Template Based Approach for Developing a Prototype of

Role Based Security Systems

Moinuddin Khaja GhouseMasters Report, Final Defense

Major Professor: Dr Bill HankleyCommittee Members: Dr Scott Deloach, Dr Mitchell Neilsen

Department of Computing and Information SciencesKansas State University

Background

Presentation Structure• Role Based Security – A Brief Introduction

• The Approach

• A Sample Application

• Evaluation

Role Based Security– Importance– General Concepts

• Discretionary Access Check (DAC)• Mandatory Access Check (MAC)• Role Based Access• Roles and Operations

Role Based Security– Characteristics

• A Collection of job functions• Role Hierarchy• Role Authorization• Role Activation• Role Execution• Dynamic separation of duty• Operation Authorization

Approach Adopted:– Operations– Tasks – Roles– Users and Privileges– Target Applications

Approach: Design– Class Diagram– Use Case Diagram– Sequence Diagram

Class Diagram: -Number : int-Name : char-Description : char

Operation-Number : int-Name : char-Description : char-Operations : char

Task

-Number : int-Name : char-Description : char-Tasks : char

Role

-ID : int-LOGIN_NAME : char-PASSWD : char-ROLES : char

Users

1..*

1..*

1 *

Use Case: Administrator

Administrator

Add Users

Modify Users

Assign Roles

«uses»

Define RolesAssign Tasks to

roles

1

*

*

1

*

1

«uses»

DefineTasksAssign Operations

to Tasks

1

*

«uses»

«uses»

Sequence: Administrator

Administrator AdminOperations.aspx server xml store

Top Package::Administrator

AddOperation()

AddOperation()

write xml node()

success(0/1)

display message

display message

Add task/role()

add task/role()

write xml node()

success(0/1)

display message

display message

Add User()

DataBase

AddUser(Userinfo)

sql command()

return result

success message

success message

Sequence: User Actions

UserX

WebPage RoleInfo.cs Application

actionX

hasAccess(actionx)

statusif( status == yes ) perform action

xml store Database

read xml()

operations set

getRoles()

set of user roles

A Sample Application– Introduction– System Users (Business Titles)

• Requester• Diagnostician• Billing Person• External Expert

Design of the Application

Use Case: Requester

Requester

submit sample

handle sample

1

*

1

*copy sample

edit sample

delete sample

view sample

request analysis

view invoice

send payment

1

*

1

*

1

*

view analysis1

*

«uses»

«uses»

«uses»

«uses»

Use Case: Diagnostician

Diagnostician

handle sample

handle analysis

view invoice

delete sample

edit sample

view sample

view analysis

enter analysis

modify analysis

1

*

1 *1

*

«uses»

«uses»

«uses»

«uses»

«uses»

«uses»

Class Diagram

+SubmitSample()() : int+ViewSample()() : object+EditSample()() : void+DeleteSample()() : int

Sample

+GetAnalysis()() : object+EnterAnalysis()() : int+ModifyAnalysis()() : int

Analysis

+GetInvoice()() : object+CreateInvoice()() : int+SendInvoice()() : void

Invoice

+ViewPayments()() : object+RecordPayment()() : int+SendPayment()() : void

Payments

+GeneralQueryInteger()() : int+GeneralQueryString()() : string+GeneralQueryDataSet()() : object+GeneralStringArray()() : object

DBSupport

+GetCurrentRoles(string)() : object+HasAccess(string,string)() : bool+ViewUserRoles()() : string

RoleInfo

-ID : int-LOGIN_NAME : string-PASSWD : string-EMAIL : string

R_USERS-ID : int-ID_R_USERS : int-SAMPLE_NUMBER : string-HOST/PEST : string-DATE : string

R_SAMPLE

-ID : int-ID_R_USERS : int-ID_R_SAMPLE : int-ANALYSIS : string

R_ANALYSIS-ID : int-ID_R_SAMPLE : int-AMOUNT : float-PAYMENT_INFO : char

R_PAYMENTS

1

*1

*

1

*

1

*

1 *

Database objects

Server Side classes

Client pages

State Diagram:

New Sample Created

sample available for viewing and modification

waiting for analysis

diagnostician analysis

waiting for referral opinion

sample with analysis

waiting for invoice response

sample in paid mode

completed mode

/ On Submitting the sample

/ add all analysis done

/ send an invoice tothe requester

/ recieve a payment

/ insert payment info in the database

/ sample accessed by diagnostician

/ ask for opinion

/ respond with analysis

Sequence: Requester

Requester submitSample handleDB handleSample handleAnalysis handleInvoice handlePayments

SubmitSample()

insert sample data

sample data inserted in DB

request for viewing a sample

request analysis done

get analysis

return analyis

display current analysis done

Request Invoice View

return invoice data

show invoice data

Send Payment

show sample info

Top Package::Requester

GetSample()

return sample info

show the requested sample

edit sample information

edtiing actionshow edited sample information

get invoice info

record paymentsconfirmation of payment

Sequence: Diagnostician

Diagnostician handleSample handleDB handleAnalysis handleInvoice

request to view a sample

get sample info

return sample info

show sample

enter analysis

insert analysis in db

return success

show updated analysis

request for viewing invoice

request for invoice data

show invoice data

return invoice data

Top Package::Diagnostician

Schema Diagram:

R_ANALYSIS

PK ID

FK1 ID_R_USERSFK2 ID_R_SAMPLE

ANALYSISSUGGESTIONSMOD_DATE

R_SAMPLEMETHODS

PK ID

FK1 ID_R_SAMPLEMETHOD_NAMEAMOUNT

R_METHODSLIST

PK ID

METHOD_NAMEAMOUNT

R_USERS

PK ID

LOGIN_NAMEPASSWORDLAST_NAMEFIRST_NAMEEMAILPHONEADDRESS1ADDRESS2CITYSTATEROLES

R_PAYMENTS

PK ID

FK1 ID_R_SAMPLEAMOUNTPAYMENT_INFO

R_SAMPLE

PK ID

FK1 ID_R_USERSSAMPLE_NUMBERHOSTPESTDATE_COLLECTEDLOCATIONDESCRIPTIONNON_SYSTEM_USEREMAILPHONEADDRESS1ADDRESS2CITYSTATESTATUSTOTAL_AMOUNTAMOUNT_DUE

Evaluation– Performance– Usability– Pros and Cons– Lessons Learnt