KF7014 – Advanced Programming
&
KF7012 – Implementing Object Orientated Design
Dates and Mechanisms for Assessment Submission and Feedback
Date
of Handout to Students: 4th October 2020
|
Mechanism
for Handout to Students:
|
Date
and Time of Submission by Student: 2nd January 2020
(by 11:59 pm)
|
Mechanism
for Submission of Work by Student: ELP
- Turn-it-in
|
Date
by which Work, Feedback and Marks will be returned to Students: 4th February 2020 (20
working days)
|
Mechanism
for return of assignment work, feedback and marks to students: Email
|
Further Information
Learning Outcomes tested in this assessment (from the Module Descriptor):
Knowledge
& Understanding:
1.
Demonstrate
in-depth knowledge and understanding of current best practice in the design and
development of Object Orientated systems
Intellectual
/ Professional skills & abilities:
2.
Design
a system using advanced object orientated principles and methods, such as
Behavioural, Creational and Structural design patterns, ensuring a high level
of quality and data security.
3.
Implement
and test Object Orientated programmes using advanced techniques ensuring a high
level of quality and data security.
4.
Critically
evaluate the effectiveness of implemented Object Orientated applications
Personal
Values Attributes (Global
/ Cultural awareness, Ethics, Curiosity) (PVA):
5.
Demonstrate
a professional understanding of the importance of software quality in the
development of applications.
Assessment Criteria/Mark Scheme:
See Appendix
A for assessment criteria. Note that this work is worth 100% of the module and
that the marks total 100 marks.
Nature of the submission required:
Individual
work: The individual report should be a
single document, and it must be in PDF
format. You are required to upload this using Turn-it-in (ELP) as an
originality report is required. Your work must be uploaded no later than 2nd
January 2021. You should name this file so that it is clearly your individual
work and should contain your student ID
as part of the document name.
Group
work: A ZIP file should be created that contains your entire Visual Studio
project, including the test project. Justifications of choices made such as
patterns used and the data access layer need to be in a PDF document called
justifications. The document should be in the root of the folder, you also
need to supply a file which contains a list of all names and student ids of
the group members “group.txt”.
Each C# software component should have the names of the group members within
the comments at the top of the code. The ZIP file should also contain files for
your Design (Task 2) and Testing (Task 4) these should be in PDF format
and need to be legible (easy to read) it is your responsibility to check the
PDF files are legible.
Please
note that the compression format has to be zip, you must not use: ‘rar’, ‘7z’
or compression formats.
Late
work carries a penalty. Even if you are one minute late, the penalty has to be
applied. Please make sure you give yourselves plenty of time to upload the work.
Multiple submissions are possible.
It
is your responsibility to check that you have uploaded the file correctly to
the ELP. After uploading the file to the ELP, download the file and check that
the contents are what you expect.
Referencing Style:
Where you have
used words from someone else (quotations), they should be correctly quoted and
referenced in accordance to the Northumbria Harvard System. You will be
required to submit the report for the work via turn it in.
Cite them Right can be found here
Group work
The size of a group can be between two
and six students, no groups may be larger than six but may be less; you are expected to form
your own groups by the end of teaching week 4. One member of each group must
email the module tutor giving the names of the group members. Anyone without a
group at the beginning of week 6 will be assigned to a random group. In the
rare event that a group is not working well together it may be disbanded. The
module tutor will have final say when this occurs, It will only happen if there
is sufficient documented proof that one member is not contributing to the work,
in such eventualities it will be expected that each member does the remaining
work on an individually basis, Alternatively students may be able to join
another group who is willing to accept you and that there is still enough time
to make a sufficient contribution to the new group. In such cases the module
tutor must be notified.
Expected size of the submission:
Expected size of written work is stated
on the individual sections.
Academic Misconduct:
You
must adhere to the university regulations on academic misconduct. Formal
inquiry proceedings will be instigated if there is any suspicion of misconduct
or plagiarism in your work. Refer to the University’s regulations on assessment
if you are unclear as to the meaning of these terms. The latest copy is
available on the university website. Quote or paraphrase other work with
caution. Please discuss with the module tutor if you are unsure what is
expected.
Handbook
of Student Regulation can be found here
Fair use of code from the internet:
You
are not permitted to use templates from the internet; any group which uses a
template to create the architectural foundation of their work will be formally
investigated for academic misconduct, all the work must be your own.
Small
amounts of code can be taken and modified from the internet however all occurrences
must be clearly indicated in the comments section at the top of each class. You
must including in the comments section a reference to the original source.
Methods and properties should also be marked as “copied from: URL” or “biased
on: URL” if they have originated from an external source.
Monitoring of assessment progress:
You
are required to use github as a repository for your assessment. Your progress
on the assessment will be monitored it is important that the group work is
started early, groups which have not made sufficient progress can expect emails,
you will be required to give the module tutor access to the github project at
the commencement of the technical part of the assessment.
Reflective writing:
Tasks
5 and 6 are reflective writings; although many of you are aware of what
reflective writing is. Past evidence indicates that some students do not
understand what is required. It is not about ‘book work’ where your answer is
basing on external sources, although you should use some academic papers to
support your arguments. These questions are about what you and your group have done and what you have learned from the process. You are required to indentify positives
and weaknesses in the group work. Use
the theory covered in the module to effectively aid you in this reflective
evaluation of your work. The reflective commentary should be critical; you
should identify what when wrong and demonstrate you have learned from the
process.
Extensions and Illness:
Please
make sure that all group items are held in a central repository so that it does
not rely on a single individual. If someone in your group is ill then you must
all discuss the possibility for extensions with Ask4Help. Module tutors and
Course leaders cannot grant extension, you must go to Ask4Help.
Individual and Group components
Each task clearly states if the task is individual or group work.
Submission of individual work will be at the same time as group work however
these will be separate submission.
Peer Assessment and Group Diary
In order to complete the group work you
will need to work with other students. It is important that you evenly
distribute the work between yourselves and work effectively with each other. You are required to keep a diary so that you
log and minute all communication and meetings. The diary will be required as
part of the evidence in the portfolio. Given the current situation regarding
covid-19 you will be required to hold group meetings using software such as
zoom or teams.
You must also supply one peer-assessment form for each group member. This will need to be agreed and signed by each
group member. Social distancing will complicate the process. It is expected
that with the individual work each member supplies a copy of all the peer
assessments, and that everyone submits the same values on these documents. This
will be sufficient to acknowledge you agree with the marks for each member
including your own.
If the diary and/or individual peer
assessment forms are missing then the group part of this assignment, will be
capped at 50%. Based on the peer assessment form you will be able to calculate
a score of between 3 and 8 which measures your peers views of the quality of
your team work in this task. We reserve the right to consult with you and
potentially change the weightings (and in extreme cases marks) when this is
felt necessary. We will not do this before the assignment is handed in. On the
form each student’s performance in the team is graded by a number of criteria.
Each criterion will be given a score of between 3 and 8. Once all the 9
criteria have been graded the average score across the criteria for the student
will be determined. This is called Team Work Score, which will be between 3 and
8. Calculate this by adding up the score for each of the nine criteria and then
dividing by nine. Once the peer assessment forms have been completed for all
members of the group it is possible to determine the group average. This is
calculated by adding up the Team Work Scores for all the group members and
dividing the total by the number of group members. A weighting can then be
calculated by dividing the students Team Work Score by the group average. The
weighting applies to only the group component of the assessment. A student’s
mark will be determined by multiplying the group mark by the weighting. This
will be calculated to the nearest whole number
See ELP Document “Example_Peer_Assessment_Form”
Assessment Scenario
Case
Study: Quick Fix Dental Practice
Technology requirements
Application must be built using Visual Studio 2019 or
Visual Studio 2017, professional or enterprise. The community edition is not
suitable for this work, as it will not work with Entity Framework.
You must use the database built into visual studio as
your data store, you should not use any other database.
The GUI must be built using windows forms
(winForms). ASP or other presentational technologies are not permitted.
Patterns must be present in the technical solution,
for example the presentational layer should use MVP. You are also required to
use Entity Framework and LINQ.
Background
Radiant Smile Dental practice requires you to build a windows
application to support dental practice. The dental practice only deals with NHS
patients however it does offer a number of treatments not covered by the
standard NHS services such: teeth whiting, dental implants.
Patients
When a patient is
registered their details such as date of birth, name, address, email are
captured and stored by the system. A medical questionnaire is given during the
registration process. The questionnaire captures information regarding any
medical conditions which may affect the treatment and any allergies the patient
may have such as to latex or antibiotics.
When a patient visits the
dental surgery a check is done to see when they last updated their medical
history. If this was more than a year ago the system will prompt the reception
staff to ask if they has been any changes to their medical history. If there
has they will be required to fill in a new medical questionnaire.
All patients
must provide the name and address of their GP practice. It is likely that many
of the patients in the dental practice will be register to a small number of
local GP practices.
NHS patients
may be entitled to free treatment or they may pay a fixed free given the dental
work undertaken. More detailed
information can be found at https://www.nhs.uk/using-the-nhs/nhs-services/dentists/understanding-nhs-dental-charges/
All
treatments private / NHS should be easily maintained by the practice staff.
This may be the change of pricing in line with changes to the NHS fees. It
could also include new private services or accommodate a change in price due to
a special offer.
Checkups (15 minute appointment)
Checkups can be booked in one of three ways
·
When a patient comes to the end
of a treatment plan of has had a check-up which requires no work they are
offered an opportunity to book a six month check-up.
·
When they first register with
the practice.
·
If they telephone in and ask
for a check-up, a check is made to make sure they have not already had a check
up within the last four months.
In the case of new patient or coming to the
end of the treatment plan, the system must prompt the reception staff to ask
the patient to make an appointment.
The system should identify any patients who
have not visited the dental practice in the past six months and have no future
appointments books. The system will produce a reminder letter which will be
mailed out to the patient asking them to make an appointment. They will be
contacted again is six months if they have not made an appointment and has not
visited the dental practice.
Any patient who has not made contact with
the dental practice for a two year period will be removed from the list of
active patients.
Emergency Appointments
A practice holds 2 hours non advance appointments
each day; these are for dental emergencies and are allocated on a first come
first served basis.
Recording a treatment plan
A person will have 32 adult teeth, and when
they are younger 20 baby teeth. During someone’s life the state of the teeth
may change: all the way from a filling to an extraction.
The system should only record information
only about a ‘treatment plan’ the work identified as needing to be carried out
following an examination.
The dentist will fill out a visual
representation on a pre-printed view of the teeth so that the patient is aware
of what is going to be done. This visual representation is not recorded by the
system instead the dentist makes professional medical notes. These medical
notes will be short multi line text documents which are written in such as way that
any trained dentist will understand.
Treatment plan consent and payments
Many NHS patients will pay a fixed free for
the detail service which is split into three bands. Some patients are entitled
to free treatment, depending on their individual circumstances. In both cases
the patient signed a standard NHS form consent/treatment form, these are scanned
and a copy is held on the system.
In the event of an emergency appointment
this may be done immediately after the treatment is carried out.
Appointment Reminders
The practice has suffered from many missed
appointments, patients forget about appointments which are often set weeks or
months in advance. In order to try and solve this problem SMS text message is
sent to the patient five working days before the appointment, and another is
send the day prior to the appointment.
It is also policy to phone parents who have
long appointments. Some dental work may require 40 or more minutes to complete.
Patients who have long appointments are contacted by phoned by a member of the
reception team to double check that they will be attending. This normally takes
place two working days before the appointment.
A third party service is used to contact
patients via SMS text messages. The system should provide the following text
document which will be sent to the service. The text document contains a list of
the reminders to the sent that day; it has the mobile phone number and the
day/time of the appointment. This should be in the form of a comer delimited
file.
The system will also produce the list of
phone numbers, names and appointment details for all those who have a long
appointment in three working days time. This will be processed by the reception
staff during quiet periods. Reception staff should be able to mark those who
have been successfully contacted, those who have not been contacted by the end
of the day will appear on the following day’s list. No further attempts will be
made if they are not contacted on the second consecutive day.
The practice operates a policy
deregistering anyone who has missed three appointments within a rolling five
year period, this will only happen when their current treatment plan has ended.
There are exceptions such as any patient who has a memory problem or if anyone
has missed an appointment due to illness or bereavement, even events such as a
traffic is seen as an acceptable reason for missing an appointment. A
clarification for any missed appointment will be sort on the next interaction
with the reception staff. Your system must prompt the staff to ask and then
record if it allowable or not. In the event of a non-allowable reason the
system must check if there has been two more within the past three years. If
so, the patients’ record will be marked as one to deregister. If not them a
record is made of the missed appointment.
Staff
Staff have the ability to request flexible working so it is
possible that some staff may work less than five days a week. Or that they only
work the hours between 10am and 2pm. The practice diary which contains all the
staff and appointments is held six months in advance.
Staff can also request holiday. It is normal that there will be
appointments which have already been made for the period of the holiday. In
these cases reception staff will be able to identify and contact the patients
so that they can rearrange the appointment.
Staff sickness. Staff may
become ill and be unable to work for a period of time. If a member of staff
becomes ill then it may be possible to move some of the appointments for a day
to other dentists and also use half of the allocation of emergency appointments.
The system should be able to identify from the treatment plan and
type of appointment which patients should be dealt with as soon as possible and
which can be moved a new appointment in the future. Patients undergoing root canal
work or crows are priorities and an attempt is made to fit them into current
weeks work, checkups are seen as lest priority and are rescheduled last. Contact
information is listed for all the affected patients. The receptionist calls
each one in the list which has been prioritised. They explain the situation and
work with the patient to choose an alternative day and time.
Task 1
Research Question (Individual Work) 30
marks
This task is an individual task and covers the following
learning outcome.
1.
Demonstrate
in depth knowledge and understanding of current best practice in the design and
development of Object Orientated systems
Question
for section one and two
“Most
systems require user authentication, identify the technical approach you would
use to storing the password information so that a user was able to authenticate
themselves at a later date. You discuss a range of approaches and any
weaknesses with the indentified approaches.”
The research is split into three sections,
Section one
The initial part you will be limited in your
usage to a single source of information, namely “stack overflow”. This initial
investigation should take approximately 1 hour to complete. And will be undertaken
during the lab session. See Appendix B for information regarding how to capture
the information. If you miss the lab you can still do the exercise and forward the
information to the module tutor for analysis.
(5
marks)
Section two
This second part answers the same question however
it should be only done after the lecture on security. You must document the
work in the same way as you did for section one, using the layout from Appendix
B. Part one documented finding information on stack overflow in this section. You also need to write a short
summary identifying the technical measures you would take and give a reference
to any code examples which you would use as a basis for implementing the
solution.
(5
marks)
Word
Limit 300
Section
three
Identify possible technical solutions to
security protecting information in the properties of a class prior to it being
persisted on a database. Additionally
you should consider and outline any implications any of the possible solutions
may have on the winder functionality or performance the application.
(20
marks)
Word
Limit 1500
References
from good-quality, relevant literature must be used in order to strengthen any
points that you raise in your discussion. This only relates to sections two and
three of this question.
Task 2 UML Designs and OOP considerations (Group
work) 10 marks
This task assesses the learning outcome.
Design a system
using advanced object orientated principles and methods, such as Behavioural,
Creational and Structural design patterns, ensuring a high level of quality and
data security.
Produce an implementable class diagram for
the system you are developing, this should show your final design of the
software components and clearly show architectural patterns used in the
development of the system. It should not be post implementation diagram
created by visual studio. You are expected to use Design Patterns in the
creation of you product, and you are also expected to show layering of the
application, patterns should be considered in each of the layers for example
you are expected to use a presentational Patten in the interface layer. This
work should only include the requirements which you are expecting to implement
during the time-box.
(5
marks)
You must provide a justification for any of
the patterns you have chosen to implement. Outlining reasons why the choices
have been made. You should also include any patterns which you believe could be
beneficial to the software architecture, but which you decided not implement. A
rational for their exclusion should be given. (5
marks)
Word
Limit 300
Task
3 Implementing the technical Solution (Group work) 20 marks
In this task the following learning outcome
is assessed.
Implement and test Object Orientated programmes using
advanced techniques ensuring a high level of quality and data security.
You are not expected to try and implement
the entire system. Agile methods require a subset of requirements to be taken
into a time-box for development. You can apply MoSCoW to list of requirement,
this will help you decide on what requirements you plan to implement. However
you are expected to pick requirements which work together so that you can
demonstrate a working subsection of the entire system, you should use vertical
development.
You are expected to develop the application
using the standard three layer model and the domain and presentation layer
should contain some of the patterns covered in the module.
Entity Framework must be used to persist
the objects. It is your choice on how you use the technology. It is recommended
not to use Database first as this will have architectural consequences to your
system.
The system must be implemented using
Visual Studio 2017 or 2019 and be written in C#. As stated earlier only windows
forms may be used and the application must use the inbuilt database.
You may include instructions as to use which would include any valid logon
details or user details that you have created.
The
code is marked on the following aspects:
Scope technical implementation (5 marks)
Quality of the solution, including
architecture patterns used. (13 marks)
Task
4 Testing (Group work) 10
marks
In this task the following learning outcome
is assessed.
1.
Demonstrate
a professional understanding of the importance of software quality in the
development of applications.
It is expected that there is sufficient
level of unit level testing within the layers of the application. It is
important that each class and method has an associated testing component. You
should also carry out some testing at system level making sure that the system
performs the needed system functionality. You should use both positive and
negative testing.
Visual Studio provides an inbuilt testing framework, you are expected to
automate as many of the tests as possible using the inbuilt unit testing
framework. If you have used dependency
injection/mock objects to isolate classes you should make this clear in your testing
strategy.
All tests must also be documented in a test
plan, it is not enough to just have test project, it must documented in a plan.
Task
5 Evaluation of the development process (Individual Work)
15
marks
In this task the following learning outcome
is assessed.
1.
Critically
evaluate the effectiveness of implemented Object Orientated applications
2.
Demonstrate
a professional understanding of the importance of software quality in the
development of applications.
Many iterative methodologies
incorporate an evaluation step at the end of each development time-box. The purpose is to reflectively evaluate the
development increment so that lessons can be learned, and improve the
development process in future increments.
In this section you are required to critically evaluate development
process and the tools used.
·
Critically evaluate the
approach your team used in selecting what requirements in implement in the
development time box, you should consider the logical grouping of the
functionality and if you choose to many or two few requirements to implement.
·
Teamwork, you need to critically
evaluative how you’re team worked together in producing the technical solution.
How you self organised yourselves. If
any problems occurred they should be listed as well as any attempt to reach a
resolution.
·
Tool evaluation: Critically
Evaluate: the development environment, database chosen and the use of testing
tools in the development of the system.
Approximately
700 words
Task
6 Evaluation of the technical solution (Individual Work)
15 marks
In this task the following learning outcome
is assessed.
1.
Critically
evaluate the effectiveness of implemented Object Orientated applications
Critically evaluate the Design and
Implementation in relation to the object orientated principles covered in the module.
You must consider the patterns you have used and discuss if they were effective
and also identify any patterns you have not implemented but believe to be
relevant.
Discuss the choice of Data Access
implementation. Was Entity Framework directly used or did you impose your own
unit of work and repository patterns. You need to justify and reflect on the
choice you made.
Critically evaluate your application in
terms of security. You do not need to discuss password security which you
covered in the research question. However you should focus on the security
needs of the application from the data perspective. You should use what you
discovered from task one section three in order to give some specific
recommendation related to this application.
Word limit: 1000.
APPENDIX A
Marking criteria
Task 1
section one Research Question (Individual Work) 5
marks
Grade |
Criteria |
5 |
Excellent filtering of the URL, may show a narrowing down
quickly to the more suitable answer |
4 |
Very good range of URLs. |
3 |
A good range of material covered from stack overview but
it limited in the number/range of URLs covered |
2 |
Poor range of stack overflow URls or ones which are not
from stack overflow |
1 |
Weak research showing little reading and selection. |
0 |
missing |
Task 1
section two Research Question (Individual Work) 5
marks
Grade |
Criteria |
5 |
An outstanding selection of the correct technology needed
to protect passwords, with implementation example from an external source.
External source should give a detailed description and be from a reputable
known source. |
4 |
Answer is correct however the implementation or source may
ether lay lack detail or be from a less well reliable source. |
3 |
Answer has a reasonable choice but may not be the most
optimal. |
2 |
Answer has chosen a poor choice one which may exhibit
security issues or may be missing an implementation. |
1 |
Weak work: poor choice and missing elements. |
0 |
Missing. |
Task 1
section three Research Question (Individual Work) 20
marks
The criteria used for
marking will include:
-
The quality and scope of the literature
survey.
-
The principle arguments and conclusions of
the work undertaken.
Grade |
Criteria |
90-100 % |
Demonstration of an Exceptional answer to the question,
work contains sufficient high quality sources of information which are
correctly referenced in the Harvard style. Work should contain no unsupported
statements. Answer is near perfect with a detailed and balanced argument and
an exceptional conclusion. |
70-89 % |
Demonstration of an outstanding answer to the question,
work contains no major flaws with only major issues with unsupported
statements. High quality sources of information which is correctly referenced
in the Harvard style. The answer should be detailed and concise, work should
reflect a balanced and objective approach and with an outstanding conclusion. |
60 -69 % |
Demonstration of a very good answer to the question,
majority of the important statements should be supported with references to
high quality academic sources. The answer should be detailed and concise, and
balanced there may be some of the important points omitted due to lack of
scope. |
50 - 59 |
Satisfactory work exhibits a fair understanding of
principles underpinning the questions but it is lacking one some depth, such
as exhibiting poor referencing or a lack of reading. Work may show some
omissions and may not fully address the questions.. |
40 – 49 |
Weak Unsatisfactory answer which is not balanced lacking
any true depth and shows little in the way of reading. There may be some
attempt to answer the question but it may contain flaws and significant omissions. |
0 – 39 |
Work is incomplete and/or irrelevant. Work may sure
significant sections which are highly derived. |
Task 2 UML Designs and OOP considerations (Group work) 10 marks
Implementable Class Diagram showing patterns and layers 5 marks
Justification of the patterns used or their absence 5 marks
Grade |
Criteria |
80-100 % |
Outstanding or exception diagram which clearly shows the
system layers and the patterns used in the system. Narrative clearly explains
the use of patterns and the reasons for the adoption or omission from the
work. |
60-79% |
Work is of good or very good quality. Diagram is clear
however it lacks depth in the range of patterns chosen and/or considered. The
rational for inclusion of omission has some minor weaknesses |
50-59% |
Diagrams contain flaws which would affect the
implementation. Patterns may not be well
considered and the narrative explaining the rational lacks depth. The
application layers are not clearly defined. |
0-49 % |
Diagrams are incomplete or non-implementable and or the
consideration of pattern is either missing or is poor. |
Task 3
Implementing the technical Solution (Group work) 20 marks
The criteria used for
marking will include:
-
scope Quality of technical
implementation 15/20
-
Justification and
implementation of data access layer 5/20
Grade |
Criteria |
80-100 % |
A reasonable set of requirements are implemented given the
time frame. Importantly the scope of
requirements should not be at the cost to the quality. The system demonstrates excellent or outstanding engineering
principles such as the use of patterns in the all three layers of the
application. Presentation layer should use a pattern to separate
responsibilities or presentation and control.
|
70-79 % |
Work is good or very good, the scope or the requirement
may be limited but the engineering excellent. Or the scope may be high with a
reduction in the level of the engineering principles applied. However the
work overall is still very competent and has few problems such as a lack of
patterns. |
50-69% |
Quality of the application and/or the engineering has
problems such as failure to consider patterns in the presentation layer. Code
may suffer from problems with the way the engineering principles have been
applied. |
0-49 % |
Scope of the application is poor, significant issues with
the engineering principles which are being applied. There is little
consideration of the implementation of patterns. |
Task 4
Testing (Group work) 10 marks
The criteria used for
marking will include:
-
Test plan based on user requirements both
negative and positive testing's
-
Tool based unit testing also with test plan.
Grade |
Criteria |
80-100 % |
Outstanding or Excellent Testing. Use of dependency
injection and mocks where needed, positive and negative in nature. Tests must
be at a unit and systems level, and be fully documented and unit level should
be fully implemented in Visual Studio in built test suite. |
60-79% |
Very good testing, covering a good range unit tests
however it may lack some testing or many lack some negative testing. |
50-59% |
Scope of the testing is incomplete this may be due to poor
choices of presentation pattern or a lack of scope in the tests chosen.
Documentation is poor regarding test.
|
0-49 % |
Testing in incomplete or missing. |
Task 6
Evaluation of the development process (Individual
Work) 15
marks
Required
items to evaluate
·
Critically evaluate selecting
requirement.
·
Teamwork
·
Tool evaluation
Grade |
Criteria |
80-100 % |
Outstanding or exceptional evaluation. Well balanced
critical evaluation covering all three aspects. Work should identify problems
and where applicable this may require quotes from the literature to back up
the students statements. Clear
evidence that the student has understood weaknesses and has learn from them. |
60-79% |
Good or Very good evaluation however it may lack some
degree of balance or critical evaluation in some areas or maybe not as strong
one of the three aspects required. |
50-59 % |
Critical evaluation is lacking in depth. May contain some
degree or inaccuracy or misconception.
|
0 – 49 % |
Missing key elements. Irrelevant material or poor non
critical reflection of the work. |
Task 7
Evaluation of the technical solution (Individual
Work) 15 marks
Required
items to evaluate
Design
and Implementation in relation OO (patterns and principles).
Grade |
Criteria |
80-100 % |
Overall an excellent evaluation of the technical solution,
Identification and reflection of the weaknesses, as well and the
achievements. This must include the OO considerations such where patterns
were used to good effect or missing or incorrectly used. Security must be
discussed including what needs to be protected via encryption this must not
be ‘book work’ but directly related to the implementation. |
70-79% |
Good or very good. Weaknesses should be identified however
there may be some degree of limited scope in the identification of what
patterns could have been applied or some degree or lack of depth relating to
the problems of applying cryptography to the system. |
50-19 |
Satisfactory evaluation lacks some important items or
lacks depth especially in offering alternatives or identification of
weaknesses. Security evaluation has weaknesses in scope or type of security
being recommended is limited in the understanding of the effect it will have
on the application. |
0-49 % |
Evaluation missing key elements and/or alternatives. The
work lacks depth and/or lacks critical evaluation. |
APPENDIX B
Capturing use of
Research
in to the use of Stack overflow for security
Purpose
This task forms part of your assessment, the data which you capture
will also be used to write a research paper. The use of the
data for research purposes is purely voluntary. You will be asked to complete a
consent form and will have until the start of semester 2 to withdraw your
consent. You may also withdraw or not permit the use of the data you capture to
be used in the research, you will not have to giving any reason and doing so
will not have any consciences for yourself.
This exercise should not take more than an hour to complete and it will
be undertaken in the lab during before week 11. There are four tasks in total,
they need to be done in sequence and once completed they should not be amended
based on the subsequent tasks. It is also vital that tasks 1 to 3 take place
before week 11 lecture, and that task 4 be completed after week 11 lecture.
Details on how to submit the work will be given later, however it will be
collected in prior to the end of semester. You should also submit the work as
part of the assessment.
You will be asked to conduct some research on Stack Overflow (not other websites), the nature of the research is
specifically related to the way passwords are stored for authentication
purposes. This is a very well known area
of security and most developers will have had some exposure to creating a
secure logon. The research should not encompass the following; TLS/SSL
or password strength criteria. It should
only be concerned with the way the password will be processed prior to being
stored on a database for the purposes of user authentication. This is often
described as a ‘cryptographic transformation’, i.e. transforming it from an
insecure string into a secure binary format.
The current best practice will be discussed in week 11 therefore it is
vitally important that first part of the investigation is done prior to this
lecture otherwise it will contaminate the results of this study, and render the
results useless. Equally it is important that the last task is done after the
security lecture of week 11.
The main purpose of this research is to evaluate the effectiveness of stack overflow in providing a solution
to a common security problem, and how prior knowledge affects the effectiveness
of searching and finding an appropriate solution. It is therefore important
that you capture your usage of Stack Overflow during the investigation.
Your job is to find the most appropriate technical solution for the
problem of password storage. I will ask you to record the pages you look at on stack overflow (URL) along with
information about the usage of the page: (percentage read, whether you fully
read the page or skim read the page, and weather you found the page useful and
relevant).
The Problem.
Single factor authentication relies heavily on the use of passwords to
authenticate users. Although other authentication techniques do exist single
factor password authentication is the mainstay of the e-commerce and commercial
arena. As previously stated you are not asked to look at the security of the
connection between the client and the server(TLS/SSL) and you are not being
asked to look at policy such as frequency of password change or criteria for
password strength. You are however, being
asked to identify the technical solution for the transformation from a clear
plain text string into the binary format which will be stored on the database.
There are various ‘cryptographic’ transformations that can be used, some are
keyed, some are none keyed, and some are reversible while others are not. The purpose is for you to choose the most
appropriate cryptographic transformation.
The following is a list of tasks you have been asked to complete.
Please note some information will be used about your prior experience however
no information regarding your name or student ID will be stored. The
information is relatively generic and therefore is anonymous in nature.
·
Task A ) Captures information about
your background as a developer. Including any industrial experience you have
gained.
·
Task B ) Captures any prior
knowledge and/or preconceptions you may have regarding password security.
·
Task c) Before the lecture on security. Investigate the problem, capturing
information about the pages you look at and proposed solution based on
investigation.
·
Task d) After the lecture on security. If you believe you have already
chosen an optimal solution you need to write in the section (OPTIMAL SOLUTION
ALREADY FOUND) else use stack overflow again and repeat the activity of
undertaken in task C.
Part A) Your Background
1)
Where
were did you study for your undergraduate Computer Science degree?
A- Obtained
in UK.
B- Obtained
outside of the UK.
C- Obtained
at Northumbria University.
Delete those which are not appropriate.
2)
Industrial
Experience
Did you do a placement year
as part of your degree?
YES NO (delete the one which is not appropriate)
How many years industrial
experience do you have (including a placement year)?
Full time years : Enter 0 if none.
Part time years : Enter 0 if none.
Please use real numbers
not integers.
Part B)
Pre-existing knowledge of password security may improve your ability to
search and sort for a solution on stack overflow. Therefore, it is important
that you state any prior knowledge/preconceptions you have regarding the
transformation a string password should go through prior to being saved on a
database.
For example, I
believe that the password should go through a ……….….. prior to being saved in
the database. OR I really have no idea what should be done.
|
Part C)
Task
The problem, passwords are a necessary part of user authentication
although other mechanism to exist they are typically not viable for most
computer systems and web application. There are a number of different technical
solutions to storing password information for the purposes of user
authentication. Your task will be to
find which one you believe to be an optimal technical solution, you do not need
to code this but you do need to indicate which techniques would be used to
store the password securely. The resource you need to use for this task is the
popular developer site Stack Overflow. For each page you look at, you need to
record the URL and the following information. I expect that there will be a
number of pages you will look at before you decide on a solution. Please place
them in chronological order of when you viewed then. Starting with the first
page at the beginning, add then in chronological order with the final URL and
the end. In case of missing URL or out
of sequence documentation of the process, please open your browser history and
cut-and-paste the section related to stack overflow at the end of this section.
Search Term Used followed by the URLs read under that search term
Way page was read
A-
Skim read the page and did not read
anything in detail
B-
Skim read the page and read some
sections in detail
C-
Read more than half of the page in
detail
D-
Read the entire page in detail
Usefulness of page (at the time of reading)
A-
Page was very useful
B-
Page was moderately useful
C-
Page was only partly useful
D-
Page was not useful.
Subjective conclusions of the page
A-
Trusted the content and opinions on the page
B-
Trusted some of the content and
opinions on the page
C-
Trusted few of the content and
opinions on the page
D-
Trusted none of the content and
opinions on the page.
Please give a few words to explain your subjective judgment of the
page.
The following is an example.
Page URL |
https://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords |
The way page was read
|
A |
Usefulness of page |
D |
Subjective conclusions of the page
|
B |
Comments on the subjective score |
The page was only of passing interest and not really
relevant to the question. |
Please copy the following template for each page you look at.
Page URL |
|
The way page was read
|
|
Usefulness of page |
|
Subjective conclusions of the page
|
|
Comments on the subjective score |
|
Task
C outcome
From your research above please detail the cryptographic transformation
you believe is needed prior to storing the password in the database. You should
pick one you would use if developing this functionality for a real client. If the transformation requires parameters
state the parameters required. You do
not have to give code example only information about the cryptographic
transformation you would choose and a short sentence or two on why you think
this is the best choice.
|
Which of the URL was most useful in finding this solution?
|
Task D
This task should be completed after week 11 lecture on cryptography and
security.
Having had the lecture, have you already found the optional solution
from Task C?
Please delete as appropriate: YES
NO
If you have answered NO then please conduct the same activity as in
Task C and find the solution you would use on Stack Overflow.
Search Term Used followed by the URls read under that search term
Way page was read
E-
Skim read the page and did not read
anything in detail
F-
Skim read the page and read some
sections in detail
G-
Read more than half of the page in
detail
H-
Read the entire page in detail
Usefulness of page (at the time of reading)
E-
Page was very useful
F-
Page was moderately useful
G-
Page was only partly useful
H- Page
was not useful.
Subjective conclusions of the page
E-
Trusted the content and opinions on the page
F-
Trusted some of the content and
opinions on the page
G-
Trusted few of the content and
opinions on the page
H- Trusted
none of the content and opinions on the page.
Please copy the following template for each page you look at.
Page URL |
|
The way page was read
|
|
Usefulness of page |
|
Subjective conclusions of the page
|
|
Comments on the subjective score |
|
Task D outcome
Please detail the cryptographic transformation you would pick for the
development of a real commercial based system. You need to outline the
|
Which of the URL was most useful in finding this solution?
|
Consent form
Project title: Evaluation of the effectiveness of
pre-existing knowledge in the
|
Agreement to
participate
I,
|
agree to take part in this
research project.
- I have had the purposes of the research
project explained to me.
- I have been informed that I may refuse to
participate or withdraw my consent simply saying so and without giving a
reason, and without prejudice.
- I have
been informed that I have until 1st of February 2020 to
withdraw my consent. As this is the date the data will be consolidated and
anatomized.
- Participation
is voluntary and participation or none participation will have no effect
on the module outcomes.
- I have been assured that my confidentiality
will be protected as only anonymous data is being captured and presented
in the final work.
- I agree that the information that I provide
can be used for educational or research purposes, including publication.
- I understand that if I have any concerns or
difficulties I can contact Mark Hurrell at the Northumbria
University (Mark.Hurrell@Northumbria.ac.uk).
- I
assign the copyright for my contribution to the researcher for use in
education, research and publication.
Signed:
|
|
0 comments:
Post a Comment