You are on page 1of 9

Software Requirements Specification

Data Leakage Detection

Submitted by: Name Aravind P Nandini A Prajit Dhar USN 1AT08IS009 1AT08IS049 1AT08IS060 Mobile number 9449034525 8971844225 9731099006 Email-id aravind.p27@gmail.com nandini.padmavathi@gmail.com prajitdhar@gmail.com

Under the guidance of Guide: Mrs. Amutha Bala Co-Guide:

Table of Contents
1 Introduction .............................................................................................4
1.1 Purpose .......................................................................................................................4 1.2 Scope ..........................................................................................................................4 1.3 Definitions, Acronyms and Abbreviations ................................................................4 1.4 References ..................................................................................................................5

2. The Overall Description ..5


2.1 Product Perspective 6
2.1.1 Hardware Interfaces .................................................................................................................. 7 2.1.2 Software Interfaces .................................................................................................................... 7

2.2 Assumptions and Dependencies .................................................................................8

3. Requirement Specifications .8
3.1 Reliability . .8 3.2 Software System Attributes. ...8
3.2.1 Reliability ................................................................................................................................. 8 3.2.2 Availability .............................................................................................................................. 8 3.2.3 Security ..................................................................................................................................... 8 3.2.4 Maintainability .......................................................................................................................... 9 3.2.5 Portability ................................................................................................................................. 9

Table of Figures
Figure 1 Control Flow Diagram ..................................................................... 5 Figure 2 Data Flow Diagram .......................................................................... 7

1. Introduction
In the course of doing business, sometimes sensitive data must be handed over to supposedly trusted third parties. We call the owner of the data as distributors and the third parties as agents. Our goal is to detect when the distributors sensitive data has been leaked by agents and also to identify the agent who leaked that data.

1.1 Purpose
A Software Requirement Specification (SRS) is a complete set concise description of the entire external interface of the system with its environment including other software, communication ports, hardware, and human users. Software Requirements Specification (SRS) documents key specifications, functional and nonfunctional requirements of Data Leakage Detection. We develop a model for accessing the guilty of agents and present algorithms for distributing object to agent in the way that improves our chance of identifying a data leaker.

1.2 Scope
We create an System to implement Data Leakage Detection. This System is related to the domains of Data Mining and Information Security. The System will detect the guilty agents without changing the existing data. Our System does not deal with the concept of data leakage prevention. Our goal is to detect when the distributors sensitive data have been leaked by agents, and if possible to identify the agent that leaked the data. Benefits Our System gives privileged access to the Administrator and the Distributors, but not to the agents. If any agent if caught leaking data, his/her account will be locked, thus preventing future data leaks.

1.3 Definitions, Acronyms and Abbreviations


Allocation strategies: Strategies that are to be implemented to allocate data intelligently to Agents. Data leakage: The act of transmitting data illegally to untrustworthy parties. Fake records : Records that are created artificially by the Distributor in aid of detecting data leakage. Perturbation: Perturbation is a technique where the data are modified and made less sensitive before being handed to Agents. Provenance: Place of origin; derivation. 4

1.4 References
P. Papadimitriou and H. Garcia-Molina, Data leakage detection, Stanford University, Tech. Rep., 2008. P. Papadimitriou and H. Garcia-Molina, Data Leakage Detection, Technical report, Stanford Univ., 2008. Papadimitriou P, Garcia-Molina H. A Model For Data Leakage Detection// IEEE Transaction on Knowledge And Data Engineering Jan.2011.

2. The Overall Description


We will explain our project using the following CFD (Control Flow Diagram): 3 2 7 11 8 9 4 10 5 12

Distributor
1 6

Agent

Target
Figure 1 Control Flow Diagram

1. 2. 3. 4. 5. 6. 7. 8.

Agent requests for the data from distributor. Distributor searches the data in the data warehouse. Inserts Fake object to the data. Sends the data to the agent. Agent Login to the account. If the distributor finds the data in unauthorized place. Find the guilty agent who leaked the data by guilty agent analysis. If the agent is found that leaking data his/her account password will be changed by admin. 9. Agent is restricted to accesses account.

2.1 Product Perspective


Traditionally, leakage detection is handled by watermarking, i.e. a unique code is embedded in each distributed copy. If that copy is later discovered in the hands of an unauthorized party, the leaker can be identified. Watermarks however involve some modification of the original data. Furthermore, watermarks can sometimes be destroyed if the data recipient is malicious. But our system detects data leakage can be detected without the use of watermarks, by addition of fake objects. We develop unobtrusive techniques for detecting leakage of a set of objects or records. We develop some of the modules 1. Data Allocation Module: The main focus of our project is the data allocation problem as how can the distributor intelligently give data to agents, where data is allocated by explicitly or implicitly, in order to improve the chances of detecting a guilty agent. 2. Fake Object Module: The distributor creates and adds fake objects to the data that he distributes to agents. Fake objects are objects generated by the distributor in order to increase the chances of detecting agents that leak data. 3. Optimization Module: The Optimization Module is the distributors data allocation to agents has one constraint and one objective. The agents constraint is to satisfy distributors requests, by providing them with the number of objects they request or with all available objects that satisfy their conditions. His objective is to be able to detect an agent who leaks any portion of his data. 4. Data Distributor: A data distributor has given sensitive data to a set of supposedly trusted agents (third parties). Some of the data is leaked and found in an unauthorized place (e.g., on the web or somebodys laptop). The distributor must assess the likelihood that the leaked data came from one or more agents, as opposed to having been independently gathered by other means. Admin must be notified by the distributor when an agent is identified as a guilty.

Data set

Data Allocation Sample Request Explicit Request

Fake object Addition

Optimization

Data Distributor

Guilt Agent Analysis

Figure 2 Data Flow Diagram

2.1.1 Hardware Interfaces The system has no hardware interface requirements. 2.1.2 Software Interfaces The following software and interfaces are used Name: Mnemonic used: Version number: Source: Name: Mnemonic used: Version number: Source: Microsoft Visual Studio 2010 VS 2010 10.0.40219.1 http://www.microsoft.com/visualstudio/en-us Microsoft SQL Server 2008 MSQL 10.50.2500.0 http://www.microsoft.com/sqlserver 7

Name: Mnemonic used: Version number: Source:

Microsoft Active Server Pages .NET ASP.NET 4.0.30319.1 http://www.asp.net

2.2 Assumptions and Dependencies


The first assumption states that an agents decision to leak an object is not related to other objects. The second assumption states that joint events have a negligible probability.

3. Requirement Specifications
3.1 Performance Requirements
The system supports any no transaction of data from distributor to agent. Amount and type of data to be sends depends on the agent request. There can be only one terminal opened at a time.

3.2 Software System Attributes


3.2.1 Reliability The System implements reliability by providing appropriate exception handling blocks of code whenever necessary. Also, since in most cases the guilty agent is found, the system can be considered to be highly reliable. 3.2.2 Availability The system runs only when it is required to run (e.g. When the distributor needs to send data to agents, only then the system needs to be available). Also, the Administration maintains an invoice of all the operations that take place, so if the system happens to abruptly fail, then the failed operations can be restarted. 3.2.3 Security A login page is provided so as to access the functionalities of Agents, Distributors or the Administrator separately. When an agent has been identified as being, then access of that agent to his account is restricted, thus preventing future security compromises.

3.2.4 Maintainability Our System consists of 4 Major modules. Each of these modules can be subjected to unit testing, to evaluate their maintainability. 3.2.5 Portability Our system is implemented using the Language C#, which is highly portable as it runs on the .NET framework. .NET includes a virtual execution System called Common Language Runtime (CLR), an international standard that is the basis for creating and development environments in which several languages and libraries work together seamlessly. Since most of the soft wares which we use are created by Microsoft, it is completely portable on any Windows OS (XP or higher).

You might also like