School of Computer Science & Software Engineering

Bachelor of Computer Science (Digital Systems Security)

CSCI321- Project Project Proposal 27 December 2012

Group: SS12/4B Khoo Jun Xiang Ang Wencan Stephen Goh Kheng Siang Joel Lim Sing Hui Low Jia Hui 4000766 4194032 4187490 4185948 4186448 Jxkhoo001@mymail.sim.edu.sg Wsang003@mymail.sim.edu.sg Ksgoh007@mymail.sim.edu.sg Shlim035@mymail.sim.edu.sg Jhlow010@mymail.sim.edu.sg

Supervisor: Mr Sionggo Jappit Assessor: Mr Tan Kheng Teck

Project Proposal

SS12/4B

Document Control
Title: Document Name:
Owner Khoo Jun Xiang

Project Proposal DSS-12-S4-03_ProjectProposal.doc

Current Version 1.1 Last Change on Date 27/12/2012 Time 6:00PM Approved by Project Manager

Distribution List Name Mr Sionggo Jappit Mr Tan Kheng Teck Khoo Jun Xiang Low Jia Hui Goh Kheng Siang Joel Lim Sing Hui Stephen Ang

Title/Role Surpervisor Accessor Project Manager Database Designer Test Designer UI Designer Software Architect

Where SIM_UOW SIM_UOW SIM_UOW SIM_UOW SIM_UOW SIM_UOW SIM_UOW

Record of Revision Revision Date 30/10/2012 Description Document Creation Briefing, update vision and goal Added all section. A draft of proposal. Added background, literature review and objective Updated roles and responsibilities, Updated development method Section Affected All Changes Made by Khoo Jun Xiang Version after Revision 0.1

2/11/2012

All

All

0.2

2/10/2012 6/11/2012

7/11/2012

Updated Objectives, scope and problem of limitation Updated timeline Review, update of contents Final check on project description, updated executive summary Update Objective, Scope and Problem Limitation Update Objective, Scope Review and Misc

7/11/2012 8/11/2012 9/11/2012 23/11/2012 15/12/2012 27/12/2012

Background, Objective Roles and Responsibilities, Development Method Scope and Problem of Limitation Timeline All Executive Summary Objective, Scope and Problem Objective, Scope ALL

Low Jia Hui, Lim Sing Hui Goh Kheng Siang Joel, Stephen Ang

0.3 0.4

Goh Kheng Siang Joel, Khoo Jun Xiang Lim Sing Hui All Khoo Jun Xiang ALL Khoo Jun Xiang Khoo Jun Xiang, Low Jia Hui

0.5

0.6 0.7 0.8 0.9 1.0 1.1

Page 2 of 30

Project Proposal

SS12/4B

Contents
Document Control ................................................................................................................................... . 2 Executive Summary .................................................................................................................................. 4 Introduction ............................................................................................................................................... 5 Project Description.................................................................................................................................... 6 Background ........................................................................................................................................... 7 Objectives ........................................................................................................................................... 12 Scope and Problems of Limitation ...................................................................................................... 19 Development Method.......................................................................................................................... 21 Roles and Responsibilities .................................................................................................................. 25 Timetable ............................................................................................................................................ 28 Reference ................................................................................................................................................ 30 Appendix ................................................................................................................................................. 30

Page 3 of 30

Project Proposal

SS12/4B

Executive Summary
Inference problem for statistical database has been a constant issue for all enterprise when securing their data in their database. Unauthorized personnel use the inference channel to retrieve sensitive information that they are not allowed to view. Database designer has been trying to prevent such inference and develop various strategies. But in order to do so, it is required to studied the inference problem deeply and must fully understood the fundamental problem of determining how multilevel data of different classification is stored and retrieve from the database. Our aim is to introduce a product, DB-Wrapper, to provide an efficient storage and retrieval of information from database. DB-Wrapper is a filtering tool that is wrapped around a statically database to fully prevent inference attacks in multi-level database. It provides a strong defense required to prevent sensitive information to be obtained by unauthorized personnel through inference of the statistical database. It targets all enterprises that require a configurable solution that provides ease of usability and handles inference problems. Most organizations tend to develop similar protection engines and tools that have a poor interface and is hard to integrate into the system. Unlike them, our development philosophy is to have a lightweight core engine but yet highly extendable.

OUR VISION: We strive to create an effective and reliable engine that fully eliminates inference attack of technical database. Our vision is the establishment of an efficient and accessible inference protection engine for statistical database. It allows users to fully utilize this engine in handling highly confidential records of each individual. Thus, this is an ideal software application to manage areas like Human Resource Departments and Hospital Management Systems. Our approach to achieve this is to build a wrapper around the database and have restrictions with database in accordance with policies that enable to be set within the management system.

Page 4 of 30

Project Proposal

SS12/4B

Introduction
Statistical database is a database that contains sensitive records describing individuals but only statistical information is available. They are mainly used for statistical analysis where only statistical queries, such as SUM, AVERAGE and COUNT are available and information of individuals cannot be disclosed. They are used in many applications, such as census data, mortality data and economic planning. The purpose of this project is to develop an inference protection engine for statistical databases. Our objective is to plan, design and develop a wrapper around the database, such as Oracle database, to restrict the interactions with the database in accordance with policies that would need to be able to be set within a hospital management system. Significant thought will be put into applying relevant policies. In this project proposal, we would like to show the stakeholders the milestones taken to complete this project. In-depth objective of this project, scope and risk faced and type of development method will be included in this proposal. Lastly, a brief description of the project members will be included. This will consist of past achievement, current qualifications, their roles and responsibility for the stakeholders' reference.

Page 5 of 30

Project Proposal

SS12/4B

Project Description
Background
Statistical database A Statistical Database (SDBs) is a database that contains highly confidential data/records that describes an individual; however only statistical information can be retrieve in order to provide confidentiality. It is usually implemented when a system requires statistical analysis which only statistical queries are allowed so that individual information cannot be retrieved. In practices, many statistical databases are dynamic where multiple individual data are being modified and updated in order to keep the information fresh. It can also be categorized into 5 different categories with different structures of the SDBs will contribute to the major risk of the databases. Statistical database are mainly use in places like hospital and human resources department with highly confidential information. In such database, security leads to problems that possibly need to infer protected information such as retrieving information from permitted statistical queries. There are several inference attack control mechanisms, which can be proposed to protect the SDBs and the different advantages and disadvantages of using different approach. However, in practice statistical database are usually dynamic which reduces the use of inference control method. Factor that categorized Statistical Database Immediate In these systems, the queries are process in real time where queries are immediately processed Delay The queries that are requested will not be process immediately and user do not know when the queries will be processed Dynamic Updates on table within the system will take effect immediately and may undergo several changes in a short period of time. Static Updates on table within the system will occur when the lifetime of the database expires and new database. Centralized A single centralized data repository where all the table of the database resides and one database server manages the availability of the database Decentralized A distributed data repository where all the table of the database are distributed across multiple database server. Dedicated When a system are primary use to store the database and to process the queries Shared When a system is shared to run other application and database application.\ Page 6 of 30

Project Proposal

SS12/4B

Inference Attacks Inference attack is a data mining technique which is use to compromise confidential of a statistical database, it occurs when multiple statistical query are made and combining the results together forming inference chaining which can be used to deduce or infer the confidential information. Inference Attack can be sub-divided into 5 methods Arithmetic Means, Single Match, Diophantine inferences and linear systems, Addition Aggregate and Partitioning. Types of Inference attacks Arithmetic Means

Statistical database can be compromised by queries getting information about query set whose cardinality is in the range[a,a-N], where N*2-a is total number of records in the database. This occurs when one computes the average of the field, thus the size of the tables can be infer by changing the attributes of the average computation which provides as the beginning for several other inference attack. Arithmetic means is to be considered an important piece of statistical system Single Matching

This method uses queries that will return only a few tuples to retrieve confidential data. It is said to be the most effective method of queries matching which will result in disclosure of confidential information belong to a single data item allowing access to data related to small group by create queries that match the records in order to disguise the real intentions. Diophantine inferences and linear systems

This method uses the knowledge of the distribution function to create a series of queries that will return result relating to several different sets of data that does not reveal any single value. With the use of Diophantine equations, unknowns can access by in an indirect manner by combining multiple queries and extracting data such as table and field dimensions. With the use of Diophantine equation where a set of equations can be form and eventually result to exposure of individual fields.

Page 7 of 30

Project Proposal

SS12/4B

Addition Aggregate

This attack uses the summation of multiple SUM aggregation queries to infer a value and using differentiation between two SUM queries results that could be use successful infer the restricted information. Partitioning

This attack is most frequently used on small sets of data call low-frequency group where multiple queries will result produce small results and using multiple queries that will eventually cancel each other out revealing the information that is required. When there is cases where the system refuse to process the results we can deduce that the cardinality of the result is small and using this problem to derive with a more precise value. Tracker To add on, confidential records can be compromised by a series of small queries with the help of a 'Tracker'. Tracker' derives confidential records from known characteristics of an individual and deducing additional characteristic an individual might have.

Page 8 of 30

Project Proposal

SS12/4B

Types of Inference Control Methods In order to enhance the security of a statistical database, there are several methods that can be proposed. The methods can be classified to 3 classes; conception, perturbation and query restrictions. 1. Perturbation Approach Perturbation approach introduces noise to the data or the result of the query without affecting the data in the statistical database, however this is a trade-off between the consistency of the data and the level of security, which happens when the records are suppressed and causing confusion by ensuring that the results produced by a query is not directly related to the actual data stored in the database. This approach is generally more applicable to medium-size and large systems. Perturbation approach can be divided to 2 different type; Data perturbations which is associated with the actual data in the database and Output perturbations is to introduce noise to the results of the queries One example is bivariate perturbation. It is a fixed type of data perturbations that are targeted on controlling the data within the dataset so that it will still retain its own characteristic but making the observations of a single data meaningless, as it does not reflect on the actual data. However, this method requires additional storage space so that the original dataset can be stored apart and monitor and change accordingly. This allows maximum access, as the actual data cannot be inferred through multiple queries.

2. Conceptual Approach Conceptual method proves security on the concept-data model level where tables are broken down into multiple smaller tables and statistical queries may result in redundant information. (e.g lattice model) 3. Query restrictions Approach Query restriction added extra restriction on query protecting data from low query set size, overlapping of results, auditing of queries and partition data into mutually exclusive subsets and cell suppressions. Query-Set-Size-Control Page 9 of 30

Project Proposal

SS12/4B

Query Set Size approach restricts the statistical query if the set-size result of the statistical query is small, so that it is hard to infer using Single matching methods Query-Set-Overlap Control Query-Set -Overlap approach restricts the statistical query if the system identifies the result of two or more the statistical query overlaps and investigates if the queries that surface will compromise the security of the statistical database. Auditing Auditing requires that all the queries made by one user is being recorded down requires consistent checking to ensure that the multiple queries made by a single user does not result in an inference attack. Partition Partitioning is to cluster multiple individual entities into different subset, atomic populations which contribute the resources to the user. The problem occurs when an atomic population consists of only a single data.

Cell Suppression The technique typically use for data published in tabular, that hides the cells that may cause confidential information to be reveal and other non-confidential information which may cause confidential information to be leak.

Page 10 of 30

Project Proposal

SS12/4B

Metadata modeling Metadata modeling can be used in software and system engineering for constructing of models and analysis. It is for development of frames, rules, models and theories, which are applicable and effectively used for predefined class of problems. There is a concept diagram in meta-data modeling; which is an adjusted class diagram. There are also important notions such as concept, generalization, association, multiplicity and aggregation. Moreover, Metadata modeling is an enhancement to relational database tables. It is tough to use tables directly as there are numerous items to filter out or joining of tables that will have an impact on processing time. A good metadata will deal these issues. With the model that combines items from different tables, it allows them to be available to reporting and enable to use analysis tools. Data items can be hidden from users that are not authorized to view them. Furthermore, developers of the database do not have to worry about getting the joins in the tables correctly as data items can be combined in complex calculations for reporting. To sum the problems up, the inference problems that statistical database created involves: 1. 2. 3. 4. Indirect access. View data which user has no privileges to. Correlated data. Visible data is related to invisible data. Missing data. Having null values for fields that should not be null logically. Data association. Two non-sensitive data will become sensitive if combined.

Page 11 of 30

Project Proposal

SS12/4B

Objectives
The goal of this project is to detect and remove all inference channels and prevent value constraints in a statistical database. In another word, our aim is to prevent unauthorized personnel to infer data with a higher classification from a data with a lower classification. This project is to implement an inference protection engine for statistical databases. Based on data dependency, database scheme and sematic knowledge, we can construct a filtering wrapper around the database. Not only will it protect sensitive data contents, the wrapper will provide statistical information related to the content of database whereas highly sensitive transactions information will be protected. Our product DB-Wrapper will sit on top of the database and provides inference protection by filtering users queries. Based on the literature review above. We have identified four most common inference attack on statistical database. The proposed solution is targeted to prevent these four attacks mention. -Arithmetic Means: When computing the average of a field, table size must vary the attributes of average computation. This is the beginning of the several inference attacks. -Single Match: It is a successful method for usage of queries matching exactly one data item. -Addition Aggregate: This attack implements SUM aggregate to infer a value from a reported addition of records. -Partitioning: Statistical databases hide data when a small number of entities makes a large proportion of the data revealed. The attacker will combine additional records to retrieved other different aggregate queries.

Page 12 of 30

Project Proposal

SS12/4B

Overview of our wrapper The above diagram shows how inference protections are done on statistical database. The structures are divided into 2 components Database and Inference Checks. Database consists of the statistical database and the basic authentication control provided by Oracle database. The Inference Checks consists of inference control wrapper and the inference checker. Inference Checker provides the checking of logs and Inference history to determine if the query made or previous queries made by the same user end up with a possible inference attack. The information is then passed back to the Inference control wrapper to determine the action to be done to handle the situation. If inference attack occurs, the result will not be display and instead the query will be logged under Inference history and the user will only know that the access is denied. If inference attack is not detected the Wrapper will then return the result to the user.

Page 13 of 30

Project Proposal

SS12/4B

Main Features of DB-Wrapper:

1. Conceptual Lattice model to provide a framework that describes statistical database

information in tabular form at different level of aggregation to suppress confidential information. ( Meta-Data Modeling/ Data Dictionary)
2. Query Restriction Prevent query which can lead to success in inference attack.

Only allow aggregate queries by using User interface to control the function call in a SQL statements : SUM, COUNT, AVG, etc. Do not allow overly selective queries : SELECT WHERE income = 2500;

3. Query set size control Permits a statistic to be released only if the size of the query set |C| satisfies the condition K <= |C| <=L K and K should satisfy the condition 0 <= K <= L/2. |C| represents the queries subset. L represents the size of the database. K represents the parameter set by the database administrator. 4. Auditing - Prevent new query and previous queries made by the same user will not end up with a possible inference attack Keeping up-to-date logs of all queries made by each user. Constantly checking for possible compromise whenever a new query issued. Therefore, in order to restrict the interactions with database accordance with policies, it is important to build a wrapper around the SQLite database. It would need significant thought to appropriately represent and apply appropriate policies.
-Make Queries -View Result -Generate statistical report Administrator -View Log File -Create, Update, Delete Range -Read in Data Dictionary/Meta-Modelling -Create, Update, Delete User -Create, Update, Delete Role -Create, Update, Delete Constraints

User

Page 14 of 30

Project Proposal

SS12/4B

Database Description SQLite will be used to provide a relational database management system, or RDBMS. SQLite will assist us in developing a database-backed application. The reason of choosing SQLite is because it is suitable to use in our assignments, for low to medium traffic and working with a scripting language such as C or C++. SQLite also provides applications such as SQLite Manager and SQLite Browser to manage SQLite database on our computer. SQLite manager will be used to create the DB-Wrapper database as well as the Application database. DB-Wrapper database will be used to contain all the meta-data information of the application database that DB-Wrapper is applied on. Meta-data / data dictionary is a set of information which describes the structure of the database consisting of Table, attribute and constraints. Screenshot of SQLite Manager:

Source: https://addons.cdn.mozilla.net/img/uploads/previews/full/17/17043.png?modified=1331247702 Inference protection database (Database of DB-Wrapper) Page 15 of 30

Project Proposal

SS12/4B

Following are the three main items in the database. 1. User Table This table will store the username and password of all users. To enhance security feature, password stored will be encrypted. Main column attributes: userID, userName, password. 2. Roles This table will store the role associated with every users. The amount of privileges of each user depends on their role. Main column attributes: RoleNum, roleName. 3. Data Dictionary (metadata repository) Multiple tables will be used to store the description of the application database. It determines the structure of an application database. Users, designers and administrator will get information from the application database base on this data dictionary instead of directly access the application database. Application database is secured and protected in this way. Main Table: Application, Table, Attributes, Constraint Application table will store the details of all application databases. .Main attributes: AppNumID, AppName. Table will store the details of tables in each application database. Main attributes: TableName. Attributes will store the details of attributes in each tables of all application. Main attributes: AttributesName.. Constraint will store the details of constraints that are applied on each application. Main attributes: ConstraintName,Value. There will be rules associated with each attribute. These rules will defined the property of the attributes and determine the functions that can be executed to these attributes. Page 16 of 30

Project Proposal

SS12/4B

Sample Design of the application Database UOW Staff DB Database Description: Staff in SIM Contains around 25 records and 10 attributes Main Attributes are: Staff_Number, Staff_Name, Staff_DOB, Staff_Age, Staff_Gender, Staff_Address, Staff_Course, Staff_Salary, Staff_Position, Staff_Date_join Sensitive Attributes are: Staff_Number, Staff_Name, Staff_DOB, Staff_Address, Staff_Salary Why are those attributes confidential? Assumption: Database is for fellow staff to view. These attributes give away sensitive informational of a staff: - Staff_Number: o Unique ID to a staff. We could impersonate the staff if we know the Staff ID of an employee - Staff_Name: o There is no need to know any staff names. In any case, our database wrapper will only allow non-aggregate function such as COUNT, AVG, Sum etc - Staff_DOB: o Individual's DOB should be protected from fellow colleagues - Staff_Address: o Individual's residential address should be protected from fellow colleges - Staff_Salary: o Individual's salary should be protected from fellow colleges

Page 17 of 30

Project Proposal

SS12/4B

Technology This assignment will need the project team to download SQLite which is a software library that implements a self-contained, serverless, transactional SQL database engine. SQLite enables developers to work on C, C++ applications. The recommended version to download is 3.7.15. SQLite manager/browser will then be downloaded to provide the project team with an interface QT development framework, a cross-platform application framework, will then be used for developing our application graphical user interface (GUI). QT uses standard C++ which all members of the project teams have experience with. It has a unified cross-platform application programming interface (API) which will benefits the project team where members uses different kind of platform such as MAC, Window and Linux. Programming language to code the wrapper is selected to be in C++. The reason is because all members have been using C++ to code most of the school assignments. QTSql is one modules of QT. It contains classes that integrate with open-source and proprietary SQL databases. Most importantly, QTSql includes an implementation of SQLite. The project team will use QT creator, an IDE of QT, to implement the GUI. Below shows the main window of QT Creator:

Page 18 of 30

Project Proposal

SS12/4B

Scope and Problems of Limitation

This section lists the scope as well as problems of limitation that we expect to face during the development process of the inference protection engine. Realistically, there is no plan that is and perfect and no problem. All projects have its risks and problems. Some of the most significant potential problems that can occur are: Scopes Main scopes of our products (DB-Wrapper) - Inference controller prototype to handle interfaces during query processing - Meta-Data Modeling - Propagating update to the user history files to ensure accepted/rejected queries are logged - GUI platform will only aggregation queries to be made - Filter queries by allowing not overly selective queries. - Queries result that are return consist of only statistical information - Query set size control are to be implement to reduce the chance of inference attack due to small query set size by permitting statistical information to be released only if the size of the query set size satisfies query set-size control limits - Usage of range and constraints

Page 19 of 30

Project Proposal

SS12/4B

Problems All members are currently taking two modules of the course. Times are allocated to do those subjects assignments and revision. This is just a minor constraint as a good project plan and timeline can solve time constraints issues. In a large database system, the dependency relationship between the security attribute and other attributes is complicated. In another word, it is hard to give a quantitative measurement to describe protection requirements for each security attribute. Therefore, constant review, analyses and measurement of database data need to be done. All assumptions must be made and stated so that there wont any conflicts and confusion. Problems will occur when data is restricted by the control mechanisms in our engine wrapper product. Severe restrictions on allowable query sizes will render the database useless. Light restrictions on allowable query sizes will not secure confidential records. Our products will choose to prioritize on securing confidential information instead of leaking sensitive information to unauthorized personnel so that the database wont be useless. However, extra focus will be done to make users are able to get the most amount of information from their queries. Testing will be done both during all iterations phases and before submission of the final product to ensure the number of bugs should is kept to the minimum. However, it is always possible that one or two mission critical issues were missed. Therefore, it is important to scheduled maintenance periods after the product is released. In some cases, we can temporary stop the product and services from running during the maintenance if necessary. A message that the service is under maintenance must then be displayed to the users. One of our features Query set size control might be compromised after a frame of queries if the threshold value is too small. One example is through individual tracker which is a costumed formula which allows us to calculate the answer to a forbidden query indirectly. Tracker attack can be prevented by placing several restrictions on the query set size or controlling the queries that are allowed in some other ways. One way is to increase the threshold value. However, if the threshold value is too large, many queries will be restriction unnecessary. Therefore, query set overlapped is introduced to counter this issue. Any queries made by the user first undergoes the process of query set size control and if the query passes the stage, then it undergoes the process of query set overlap techniques to check for database compromise. Query set overlap is that successive queries must be checked against the number of common records such that if the number of common records in any query exceeds a given threshold, the requested statistic is not released. However, Query set overlapped would be additional feature and would only be implemented if only there are sufficient time after the main requirements of DB-Wrapper are implemented/ Page 20 of 30

Project Proposal

SS12/4B

Development Method
For this project, Statistical Database, we have decided to adopt a methodology that is highly flexible and it would benefit both developers and the stakeholders. Rational Unified Process (RUP). RUP has advantages that are suitable for this project compared to other Software Process Modeling such as Waterfall and Spiral Model as shown Ability to modify project specifications according to the changing requirements of customer irregardless of the current project stage. Project risk is kept to the minimum. Documentation of the project is highly required. That will keep us on cue with the project requirements mentioned by the stakeholders. Ensure smooth transition to each phrase of the project. Helps to ensure that there is quality control on all phrases.

RUP will divide the project into four phases as shown:

Soruce: Fig 3.0.1 The 4 phases and milestones of the iterative process, The Rational Unified Process An Introduction (3rd Edition) Philippe Kruchten Feb 2007

Page 21 of 30

Project Proposal

SS12/4B

Inception Phase In this phase, the primary goal is to establish the project scope. To fully utilize each member, the roles of our team mates must be decided based on individuals skills. All members will be tasked to do the following tasks based on their roles: An identification of objectives for the assignment Establishment of project scope Main end goal of project Identify alternatives to mitigate risk Documentation inclusive of core project requirements, key functional requirements, possible constraints, illustrations of use cases Project implementation plan Overall constraints - cost and schedule Milestone identified, (Lifecycle Objective), mainly an understanding of requirements of the project which will be supported by evident use of use cases

Based on the above findings, a detailed plan will be made to guide us on how the development of project will take shape. However, many details are still raw. The project is currently in this phase. In the real world, the project can still be cancelled if it is not feasible as not much work has been done. For this final year project, some of the main deliverables for the inception phrase will be the members profile, project proposal, project website, initial project documents and initial preliminary requirement specification. Elaboration Phase In this phase, the primary goal is to look into the project scope in greater details. It is the most crucial of the 4 phases as it is necessary to clarify all doubts and understand the project fully before further development. Project will get it basic architecture and the risks will be analyzed. The blueprint for the development effort to continue is provided. The blueprint mainly consists of the following: Elaboration of scope Development of project plan Identify and eliminate the elements that are identified to be of the highest risk Specifics of architecture, requirements and plans are being researched and stabilized Usage scenarios and use cases (80%) Prototyping the product before moving to construction phase Find ways to greatly reduced all risks Note down all uncertainties Milestone identified, (Lifecycle Architecture), mainly detailed system objectives and possible resolutions to major risks that have been identified

At the end of this phrase, a decision on which approach to use must be decided based on key factors such as effectiveness, efficiency, risks, proficiency of group members and comparison with other approaches. Any changes made after this will be costly and difficult to make because these changes Page 22 of 30

Project Proposal

SS12/4B

might be made half way through actual development, in which many different parts of the system are interrelated. In the real world, we must take into consideration the budget of the project and make agreement with all stakeholders before moving to the construction phase. For this final year project, some of the main deliverables for the elaboration phrase will be the final version of project document, final version of system requirement specifications, preliminary technical design manual and project prototype. Construction Phase In this phase, actual development of the product will be done. The project development will be heavily based on the blueprint concluded from the previous phase. Flows built in the elaboration phase will be further enhanced. Architecture will not be worried, focused instead on delivering the highest value solution possible. Several iterations of implementing and validating the system are being carried out concurrently. Main activities of the development process consist of: Set targets and scheules Development and integration of application features All features are tested thoroughly Emphasis on management of resources and optimization to reduce costs and increase quality Breaking up the development into several iterations. Constant evaluation on the approach Extensive testing on each functionalities Integration of system to different platforms (If applicable) Completion of development of application components and testing of functional requirements Finalized version of User Manuals or ReadMes are provided to guide users in using the system Milestone identified, (Initial Operational Capability), mainly application is ready for operation, usually known as the beta release before actual deployment on a huge scale

At the end of the construction phase, the program should be able to be used by a small group of end users For this final year project, some of the main deliverables for the construction phrase will be the system test plan, progress report, user manual. Transition Phase In this phase, the system is moved to the user environment. Activities will consist of: Beta and integration testing Checking product meets end user requirements Deliver product to stakeholder Training personnel in utilizing the system Validation of system against operational needs Milestone identified, (Product Release), mainly checking and making sure that objectives are met and determining is another development cycle is necessary Page 23 of 30

Project Proposal

SS12/4B

For this final year project, some of the main deliverables for the transition phase will be the final result of all the system tests, product and presentation. In comparison, inception and elaboration phase belongs to the genre of developing intellectual property (e.g. proposed ideas, resources needed) and the construction and transition phase belongs to the genre of deploying and management of the product. Through the use of RUP, we will be approaching the project with a clear understanding of the needs of the project. A balance will be kept between project requirements and project risk. The project will be delivered on time with quality.

Page 24 of 30

Project Proposal

SS12/4B

Roles and Responsibilities

Each members of the team has different roles to play. Each role will be in charge of different aspect of the project. Each member need to deliver the artifacts for aspect that he is responsible for. Realistically, every member will also contribute to other aspects of the project but will only be more focused on those they are in charge of. Committee Structure: Roles Database Designer Documenter Implementer Integrator Project Manager Software Architect System Analyst System Tester Test Designer User Interface Designer Jun Xiang Jia Hui Joel Stephen Sing Hui

Page 25 of 30

Project Proposal

SS12/4B

Job scopes of each roles: Database Responsible to Design and implement project database systems. Drawing of Designer ERD diagrams. Must be able to provide programming and troubleshooting support for database systems. Perform data backup and restoration on regular basis. Responsible for the integrity of database. Documenter Project diaries will be done based on individual roles. Project diaries will consist of the work assigned to them, their work process and the difficulties faced during the project including the solution to the difficulties. For example, project manager will include the user manual in the documentation. Tester will include the testing result. Implementer Lead programmer of the system. Program all the functions in the product. Work closely with tester. Integrator Main System Integrator to integrate all the components of the system. Make sure that components are checked by tester before integrating. Work closely with Project manager and Software Engineer. Project Overlook the entire project and finalize the analyses of project requirements. Manager Helps to settle clarification between Team Members and supervisor. Task, Identifies, define and do quality check for the various individual components of team members. Compile work done by each members and make sure it form the specified deliverable for submission Required to do the project planning, meeting management, resource allocation, overlooking all the 4 RUP projects phases and ensure smooth execution. Ensure deliverables are completed before the submission deadline. Software Lead in system designs such as requirements specification and UML Architect diagrams. Involves in developing system architecture, brainstorming end-toend requirements between stakeholder needs and final products. Have to make sure the architecture requirement meet customer needs. Bottom line is to develop system and software architectures to ensure performance and modularity. System Analyse existing business operations and existing information systems. Analyst Propose alternative solutions to business problems and select and justify preferred solution. Design and guide implementation of new systems including process flow, user interface, reports, and security procedures. Prepare training and user manual for the final product. System Perform testing and report to implementer and integrator of any bugs found. Tester Assist implementer in programming of the system. Test Responsible in setting up the system test plan for system tester to use. Must Designer identify all necessary test required to ensure the usability of the final product. User In charge designing, creating and performing maintenance of our GUI of Interface products. Identify the aim, structure and technique to achieve the required Designer GUI needed for the product. Helps in designing of project website. Work closely with both the Software Engineer and Project Manager. Page 26 of 30

Project Proposal

SS12/4B

Main responsibilities of each member: Name Responsibilities Khoo Jun Xiang Planning and managing of the project Involve in the designing of database system Involve in the implementation of the system Low Jia Hui Involve in the designing of the database system Involve in the implementation the system Involve in the integration the system Involve in the testing of the system Goh Kheng Siang Involve in the designing of the database system Joel Involve in the designing of the test cases Involve in the testing of the system Involve in the designing of the user interface Stephen Ang Involve in the documentation of the project development Involve in the integration the system Involve in the designing of the test cases Involve in the testing of the system Lim Sing Hui Involve in the documentation of the project development Involve in the designing of the test cases Involve in the designing of the user interface

Page 27 of 30

Project Proposal

SS12/4B

Timetable
Our project development will be implementing on the RUP model. This following section will be presenting the project schedule graphically. In addition, each phases are iterative meaning that there are successive refinement, evaluating and testing before deciding on an effective solution.
Activity Proposal Due Date Inception Phase FORMING THE TEAM, SET UP PROJECT WEBSITE - Form project team, - Identify roles & responsibilities - Create project website - Do literature review REQUIREMENT -Systems functionalities -Initial Use Cases and Risk list - Test Plan - Algorithms and interfaces( functional, non-functional, security) - Project Document (Preliminary Requirement Specification) Elaoration Phase ANALYZE AND DESIGN - Case Diagram - Class Diagrams - Sequence Diagrams - Activity Flow Diagrams - Architecture Design - Database Design - Produce System Design - Update Project Plan - Update Website - Update Use Cases IMPLEMENTATION 1-2 10/11 3- 5 24/11 WEEK 6-8 9-10 8/12 22/12 10-11 29/12 12-15 19/1 16-17 9/2 18-19 23/2 20 2/3

Page 28 of 30

Project Proposal

SS12/4B

- Starts development - Design Implementation - Develop prototype with basic functionalities - Preliminary Project Document (SRS, Technical Design Manual) - Unit Testing - User Acceptance Test TERM 1 REVIEW - Demonstrate prototypes - Submit Preliminary Project Documents (Project Document, SRS, Technical Design Manual, Project Website) Construction Phase IMPLEMENTATION - Start implementation of all functions -Unit Testing - Update Technical Design and documents with further development - System Test Plan - Progress Report( Minutes of Meeting and Project Diary) Transition Phase TESTING - Integration Test - Produce User Manual PREPARATION OF DEMONSTRATION & PRESENTATION OF PROJECT - Wrap up development and prepare project presentation - Present to supervisor PROJECT PRESENTATION -Team demonstration to panel of supervisors and assessor

X
Page 29 of 30

Project Proposal

SS12/4B

References
1. Salvador Mandujano- Inference Attacks to Statistical Database: Data Suppression, Concealing Controls and Other Security Trends - 1st May 2000 http://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFj AA&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.61.751%2 6rep%3Drep1%26type%3Dpdf&ei=L4avULvtLsHQrQel9YHYDA&usg=AFQjCNHjPzwJcCvPgggPDB_Qc1g hjg4bXQ&sig2=5G-6qsU5zM6cYZqQ70gKuw 2. Shiuh-Pyng Shieh And Chern-Tang Lin Information Protection in Dynamic Statistical Database 1st January 1999 http://dsns.csie.nctu.edu.tw/ssp/paper/29.Information%20Protection%20in%20Dynamic%20Statis tical%20Databases.pdf 3. Per Kroll And Philippe Kruchten - The Rational Unified Process Made Easy A Practitioners Guide To The RUP Dec 2007 4. Michael Hylkema - A survey of Database Inference Attack Prevention Methods 1st Decemeber 2009 http://www.google.com.sg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CC4QFj AA&url=http%3A%2F%2Fmet-research.bu.edu%2Fmetert%2FInternal%2520Documentation%2FInference%2520Research%2FMichael_Hylkema_Research_ Paper.pdf&ei=mpCvUIm2FcLZrQfl5oGQBw&usg=AFQjCNGBvseuUw44DR051ogSdge0IXBEuw&sig2=G _LImMo1cGeMSEcAV8aqOA 5. Neelabh Baijal - Privacy in Statistical Database: An Approach Using Cell Suppression 1st May 2005 http://www.cs.utep.edu/vladik/cs5354.10/thesis.pdf

Appendix
None

Page 30 of 30