Project Preliminary Design Marking Guide: Methods And Techniques

Gantt chart and Network Diagram

Discuss About The Project Preliminary Design Marking Guide.

Large repositories are the storage system in computers or it is a database of information regarding application software which involves data elements, inputs, processes, outputs and interrelationships. This project is aimed towards the study of large repositories of source code as well recognizing the vulnerable codes. In this, study has been made to find out the vulnerable code [1]. Generally, vulnerability in terms of IT is a flaw or error in code which can create potential point of security compromise for the endpoint or network. Moreover, vulnerabilities generate attack vectors by which an intruder could easily run a code and can access the memory of target system.

For finding vulnerabilities, researcher has used testing techniques and learnt regarding the testing techniques process to find the vulnerabilities [2]. Thus, this report describes the project which has been run for finding out the vulnerable code by learning large repositories of source code. Moreover, this report also describes the schedule for working on the project and methodologies used to find out the bugs or vulnerable codes in the software application. In methodology section, static analysis as well as dynamic analysis has been used by the researcher.

Gantt chart is basically a graphical description of a project schedule. It is a type of a bar chart which presents the start and end of several activities of a project. Gantt chart is prepared for identifying all the activities of the project [3]. It is a kind of monitoring tool which helps in monitoring the activity of a project in a stated manner. Furthermore, it helps the researcher to keep a track over activities so that one of the elements left undone. In this section, activity table, Gantt chart and network diagram has been mentioned. This will help to accomplish the rest of the project in an efficient manner.

Table 1 Activity Table

Name of the Task	Period	Begins on	Ends on	Predecessors	Names of the Resource
Vulnerable code project	64 days	Fri 5/4/18	Wed 8/1/18
Choosing suitable approach to identify vulnerable code	5 days	Friday 5-4-18	Thursday 5-10-18		Project manager, Software engineer
Defining characteristics of vulnerable code	10 days	Friday 5-11-18	Thursday 5-24-18	2	Information Technology manager
Application of static analysis	12 days	Friday 5-25-18	Monday 6-11-18	3	Software engineer
Application of dynamic analysis	15 days	Tuesday 6-12-18	Monday 7-2-18	3,4	Software engineer
Conforming the requirements of the project	10 days	Tuesday 6-12-18	Monday 6-25-18	4	Project manager
Running the programme to identify vulnerability	10 days	Tuesday 6-26-18	Monday 7-9-18	6	Automated vulnerability scanners[1],IT manager
Finding of vulnerable code	12 days	Tuesday 7-3-18	Wednesday 7-18-18	5,6	Project manager, Software engineer
Working to mitigate the vulnerable code	10 days	Tuesday 7-10-18	Monday 7-23-18	7	Software engineer
Review and feedback	7 days	Tuesday 7-24-18	Wednesday 8-1-18	8,9	Project manager

Figure 1: Gantt timeline chart

Figure 2: Network Diagram

The project diagram method is a tool which is utilised for the purpose of scheduling the events in a project plan [4]. It is regarded as one of the methods to construct a project schedule network diagram which make use of boxes that is known as nodes for representing events and connecting them with arrows showcasing dependencies. The project diagram for the current project is for identifying the vulnerable codes in repositories of 127 GB hard disk are as follows:

Project Methodology

Project methodology is defined as the mixture of rationally linked methods, practices, and processes. It determines how it can be planned, developed, put a control and send the task throughout the continuous execution process until the project is successfully completed or terminated [5]. It is an orderly as well as well-organized approach for project designing, executing and completion.

The present report is based upon the identification of vulnerable code in large repositories of source. For that aspect, researcher has applied static analysis as well dynamic analysis as a part of project methodologies and they have been described below.

Static testing is considered as a testing technique for software where testing of software by not executing the code. There are 2 parts of this testing technique and that are

1. Review - It is generally used for finding and eliminating flaws in the docs like design, requirements, test cases, and many more. For this, review about the vulnerable codes in 127 GB hard disk will be given by inspection and continuous observation [6].  
2. Static analysis - The encryption which is generated by the developer are assessed using equipment for identifying defects in the structures that may take to destruction [9]. For analysing the code of vulnerability, researcher will use a variable with an undefined value, unreachable or dead code. Moreover, it used the techniques like PSCAN because this method is utilised for identifying the uncertain patterns in source cryptographs through the techniques of pattern matching [7].  

Furthermore, lexical assessment will be used under static analysis in order to find out the complicated errors of security in 127 GB hard disk. Moreover, there are certain vulnerabilities which are not straight forward and it can be identified using semantic techniques. Moreover, to identify the vulnerable codes in the present software, Abstract Syntax Tree will be used under the static analysis. In order to detect the vulnerability using static analysis methodology, two forms are used. One is security code inspection and the other is static analysis automation.

Moreover, this analysis is more beneficial than security code inspection. The reason is that it includes scanning sources code that is easiest as well as rapid method and that works on source encryption for testing to find out flaws or inspection of its absence instead of running the programme [8]. During the development stage of process, programmer can use static analysis in an effective manner on a daily basis. Incurrent of cost will be lesser at that time because static analysis will help in identifying the bugs at early stage. However, it also has certain disadvantage like BOON (Buffer Overrun Detection) which is a static analysis tool that could run automatically and scan the data for detecting vulnerable code ad this can lead to buffer overflow [11]. Thus, programmer should be aware about such issues while using static analysis for identifying vulnerability.

Dynamic testing is a type of software testing technique and by using this technique, programmer analyses the dynamic behaviour of the code [2]. It is that type of testing which works with the system with the intention of finding errors. The major aim of this testing is to ensure that software is working properly during and after the installation is done. This also ensures a stable application without any major errors. Moreover, this test is also done for assuring consistency to the software [9].

Static analysis

Further, there are generally two categories of dynamic analysis and that are black box testing as well as white box testing. In latter, software is examined in which the internal structure/design is very well known to the programmer. It is applied to check that system is performing on the basis of code. Further, it is mainly performed by Developers who possess the knowledge of programming. On the other hand, former is a technique of examining where inner arrangement or code is unknown to the tester [10]. The major ain is to verify the functionality of the system within test and it requires the execution of the complete test suite and it is performed by the programmer. However, the programming knowledge is not required to run this test.

For the present study, programmer will run black box testing because the code is unknown to the researcher and for identifying vulnerable code of 127 GB hard disk, the programmer has to run the black box testing under dynamic analysis [5].

Budget is a chart which is prepared to estimate the income and expenditure for a set period of time [3]. Budgeting is an activity which is done by every researcher to estimate the total cost of the project and it also helps in completing the project without unnecessary expenditure. Furthermore, it is important to prepare because ensures the author that enough money is there for the things which is required [11]. Following the budget will keep the researcher out of debt and it will help him to work out the way out of debt if the researcher is currently under debt. The budget with allocation of cost for specific activity for the current project of vulnerability cost is as follows:

Activities	Cost
Choosing suitable approach to identify vulnerable code	$1,600.00
Defining characteristics of vulnerable code	$1,600.00
Application of static analysis	$1,920.00
Application of dynamic analysis	$2,400.00
Conforming the requirements of the project	$1,600.00
Running the programme to identify vulnerability	$6,600.00
Finding of vulnerable code	$3,840.00
Working to mitigate the vulnerable code	$1,600.00
Review and feedback	$1,120.00
Total	$22,280.00

 

References

[1] Harnefors, L., Antonopoulos, A., Norrga, S., Angquist, L. and Nee, H.P., Dynamic analysis of modular multilevel converters. IEEE Transactions on Industrial Electronics, 2103, pp.2526-2537.

[2] Aoki, M. ed., Dynamic analysis of open economies. Elsevier. 2014

[3] Yu, H., Cai, G. and Li, Y., Dynamic analysis and control of a new hyperchaotic finance system. Nonlinear Dynamics, 2012, pp.2171-2182.

[4] Glo?ser, S., Soulier, M. and Tercero Espinoza, L.A., Dynamic analysis of global copper flows. Global stocks, postconsumer material flows, recycling indicators, and uncertainty evaluation. Environmental science & technology, 2013, pp.6564-6572.

[5] Doyle, J.F., Static and dynamic analysis of structures: with an emphasis on mechanics and computer matrix methods(Vol. 6). Springer Science & Business Media. 2012

[6] Muvengei, O., Kihiu, J. and Ikua, B., Dynamic analysis of planar multi-body systems with LuGre friction at differently located revolute clearance joints. Multibody System Dynamics, 2012, pp.369-393.

[7] Hughes, T.J., The finite element method: linear static and dynamic finite element analysis. Courier Corporation. 2012.

[8] Sengupta, A., Biswas, S., Zhang, M., Bond, M.D. and Kulkarni, M., Hybrid static–dynamic analysis for statically bounded region serializability. ACM SIGPLAN Notices, 2015, pp.561-575.

[9] Santos, I., Devesa, J., Brezo, F., Nieves, J. and Bringas, P.G., Opem: A static-dynamic approach for machine-learning-based malware detection. In International Joint Conference CISIS’12-ICEUTE 12-SOCO 12 Special Sessions (pp. 271-280). Springer, Berlin, Heidelberg. 2013

[10] Damodaran, A., Di Troia, F., Visaggio, C.A., Austin, T.H. and Stamp, M., A comparison of static, dynamic, and hybrid analysis for malware detection. Journal of Computer Virology and Hacking Techniques, 2017, pp.1-12.

[11] Mesbah, A., Van Deursen, A. and Lenselink, S., Crawling Ajax-based web applications through dynamic analysis of user interface state changes. ACM Transactions on the Web (TWEB), 2012, p.3.