DSS 12 S4 03 ProjectProposal

7/30/2019 DSS 12 S4 03 ProjectProposal

1/30

School of Computer Science & Software Engineering

Bachelor of Computer Science (Digital Systems Security)

CSCI321- Project

Project Proposal

27 December 2012

Group: SS12/4B

Khoo Jun Xiang 4000766 [email protected]

Ang Wencan Stephen 4194032 [email protected]

Goh Kheng Siang Joel 4187490 [email protected]

Lim Sing Hui 4185948 [email protected]

Low Jia Hui 4186448 [email protected]

Supervisor: Mr Sionggo Jappit

Assessor: Mr Tan Kheng Teck


2/30

Project Proposal SS12/4B

Page 2 of30

Document Control

Title: Project ProposalDocument Name: DSS-12-S4-03_ProjectProposal.doc

Owner Current VersionLast Change on

Approved byDate Time

Khoo Jun Xiang 1.1 27/12/2012 6:00PM Project Manager

Distribution List

Name Title/Role Where

Mr Sionggo Jappit Surpervisor SIM_UOW

Mr Tan Kheng Teck Accessor SIM_UOW

Khoo Jun Xiang Project Manager SIM_UOW

Low Jia Hui Database Designer SIM_UOWGoh Kheng Siang Joel Test Designer SIM_UOW

Lim Sing Hui UI Designer SIM_UOW

Stephen Ang Software Architect SIM_UOW

Record of Revision

Revision Date Description Section Affected Changes Made byVersion after

Revision

30/10/2012 Document CreationBriefing,

update vision and goal

All Khoo Jun Xiang 0.1

2/11/2012 Added all section. A draft of

proposal.

All All 0.2

2/10/2012 Added background, literature

review and objective

Background,

Objective

Low Jia Hui, Lim

Sing Hui

0.3

6/11/2012 Updated roles and responsibilities,

Updated development method

Roles and

Responsibilities,

Development

Method

Goh Kheng Siang

Joel, Stephen Ang

0.4

7/11/2012 Updated Objectives, scope and

problem of limitation

Scope and

Problem of

Limitation

Goh Kheng Siang

Joel, Khoo Jun

Xiang

0.5

7/11/2012 Updated timeline Timeline Lim Sing Hui 0.6

8/11/2012 Review, update of contents All All 0.7

9/11/2012 Final check on project description,updated executive summary

ExecutiveSummary

Khoo Jun Xiang 0.8

23/11/2012 Update Objective, Scope and

Problem Limitation

Objective, Scope

and Problem

ALL 0.9

15/12/2012 Update Objective, Scope Objective, Scope Khoo Jun Xiang 1.0

27/12/2012 Review and Misc ALL Khoo Jun Xiang,

Low Jia Hui

1.1


3/30


Page 3 of30

ContentsDocument Control ................................................................................................................................... . 2

Executive Summary .................................................................................................................................. 4

Introduction ............................................................................................................................................... 5

Project Description .................................................................................................................................... 6

Background ........................................................................................................................................... 7

Objectives ........................................................................................................................................... 12

Scope and Problems of Limitation ...................................................................................................... 19

Development Method .......................................................................................................................... 21

Roles and Responsibilities .................................................................................................................. 25

Timetable ............................................................................................................................................ 28

Reference ................................................................................................................................................ 30

Appendix ................................................................................................................................................. 30


4/30


Page 4 of30

Executive Summary

Inference problem for statistical database has been a constant issue for all enterprise when securingtheir data in their database. Unauthorized personnel use the inference channel to retrieve sensitive

information that they are not allowed to view. Database designer has been trying to prevent such

inference and develop various strategies. But in order to do so, it is required to studied the inference

problem deeply and must fully understood the fundamental problem of determining how multilevel

data of different classification is stored and retrieve from the database. Our aim is to introduce a

product, DB-Wrapper, to provide an efficient storage and retrieval of information from database.

DB-Wrapper is a filtering tool that is wrapped around a statically database to fully prevent inference

attacks in multi-level database. It provides a strong defense required to prevent sensitive information to

be obtained by unauthorized personnel through inference of the statistical database. It targets allenterprises that require a configurable solution that provides ease of usability and handles inference

problems. Most organizations tend to develop similar protection engines and tools that have a poor

interface and is hard to integrate into the system. Unlike them, our development philosophy is to have a

lightweight core engine but yet highly extendable.

OUR VISION:

We strive to create an effective and reliable engine that fully eliminates inference attack of technical

database.

Our vision is the establishment of an efficient and accessible inference protection engine for statistical

database. It allows users to fully utilize this engine in handling highly confidential records of each

individual. Thus, this is an ideal software application to manage areas like Human ResourceDepartments and Hospital Management Systems.

Our approach to achieve this is to build a wrapper around the database and have restrictions with

database in accordance with policies that enable to be set within the management system.


5/30


Page 5 of30

Introduction

Statistical database is a database that contains sensitive records describing individuals but only

statistical information is available. They are mainly used for statistical analysis where only statisticalqueries, such as SUM, AVERAGE and COUNT are available and information of individuals cannot be

disclosed. They are used in many applications, such as census data, mortality data and economic

planning.

The purpose of this project is to develop an inference protection engine for statistical databases. Our

objective is to plan, design and develop a wrapper around the database, such as Oracle database, to

restrict the interactions with the database in accordance with policies that would need to be able to be

set within a hospital management system. Significant thought will be put into applying relevant

policies.

In this project proposal, we would like to show the stakeholders the milestones taken to complete this

project. In-depth objective of this project, scope and risk faced and type of development method will be

included in this proposal.

Lastly, a brief description of the project members will be included. This will consist of past

achievement, current qualifications, their roles and responsibility for the stakeholders' reference.


6/30


Page 6 of30

Project Description

Background

Statistical database

A Statistical Database (SDBs) is a database that contains highly confidential data/records that describes

an individual; however only statistical information can be retrieve in order to provide confidentiality. It

is usually implemented when a system requires statistical analysis which only statistical queries are

allowed so that individual information cannot be retrieved. In practices, many statistical databases are

dynamic where multiple individual data are being modified and updated in order to keep the

information fresh. It can also be categorized into 5 different categories with different structures of the

SDBs will contribute to the major risk of the databases.

Statistical database are mainly use in places like hospital and human resources department with highly

confidential information. In such database, security leads to problems that possibly need to infer

protected information such as retrieving information from permitted statistical queries.

There are several inference attack control mechanisms, which can be proposed to protect the SDBs and

the different advantages and disadvantages of using different approach. However, in practice statistical

database are usually dynamic which reduces the use of inference control method.

Factor that categorized Statistical Database

Immediate In these systems, the queries are process in real time where queries areimmediately processed

Delay The queries that are requested will not be process immediately and user do notknow when the queries will be processed

Dynamic Updates on table within the system will take effect immediately and mayundergo several changes in a short period of time.

Static Updates on table within the system will occur when the lifetime of the database

expires and new database. CentralizedA single centralized data repository where all the table of the database resides

and one database server manages the availability of the database

Decentralized A distributed data repository where all the table of the database are distributedacross multiple database server.

Dedicated When a system are primary use to store the database and to process the queries

Shared When a system is shared to run other application and database application.\


7/30


Page 7 of30

Inference Attacks

Inference attack is a data mining technique which is use to compromise confidential of a statistical

database, it occurs when multiple statistical query are made and combining the results together forminginference chaining which can be used to deduce or infer the confidential information. Inference Attack

can be sub-divided into 5 methods Arithmetic Means, Single Match, Diophantine inferences and linear

systems, Addition Aggregate and Partitioning.

Types of Inference attacks

Arithmetic Means

Statistical database can be compromised by queries getting information about query set whose

cardinality is in the range[a,a-N], where N*2-a is total number of records in the database. This occurs

when one computes the average of the field, thus the size of the tables can be infer by changing the

attributes of the average computation which provides as the beginning for several other inference attack.

Arithmetic means is to be considered an important piece of statistical system

Single Matching

This method uses queries that will return only a few tuples to retrieve confidential data. It is said to be

the most effective method of queries matching which will result in disclosure of confidential

information belong to a single data item allowing access to data related to small group by create queriesthat match the records in order to disguise the real intentions.

Diophantine inferences and linear systems

This method uses the knowledge of the distribution function to create a series of queries that will return

result relating to several different sets of data that does not reveal any single value. With the use of

Diophantine equations, unknowns can access by in an indirect manner by combining multiple queries

and extracting data such as table and field dimensions. With the use of Diophantine equation where a

set of equations can be form and eventually result to exposure of individual fields.


8/30


Page 8 of30

Addition Aggregate

This attack uses the summation of multiple SUM aggregation queries to infer a value and using

differentiation between two SUM queries results that could be use successful infer the restricted

information.

Partitioning

This attack is most frequently used on small sets of data call low-frequency group where multiple

queries will result produce small results and using multiple queries that will eventually cancel each

other out revealing the information that is required. When there is cases where the system refuse to

process the results we can deduce that the cardinality of the result is small and using this problem to

derive with a more precise value.

Tracker

To add on, confidential records can be compromised by a series of small queries with the help of a'Tracker'. Tracker' derives confidential records from known characteristics of an individual and

deducing additional characteristic an individual might have.


9/30


Page 9 of30

Types of Inference Control Methods

In order to enhance the security of a statistical database, there are several methods that can be proposed.

The methods can be classified to 3 classes; conception, perturbation and query restrictions.

1. Perturbation ApproachPerturbation approach introduces noise to the data or the result of the query without affecting the

data in the statistical database, however this is a trade-off between the consistency of the data and the

level of security, which happens when the records are suppressed and causing confusion by ensuring

that the results produced by a query is not directly related to the actual data stored in the database.

This approach is generally more applicable to medium-size and large systems. Perturbation approach

can be divided to 2 different type; Data perturbations which is associated with the actual data in thedatabase and Output perturbations is to introduce noise to the results of the queries

One example is bivariate perturbation. It is a fixed type of data perturbations that are targeted on

controlling the data within the dataset so that it will still retain its own characteristic but making the

observations of a single data meaningless, as it does not reflect on the actual data. However, this

method requires additional storage space so that the original dataset can be stored apart and monitor

and change accordingly. This allows maximum access, as the actual data cannot be inferred through

multiple queries.

2. Conceptual ApproachConceptual method proves security on the concept-data model level where tables are broken down

into multiple smaller tables and statistical queries may result in redundant information. (e.g lattice

model)

3. Query restrictions ApproachQuery restriction added extra restriction on query protecting data from low query set size,

overlapping of results, auditing of queries and partition data into mutually exclusive subsets and cell

suppressions.

Query-Set-Size-Control


10/30


Page 10 of30

Query Set Size approach restricts the statistical query if the set-size result of the statistical query is

small, so that it is hard to infer using Single matching methods

Query-Set-Overlap Control

Query-Set -Overlap approach restricts the statistical query if the system identifies the result of two or

more the statistical query overlaps and investigates if the queries that surface will compromise the

security of the statistical database.

Auditing

Auditing requires that all the queries made by one user is being recorded down requires consistent

checking to ensure that the multiple queries made by a single user does not result in an inferenceattack.

Partition

Partitioning is to cluster multiple individual entities into different subset, atomic populations which

contribute the resources to the user. The problem occurs when an atomic population consists of only

a single data.

Cell Suppression

The technique typically use for data published in tabular, that hides the cells that may cause

confidential information to be reveal and other non-confidential information which may cause

confidential information to be leak.


11/30


Page 11 of30

Metadata modeling

Metadata modeling can be used in software and system engineering for constructing of models and

analysis. It is for development of frames, rules, models and theories, which are applicable and

effectively used for predefined class of problems. There is a concept diagram in meta-data modeling;

which is an adjusted class diagram. There are also important notions such as concept, generalization,

association, multiplicity and aggregation. Moreover, Metadata modeling is an enhancement to

relational database tables. It is tough to use tables directly as there are numerous items to filter out or

joining of tables that will have an impact on processing time. A good metadata will deal these issues.

With the model that combines items from different tables, it allows them to be available to reporting

and enable to use analysis tools. Data items can be hidden from users that are not authorized to view

them. Furthermore, developers of the database do not have to worry about getting the joins in the tables

correctly as data items can be combined in complex calculations for reporting.

To sum the problems up, the inference problems that statistical database created involves:

1. Indirect access. View data which user has no privileges to.

2. Correlated data. Visible data is related to invisible data.

3. Missing data. Having null values for fields that should not be null logically.4. Data association. Two non-sensitive data will become sensitive if combined.


12/30


Page 12 of30

ObjectivesThe goal of this project is to detect and remove all inference channels and prevent value constraints in a

statistical database. In another word, our aim is to prevent unauthorized personnel to infer data with ahigher classification from a data with a lower classification.

This project is to implement an inference protection engine for statistical databases. Based on data

dependency, database scheme and sematic knowledge, we can construct a filtering wrapper around the

database. Not only will it protect sensitive data contents, the wrapper will provide statistical

information related to the content of database whereas highly sensitive transactions information will be

protected.

Our product DB-Wrapper will sit on top of the database and provides inference protection by

filtering users queries.

Based on the literature review above. We have identified four most common inference attack on

statistical database. The proposed solution is targeted to prevent these four attacks mention.

-Arithmetic Means: When computing the average of a field, table size must vary the attributes of

average computation. This is the beginning of the several inference attacks.

-Single Match: It is a successful method for usage of queries matching exactly one data item.

-Addition Aggregate: This attack implements SUM aggregate to infer a value from a reported addition

of records.

-Partitioning: Statistical databases hide data when a small number of entities makes a large proportion

of the data revealed. The attacker will combine additional records to retrieved other different aggregate

queries.


13/30


Page 13 of30

Overviewof our wrapper

The above diagram shows how inference protections are done on statistical database. The structures are

divided into 2 components Database and Inference Checks. Database consists of the statistical databaseand the basic authentication control provided by Oracle database.

The Inference Checks consists of inference control wrapper and the inference checker. Inference

Checker provides the checking of logs and Inference history to determine if the query made or previous

queries made by the same user end up with a possible inference attack. The information is then passed

back to the Inference control wrapper to determine the action to be done to handle the situation.

If inference attack occurs, the result will not be display and instead the query will be logged under

Inference history and the user will only know that the access is denied. If inference attack is not

detected the Wrapper will then return the result to the user.


14/30


Page 14 of30

Main Features of DB-Wrapper:

1. Conceptual Lattice model to provide a framework that describes statistical database

information in tabular form at different level of aggregation to suppress confidentialinformation. ( Meta-Data Modeling/ Data Dictionary)

2. Query RestrictionPrevent query which can lead to success in inference attack.

Only allow aggregate queries by using User interface to control the function call in aSQL statements

: SUM, COUNT, AVG, etc.

Do not allow overly selective queries: SELECT WHERE income = 2500;

3. Query set size controlPermits a statistic to be released only if the size of the query set |C|

satisfies the condition K


15/30


Page 15 of30

Database Description

SQLite will be used to provide a relational database management system, or RDBMS. SQLite will

assist us in developing a database-backed application. The reason of choosing SQLite is because it issuitable to use in our assignments, for low to medium traffic and working with a scripting language

such as C or C++. SQLite also provides applications such as SQLite Manager and SQLite Browser to

manage SQLite database on our computer. SQLite manager will be used to create the DB-Wrapper

database as well as the Application database. DB-Wrapper database will be used to contain all the

meta-data information of the application database that DB-Wrapper is applied on. Meta-data / data

dictionary is a set of information which describes the structure of the database consisting of Table,

attribute and constraints.

Screenshot of SQLite Manager:

Source:

https://reader009.{domain}/reader009/html5/0424/5adefe11b542f/5adefe1a872c4.png?modified=133124770

Inference protection database (Database of DB-Wrapper)
https://addons.cdn.mozilla.net/img/uploads/previews/full/17/17043.png?modified=1331247702https://addons.cdn.mozilla.net/img/uploads/previews/full/17/17043.png?modified=1331247702https://addons.cdn.mozilla.net/img/uploads/previews/full/17/17043.png?modified=1331247702


16/30


Page 16 of30

Following are the three main items in the database.

1. User Table

This table will store the username and password of all users. To enhance security feature,

password stored will be encrypted.

Main column attributes: userID, userName, password.

2. Roles

This table will store the role associated with every users. The amount of privileges of each user

depends on their role.

Main column attributes: RoleNum, roleName.

3. Data Dictionary (metadata repository)

Multiple tables will be used to store the description of the application database. It determines

the structure of an application database. Users, designers and administrator will get information

from the application database base on this data dictionary instead of directly access the

application database. Application database is secured and protected in this way.

Main Table: Application, Table, Attributes, Constraint

Application table will store the details of all application databases.

.Main attributes: AppNumID, AppName.

Table will store the details of tables in each application database.

Main attributes: TableName.

Attributes will store the details of attributes in each tables of all application.

Main attributes: AttributesName..

Constraint will store the details of constraints that are applied on each application.

Main attributes: ConstraintName,Value.

There will be rules associated with each attribute. These rules will defined the property

of the attributes and determine the functions that can be executed to these attributes.


17/30


Page 17 of30

Sample Design of the applicationDatabase UOW Staff DB

Database Description: Staff in SIM

Contains around 25 records and 10 attributes

Main Attributes are: Staff_Number, Staff_Name, Staff_DOB, Staff_Age, Staff_Gender, Staff_Address,

Staff_Course, Staff_Salary, Staff_Position, Staff_Date_join

Sensitive Attributes are: Staff_Number, Staff_Name, Staff_DOB, Staff_Address, Staff_Salary

Why are those attributes confidential? Assumption: Database is for fellow staff to view.

These attributes give away sensitive informational of a staff:

-

Staff_Number:o Unique ID to a staff. We could impersonate the staff if we know the Staff ID of an

employee

- Staff_Name:

o There is no need to know any staff names. In any case, our database wrapper will only

allownon-aggregate function such as COUNT, AVG, Sum etc

- Staff_DOB:

o Individual's DOB should be protected from fellow colleagues- Staff_Address:

o Individual's residential address should be protected from fellow colleges

-

Staff_Salary:o Individual's salary should be protected from fellow colleges


18/30


Page 18 of30

Technology

This assignment will need the project team to download SQLite which is a software library that

implements a self-contained, serverless, transactional SQL database engine. SQLite enables developers

to work on C, C++ applications. The recommended version to download is 3.7.15. SQLite

manager/browser will then be downloaded to provide the project team with an interface

QT development framework, a cross-platform application framework, will then be used for developing

our application graphical user interface (GUI). QT uses standard C++ which all members of the project

teams have experience with. It has a unified cross-platform application programming interface (API)

which will benefits the project team where members uses different kind of platform such as MAC,

Window and Linux.

Programming language to code the wrapper is selected to be in C++. The reason is because all

members have been using C++ to code most of the school assignments.

QTSql is one modules of QT. It contains classes that integrate with open-source and proprietary SQL

databases. Most importantly, QTSql includes an implementation of SQLite. The project team will use

QT creator, an IDE of QT, to implement the GUI.

Below shows the main window of QT Creator:


19/30


Page 19 of30

Scope and Problems of Limitation

This section lists the scope as well as problems of limitation that we expect to face during thedevelopment process of the inference protection engine. Realistically, there is no plan that is and

perfect and no problem. All projects have its risks and problems. Some of the most significant potential

problems that can occur are:

Scopes

Main scopes of our products (DB-Wrapper)

- Inference controller prototype to handle interfaces during query processing

- Meta-Data Modeling

- Propagating update to the user history files to ensure accepted/rejected queries are logged

- GUI platform will only aggregation queries to be made- Filter queries by allowing not overly selective queries.

- Queries result that are return consist of only statistical information

- Query set size control are to be implement to reduce the chance of inference attack due to smallquery set size by permitting statistical information to be released only if the size of the query set

size satisfies query set-size control limits

- Usage of range and constraints


20/30


Page 20 of30

Problems

All members are currently taking two modules of the course. Times are allocated to do those subjects

assignments and revision. This is just a minor constraint as a good project plan and timeline can solvetime constraints issues.

In a large database system, the dependency relationship between the security attribute and otherattributes is complicated. In another word, it is hard to give a quantitative measurement to describe

protection requirements for each security attribute. Therefore, constant review, analyses and

measurement of database data need to be done. All assumptions must be made and stated so that there

wont any conflicts and confusion.

Problems will occur when data is restricted by the control mechanisms in our engine wrapper product.

Severe restrictions on allowable query sizes will render the database useless. Light restrictions on

allowable query sizes will not secure confidential records. Our products will choose to prioritize onsecuring confidential information instead of leaking sensitive information to unauthorized personnel so

that the database wont be useless. However, extra focus will be done to make users are able to getthe most amount of information from their queries.

Testing will be done both during all iterations phases and before submission of the final product to

ensure the number of bugs should is kept to the minimum. However, it is always possible that one or

two mission critical issues were missed. Therefore, it is important to scheduled maintenance periodsafter the product is released. In some cases, we can temporary stop the product and services from

running during the maintenance if necessary. A message that the service is under maintenance must

then be displayed to the users.

One of our features Query set size control might be compromised after a frame of queries if thethreshold value is too small. One example is through individual tracker which is a costumed formula

which allows us to calculate the answer to a forbidden query indirectly. Tracker attack can beprevented by placing several restrictions on the query set size or controlling the queries that are

allowed in some other ways. One way is to increase the threshold value. However, if the threshold

value is too large, many queries will be restriction unnecessary.

Therefore, query set overlapped is introduced to counter this issue. Any queries made by the user first

undergoes the process of query set size control and if the query passes the stage, then it undergoes the

process of query set overlap techniques to check for database compromise.

Query set overlap is that successive queries must be checked against the number of common recordssuch that if the number of common records in any query exceeds a given threshold, the requestedstatistic is not released.

However, Query set overlapped would be additional feature and would only be implemented if only

there are sufficient time after the main requirements of DB-Wrapper are implemented/


21/30


22/30


Page 22 of30

Inception PhaseIn this phase, the primary goal is to establish the project scope. To fully utilize each

member, the roles of our team mates must be decided based on individuals skills. All members will betasked to do the following tasks based on their roles:

- An identification of objectives for the assignment

- Establishment of project scope

- Main end goal of project- Identify alternatives to mitigate risk

- Documentation inclusive of core project requirements, key functional requirements, possible

constraints, illustrations of use cases

- Project implementation plan- Overall constraints - cost and schedule

- Milestone identified, (Lifecycle Objective), mainly an understanding of requirements of the

project which will be supported by evident use of use cases

Based on the above findings, a detailed plan will be made to guide us on how the development of

project will take shape. However, many details are still raw. The project is currently in this phase. Inthe real world, the project can still be cancelled if it is not feasible as not much work has been done.

For this final year project, some of the main deliverables for the inception phrase will be the members

profile, project proposal, project website, initial project documents and initial preliminary requirementspecification.

Elaboration PhaseIn this phase, the primary goal is to look into the project scope in greater details.

It is the most crucial of the 4 phases as it is necessary to clarify all doubts and understand the project

fully before further development. Project will get it basic architecture and the risks will be analyzed.The blueprint for the development effort to continue is provided. The blueprint mainly consists of the

following:

- Elaboration of scope

- Development of project plan

- Identify and eliminate the elements that are identified to be of the highest risk- Specifics of architecture, requirements and plans are being researched and stabilized

- Usage scenarios and use cases (80%)

- Prototyping the product before moving to construction phase- Find ways to greatly reduced all risks

- Note down all uncertainties- Milestone identified, (Lifecycle Architecture), mainly detailed system objectives and possibleresolutions to major risks that have been identified

At the end of this phrase, a decision on which approach to use must be decided based on key factors

such as effectiveness, efficiency, risks, proficiency of group members and comparison with otherapproaches. Any changes made after this will be costly and difficult to make because these changes


23/30


Page 23 of30

might be made half way through actual development, in which many different parts of the system are

interrelated. In the real world, we must take into consideration the budget of the project and make

agreement with all stakeholders before moving to the construction phase.

For this final year project, some of the main deliverables for the elaboration phrase will be the final

version of project document, final version of system requirement specifications, preliminary technical

design manual and project prototype.

Construction PhaseIn this phase, actual development of the product will be done. The project

development will be heavily based on the blueprint concluded from the previous phase. Flows built in

the elaboration phase will be further enhanced. Architecture will not be worried, focused instead ondelivering the highest value solution possible. Several iterations of implementing and validating the

system are being carried out concurrently. Main activities of the development process consist of:

- Set targets and scheules- Development and integration of application features

- All features are tested thoroughly- Emphasis on management of resources and optimization to reduce costs and increase quality

- Breaking up the development into several iterations.

- Constant evaluation on the approach

- Extensive testing on each functionalities- Integration of system to different platforms (If applicable)

- Completion of development of application components and testing of functional requirements

- Finalized version of User Manuals or ReadMes are provided to guide users in using the system

- Milestone identified, (Initial Operational Capability), mainly application is ready for operation,

usually known as the beta release before actual deployment on a huge scale

At the end of the construction phase, the program should be able to be used by a small group of end

users

For this final year project, some of the main deliverables for the construction phrase will be the system

test plan, progress report, user manual.

Transition PhaseIn this phase, the system is moved to the user environment. Activities will consist

of:

- Beta and integration testing- Checking product meets end user requirements

- Deliver product to stakeholder

- Training personnel in utilizing the system- Validation of system against operational needs

- Milestone identified, (Product Release), mainly checking and making sure that objectives are

met and determining is another development cycle is necessary


24/30


Page 24 of30

For this final year project, some of the main deliverables for the transition phase will be the final result

of all the system tests, product and presentation.

In comparison, inception and elaboration phase belongs to the genre of developing intellectual property(e.g. proposed ideas, resources needed) and the construction and transition phase belongs to the genre

of deploying and management of the product.

Through the use of RUP, we will be approaching the project with a clear understanding of the needs ofthe project. A balance will be kept between project requirements and project risk. The project will be

delivered on time with quality.


25/30


Page 25 of30

Roles and Responsibilities

Each members of the team has different roles to play. Each role will be in charge of different aspect of

the project. Each member need to deliver the artifacts for aspect that he is responsible for.

Realistically, every member will also contribute to other aspects of the project but will only be more

focused on those they are in charge of.

Committee Structure:

Roles Jun Xiang Jia Hui Joel Stephen Sing Hui

Database

Designer

Documenter

Implementer

Integrator

ProjectManager

SoftwareArchitect

System

Analyst

SystemTester

Test

Designer

User

Interface

Designer


26/30


Page 26 of30

Job scopes of each roles:

DatabaseDesigner

Responsible to Design and implement project database systems. Drawing ofERD diagrams. Must be able to provide programming and troubleshooting

support for database systems. Perform data backup and restoration on regularbasis. Responsible for the integrity of database.

Documenter Project diaries will be done based on individual roles. Project diaries will

consist of the work assigned to them, their work process and the difficultiesfaced during the project including the solution to the difficulties. For

example, project manager will include the user manual in the documentation.

Tester will include the testing result.

Implementer Lead programmer of the system. Program all the functions in the product.

Work closely with tester.

Integrator Main System Integrator to integrate all the components of the system. Make

sure that components are checked by tester before integrating. Work closely

with Project manager and Software Engineer.ProjectManager

Overlook the entire project and finalize the analyses of project requirements.Helps to settle clarification between Team Members and supervisor. Task,

Identifies, define and do quality check for the various individual components

of team members. Compile work done by each members and make sure it

form the specified deliverable for submission Required to do the projectplanning, meeting management, resource allocation, overlooking all the 4

RUP projects phases and ensure smooth execution. Ensure deliverables are

completed before the submission deadline.

Software

Architect

Lead in system designs such as requirements specification and UML

diagrams. Involves in developing system architecture, brainstorming end-to-

end requirements between stakeholder needs and final products. Have tomake sure the architecture requirement meet customer needs. Bottom line is

to develop system and software architectures to ensure performance andmodularity.

System

Analyst

Analyse existing business operations and existing information systems.

Propose alternative solutions to business problems and select and justifypreferred solution. Design and guide implementation of new systems

including process flow, user interface, reports, and security procedures.

Prepare training and user manual for the final product.

System

Tester

Perform testing and report to implementer and integrator of any bugs found.

Assist implementer in programming of the system.

TestDesigner

Responsible in setting up the system test plan for system tester to use. Mustidentify all necessary test required to ensure the usability of the final product.

UserInterface

Designer

In charge designing, creating and performing maintenance of our GUI ofproducts. Identify the aim, structure and technique to achieve the required

GUI needed for the product. Helps in designing of project website. Work

closely with both the Software Engineer and Project Manager.


27/30


Page 27 of30

Main responsibilities of each member:

Name Responsibilities

Khoo Jun Xiang Planning and managing of the project

Involve in the designing of database systemInvolve in the implementation of the system

Low Jia Hui Involve in the designing of the database systemInvolve in the implementation the system

Involve in the integration the system

Involve in the testing of the system

Goh Kheng Siang

Joel

Involve in the designing of the database system

Involve in the designing of the test casesInvolve in the testing of the system

Involve in the designing of the user interface

Stephen Ang Involve in the documentation of the project development

Involve in the integration the systemInvolve in the designing of the test casesInvolve in the testing of the system

Lim Sing Hui Involve in the documentation of the project developmentInvolve in the designing of the test cases

Involve in the designing of the user interface


28/30


Page 28 of30

Timetable

Our project development will be implementing on the RUP model. This following section will be

presenting the project schedule graphically. In addition, each phases are iterative meaning that there aresuccessive refinement, evaluating and testing before deciding on an effective solution.

WEEK

Activity 1-2 3- 5 6-8 9-10 10-11 12-15 16-17 18-19 20

Proposal Due Date 10/11 24/11 8/12 22/12 29/12 19/1 9/2 23/2 2/3

Inception Phase

FORMING THE TEAM, SET

UP PROJECT WEBSITE

- Form project team,

- Identify roles &

responsibilities- Create project website

- Do literature review

REQUIREMENT

-Systems functionalities

-Initial Use Cases and Risk list

- Test Plan

- Algorithms and interfaces(

functional, non-functional,

security)

- Project Document(Preliminary Requirement

Specification)

Elaoration Phase

ANALYZE AND DESIGN

- Case Diagram

- Class Diagrams

- Sequence Diagrams

- Activity Flow Diagrams

- Architecture Design

- Database Design

- Produce System Design

- Update Project Plan

- Update Website

- Update Use Cases

IMPLEMENTATION


29/30


Page 29 of30

- Starts development

- Design Implementation

- Develop prototype with

basic functionalities- Preliminary Project

Document

(SRS, Technical Design

Manual)

- Unit Testing

- User Acceptance Test

TERM 1 REVIEW

- Demonstrate prototypes

- Submit Preliminary Project

Documents

(Project Document, SRS,

Technical Design Manual,

Project Website)

Construction Phase

IMPLEMENTATION

- Start implementation of all

functions

-Unit Testing

- Update Technical Design

and documents with further

development

- System Test Plan- Progress Report( Minutes

of Meeting and Project

Diary)

Transition Phase

TESTING

- Integration Test

- Produce User Manual

PREPARATION OF

DEMONSTRATION &

PRESENTATION OF PROJECT

- Wrap up development andprepare project presentation

- Present to supervisor

PROJECT PRESENTATION

-Team demonstration to

panel of supervisors and

assessor

X


30/30


Page 30 of30

References

1. Salvador Mandujano- Inference Attacks to Statistical Database: Data Suppression, ConcealingControls and Other Security Trends - 1

st

May 2000 -http://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFj

AA&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.61.751%2

6rep%3Drep1%26type%3Dpdf&ei=L4avULvtLsHQrQel9YHYDA&usg=AFQjCNHjPzwJcCvPgggPDB_Qc1g

hjg4bXQ&sig2=5G-6qsU5zM6cYZqQ70gKuw

2. Shiuh-Pyng Shieh And Chern-Tang Lin Information Protection in Dynamic Statistical Database 1stJanuary 1999 -

http://dsns.csie.nctu.edu.tw/ssp/paper/29.Information%20Protection%20in%20Dynamic%20Statis

tical%20Databases.pdf

3. Per Kroll And Philippe Kruchten - The Rational Unified Process Made EasyA Practitioners Guide ToThe RUP Dec 2007

4. Michael Hylkema - A survey of Database Inference Attack Prevention Methods 1st Decemeber 2009

http://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFj

AA&url=http%3A%2F%2Fmet-research.bu.edu%2Fmet-

ert%2FInternal%2520Documentation%2FInference%2520Research%2FMichael_Hylkema_Research_

Paper.pdf&ei=mpCvUIm2FcLZrQfl5oGQBw&usg=AFQjCNGBvseuUw44DR051ogSdge0IXBEuw&sig2=G

_LImMo1cGeMSEcAV8aqOA

5. Neelabh Baijal - Privacy in Statistical Database: An Approach Using Cell Suppression 1st May 2005http://www.cs.utep.edu/vladik/cs5354.10/thesis.pdf

Appendix

None
http://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.61.751%26rep%3Drep1%26type%3Dpdf&ei=L4avULvtLsHQrQel9YHYDA&usg=AFQjCNHjPzwJcCvPgggPDB_Qc1ghjg4bXQ&sig2=5G-6qsU5zM6cYZqQ70gKuwhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.61.751%26rep%3Drep1%26type%3Dpdf&ei=L4avULvtLsHQrQel9YHYDA&usg=AFQjCNHjPzwJcCvPgggPDB_Qc1ghjg4bXQ&sig2=5G-6qsU5zM6cYZqQ70gKuwhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.61.751%26rep%3Drep1%26type%3Dpdf&ei=L4avULvtLsHQrQel9YHYDA&usg=AFQjCNHjPzwJcCvPgggPDB_Qc1ghjg4bXQ&sig2=5G-6qsU5zM6cYZqQ70gKuwhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.61.751%26rep%3Drep1%26type%3Dpdf&ei=L4avULvtLsHQrQel9YHYDA&usg=AFQjCNHjPzwJcCvPgggPDB_Qc1ghjg4bXQ&sig2=5G-6qsU5zM6cYZqQ70gKuwhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.61.751%26rep%3Drep1%26type%3Dpdf&ei=L4avULvtLsHQrQel9YHYDA&usg=AFQjCNHjPzwJcCvPgggPDB_Qc1ghjg4bXQ&sig2=5G-6qsU5zM6cYZqQ70gKuwhttp://dsns.csie.nctu.edu.tw/ssp/paper/29.Information%20Protection%20in%20Dynamic%20Statistical%20Databases.pdfhttp://dsns.csie.nctu.edu.tw/ssp/paper/29.Information%20Protection%20in%20Dynamic%20Statistical%20Databases.pdfhttp://dsns.csie.nctu.edu.tw/ssp/paper/29.Information%20Protection%20in%20Dynamic%20Statistical%20Databases.pdfhttp://dsns.csie.nctu.edu.tw/ssp/paper/29.Information%20Protection%20in%20Dynamic%20Statistical%20Databases.pdfhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fmet-research.bu.edu%2Fmet-ert%2FInternal%2520Documentation%2FInference%2520Research%2FMichael_Hylkema_Research_Paper.pdf&ei=mpCvUIm2FcLZrQfl5oGQBw&usg=AFQjCNGBvseuUw44DR051ogSdge0IXBEuw&sig2=G_LImMo1cGeMSEcAV8aqOAhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fmet-research.bu.edu%2Fmet-ert%2FInternal%2520Documentation%2FInference%2520Research%2FMichael_Hylkema_Research_Paper.pdf&ei=mpCvUIm2FcLZrQfl5oGQBw&usg=AFQjCNGBvseuUw44DR051ogSdge0IXBEuw&sig2=G_LImMo1cGeMSEcAV8aqOAhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fmet-research.bu.edu%2Fmet-ert%2FInternal%2520Documentation%2FInference%2520Research%2FMichael_Hylkema_Research_Paper.pdf&ei=mpCvUIm2FcLZrQfl5oGQBw&usg=AFQjCNGBvseuUw44DR051ogSdge0IXBEuw&sig2=G_LImMo1cGeMSEcAV8aqOAhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fmet-research.bu.edu%2Fmet-ert%2FInternal%2520Documentation%2FInference%2520Research%2FMichael_Hylkema_Research_Paper.pdf&ei=mpCvUIm2FcLZrQfl5oGQBw&usg=AFQjCNGBvseuUw44DR051ogSdge0IXBEuw&sig2=G_LImMo1cGeMSEcAV8aqOAhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fmet-research.bu.edu%2Fmet-ert%2FInternal%2520Documentation%2FInference%2520Research%2FMichael_Hylkema_Research_Paper.pdf&ei=mpCvUIm2FcLZrQfl5oGQBw&usg=AFQjCNGBvseuUw44DR051ogSdge0IXBEuw&sig2=G_LImMo1cGeMSEcAV8aqOAhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fmet-research.bu.edu%2Fmet-ert%2FInternal%2520Documentation%2FInference%2520Research%2FMichael_Hylkema_Research_Paper.pdf&ei=mpCvUIm2FcLZrQfl5oGQBw&usg=AFQjCNGBvseuUw44DR051ogSdge0IXBEuw&sig2=G_LImMo1cGeMSEcAV8aqOAhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fmet-research.bu.edu%2Fmet-ert%2FInternal%2520Documentation%2FInference%2520Research%2FMichael_Hylkema_Research_Paper.pdf&ei=mpCvUIm2FcLZrQfl5oGQBw&usg=AFQjCNGBvseuUw44DR051ogSdge0IXBEuw&sig2=G_LImMo1cGeMSEcAV8aqOAhttp://www.cs.utep.edu/vladik/cs5354.10/thesis.pdfhttp://www.cs.utep.edu/vladik/cs5354.10/thesis.pdfhttp://www.cs.utep.edu/vladik/cs5354.10/thesis.pdfhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fmet-research.bu.edu%2Fmet-ert%2FInternal%2520Documentation%2FInference%2520Research%2FMichael_Hylkema_Research_Paper.pdf&ei=mpCvUIm2FcLZrQfl5oGQBw&usg=AFQjCNGBvseuUw44DR051ogSdge0IXBEuw&sig2=G_LImMo1cGeMSEcAV8aqOAhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fmet-research.bu.edu%2Fmet-ert%2FInternal%2520Documentation%2FInference%2520Research%2FMichael_Hylkema_Research_Paper.pdf&ei=mpCvUIm2FcLZrQfl5oGQBw&usg=AFQjCNGBvseuUw44DR051ogSdge0IXBEuw&sig2=G_LImMo1cGeMSEcAV8aqOAhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fmet-research.bu.edu%2Fmet-ert%2FInternal%2520Documentation%2FInference%2520Research%2FMichael_Hylkema_Research_Paper.pdf&ei=mpCvUIm2FcLZrQfl5oGQBw&usg=AFQjCNGBvseuUw44DR051ogSdge0IXBEuw&sig2=G_LImMo1cGeMSEcAV8aqOAhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fmet-research.bu.edu%2Fmet-ert%2FInternal%2520Documentation%2FInference%2520Research%2FMichael_Hylkema_Research_Paper.pdf&ei=mpCvUIm2FcLZrQfl5oGQBw&usg=AFQjCNGBvseuUw44DR051ogSdge0IXBEuw&sig2=G_LImMo1cGeMSEcAV8aqOAhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fmet-research.bu.edu%2Fmet-ert%2FInternal%2520Documentation%2FInference%2520Research%2FMichael_Hylkema_Research_Paper.pdf&ei=mpCvUIm2FcLZrQfl5oGQBw&usg=AFQjCNGBvseuUw44DR051ogSdge0IXBEuw&sig2=G_LImMo1cGeMSEcAV8aqOAhttp://dsns.csie.nctu.edu.tw/ssp/paper/29.Information%20Protection%20in%20Dynamic%20Statistical%20Databases.pdfhttp://dsns.csie.nctu.edu.tw/ssp/paper/29.Information%20Protection%20in%20Dynamic%20Statistical%20Databases.pdfhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.61.751%26rep%3Drep1%26type%3Dpdf&ei=L4avULvtLsHQrQel9YHYDA&usg=AFQjCNHjPzwJcCvPgggPDB_Qc1ghjg4bXQ&sig2=5G-6qsU5zM6cYZqQ70gKuwhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.61.751%26rep%3Drep1%26type%3Dpdf&ei=L4avULvtLsHQrQel9YHYDA&usg=AFQjCNHjPzwJcCvPgggPDB_Qc1ghjg4bXQ&sig2=5G-6qsU5zM6cYZqQ70gKuwhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.61.751%26rep%3Drep1%26type%3Dpdf&ei=L4avULvtLsHQrQel9YHYDA&usg=AFQjCNHjPzwJcCvPgggPDB_Qc1ghjg4bXQ&sig2=5G-6qsU5zM6cYZqQ70gKuwhttp://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFjAA&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.61.751%26rep%3Drep1%26type%3Dpdf&ei=L4avULvtLsHQrQel9YHYDA&usg=AFQjCNHjPzwJcCvPgggPDB_Qc1ghjg4bXQ&sig2=5G-6qsU5zM6cYZqQ70gKuw