Database Security Group Assignment Page 1 of 6

CT069-3-3 - Database Security Assignment

Case Study

You are required to design and develop a secure bus ticket reservation database
solution in Microsoft SQL to help APU Bus Services Pvt Ltd to manage their bus
transportation service in Klang Valley. The hourly bus service is provided from 6am
to 10 midnight to APU students to travel to/from Asia Pacific University from within
the Klang Valley. The reservation system facilitates enquiry, bookings, and
cancelation of tickets. Bus leaves at the top of the hour every hour for each route.
Table 1 provides the current routes. There may be new routes added or existing routes
removed.

Table 1: Bus Route Details

Route Departure Station Arrival Station

APU-Bukit Jalil APU Main Campus Bukit Jalil LRT Station
Bukit Jalil- APU Bukit Jalil LRT APU Main Campus
Station
APU-Serdang KTM APU Main Campus Serdang KTM Station
Serdang KTM- APU Serdang KTM Station APU Main Campus
APU-BTS APU Main Campus Bandar Tasek Selatan Bus
Terminal
BTS-APU Bandar Tasek Selatan APU Main Campus
Bus Terminal

Requirements
1. Checking: Students can check bus availability from the system which provides
details on seat availability, departure station, departure time, arrival station and
arrival time for each day up to 14 days in the future from the current date. There
will be only 2 busses allocated for each route every hour. Each bus travel time is
40 mins and rest time is 20 mins per route including refueling. The capacity of
each bus is 40 passengers.

DBS Asia Pacific University of Technology & Innovation April2022

Database Security Group Assignment Page 2 of 6

2. Booking: Student perform their bookings by providing details such as route, date,
and time. Bookings are accepted only if seats are available. Successful bookings
are provided with booking confirmation number. Booking confirmation number is
required to get into the bus. Unsuccessful bookings are rejected. However, a
student can try later to check if there are any empty slots and retry their bookings.
There is no limit to the number of retries.
3. Cancellation: Students can also check their bookings and perform cancellation at
any time.
4. Scheduling: Schedulers are responsible to add, remove or update the route details
and bus schedule as the situation warrants.
5. Administration: Database administrators are required to perform ad hoc backups
when required by the management.
6. Management: The bus company management staff can generate weekly or
monthly reports on the schedule, bookings, completed trips and cancellations.
7. Additional Security Requirements:
a. A student must not be able to access the tables directly and should not
know the tables and column names
b. A student must not be able to check other students’ bookings. He or she
must be able to see his or her own booking only and make cancellation for
their own future bookings only
c. All actions of all users must be logged
d. Scheduled and on demand backup and restores must be supported

Note: You are free to make any logical assumptions to make your solution complete.

DBS Asia Pacific University of Technology & Innovation April2022

Database Security Group Assignment Page 3 of 6

General Requirements:

In this assignment you are required to:

• Work in a group of 4 members. Provide workload matrix, providing details on
the distribution of work amongst group members. Each group member is
required to participate in all tasks / discussions together.
• Design, implement and document the solution based on the case study and any
assumptions that you made.
• Submit a written report through Moodle before/on due date and time given by
module lecturer.
• Solution demo/ presentation schedules shall be released by module lecturer.

Deliverables
A. Implementation (25%)
B. Report (35%)

Note: Wherever individual work is mentioned, each member’s contribution/work

must be unique / different from other group member.

Implementation – Interim Report (100 marks)

Due Date = 11 July 2022 at 12 noon

1. ERD, Data Dictionary and Relational Schema. (40 marks)

A relational database in 3NF implemented. The relational database must be based on
ER diagram which models the requirements given above and any assumption made in
the case study. All relevant attributes, relationships, cardinality, participation, primary
and foreign keys must be identified in the ERD and implemented in the database.
Create and populate all the tables with sample data. Each group member is required to
create minimum 1 DDL query to create tables and minimum 1 set of DML query to
populate the tables (different from other member of your group).
Break down:
• Group work – ERD, Relational Schema , Data Dictionary – 30 marks

DBS Asia Pacific University of Technology & Innovation April2022

Database Security Group Assignment Page 4 of 6

• Individual work – SQL queries – 10 marks

2. Authorisation in Server Level and Database Level (20 marks)

Design and implementation of authorization matrix for each role (Student, Scheduler,
DB Administrator, Management). Create the users, roles and authorization matrices.
Assign individual user to appropriate role based on the authorization matrix that is
produced. Each group member is required to create and implement 1 role and
corresponding authorization matrix for that role.
Break down:
• Group work – N/A
• Individual work – Authorization matrices – 20 marks

3. Logon Trigger (10 marks)

Implement Logon auditing. Create Logon trigger that captures (performs logging) all
user access. Each group member is required to implement minimum 1 Logon Trigger.
Break down:
• Group work – N/A
• Individual work – Logon Triggers - 10 marks

4. Historical Data Model (20 marks)

Implement an historical model to track all the modification happens that happens in
your database solution. Each group member is required to create minimum one DDL
trigger and minimum one DML trigger. As a group you should cover all aspects of
DDL such as create, alter, drop and DML such as insert, update, delete, select.
Break down:
• Group work – N/A
• Individual work – DDL and DML Triggers - 20 marks

5. Database Encryption (10 marks)

Implementation of encryption to protect your solution. Each group member is
required to configure/implement a type of encryption.
Break down:
• Group work – N/A

DBS Asia Pacific University of Technology & Innovation April2022

Database Security Group Assignment Page 5 of 6

• Individual work – Encryption - 10 marks

Report – Final Report (100 marks)

Due Date = 25 July 2022 at 12 noon

1. Database Auditing Model (20 marks)

Documentation of the auditing policy as implemented in the solutions for Logon
Trigger and Historical Data Model. Provide justifications for your approach and
solution. Auditing areas should include Database, Audited entities, People, Objectives
& Procedures.
Break down:
• Group work – Auditing policy – 20 marks
• Individual work – N/A

2. Password Policy (20 marks)

Documentation of effective password policy that can be implemented for your
solution. Provide justification for your strategy.
Break down:
• Group work – Password policy – 20 marks
• Individual work – N/A

3. Authorization Matrix (20 marks)

Documentation of the authorization matrix, users and roles implemented in the
solution. Include explanation of each of the user roles and what they are authorised to
do with sample users.
Break down:
• Group work – N/A
• Individual work – Authorization matrix – 20 marks

4. Backup and Restore Strategy (20 marks)

Documentation of effective backup and restore strategy that can be implemented for
your solution. Provide justification for your strategy.

DBS Asia Pacific University of Technology & Innovation April2022

Database Security Group Assignment Page 6 of 6

Break down:
• Group work – 20 marks
• Individual work – N/A

5. Problem Analysis and Understanding of Database Security (10 marks)

A maximum of 10 marks is allocated for your problem analysis and understanding of
database security.
Break down:
• Group work – 10 marks
• Individual work – N/A

6. Presentation of report / Demo (10 marks)

A maximum of 10 marks is allocated for your presentation and question-answering
skills.
Break down:
• Group work – N/A
• Individual work – 10 marks

DBS Asia Pacific University of Technology & Innovation April2022