

- Inputs that are automated or come from non-User Interface devices are also included.. Such as Inputs from Bar Code Scanners, Automated scanners , OCR device and other Computer systems.

Today’s highly integrated and interconnected Systems increasingly go beyond User needs, requiring System Interfaces to handle Inputs and Outputs faster, more efficiently, accurately and at any hour of the day or night.

Systems Interfaces can Process Inputs, interact with other Systems in real-time and Distribute Outputs with minimal human intervention.

When designing the System the System Analyst should consider alternatives to HCI to automate the capture of Inputs and the Distribution of Outputs.


Identifying System Interfaces The following list provides some categories of System

Interfaces to aid in identifying I/O Requirements and Design possibilities

1. Inputs from other Systems 2. Highly Automated Inputs3. Inputs that are from Data in External Databases4. Outputs that are to External Databases5. Outputs with minimal HCI6. Outputs to Other Systems7. Real-time Connections (both input and output)


The full range of Inputs and Outputs in an Information System


Identifying System Interfaces1. INPUT FROM OTHER SYSTEMS Inputs from Other Systems can arrive as Network messages, Electronic

Data Interface (EDI) and many Web-based Systems integrated with other Systems through direct messaging. Electronic Data Exchange (EDI) reduces the need for User input.

The challenge in EDI is to define the format of the transaction. XML (Extensible Markup Language) provides a common System-to-System

interface. XML is extremely Scalable, simple and readable by Human being.

◘ XML is extension of HTML that embeds Self-defining data structures with textual messages◘ Markup Codes are defined in a separate Document Type Definition (DTD) file or XML Schema. ◘ Designed to take advantage of the Internet

Many newer Systems are using XML to provide common System-to-System Interface.


A System-to-System Interface based on XML


Identifying System Interfaces2. HIGHLY AUTOMATED INPUT DEVICES Highly automated Input devices such as Scanners can capture many System

Inputs. In some cases, a Scanner might record the Input as an item moves by on

a conveyer belt with no human interaction.

INPUT FROM EXTERNAL DATABASES Many Inputs come from External Databases. Some Inputs from an

External Database might occur during processing of another input. e.g. Verifying Credit history prior to extending credit

3. OUTPUTS TO EXTERNAL DATABASES Outputs to External Databases might be required when the System produces

large amounts of detailed data.


Identifying System Interfaces4. OUTPUTS WITH MINIMAL HCI Such as the Reports that are produced and e-mailed to recipients or Printed and distributed to the recipients, but the user is not directly interacting with the System to obtain Output.

5. OUTPUTS TO OTHER SYSTEMS Messages sent to External Systems that triggers processing are also Outputs.

6. REAL TIME CONNECTIONS Sometimes System Inputs and outputs must be Real- time connections. A Real time connection is both a System Output and a System Input, much like a System-to-System dialog.


DESIGNING SYSTEM INPUT When designing Inputs for a System, the System

Designer must focus on three areas:-

1. Identify Input Devices and Mechanisms◘ Electronic forms, Scanning devices etc

2. Identify all system inputs and develop a list with the data content of each (Provides link between Use case Descriptions and Interface

design)

3. Determine what kinds of controls are necessary for each system input (Develop a statement of policy and control points)


Input Devices and Mechanisms When Analysts begin to design a System, they assume that all Inputs will be

captured via Electronic, Graphical forms because they are now so common on Personal Computers and Work Stations.

When Design of User Inputs commence, one of the first task is to Evaluate and Assess the various alternatives for entering information.

The primary objective of any form of Data Input is to enter or Update “Error-free” data into the System.

Several Good Practices to Input error-free Data into a System

Capture data close to the originating source Use Electronic devices and automatic entry whenever possible Avoid human involvement as much as possible Use information from Electronic Forms whenever possible, rather than

re-entering information Validate and Correct information at the time and location it is entered


Good Practices to Input error-free Data into a System

Capture data close to the originating source

Today many Systems enable the Data to be captured electronically at the point at which they are generated. (eg. Applicants filling their Life Insurance Policies)

Use Electronic devices and automatic entry whenever possible

Automating Data Entry and Avoiding Human Involvement are very closely related and often are essentially different sides of the same coin. Although, using electronic devices does not automatically avoid human involvement.

System Designer must design a System with fewer Electronic Input Forms to avoid some common Data-entry problems.

- One of the most pervasive source of erroneous data is User’s typing mistakes in fields and numbers.


Input Devices and MechanismsDEVICES USED TO AVOID HUMAN KEYSTROKING

◘ Magnetic Card Strip Readers◘ Bar Code Readers◘ Radio Frequency Identification Tags◘ Optical Character Readers (OCR) and Scanners◘ Touch Screen and Devices◘ Electronic Pens and Writing Surface◘ Digitizers (Digital cameras, Audio devices etc)


Input Devices and Mechanisms Using Electronic devices for data Input is critical but another

potentials source of problem is the Input of “Fraudulent Information”.Two Problems with Fraudulent data need to be addressed:-

◘ Access Control◘ Input Control

Access to the System must be controlled so that only authorized persons or Systems can gain access.

Input Controls must be built into the System so that fraudulent data cannot easily be entered.

Although it is not possible to completely eliminate the potential for fraud, careful design of Input Controls will help to minimize the risk.


Defining the Details of System Inputs Identifying Users and System Inputs with Object-Oriented approach

requires the use of System Sequence Diagrams. The Sequence Diagram provides a detailed perspective of the User

and System Inputs to support the Use Case and the corresponding Business Event.

Additional analysis of the Messages themselves also supplies information about the Data Fields on the messages.

To obtain a through analysis of the messages Developer may have to consult the Design Class Diagram.

◘ The Actual parameters that are passed in on the Messages need to be consistent with the attributes that are found in the Design Class.

A table created from the SSD, that lists the Input Messages and Data parameter can help the Designer in defining the Details of System Inputs.


System Sequence Diagram for Create New Order


Input Messages and Data Parameters from a System Sequence Diagram


Designing System OutputsThe primary objectives of System Outputs is to present information in the right place at the right time and to the right people.

Designing the System Outputs tasks accomplish four objectives:-

1. Determine the type of each System Output2. Make a list of specific System Outputs based on Application Design3. Specify any necessary Controls to protect the information provided in the Output

4. Design and Prototype the Output Layout

Users may also develop their own Ad-hoc reports using tools and preformatted templates

An Ad-hoc report is a report that are not predefined by a Programmer but designed as needed by a User.

When Designing Reports, Analyst should ask whether the Systemrequires an Ad-hoc reporting capability and if so add such a capability.


Defining the Details of System Outputs The objectives of this task is to ensure that the Designer has

identified and specified all of the Outputs for the New System.

Designer should Use Models to identify and define the detailed specifications of Outputs. The model-based approach utilizes the information in:

◘ Event Tables◘ Sequence Diagrams

(Shows those Messages that originated from an Internal System object and are sent to an External Actor or System.)

Output Messages that are based on an individual Objects (records) are usually part of the Object’s Methods Use Class-level Method to report on all objects within a Class

A review of all Output Messages generated across all Sequence Diagrams provides the consistency check against the required Outputs identified in the Requirements Models.


A table of System Outputs based on Object Oriented messages


DESIGNING REPORTS, STATEMENTS & TURNAROUND DOCUMENTS

With the advent of Office Automation and other Business Systems, business people initially thought that Paper Reports would no longer be needed.

In fact just the opposite has happened. Business Systems have made information much more widely available, resulting in the proliferation of all types of Reports, both Paper end Electronic Reports..

One of the major challenge to the Designers is to organize the overwhelming amount of information so that it is meaningful.

One of the most difficult aspects of Output Design is to decide what to provide and how to present information to avoid a confusion mess of complex data.


Types of Output Reports That The Users Require Detailed Report

Are used to carry out day-to-day processing of the business. They contain detailed transactions or records. They provide working documents for people in the company.

Summary ReportThey recapture or summarizes detailed information over a period of time or summarizes info belong to some category.. Mainly used by Middle Management.

Control Break Report a report that includes Detailed and Summary information

Exception Report a report that contains only information about non-standard or exception conditions. It is also used to monitor progress

Executive Report :- A report that contains Summary information from Internal business activities as well as contain comparative performance with industry wide averages. This report is used by the Top Management to assess overall organizational health and performance. (Strengths and Weaknesses of the Organization) as well as for Strategic Decisions making.


TYPES OF OUTPUT Internal vs External Outputs

Internal Report is a Printed Report (Hard Copy Report or document) produced for use inside an organization. Hard Copy Reports is mainly printed on chip stock paper.

External Reports are official business documents for an outside audience such as Statements, Notices, Legal documents etc. External Report can consist of complex Multi-page documents Printed on high quality paper containing pre-printed Company’s logo

and Heading details.

Turnaround Documents (Report)An external output that contains a tear-off portion that is returned to the

System as an input. e.g. A Bill that contains a payment stub to be returned with a check.


RMO Shopping Cart Order Report (an External Report)


RMO Inventory Report (an Internal Control Break Report)


Electronic Reports (Screen Reports) Organizations use various types of Electronic Reports, each serving a different purpose and each with respective strengths and weaknesses.

Electronic Reports provide great flexibility in the organization and presentation of information.

Screen outputs can be formatted like a printed report but displayed electronically. However, electronic reports can also present information in many other formats such as detailed and summary sections data and graphic together, dynamically change their organization and so on so forth.

An important benefit of Electronic Reporting is that it is ‘Dynamic”. It can change to meet the specific needs of a user in a particular situation. It can also provide Ad-hoc capability.

The other benefit is its ability to provide links to further information.

◘ One technique is “Drill Down Technique” that allows the User to activate a ‘Hot Spot Hyperlink’ on the Report which tell the System to display to a Lower- level report providing more detailed information.


Electronic Reports Another variation of Hotlink capability lets User correlate or

extends information from one Report to related information in another Report.

Another Dynamic aspect of Electronic report is the capability to view data from different perspective such as Frames, Hotlinks, Graphics and even Animation.

Some Report Generating Package programs provide Electronic Reporting capabilities that includes all of the functionality found on internet pages.

29Object-Oriented Analysis and Design with the Unified Process An RMO Summary Report with Drill Down to the Detailed report


Graphical and Multimedia Presentation The Graphical presentation of data is one of the greatest benefits of the

information age. Chart and Graphs have made information Reporting:-

Much more User-friendly for Printed and Electronic formats. Summarize massive amounts of data and present it in Graphical form

◘ Graphical Presentation is useful for examining trends and changes Multimedia Outputs have become available recently as Multimedia tool

capabilities have increased. Combining Visual and Audio output is a powerful way to present information. It is possible to see a Graphical and possible Animated presentation of the

information on the screen and to hear an Audio description of the salient points. As the design of System Outputs progress, it is beneficial to evaluate the various

presentation alternatives. Reporting Packages can be utilized to provide a full range of reporting

alternatives. Developers should carefully analyze each output report to determine the objective and select the form of the output that is most appropriate for the information and its use.


Sample Bar Chart and Pie Chart Reports


Formatting Reports Generally Report Design is not difficult if you remember that the objective of

any Report is to provide meaningful information not just data and to provide it in a format that is easy to read.

Analyst must keep three Design Principles in mind during the design of output reports

1. The objective of the report 2. The intended audience 3. The medium for presentation◘ In some instances user need the Report to monitor progress, or to make strategic

decision etc.◘ Decision about the content and the Format should be based on the audience and the use

of the report.◘ Often Designers must decide on the level of details for the format of the report. Avoid

information overload!◘ The Format of the Report is also important. Every report should have a meaningful

title to indicate the data content. Date the report produced, effective date of the report and page number.

◘ Designers often assume that reports will be printed on stock paper. However Electronic Reports are also powerful method of producing output information.

◘ Designers must consider whether output information will be accessed from non-standard devices and transmitted via limited bandwidth channels.


Designing Integrity Controls Information System Controls are mechanisms and procedures

that are built into an Application System to safeguard both the System and the information within it.

Generally Controls that are integrated into the Application Systems and into the Database that support them are Integrity Controls

Controls in the Operating Systems and Network are often referred to as Security Controls.

Systems Developers are generally so focused on designing the Software itself that they forget to develop the necessary Controls.

Because Computer Systems are so pervasive and companies depend heavily on Information Systems , a Development Project that does not specifically include Integrity Controls is inviting disaster. System will be subject to errors, fraud, and deceptive practices, making it unusable.

34Object-Oriented Analysis and Design with the Unified ProcessPoints of Security and Integrity Controls


Designing Integrity ControlsThe primary objectives of Integrity Controls Ensure that Only appropriate and correct business transactions

occur Ensure that the transactions are recorded and processed correctly Protect and safeguard the assets of the organization

The first objective focuses on the identification and capture of Input transactions and ensures that all important business transactions are included - .(No transactions is lost or missing and that no fraudulent or erroneous transactions entered )

Second Objective focuses on the Controls that are needed to detect and alert users to Data-entry errors and system bugs that cause problems in processing and recording data.

Third objective addresses loss of information from Computer crashes or catastrophes including protection of important information on computer files that could be destroyed by a disgruntled employee or possible even a hacker.


Input Integrity ControlsOne of the primary Control Points for ensuring correct data is at the point of Data Input. Input Controls are an additional level of verification that

helps reduce errors in input data. Input Integrity Controls are used with all input mechanism,

from electronic devices to standard keyboard inputs.

Common Input Integrity Techniques◘ Field Combination Controls◘ Value Limit Controls◘ Completeness Controls◘ Data Validation Controls


Input Integrity Controls Field Combination Controls

Review various combinations of fields to ensure correct data entry Value Limit Controls

Check numeric fields to make sure that amount entered is reasonable Completeness Controls

Ensure that all necessary fields are completed. This check can be executed asinput occurs so that, when certain fields are entered. Additional required fields must be entered.

Data Validation ControlsEnsure that Numeric fields with Codes are correct. e.g .Verify the Check Digit

entered as part of input data by recalculating check digit based on the numerical fields. If result do not match, then report input error.

Other Data Validation Controls Validation Controls that can be done Online against Internal Tables or Files. eg. A Customer Number can be validated against the Customer File at the

time of entering a new Order.

The System Designer can reduce the need for Other Data Validations by designing a System to obtain the data for a particular field from other information already in the System.


Database Integrity ControlsMost Database Management Systems include Integrity and Security features providing an additional layer of Control.

Five Major areas of Security and Control can be implemented at the Database level:-

1. Access controls 2. Data Encryption 3. Transaction Control 4. Update Control 5. Backup and Recovery Protection


Database Integrity ControlsAccess ControlAn Integrity Control that determines who has access to a System and itsdata. It refers to the ability of a User to get access to the data.

Access Controls can be defined on Schema sub sets such as groups of related Tables or Objects, single Table, or Objects on single attributes as read only or read/write access.

DBMS stores Security Access information within the Schema and applies control each time data are read or written.

DBMS enforces Security Controls, it automatically enforces them for Application Programs that access the Database.

Some DBMSs rely on Operating System to identify the User who is attempting to access Data, which relieves the User from heaving to identify him/herself multiple times.

Some DBMSs implement Security Controls independently of Operating System.


Database Integrity ControlsData EncryptionEncryption is the process of converting data into code in order to prevent unauthorized access. Encryption is used both for data within a Database and the transmission of data especially over public carrier. Data within a Database are normally encrypted with a “Single Key Encryption” methodTransaction ControlsTransaction Control is enforced by “Transaction Logging Technique” in which any update to the Database is logged with audit information on who performed the update, when and how. (i.e. User ID, date, time, Input data, and type of update.). Audit trails of all updates to database can help trace any errors or problems that occur. Advanced DBMSs include Transaction Logging as part of DBMS Software. Some smaller DBMSs run on Personal Computers, do not include Transaction Logging. So the System Designer must add it directly to the Application.


Database Integrity ControlsTransaction Controls

Transaction Logging achieves two objectives.

1. Helps discourage fraudulent transactions. If a person knows that every transaction is logged, then that person is less apt to attempt a fraudulent transaction.

2. Provides a recovery mechanism for erroneous transactions.

◘ A mid-level Transaction Logging System maintains the set of all updates. The System can recover from errors by “Unapplying” the erroneous transactions.

◘ More sophisticated Logging Systems can provide a “Before” and “After” image of the fields that are changed by the transaction as well as the audit trail of all transactions.

These sophisticate systems are used only for highly sensitive or critical data files, but they do represent an important control mechanism that is available when necessary.


Database Integrity ControlsUpdate Controls DBMS are designed to support many Application Programs

simultaneously. Several programs may want to access and update a record or Field

at the same time. Update Control within a DBMS provide “Record Locking” to

protect against multiple updates that might conflict with or overwrite each other.

Also Delaying commitment of the update until all updates have been verified is a technique used to protect the data from partial update of the complex transactions. Delaying technique is useful where some transactions are applied to

the Database have multiple parts; such as a financial transaction that must be credited one account and debit a different account


Database Integrity ControlsBackup And RecoveryBackup and Recovery procedures are designed to protect the Databasefrom all other types of catastrophes.

Many DBMSs provide various levels of Backup and Recovery. Partial or Incremental Backups are used to capture changes to the

Database during the time periods between Total Backups. A Total Backup is used only periodically to achieve a complete copy of all

the Data. The total copy is kept away from the site location to protect it against catastrophic threats such as fire, earth-quick or terrorist attack.

Another expensive yet popular security is a “Mirror Database” or “Mirror Site” technique. This technique completely duplicates the Database and the transactions as they occur. (This technique is becoming important as information becomes more and more critical to the daily operations of organizations.


Output Integrity Controls The purpose of Output Controls is to ensure that output arrives at

the proper destination and is accurate, current and complete.

Output Control is especially important for the Reports with sensitive information arrive at the proper destination and that they can not be accessed by an authorized person.

Types of Output Controls

Destination Controls Completeness, Accuracy, and Correctness Controls


Output Integrity ControlsDestination Controls Integrity Controls to ensure that Output information is channeled to

the correct persons.

Destination Control in the past accomplished by a Report Distribution Control Desk.

Destination and routing information is printed on a Report Cover Page along with the Report.

Destination Control today is implemented by placing Printers in each of the locations that need printed Reports still with a Cover page.

Electronic Outputs to other Systems is usually provided in one of two Forms:-

◘ Online transaction by transaction output◘ Single Data file with a batch of output transactions.


Output Integrity ControlsDestination Controls (Continued)Online Transaction-by-transaction Output ControlsEach transaction must include its routing codes identifying thecorrect destination. - Both Sending and Receiving Systems need to work together to ensure

that each transaction is sent and received correctly - The Output Transaction will have Verification Codes and bits to permit the Receiving System to verify accuracy of transaction. - The Receiving System also respond with an acknowledgement

of a successful receipt of the transaction. Although many of the Controls are now built in the Network

Transmission Protocols, the Designer need to be aware of the Network and Operating System capability and supplement it where necessary to ensure that data are received successfully.


Output Integrity ControlsDestination Controls (Continued)

Controls For Output Data Files Normally, a System produces a Data file, either on Magnetic Tape or Disk and

another System must find that Data File and use it.

The major Control issue is how to ensure that the second System uses the correct Data file.

Controls for Output Data file carefully identifies the Content, Version, Date and Time of the Data file before used again by another System.- Controls have “Special beginning and ending records” that contain Date,

Time, Version number, Record count and Dollar control totals and so forth.

Destination Controls for Computer Screen Output are not as widely used as those for Printed Reports.

However Destination Controls in some instances used to control What information can be displayed on which terminal.

This extra safeguard is used primarily for military or other sensitive systems.

Close coordination are required between the Application program and Network Security Control system for Computer screen Output Control


Output Integrity Controls COMPLETENESS, ACCURACY AND CORRECTNESS CONTROLS

The Completeness, Accuracy, and Correctness of Output information are a function of the Internal Processing of the System rather than any set of Controls.

Systems Developers should ensure the Completeness and Accuracy by printing the following ‘Control Fields” on the Output Report.

Date and Time of Report printing Date of the Report Time period covered by the Report (eg. From 1 Jan to 31 March 2006) Beginning header with Report identification and description Destination or routing information The Report version number and version date Pagination in the format of “Page __ of __” Control Totals and Cross footing An “END OF REPORT” trailer


Integrity Controls to Prevent Fraud As mentioned earlier, one of the Objective of Integrity Control is

to safeguard the Assets of the Organization. Since Fraud is a serious threat to organizations assets several

additional techniques must be considered in the System Design to further increase System protection besides several besides the Input Controls, Database Controls and Output Controls in order to prevent Fraud by Automated records of money and assets.

Control of Fraud requires both Manual Procedures and Computer Integrity Controls. Thus the System Developers need to work together with Business users who are knowledgeable about Accounting principles to prevent Fraud.

Software and System Controls will not completely eliminate

fraud. Nevertheless, System Developers should be aware of the fundamental elements that make fraud possible and incorporate System Controls to combat it.


Integrity Controls to Prevent Fraud Fraud is a serious problem! The economic losses of Fraud

caused by fraudulent activity around the world is staggering. Several major corporations have been forced into bankruptcy or closure due to Fraudulent behavior of their key executives.

Research indicates that three conditions are present in almost all fraud cases Personal pressure, such as desire to maintain an extravagant lifestyle Rationalization, such as the thought “I will repay this money later on ” Opportunity, such as unverified cash receipt

An opportunity for Fraud can exist in every System regardless of being a Financial system. Therefore, System Designers must be aware of this and built Integrity Control mechanism in the System to reduce the opportunity for Fraud..


Fraud Risks and Prevention techniques (from Dr. Marshall Romney at Brigham Young University)


Designing Security Controls Security controls are mechanisms provided by the Operating

System or environment to protect the Data and the Processing Systems from malicious attacks. (focus on External threats)

Security Controls have two Objectives Maintain a stable, functioning Operating environment for users

and application systems (24 hours a day, 7 days a week)

Protect information and transactions during transmission outside the organization (On public carriers)

◘ First Objective focuses on external threats such as hackers, viruses, worms, and message overloads. Most organizations have Gateways between their Internal Systems and Internet.

◘ The second objective focuses on the information that is sent or received via the Internet. Transactions sent outside or received from outside could be intercepted, destroyed, or modified. Security Controls use techniques to protect data while they are transit from source to destination.


Designing Security Controls Security Controls can be implemented within different types of

Software, including The Network, Operating System, DBMS, or the Application programs.

The Most common Security Control points are Network and Operating System because they exercise direct control over assets such as Files, Application programs and Disk drives.

Operating System security is the foundation of Security for most Information Systems.

Security related tasks in a typical Systems Development Project are usually limited to configure Security software in the underlying Operating Systems or the DBMS.

◘ Most Developers avoid implementing Security Controls within Application because of complexity and importance of security functions.

◘ However, on some occasions, developers may implement security controls directly within Application Software. (eg. To prevent unauthorized users to delete existing data or creating Backup copies on removable storage medium.


Security for Access to Systems System Access controls are mechanisms that are established to

restrict what portions of a computer system a person can use. Access Control mechanisms can be used to control access to

any recourses managed by Operating Systems or Network including - Hardware, application Programs, and data files.

Designers often use the Access controls embedded in system software. The Advantage of using embedded Access Control in System

Software is that a consistent set of Access Controls is then applied to every resource on a hardware platform, Network or Information Systems.

Designers can add Access Controls into Application Systems beyond those provided by the System Software.

This approach requires Technical expertise besides it’s difficulties and cost.


Types of Users To begin development of Access Control Designers must

identify and consider all different types of Users.

Unauthorized Users Registered Users Privileged Users

Unauthorized Users – A person who are not allowed access to any part or functions of the System. Including:- employees who are prohibited from accessing the System Former employees who no longer are permitted to accrss the system Outsiders such as hackers and intruders.


Types of Users Registered Users are those who are authorized to access the System. Various levels of Registered Users are set up depending on what they are

authorised to view and update.◘ An Access Control list is a list of users or User groups that can access a

system resource and permitted access type(s). The System Designer must be aware that there may be multiple levels of Users. Privileged Users have special security access privileges to a system.

System Programmers, Application Programmers, Operators, System Administrator.

Privileged Users may have different levels of Security access. Systems Programmer can have full access to all components of the System

and data. Systems Admin can have access to all functions controls and establishes various levels of registration and register users. Application programmers can have access to applications but not the secure libraries and data files.

57Object-Oriented Analysis and Design with the Unified Process Users and their Access to Computer Systems


Passwords, Smart Cards, Biometric Devices Authentication is the process of identifying Users to verify that

he/she has access to the System. Authentication is the basis of all Security Control because Security controls are

useless unless the user is correctly identified. Common approach to Authentication is ‘’Username and ‘Password’. Two Techniques to define Passwords

◘ Randomly generated and assigned passwords by computer◘ Self defined passwords by Users

Both Password techniques have advantages and disadvantages◘ Computer generated passwords are longer and more random. They tend

to be hard to be remember by most users. ◘ User developed passwords on the other are easier to remember but they

are usually not as complex and therefore not quite as secure. Some restrictions can be placed on the syntax of the Password to

ensure at least a minimum level of security. One common problem with Passwords is remembering what they are.


Passwords, Smart Cards, Biometric Devices Smart Card is a Computer-readable plastic card with

security information embedded within it.

Smart Card stores encrypted version of the user’s password, Fingerprint, retinal scan or voice characteristics.

Smart Card enhances security because the User must posses both the card and the appropriate identifying information to be authenticated.

Only the Security Sub-system knows the key, which prevents potential intruders from using cards with altered data.


Passwords, Smart Cards, Biometric Devices Many companies are experimenting with a new form of

security based on Biometric devices Biometric Devices can be asked on other forms of personal

identification including keystroke patterns, fingerprints, retina scans, facial patterns, and voice characteristics Biometric devices can be used to authenticate the user.

The principle behind use of biometric device is that the individual becomes the password or gateway into Secure system. Some security systems use Password and keystroke patterns to authenticate the user.

When a user enters password or other keystroke sequences the timing and force of each keystroke are unique.

Some Security Systems use Password with fingertips, retinal blood vessels or voice. Which are unique for every person.

Biometric devices can be built into almost any of the normal hardware components of a computer. ie. Into mouse , monitor etc.

Security based on Biometric devices can be multi level security verification can be done when user first tries to log on.

Security System must keep a record of all attempted Logons, especially unsuccessful ones. In many cases unsuccessful log on indicates an attempted breach of security which should be investigated.


Data SecurityIn addition to the need for controlling Access to Organization’sSystems and Network, it is frequently important to make thesensitive Data secure in some files such as:.

Financial information Credit Card Numbers, Bank Account No. Payroll

Information User ID and Password, and other Personal information,

Strategies and plans for products and other mission- critical data

Government and sensitive military information


Data SecurityEach Unix file has security corresponding to three types of Users:-

The Owner of the File Other members of the owner's workgroup All other Users

The Security for each User Type is also further divided into three levels◘ Read Access, ◘ Crate, Update and Delete Access ◘ Execute Access

Primary method to maintain Data security for both on internal Systems and transmitted data is by ‘’Encrypting’’ data.

Encryption is the process of altering data so that unauthorized users cannot view them.

Decryption is the process of converting encrypted data back into a readable format.

An Encryption Algorithm is a complex mathematical formula that encrypts and decrypts data

An Encryption Key is a binary input to the Encryption algorithm. (Typically it is a long string of bits)

Data can be Decrypted only with the key or a Compatible key .


Data Security An Encryption Algorithm must generate encrypted data that are difficult or

impossible to decrypt without the Encryption key. Decryption without the Encryption Key becomes more difficult as key length is

increased Both sender and receivers must use the same or compatible algorithms.

SYMETRIC KEY ENCRIPTIONAn encryption process that uses the same key to encrypt and to decrypt the data.A significant problem with Symmetric Key encryption is that both the sender and receiver use the same key, which must be created and shared in a secure manner.

◘ Security is compromised if the Key is transmitted over the same channel as messages encrypted with the key.

◘ Also sharing a Key among many Users increases the possibility of Key theft.


Symmetric Key Encryption


Data SecurityASYMETRIC KEY ENCRYPTION

An Encryption process that uses one key to Encrypt and a different key to Decrypt the data.

Public Key Encryption is an Asymmetric method in which one key is publicized and the other key is kept Private.

Public Key is used for Encryption and Private Key is used for Decryption. The two keys are compatible and like a matched pair.

Once information is encrypted with the Public Key, it can be Decrypted only with the Private key. Organizations that use this technique broadcast their Public Key so that it is freely available to anybody who wants it E.g- A Customer who wants to order goods from a Vendor wishes to transmit a secure message to the Vendor.

◘ Customer reads the Vendor’s Public key from the Public source such as Vendor’s Web site. ◘ The Customer then Encrypts the message with the Vendor’s Public key and sends the message to the Vendor. ◘ The Vendor Decrypts the message with the Private key. Since no one else has the Private

key, no one else can decrypt the message.

Some Asymmetric Encryption methods can encrypt a message with a Private key and Decrypt it with the Public key. This technique is the basis for Digital Signatures and Digital Certificates.


Asymmetric Key Encryption


Digital Signatures and Certificates The Encryption of messages is an effective technique to enable a secure

exchange of information between two entities who have appropriate key. However the Public key Encryption technique does not guarantee that

the entity on the other end of the communication is really who you think it is. To eliminate the doubt Digital Signature or Digital Certificate is used.

DIGITAL SIGNATUREIs a technique in which a document is encrypted using a Private key toverify who wrote the document. If you have the Public key of an entity and that entity sends you a

message with its Private Key, you can decode it with the Public key. The encoding of a message with a Private key is called Digital Signature.

In that case you know that the entity is the one you want to communicate with because that entity is the only one who can code message with the Private key.

.


Digital Signatures and Certificates How do you know that the Public Key you have is the correct

Public Key and not counterfeit Key?(May be someone is impersonating another entity and is passing out false Public key to be able to intercept encoded messages and steal information.

In essence, the Problem is ensuring that the key that is purported to be the Public key of some institution is in fact institution's Public key.

Solution to this problem is Digital Certificate


Digital Signatures and CertificatesDIGITAL CERTIFICATEIs a text message that is Encrypted by a Verifying Authority and used to broadcast an Organization’s Name and Public key (Plus other information such as Organization’s Address, Web site URL and Validity Date of the Certificate) encrypted and certified by a third party..

Certifying Authority A well-known and widely accepted “Third Party” that sells Digital Certificates to organizations. (e.g. VeriSign and Equifax)

The Certifying Authorities Public Keys are built right into Internet Explorer and Netscape.

E.g. An Organization that wants a Certificate with its Name and Public key goes to a Certifying Authority and buys a Certificate.

◘ The Certifying Authority encrypts the data with its own Private key (signs the data) and gives the data back to organization.

◘ When a Customer asks the Organization for its Public Key, Organization will send the Certificate to the Customer.

◘ The Customer receives the Certificate and opens it with the Certifying Authority's Public Key. Since the Certifying Authority is so known that its Public key is built into everyone’s Browser and is essentially impossible to counterfeit.

◘ Now that the Customer can be sure that he is communicating with original organization and can do so with encrypted messages using the Organization’s Public key.


Using a Digital CertificateYou can know that the entity with whom you are communicate is infect who says it is and that you do have their Correct Public key.


Digital Signatures and Certificates A variation of Digital Certificate scenario occurs when

the Buyer and Seller transmit their Certificates to one another.

◘ Each side can decrypt the Certificate using the Certifying Authority’s “Public Key” to extract information such as Name and Address.

◘ However, to ensure the validity of the “Public Key” contained within the Certificate, the Certificates are transmitted to the Certifying Authority for verification.

◘ The Certifying Authority stores Certificate data into its

Database and verifies transmitted Certificates by matching their content against the Database.


SECURE TRANSACTIONSSecure Electronic Transactions require a Standard set of Methods and Protocols that address Authentication, Authorization, Privacy and Integrity.

Netscape originally developed the Secure Socket Layer (SSL) to support secure transactions. SSL was later adopted as an Internet Standard and named as Transport Layer Security (TLS)

TLS is a Protocol for a secure channel to send messages over Internet. Sender and Receiver first establish a connection using standard Protocols and

then ask each other to create a TLS connection. Sender and Receiver then verify each other’s identity by exchanging and

verifying Identity Certificates. At this point both sides have exchanged Public Keys, so they can send Secure messages.

Because Asymmetric Encryption is so slow and difficult, the two entities agree on a Protocol and Encryption Method usually a Single Key Encryption Method

All the messages until establishing Secure connection are sent using Public Key / Private combination. Once the Encryption technique is determined and a secret Single key has been transmitted, all subsequent transmission is done using the Secret, Single Key.


SECURE TRANSACTIONS IP Security (IPSec) is a newer Internet Standard for Secure Message

Transmission. IPSec is implemented at a lower Layer of the Network Protocol

Stacks, which enables it to operate with greater speed. IPSec can replace or complement SSL. Both Protocols can be used

at the same time to provide an extra measure of security. IPSec supports more secure Encryption method than SSL, but these

methods are not yet fully developed on the Internet.

SECURE HYPERTEXT TRANSPORT PROTOCOL (HTTPS OR HTTP-S)

HTTPS is an Internet Standard for transmitting Web Pages securely. HTTPS supports several types of Encryption, Digital Signing and Certificate

exchange and Verification. All modern Web Browsers and Web Servers support HTTPS. It is a complete

approach to Web-based Security, although security is enhanced when HTTPS documents are send over secure TLS or IPSec channels.


SUMMARY System Security is an important consideration in the

development and deployment of Information Systems in today’s Networked environment.

Many Tools and Programs are available and can be integrated into new Systems as part of the of the total Security Solution.

Systems Developers need to be aware of the need to include Security measures and to be familiar with the latest Security Tools an Techniques.

Overview

Documents

Transcript of Overview