Liberty University System Prototype Replies

Post 1:

Troy Beiderbecke

My design for this capstone project is aimed at creating a comprehensive and adaptive ransomware mitigation strategy which needs to adhere to numerous best practices, frameworks, and standards to ensure quality, effectiveness, and user-friendly interface.

User-Centered Design (UCD): This philosophy has been central to the development of our system. The design process incorporated feedback from end-users, who are the employees working within an organization, to ensure that the system is intuitive, easy to use, and meets their needs (Norman & Draper, 1986).

Agile Software Development: An Agile framework has been employed in this project. It enabled us to quickly adapt to changes and continuously improve the system based on user feedback and testing results (Beck et al., 2001).

1. Design Patterns: The use of recognized design patterns has been a major focus in order to facilitate future enhancements, maintainability, and problem-solving (Gamma et al., 1994).

ISO/IEC 27001:2013: This standard was considered while designing the system’s security aspects, ensuring that we adequately protect information, and manage and minimize risk to information security (ISO/IEC, 2013).

1. NIST Cybersecurity Framework: The system’s security design also incorporates practices recommended by the NIST Cybersecurity Framework, particularly those that pertain to identifying, protecting, detecting, responding, and recovering from cybersecurity threats (NIST, 2018).

Test-Driven Development (TDD): Testing has been central to the development process. By writing tests before coding, we have ensured the quality of the system and minimized the occurrence of bugs (Beck, 2003).

1. Code Review and Documentation: Rigorous code reviews and comprehensive documentation have been carried out to ensure code quality, maintainability, and understanding of the system by all stakeholders (McConnell, 2004).

By incorporating these best practices, frameworks, and standards into the design process, I aim to create a system that not only fulfills its purpose of enhancing ransomware mitigation strategies but is also reliable, maintainable, and user-friendly.

1. ACTIVITY DIAGRAM FOR DATA BACKUP AND RECOVERY

1.           This activity diagram begins with the identification of a new threat in the system. Upon its detection, the system isolates the affected components to prevent the threat from spreading, simultaneously alerting the incident response team. The incident response team then assesses the threat’s severity and decides whether to initiate a system recovery from backups. If a system recovery is necessary, the process proceeds to retrieve the last clean backup and restore the affected systems. Post-recovery, a thorough system check is performed to ensure all components are functioning optimally. The diagram concludes with the threat details being documented for future reference and preventative measures.

Activity Diagram for Incident Response

1. 

           This shows the role of the TrainingManager in enhancing system security. The process begins with the detection of a new threat. After the threat mitigation steps taken by the IncidentResponder and the BackupManager, a report is generated and sent to the TrainingManager. The TrainingManager, upon receiving the report, creates a new training module aimed at improving user behavior and minimizing the risks associated with similar threats in the future. The users then participate in the training module, and their feedback is collected for further refinements. This process forms a loop, continuously updating the training program with each detected threat, leading to a progressively enhanced system security posture.

1. Sequence Diagram

           This shows the sequence diagram of the threat detection and response. The loop within the sequence diagram is mainly centered around the threat detection process. This loop is continuously active during system operation, illustrating the real-time nature of the ThreatDetector.

References:

Beck, K. (2003). Test-driven development: by example. Addison-Wesley Professional.

Beck, K., Beedle, M., Van Bennekum, A., Cockburn, A., Cunningham, W., Fowler, M., … & Kern, J. (2001). Manifesto for agile software development.

Gamma, E., Helm, R., Johnson, R., & Vlissides, J. (1994). Design patterns: elements of reusable object-oriented software. Addison-Wesley Professional.

ISO/IEC 27001:2013. (2013). Information technology— Security techniques— Information security management systems—Requirements.

McConnell, S. (2004). Code complete: a practical handbook of software construction. Microsoft Press.

NIST Cybersecurity Framework. (2018). Framework for Improving Critical Infrastructure Cybersecurity. National Institute of Standards and Technology.

Norman, D. A., & Draper, S. W. (Eds.). (1986). User-centered system design: New perspectives on human-computer interaction. CRC Press.

Post 2:

Chris Lightner

My design for this project is based heavily on the Technology Acceptance Model (TAM) and TAM2. This model is stated to bring benefits to organizations and users (Marikyan and Savvas, 2023). TAM2 added additional concepts of the subjective norm, image, how relevant the application is to the work, what the quality is in the outcome of the application, are the results able to be verified and is the experience positive with the users provided the ability to voluntarily use the application by choice. The problem with the current methods of updating I Internet of Things devices is that a separate application per vendor must be used to update devices. A medical facility could have dozens of vendors, each with their own application to provide updates. TAM proposes that an application is more likely to be accepted if there is the perception that the benefit from the application outweighs the effort required to learn how to use the application. Charness and Boot (2016) write that this model is a major influence in motivating users to accept new technology. According to their research, those who view technology has too complicated will not put the effort required to learn how to effectively use it. TAM framework has been used to study blockchain, a method that has been proposed to secure IoT communications (Liu and Ye, 2021). The writers claim that the adherence to TAM theory has been the most effective model for developing technologies that users will accept and put into use. Scherer tl al. (2019) agree, stating that this framework has pushed the acceptance of online education as students are comfortable with the existing education format. These studies strengthen the argument that the current methods of updating IoT devices does not encourage the updates to occur or to be done in a timely manner.

This reasoning supports the prototype of a system to change multiple IoT devices from a single application. The application will use Java, an industry standard programming language. It will also use open-course PostGreSQL, which is publicly available with many resources to help manage the system (Riggs et al, 2022). These two platforms allow the cost to develop and deploy a system to be minimal.

Figure 1

Class diagram

The class diagram details each module of the application. Each module is an action that can be taken by a user, whether a nurse or an IT staff member. The actions start with the entrance into the application. This screen provides a path to the various modules in a simple interface with very few clicks, in keeping with the TAM theory. From the main screen there are two primary paths. On is to work with device firmware and one is to manage users of the application. Each end in the path includes a function to modify the SQL database. Each object shows what will be passed to the application to create the database command required in make the request. The only screen module that does not directly interact with the database is the main menu.

Figure 2

Package Diagram

I’d like feedback for the package diagrams as I am not familiar with them and going off what I have found on Internet searches. The package diagram shows the modules used to deploy firmware. A user logs into the system which presents the main screen. This GUI shows the user the options that are available to the user. The initial screen invokes the security rules in the database. A user needs to have permission to log into the system. Once logged in, they can access the firmware update screen. This interface allows them to push a firmware package to one or more devices. The package will allow the medical staff, typically a nurse, to push firmware updates to Internet of Medical Things (IoMT) devices.

Figure 3

User Management Package Diagram

The final diagram is a user management package diagram. The IT staff log into the system and have their credentials evaluated for access rights. They can then navigate to the user management module where three separate subtasks can be done, add or delete a user or change a user’s password. This provides a system where only valid users can initiate firmware updates.

References

Charness, N., & Boot, W. R. (2016). Technology, gaming, and social networking. In Elsevier eBooks (pp. 389–407). https://doi.org/10.1016/b978-0-12-411469-2.00020-0

Liu, N., & Ye, Z. (2021). Empirical research on the blockchain adoption – based on TAM. Applied Economics, 53(37), 4263–4275. https://doi.org/10.1080/00036846.2021.1898535 site.

Marikyan, D., & Papagiannidis, S. (2023). Technology Acceptance Model – TheoryHub – Academic theories reviews for research and T&L. https://open.ncl.ac.uk/theories/1/technology-acceptance-model/

Riggs, Simon, and Gianni Ciolli. PostgreSQL 14 Administration Cookbook?: over 175 Proven Recipes for Database Administrators to Manage Enterprise Databases Effectively. Birmingham: Packt Publishing, Limited, 2022. Print.

Scherer, R., Siddiq, F., & Tondeur, J. (2019). The technology acceptance model (TAM): A meta-analytic structural equation modeling approach to explaining teachers’ adoption of digital technology in education. Computers and Education, 128, 13-35. https://doi.org/10.1016/j.compedu.2018.09.009

Post 3:

Alexandra Davenport

Author: Alexandra Davenport

Title: Utilizing Database Query Optimization for Energy Conservation in Relational Databases

Research Question: Can a relational database, such as Oracle Database, be optimized to maintain performance standards while reducing the total amount of energy consumed?

Best Practices:

The proposed solution for the research question involves the creation of a program in Java Netbeans IDE 12.5. The Java program, DBTimeExec, will be used to connect three datasets using the SQL editor in Netbeans. Netbeans allows for the integration of easy server connections using Maven and Oracle driver connections. The Oracle driver that will be used for the system is the OJDBC8 Oracle Thin 19.3 driver client. This specific driver provides optimal easy connection between the program in Netbeans and the database (Wielenga, 2015). The database selected for this research is the Oracle XE 21.3 database. The Oracle XE database is free to the public and integrates optimally with Netbeans IDE (Vasiliev, 2008). Oracle SQL Developer 21.3 will be used as an integration platform to convert the SQL datasets into database table form. Table form will be used by the DBTimeExec program to search a set of eleven different query types a total of ten times on each of three datasets.

              The DBTimeExec program will be used to collect a set of execution time measurements using the Date class in Java. A “start” and “end” time will be placed before and after each database query to ensure that an accurate time is collected. The time will be collected in milliseconds and converted to seconds so that it can be easily converted and scaled to a measure of energy. The Date class provides an ideal solution to quickly quantifying the execution time (Parsons, 2020).

Frameworks:

Design science research methodology (DSRM) is used as the primary framework for this

research. DSRM focuses on finding a quantitative solution and seeks to find information about both the design process and specific artifacts produced through the study (Cartensen & Bernhard, 2018). The primary steps in DSRM are to identify a goal, list objectives, design or develop an artifact, evaluate results, and then communicate these results to the reader.

              The objective for this research is to determine whether different Oracle database queries have longer execution times than others and if they can be optimized to reduce the total amount of consumed energy. The design of my system prototype, shown in Section 7, has been optimized to ensure that reliable and valid data is collected. By using three different datasets, researcher bias is limited. These datasets each contain different types of data and are different sizes. Through placing timestamps before and after each query execution a precise time is collected for query execution. These timestamps can be used to validate the dataset and queries executed on them. Results of the analysis will be evaluated through collecting the timestamps and converting the timestamps into measures of energy. The energy can be converted into a cost measurement to determine the potential economic benefits in addition to the environmental benefits of query optimization. The results of this study will be presented in Excel graph form using bar, histogram, and dual axis line chart form to ensure that those who are unfamiliar with the study will benefit from the findings.

Standards:

Utilizing the DSRM approach, the data collected will be quantitative in approach. The data collected will be based on specific timestamp measurements. Collecting specific timestamp measurements provides precise data points that can be graphed and displayed to the reader. By collecting different query types on different datasets it can be determined which query types represent the “ideal” combination needed to lower the use of energy in the database while still maintaining accurate performance.

This research therefore is primarily experimental in nature and will involve manipulating various queries to determine the best solution. The set of testable queries was chosen based on popular use in modern databases, but the specific queries are designed to measure dependent system variables. Samples for the datasets were chosen using Oracle’s sample schema datasets. These datasets were selected due to their free licensure agreement and ideal connection to Oracle XE databases.

System Diagrams:

Package Diagram

ERD Diagram

Class Diagram

  

References

Carstensen, A.-K., & Bernhard, J. (2018). Design science research – a powerful tool for improving methods in Engineering Education Research. European Journal of Engineering Education, 44(1–2), 85–102. https://doi.org/10.1080/03043797.2018.1498459

Parsons, D. (2020). Exploring the java libraries. Texts in Computer Science, 279–298. https://doi.org/10.1007/978-3-030-54518-5_11

Vasiliev. (2008). Setting up your working environment. Beginning Database-Driven Application Development in JavaTM EE, 3–25. https://doi.org/10.1007/978-1-4302-0964-5_1

Wielenga, G. (2015). Beginning netbeans IDE – for java developers. Springer-verlag Berlin And Hei.