Fig 6 - uploaded by Khaled Elleithy
Content may be subject to copyright.
Source publication
This paper presents the implementation of a secure application for an academic institution that offers numerous services to
both students and the faculty. The primary focus of this paper is to provide a technical implementation of a new architecture
for encrypting the database. The scope of this paper mainly includes but is not limited to symmetric...
Context in source publication
Context 1
... all the entities information are kept simple in database, although this information can be made comprehensive and complete in any real time implementation and as per the development requirements. The proposed security design includes various security measures that are incorporated in the intended application. 1) Custom Base Class: In our project we have used ASP.NET Custom Base Class feature to secure access to all the project web pages, data and services available on them. For this purpose, we created custom base class called “My Pages” which is derived for System.Web.UI.Pages and consists of those classes that contain the code that put the security checks and take care of the process of authorization. All the web form’s codes behind classes are derived from the Custom Base Class that provides the basic infrastructure for the web page’s information access security. To implement this hierarchy, we implemented the .Net’s most prominent feature: session management to maintain the user’s identity at each step of the application. By using the custom based class implementation, we have avoided the URL spoofing in which a person who is not authorize to view the page contents or to access the resources offered by it can be able to access the page’s contents 2) Dynamic Key Generation and Management : In order to prevent the unauthorized access to the keys that are used to secure the documents upon storage, the keys for encryption and decryption are chosen entirely at run time. With this approach, we avoided to store them at any place which consequently avoided any security threats. The system will be a bit slow in the response but will save us the cost of being insecure. The keys are generated based on the session objects information of the person which is being signed at the time of the document upload and encryption request. The basic concept includes the users, custom, validation and calendar controls. Validating the user inputs throughout the pages include telephone number and date information. Updating the database based on the calendar when the user specify the date. The retrieved information from the database is displayed using data adapters, data sets, data grids and data list. The main tools used as a basic concept in .Net framework are: User Controls, Image Controls, Html File Control, Data List, Data Grid, Calendar Controls, Validation Controls, Regular Expressions, Data Readers, Data Adapters, and Data Sets. The data flow diagram is a high level representation of this project. It can be seen in Fig. 3 that the data flow from top to bottom where system administrator initiates and introduces students, courses, and faculty. IV. S ECURE D OCUMENT A PPLICATION I MPLEMENTATION In this section, we present a discussion on the technicalities we encountered during the development phase of this project. This includes implementation detail and interface choice. In this application, the flow of the application starts from the main (default) page where a person sign in and then based on its role or membership, he/she will be then directed to specific web pages and resources he can access. The main entities in this implementation include System Admin interface and Faculty and Student Interfaces as outlined below. The system admin interface contains the links to the pages where a system admin can perform course management, faculty & students accounts managements In addition, a system admin can assign courses to faculty and can register students to specific courses. The links at the system admin interface include faculty accounts, admin accounts, student accounts, courses management interfaces. System administrator manages student’s accounts by adding, modifying, deleting student record. He/she can setup their login accounts and can register them to the desired courses offered by a certain semester. Figures 4, 5, and 6 show the different parts of the system administration. When a faculty member logs in to the application, he/she is directed to a web page that provides the information and services that are only related to that faculty member. As one can see in Fig. 4, the faculty member has provided the information regarding the courses that are assigned to him and the documents (encrypted) that he has in his folder at the server. In addition when a course is selected, the page shows the documents that are related to that specific course. The list of students who have given the access to his (faculty member) documents are also shown here. The faculty member has given the option to change the accessibility permissions of the student by deleting the student record form the list for whom he doesn’t want to allow the accessibility of the document. The documents are uploaded to the server in encrypted format and then stored into the data base as a BLOB. During the uploading and encryption, the secure Http Protocol is being used, so that the transfer of the documents takes place securely as shown in Fig. 7. In addition, Fig. 6 can be used by a system administrator to manage the courses for both faculty and students. When a student logs into the secure document application, he has shown the list of his registered courses and their complete description including faculty information (see Fig. 5). He can choose any of the documents that he want to access and can click the download button. The download button extract the document that are stored in the database in the BLOB form and then decrypt it on to the-sever; finally the document is made available in the browser for the student. During the document transfer we again implemented secure Http protocol to securely transfer the document. The details are shown in Fig. 5. On the same page student can change his password or secret question and answer any time. Passwords and secret questions and answers are stored in the encrypted format in the database and hence. V. C ONCLUSION In this paper, we presented a new design for providing comprehensive security for a secure application by combining many different security techniques using the .NET framework. The most prominent feature of the .NET is its full fleshed Cryptography-API that provides techniques of encryption and decryption while hiding all the technical details. This is one of the main reasons that we achieved the goal of completing this secure application. Secure HTTP communication provided by ASP.NET’s API is also another most important and handy feature worth to mention here. Some of the tools used in the application include data access controls that avoid repetitive database programming, built in authentication features and security controls that enable automated management of user accounts and roles and simplified web deployment. The proposed project consists of different tools and techniques for building secure web applications with strong database accessibility and crypto graphic techniques. During the design phase, we learned and practiced many new techniques that we found very useful and interesting in the context of building a secure and powerful web application along with strong and real time database ...
Similar publications
This paper explores the affordances and constraints of STEM faculty members’ instructional data-use practices and how they engage students (or not) in reflection around their own learning data. We found faculty used a wide variety of instructional data-use practices. We also found several constraints that influenced their instructional data-use pra...
With the continued implementation of a wide range of technologies both by individuals and within organizations, user acceptance remains a significant area of study. The question of why people decide to accept or reject a particular technology continues to be an important issue. Numerous models have been developed and applied to a broad scope of tec...
The OTH Regensburg has a broad variety of study programs in technical, business, social and health sciences. Up to now, there is no integral connection in the bachelor curricula between business and technical faculties except for some small subjects. The scope of this project is to develop a new course specialization, which connects engineering and...
Owing to their scope, and decisiveness, Ph. D. program entrance exams (PPEE) ought to demonstrate acceptable reliability and validity. The current study aims to examine the reliability and validity of the new Teaching English as a Foreign Language (TEFL) PPEE from the perspective of both university professors and Ph. D. students. To this end, in-de...
Researchers from many countries have pointed out the difficulty of transitioning from high school to university settings, especially within the context of mathematics courses. With its abstract content, deductive thinking structure, and unique language, university mathematics is quite different from high school mathematics for students encountering...