Security and Privacy Analysis of a Database

Databases

This is the third of many milestones associated with the project. You will be making use of the problem statement and schema design you developed in Milestone 1 and Milestone2 in this assignment. You will refer back to the security & privacy concerns, business, entity and referential constraints developed in this assignment in future milestones to a) Implement the design, b) Design the software system and c) Develop and test the information system. This assignment has the following learning outcomes: ● To learn how to identify data that might have privacy implications, determine adequate access control policies and implement mechanisms to enforce said policies. ● To learn how to identify potential security vulnerabilities in an information system, implications of such vulnerabilities and actions necessary to protect the system from said vulnerabilities. ● To learn how to identify entity and referential integrity constraints on the data and define policies for handling referential integrity constraints. ● To learn how to identify business rule constraints on the information systems and determine policies for enforcing said rules. ● To learn how to describe design choices with respect to physical database design and rationalize that in a manner that enables a software engineer to implement the design in a relational database system. ● To learn how to apply the practice of physical data design in a situation similar to those seen in the industry. ● To learn how to work within a team to resolve conflicts and accommodate varied design choices. This is a team assignment and is ideally done in a team of 3-4 students.

Sriram Mohan

Design Tradeoffs,White paper, Data Analysis

One Week

Writing, Teaming, Reading

Design Analysis, Security, Tradeoff Analysis

As a software engineer you will often be required to design information systems based on a client’s requirements. It is your responsibility to understand the needs behind the information system, develop a feature set based on the needs and produce a design for the information system. Once you have designed the information system, you will be often be responsible for analyzing the design to identify privacy issues, security vulnerabilities and identify and implement access control policies and mechanisms to prevent security breaches. You will also be required to enforce entity, referential and business rules to ensure that your information system provides a true representation of the real world data.

A critical ability while working within a team is to develop an ability to manage conflicts, accommodate different design decisions, and manage conflicting client requirements. This milestone helps you learn and apply these abilities in a real life situation.

3