1 / 40

Secure Content Management System (SCMS)

Secure Content Management System (SCMS). Proposal submitted by Department of Computer Science and Engineering Pondicherry Engineering College Pillaichavady Puducherry - 605 014. Co-ordinators. Principle Investigator : Dr. N. Sreenath, Professor and Head, Department of CSE

kera
Download Presentation

Secure Content Management System (SCMS)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Content Management System (SCMS) Proposal submitted by Department of Computer Science and Engineering Pondicherry Engineering College Pillaichavady Puducherry - 605 014

  2. Co-ordinators • Principle Investigator : Dr. N. Sreenath, Professor and Head, Department of CSE • Co-Investigator : Dr. R. Manoharan, Assistant Professor Department of CSE

  3. Introduction of the Institution • Pondicherry Engineering College (PEC) is sponsored by the U.T. of Puducherry • The college was started in 1984 under the VII Five Year Plan • The Department of CSE is offering UG and two PG programmes in CSE

  4. Introduction to SCMS • Secured Content Management System (SCMS) for the Virtual Technical University in order to provide efficient content acquisition, storage, retrieval and distribution to the stakeholders in a secured manner.

  5. Objectives • To rationalize the storage of resources, reduce duplication of materials, improving retrieval and effective dissemination of information. • The possibility of describing multimedia objects by simple metadata for searching and access control. • Developing a security policy for content management system and incorporating security architecture.

  6. SCMS • Manage the work flow needed to collaboratively acquire, review, index, retrieve, distribute, manage and secure the digital content

  7. SCMS • Modules • Acquisition Module • Storage and Indexing Module • Content Distribution Module • User Profile Management Module and • Content Security Management Module

  8. Acquisition Module • Key functions • Devise standard for content development • Resolving incompatibility • Automatic verification and correction to comply to standard

  9. Storage and Indexing Module • Proposing an efficient storage of multimedia data • Proposing an efficient indexing mechanism • Retrieving the contents with either by keywords or by content

  10. Challenges in Multimedia Data Management • Variety of media – Text, Image, Audio, Video • Synchronization of the multimedia content • Varieties of formats of each media • Volume of data • Multidimensional nature of data/Meta data • Indexing on multiple dimensions • Un-structured nature of the content

  11. Challenges in Multimedia Data Management • Requirement for semantic indexing • Subjectivity of solutions • Versioning • Receivers’ choices • Proprieties Management • Quality Management

  12. Existing Multimedia Data Types • ORACLE • BLOB (Binary large object) • CLOB (Char) • BFILE (Ptr to obj) • IBM DB2 (indexing thro R*)

  13. Content Distribution Module • Communication aspects of delivery of content (Mostly Using TCP/IP suite) • Gathering knowledge of the user from profile • Progressive content dissemination

  14. User Profile Management Module • Obtaining user profile • Semantic analysis of profile to gather knowledge

  15. Content Security Management Module • Identifying and defining the internal and external security requirements • Planning of security procedures and policies • Managing the implementation of security policies • Evaluating the security procedures and security measures and • Security Reporting

  16. Secure Content Management System (SCMS) Content Security Management Module Types of Cybercrimes Why? Information Week Global Security Survey conducted by PricewaterhouseCoopers

  17. Secure Content Management System (SCMS) Security Issues? The Five Worst Security Mistakes End Users Make: • Opening unsolicited email attachments without verifying their source and Checking their content first. • Failing to install security patches, especially MS Office, IE and Netscape. • Installing screen savers or games without safety guarantees. • Not making and testing backups. • Connecting a modem to a phone line while the same computer is connected to a LAN.

  18. Secure Content Management System (SCMS) Security Issues? The Ten Worst Security Mistakes IT Peoples Make: • Connecting systems to the Internet before hardening them. (removing unnecessary devices and patching necessary ones). • Connecting test systems to the Internet with default accounts and passwords. • Failing to update systems when security vulnerabilities are found and patches or upgrades are available. • Using telnet and other unencrypted protocols for managing systems, routers, firewalls and PKI (Public Key Infrastructure). • Giving users passwords over the phone, or changing passwords in response to telephone or personal request when the requester is not authenticated. • Conti..

  19. Secure Content Management System (SCMS) Security Issues? The Ten Worst Security Mistakes IT Peoples Make: • Failing to maintain and test backups. • 7. Running unnecessary services, especially ftpd, telnetd, finger, rpc, mail, rservices (some of these are Unix specific). • 8. Implementing firewalls with rules that allow malicious or dangerous traffic - incoming or outgoing. • 9. Failing to implement or update virus detection software. • 10. Failing to educate users on that to look for and what to do when they see a potential security problem.

  20. Secure Content Management System (SCMS) Security Issues? The Seven Worst Security Mistakes Senior Executives Make: • Assigning untrained people to maintain security and providing neither the training nor the time to make it possible to learn and do the job. • Failing to understand the relationship of information security to the business problem - they understand physical security but do not see the consequences of poor information security. • Failing to deal with the operational aspects of security: making a few fixes and then not allowing the follow through necessary to ensure that problems stay fixed. • Conti..

  21. Secure Content Management System (SCMS) Security Issues? The Seven Worst Security Mistakes Senior Executives Make: • Relying primarily on a firewall. • Failing to realize how much money their information and organizational reputations are worth. • Authorizing reactive, short term fixes so problems re-emerge rapidly. • 7. Pretending the problem will go away if they ignore it.

  22. Secure Content Management System (SCMS) In order to perform these Security issues, Our content Management System content is indented to address the Authentication Authorization Confidentiality Integrity Availability and the model is proposed to..

  23. Secure Content Management System (SCMS) Content Security Management Module Security Requirement Identification Security Requirement Definition Planning Security Procedures And Policies Managing and Implementation Of Security Policies Security Reporting Evaluating Security Measures Evaluating Security Procedures

  24. Content Security Management Module Security Requirement Identification: Content: Website content Documents Software Code Multimedia Security: Web Content Security Document Security Source Code Security Digital Asset Security Protocol: RIP,MCDP HTTP,FTP.. IP Sec, DAP NLSP

  25. Content Security Management Module Security Requirement Definition: A higher number and heterogeneity of channels requires more granular, security content One homogenous site for one audience Many heterogeneous sites for many audiences Courser granularity Finer granularity

  26. Content Security Management Module Security Planning and Procedure Challenges: • Requires skilled security experts • Technology infrastructure to support them • Significant resources researching and tracking latest threats and vulnerabilities • There is a rise in web server and virus attacks • Monitoring Must be done 24 x 7 x 365

  27. Content Security Management Module Security Policy Management: • Policies • Management instructions on how an system is to be run • A collection of related standards • Mandatory conditions that the Content requires • Standards • Independent thoughts or ideas relating to security • Make specific reference of technologies and methodologies • Different from Controls

  28. Content Security Management Module Security Policy Evaluation and Measures: • Trained security auditors • Subject Matter Experts • Methodologies • A Framework • Standards and best practices • Tools • A follow up plan

  29. Content Security Management Module Security Reporting: • State of Security: perform an overall gap analysis • Compare to standards, best practices and peers? • Perform detailed security audits for certain areas in the Security Tools

  30. Software Development • Standards of software engineering, database, network and security • The Spiral Model is identified as the process model for development.

  31. Deliverables • An effective preprocessing tool to adhere to the minimum standards in the multimedia contents. • Agile indexing mechanism of the multimedia data in the database in order to provide faster and effective retrieval from the client either by keywords or by contents. • Flawless distribution of the multimedia contents to the clients in a progressive manner after analyzing the profile of the user • Delivering the contents by incorporating a security policy in storage, retrieval and transportation of contents.

  32. Year-wise deliverables • At the end of First year (2009 – 10): User profile module • At the end of Second year (2010 – 11): Acquisition module and Storage and Indexing modules • At the end of Third year (2011 – 2012): Content Distribution and Content Security modules.

  33. Overall plan and time frame

  34. Mode of operation • The Investigators would adhere to the specifications given in the project proposal. • Time frame and budget would also be strictly followed and separate advisory committee will monitor the progress of the project. • The establishment of infrastructure (Laboratory), purchase of computers and software will be carried out as per the college norms. • Ad hoc appointments, training schedules and other establishments with respect to human resource management would be followed as per the guidelines of the advisory committee. • Changes or amendment in the process or in the development would be done with the prior approval from the appropriate authorities.

  35. Budget requirements Non-Recurring Expenditure

  36. Hardware • Hardware – 6 blade server x 2 – 25lakhs • Storage – 2terabytes X 2 – 30 lakhs • Nodes (25 nodes) – 10 lakhs • UPS – 5 lakhs • Printers and Peripherals – 10 lakhs

  37. Software • Oracle DB Server – 20 Lakhs • OS for server and clients - 10 Lakhs • Multimedia Software – 20 Lakhs • Security Software – 10 Lakhs • Other Software – 10 Lakhs

  38. Budget requirements Recurring Expenditure

  39. Summary • Title of the Project : • Name of the : Institute • Cost of the Project : Secured Content Management System Pondicherry Engineering College Rs 2,08,00,000

  40. Thank you

More Related