TEMASEK POLYTECHNIC SCHOOL OF INFORMATICS & IT DIPLOMA IN CYBER & DIGITAL SECURITY AY 2011/2012 CASE STUDY 1 & 2 (Oct

Semester)

SECURITY APPLICATION DEVELOPMENT (CCD2C02) SUBJECT LEVEL: 2

INSTRUCTIONS TO CANDIDATES
1. This paper consists of 9 pages (including cover page). 2. This document described Case 1 & 2 that you need to submit for SAPP. 3. Please read it carefully, and follow through the submission instructions.

CCD2C02: SAPP (AY 11/12 Oct Semester)

page 1 of 9

SAPP
CCD2C02

Temasek Polytechnic
School of Informatics & IT
Diploma in Cyber and Digital Security

Case Study 1 & 2

This document describes the Case Study 1 & 2 that you need to submit for SAPP. Please read through it carefully, and follow the submission instructions.

Learning Overview:
1. Experience a project development cycle and its challenges. 2. Design, develop and troubleshoot a software program. 3. Understand software vulnerabilities and propose ways & methods to secure it. 4. Provide documentation of your codes & programs. 5. Critique your work and come up with future enhancements/upgrades. 6. Collaboratively work in a team. Note: preferably form groups of your own. Two or three persons a group.

Pre-requisite:
This case study is an extension of your practical. Make sure that you have done the labs and understand the tools and software developed inside out!

Project Scope
In this project you will work as a team of 2 students to develop a Windows MVC C# application that would access confidential information in a database. The libraries & other software to be used in this Case Study may be limited to: .Net Framework Libraries from your lab exercises. Simple Microsoft Access database. Modal-View-Controller Architecture, MVC Any Biometric library from your lab exercises. page 2 of 9

CCD2C02: SAPP (AY 11/12 Oct Semester)

Please seek your lecturers permission before using any 3rd party software (if they have not been already used in your labs).

Background
You are a new staff at SVG Golf Country club, and are put in charge of customers profile management system (SVGSecureStore). This SVGSecureStore system stores the country clubs important client profiles, which include the client names, addresses, with the correct authorization level, contact information and annual earning income. It is a standalone system and is only accessed by a few key staffs given different roles. The SVGSecureStore system is used by the these users: System administrator with administrative access rights Supervisor with supervisory access rights Support officers with normal user access rights

You have decided to deliver the project in phases. However, at the final phase, after reviewing the security aspect of the existing system, you realized that the current system is vulnerable to password attacks by unauthorized users and had decided to help implementing Two Factor Authentication to give a much stronger level of authentication. Welcome to SVGSecureStore

UserID: Password:

Figure 1 SVGSecureStore Logon Page

CCD2C02: SAPP (AY 11/12 Oct Semester)

page 3 of 9

Requirements
This Case Study has been separated into 2 parts and the project code name is SVGSecureStore. For Case Study 1: Graphical User Interface GUI-Based Application To design and build a Windows GUI-based application, the recommended features handled by each respective role in your project is tabulated as follow: Role System Administrator Supervisor Support officers All Basic Features View existing user, Insert new user, Update existing user, Search existing user View existing client, Insert new client, Update existing client, Search existing client View existing client, Update existing client, Search existing client Logon

The database needs to store the following minimum information: Client Table 1. 2. 3. 4. 5. Client Names Addresses Contact Information Annual Earning System User information

User Table 1. 2. 3. 4. User Names Password Contact Information Role

You are free to modify the database schema if the team has implemented any additional feature. Other Optional Challenges Implement the correct rules of password policy as determined by the Corporate IT Security Policy; this is to ensure that passwords not easily determined by outsiders (Hints: Password encryption, password expiry & etc). CCD2C02: SAPP (AY 11/12 Oct Semester) page 4 of 9

For Case Study 2: Two-factor authentication and biometric verification Biometrics authenticates a person based on a physical or behavioral characteristic, including the face, fingerprints, hand geometry, retinas, handwriting and voice. In the Biometrics lab sessions, you have familiarized yourself how biometrics can be used to verify a person now. Extend your Case Study to include a 2factor login (what you know and what you are) application. You have free play in coming up with your own detailed user interface UI and functionality design. Optional features are welcome and will be rewarded. The baseline for Biometrics authentication is given below: Registration User first types in username to be registered. Click Register button to have his/her biometric information captured and registered. Verification User first types in username. Click Verify button to have his/her biometric information captured and verified whether he is the real user. User rights will be assigned accordingly depending on his role to level of authorization. E.g User may View client Info or Update client Info.

CCD2C02: SAPP (AY 11/12 Oct Semester)

page 5 of 9

Deliverables
Case Study 1 - Submission [Submission is on Week 4] You are required to submit your work using the Case Study 1 template that will be given to you via OLIVE. Please submit your Case Study 1 report and application code via OLIVE accordingly to the requirements below. Requirements Phase: Tasks: 1. Review & analyze SVGSecureStore customer requirements. 2. Develop use case diagram for SVGSecureStore. 3. Distribute the work for the entire project amongst your team member. 4. Design Project plan. (Using Microsoft Project 2007) Deliverables (Group 10%): D1 D2 D3 SVGSecureStore use case diagram (Use template from Lab1) Workload Distribution based on the identified use case (features). SVGSecureStore Project plan

Design Phase: Tasks 1 2 3 Design your (based on individual use-cases determined in D2 above) class diagram(s) of SVGSecureStore application independently. Design your database schema of SVGSecureStore. Design your SVGSecureStore Test plan. (How are you going to prove to your supervisor that your programs work?) Deliverables (Individual 15%): D4 D5 D6 SVGSecureStore Class Diagram (Use template from Lab2). SVGSecureStore Database Schema SVGSecureStore Test plans. page 6 of 9

CCD2C02: SAPP (AY 11/12 Oct Semester)

D7

Submit your Case Study 1 report promptly.

Development Phase: You are required to develop and pilot launch your SVGSecureStore application. Tasks 1 2 3 Develop your part of the program in SVGSecureStore system. Test your own codes. (This is called Unit Testing) Integrate your codes with the rest of teams and test. (This is called System Integration Testing) Deliverables (Individual 25%) D8 D9 A working copy of your code (based on use-cases distributed in D2) Demo and Interview by your instructor (or Panel) to assess the

after the integration. understanding of your own code (based on use-cases distributed in D2).

CCD2C02: SAPP (AY 11/12 Oct Semester)

page 7 of 9

Case Study 2 - Submission You are required to submit your works using the Case Study Final template that will be given to you via the OLIVE. Please submit your Case Study Final report and application code via OLIVE accordingly to the following requirements: Final Phase: Tasks 1 2 Extend SVGSecureStore to use Biometric as a form of authentication. Document your final group report in terms of o Final use case and class design diagrams o Any outstanding issues, functions. o Future enhancements. Deliverables (Individual 20%) D10 The final application should have 2-factor authentication module or any additional features integrated correctly. D11 Demo and Interview by your instructor (or Panel) to assess the

understanding of the final code.

Deliverables (Group 10%) D12 Case Study Final Report

CCD2C02: SAPP (AY 11/12 Oct Semester)

page 8 of 9

Assessment

Breakdown of assessment weightages is as follows. Case Study 1 Case Study 2 You will be assessed on the following: Fulfillment of the functionality Robustness of your code Documentation Presentation Individual questions and answers Please also take note of the standard penalties for late submission, which will apply for this project. Also remind yourself of the heavy penalty for plagiarism and late submission. Group Individual Group Individual 10% 40% 10% 20%

--END--

CCD2C02: SAPP (AY 11/12 Oct Semester)

page 9 of 9