A HOLISTIC ONLINE RESULT PROCESSING: USING ROLE-BASED ACCESS CONTROL

Authors: Olabisi Matemilayo Dada, Femi Samson Oyedepo, Kolawole Abubakar Sadiq & Sikiru Suliman

ABSTRACT

The security surrounding Result Processing in an online environment necessitates swift intervention, given the rapidly evolving technology that is now crucial for both students and Staff, as thoroughly examined in this work. Access Control presents serious security risks that require careful attention. Despite numerous researchers discussing various measures to address the overall system, the findings highlight the importance of prioritising data security, integrity, and user experience to uphold academic confidentiality in a digital world. With the transformation in the digital world, educational institutions should endeavour to manage student records effectively while maintaining data security. This work examined the security and safety of student results and transcripts in an online environment. An Agile methodology was employed, which supports Iterative development and flexibility, allowing for constant feedback and quick adjustments to requirements. This approach ensures data integrity, confidentiality, and accessibility. The system is designed to simplify the management of academic records. It has a well-defined interface for administrators, Exam Officers, the Academic Planning Unit, and students, with role-based access control, to ensure a holistic online result processing system that secures authentication and data encryption for non-illegal access and data breaches, which are essential in good system development. This work covers the system’s design, implementation, and holistic data security and operational efficiency. The systems that were successfully implemented also indicate that they can be used to meet the needs of educational institutions that are willing to improve their result-processing procedures.

Keywords: holistic, result processing, transcript, authentication, agile software development methodology.

REFERENCES

  • Abah, J. A., Honmane, O., Age, T. J., and Ogbule, S. O. (2022). Design of Single-User-Mode Computer-Based Examination System for Senior Secondary Schools in Onitsha North Local Government Area of Anambra State, Nigeria. VillageMath Educational Review (VER), 3(1).
  • Akputu, O. K., Attai, K. F., Usoro, A., & Abiodun, A. O. (2020). Policy-Driven Academic Result Computation and   Transcription: Ritman University Case. Policy, 9(1).
  • Bian, G.; Zhang, F.; Li, R.; Shao, B. (2022). Certificateless Remote Data Integrity Auditing with Access Control of Sensitive Information in Cloud Storage. Electronics 2022, 11, 3116. https://doi.org/10.3390/ electronics11193116
  • DADA O. M., ADEDOTUN K. J., OYEDEPO F. S. & RAJI A. K.  (2024). Leveraging Role-Based Access Control for Secure and Efficient Result Processing in Academic Environments. (JESTP); Journal of Educational Studies, Trends & Practice October, 2024 www.ssaapublications.com S
  • Dada O. M., Raji A. K., Oyedepo F. S., Yusuf I. T. & Saka T. O (2017). Design and Implementation of an Integrated Result Processing System in a Networked Environment. Published in Biomedical Statistics and Informatics, September 2017; Vol.  2 No. 5, 131–137. Available at http://www.sciencepublishinggroup.com/j/bsi.
  • Damasevicius, R., Maskeliunas, R., & Leon, M. (2019). Development of an Online Clearance System for an Educational Institution. In Applied Informatics: Second International Conference, ICAI 2019 (p. 327).
  • Daniel. S, and Sylvia L. O. (2017). Current Research and Open Problems in Attribute-Based Access Control ACM Comput. Surv. 49, 4 (2017), 65.
  • David F. D., Richard K., and Ramaswamy C. (2003). Role-based Access Control. Artech House.
  • Dranger, S, Sloan, R. H, & Solworth, J. A. (2006). The complexity of discretionary access control. In Proceedings of the International Workshop on Security. Springer, 405–420.
  • Edison, H., Wang, X., & Conboy, K. (2021). Comparing methods for large-scale agile software development: A systematic literature review. IEEE Transactions on Software Engineering, 48(8), 2709–2731.
  • Ekanem, A. J., Ozuomba, S., & Jimoh, A. J. (2017). Development of Students’ Result Management System: A case study of the University of Uyo. Mathematical and Software Engineering, 3(1), 26–42.
  • Ferraiolo, D., Chandramouli, R., Kuhn, R. & Hu, V. (2016). “Extensible access control markup language (XACML) and next generation access control (NGAC)”, in Proceedings of the 2016 ACM International Workshop on Attribute-Based Access Control, pp. 13–24.
  • Klaedtke F, Ghassan O, Roberto B, & Heng C. (2014). Access control for SDN controllers. In Proceedings of the 3rd Workshop on Hot Topics in Software Defined Networking. 219–220.
  • Hu V.C., Kuhn R.D., Ferraiolo D.F., and Voas J. (2015). Attribute-based access control. Computer 48, 2 (2015), 85–88.
  • Indrakshi R, and Mahendra K.(2006). Toward an allocation-based mandatory access control model.Comput.Secure. 25, 1 (2006), 36–44
  • Indrakshi Ray and Mahendra
  • Kumar. (2006). Towards a location-based mandatory access control model.Comput.Secure. 25, 1 (2006), 36–
  • John M. (1985). A comment on the “basic security theorem” of Bell and LaPadula. Inform. Process. Lett. 20, 2 (1985), 67–70.
  • Klaedtke F, Ghassan O, Roberto B, & Heng C. (2014). Access control for SDN controllers. In Proceedings of the 3rd Workshop on Hot Topics in Software Defined Networking. 219–220.
  • Megouache..L, Zitouni. A., Djoudi, M. (2020). Ensuring user authentication and data integrity in a multi-cloud environment. Human-centric Computing and Information Sciences, 2020, 10 (1), 10.1186/s13673-020-00224-y. HAL-03125583 HAL Id: hal-03125583 https://hal.science/hal-03125583v1 Submitted on 29 Jan 2021
  • Mishra, A., & Alzoubi, Y. I. (2023). Structured software development versus agile software development: a comparative analysis. International Journal of System Assurance Engineering and Management, 14(4), 1504–1522.
  • Ninghui L., & Mahesh V. T. (2005). On safety in discretionary access control. In Proceedings of the IEEE Symposium on Security and Privacy (S&P’05). IEEE, 96–109.
  • Okikiola, M. A., & Samuel, F. (2016). Optimising the processing of results and generation of transcripts in Nigerian universities through the implementation of a friendly and reliable web platform. Imperial Journal of Interdisciplinary Research, 2, 12.
  • Olamide, O. O., & Joshua, A. O. (2012). Design and simulation of an SMS-driven microcontroller for home automation using the Proteus software. Journal of Computer Science Department. University of Lagos.
  • Onibere, E. I.  (2013). Fuzzy logic modelling of a performance evaluation system for academic programmes in Nigeria’s higher education. Data Management and Security: Applications in Medicine, Sciences and Engineering, 45, 113.
  • Osunade, O., Ayinla, I. B., & Aduroja, O. O. (2019). Design and Implementation of a Centralised University Result Processing and Transcript System: A case study of the University of Ibadan. International Journal of Computing Sciences Research, 2(3), 89–101.
  • Otu. G.A., Iheagwara S.E., Okafor A.C. (2023), Enhancing Data Integrity of Student Registration Input Using Integration of Secure Program Development Technique. International Journal of Scientific Engineering and Research (IJSER) ISSN (Online): 2347-3878 Impact Factor (2020): 6.733 Volume 11 Issue 7, July 2023 www.ijser.in Licensed Under Creative Commons Attribution CC BY
  • Ravi S. S. (1995). Rationale for the RBAC96 family of access control models. In Proceedings of the First ACM Workshop on Role-Based Access Control (RBAC’95), C. E. Youman, R. S. Sandhu, and E. J. Coyne (Eds.). ACM Press, New York, NY.
  • Ravi S. S, Edward J. C, Hal L. F, and Charles E. Youman. (1996). Role-based access control models. Computer 29, 2 (1996), 38–47. [87]
  • Ravi S, Venkata B, and Qamar M. (1999). The ARBAC97 model for role-based access control administration. ACM Trans. Inf. Syst. Secur. 2, 1 (1999), 105–135.
  • Sandhu, R., Coyne, E.J., Youman, C.E. & Feinstein, H.L. (1996). “Role-based access control models”, Computer, Vol. 29No.2, pp. 38-47, doi:10.1109/2.485845.
  • Simon P. and Saad K. (2022). A Survey on Empirical Security Analysis of Access-control Systems: A Real-world Perspective. ACM Comput. Surv. 55, 6, Article 123 (December 2022), 28 pages. https://doi.org/10.1145/3533703 Citation:
  • Ufuoma J. O, Edith O, Abel E. E. & Irene A. (2024). Ensuring Data Integrity in API-Enabled Student Transcript and Result Management System; International Journal of Trend in Research and Development, Volume 11(3), ISSN: 2394-9333 www.ijtrd.com IJTRD | May – Jun 2024 Available Online@www.ijtrd.com
  • Vincent C. Hu, D. Richard Kuhn, David F. Ferraiolo, and Jeffrey Voas. (2015). Attribute-based access control. Computer 48, 2 (2015), 85–88.
  • Wang, J. M., Ching-Kuang S., S. C., & Chaoli W. (2017). UNIXvisual: A visualisation tool for teaching UNIX permissions. In Proceedings of the ACM Conference on Innovation and Technology in Computer Science Education. 194–199
  • Xin. J, Ram. K, and Ravi S. (2012). A unified attribute-based access control model covering DAC, MAC and RBAC. In Proceedings of the IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 41–55.
  • Zhang Y, Zheng D, and Deng R.H. (2018). Security and privacy in smart health: Efficient policy-hiding attribute-based access control. IEEE Internet Things J. 5, 3 (2018), 2130–2145.