FINAL PROJECT

Information Assurance and Security 2

Summer Term 2023

Project Title: Secure Authentication and Authorization System Implementation for the <capstone title>

Description: The goal of this project is to design and implement a robust and secure authentication and
authorization system for the software application that your group being developed for Capstone
Project. The authentication system should ensure that only authorized users can access the
application and perform specific actions based on their roles and permissions. <this could be
adjusted depending on your goal on security – as we have discussed before>

Objectives: <may be adjusted depending on the project description>

1. Design a secure user authentication process that includes strong password policies, secure
storage of user credentials, and protection against common attacks like brute force and
dictionary attacks.
2. Implement multi-factor authentication mechanisms to enhance the security of user logins.
3. Develop an authorization framework that enforces role-based access control (RBAC) to manage
user permissions and restrict unauthorized actions.
4. Implement secure session management techniques to prevent session hijacking and ensure the
integrity and confidentiality of user sessions.
5. Perform thorough testing and validation to ensure the security and effectiveness of the
authentication and authorization system.

Deliverables: <may be adjusted depending on the objectives>

D1: Detailed design documentation of the authentication and authorization system, including
the authentication process flow, data storage mechanisms, and access control mechanisms.
▪ Introduction: Overview of the project and its objectives.
▪ Authentication Process Flow: Detailed explanation of the steps involved in the
authentication process, including user registration, login, and password recovery.
▪ Data Storage Mechanisms: Description of how user credentials are securely stored, such
as using cryptographic hashing algorithms and salted hashes.
▪ Access Control Mechanisms: Explanation of the role-based access control (RBAC) system,
including how roles and permissions are defined and enforced.
▪ Security Measures: Discussion of the security measures implemented, such as protection
against common attacks like brute force, session hijacking, and SQL injection.
▪ Diagrams and Illustrations: Visual representations of the system architecture, data flow,
and security mechanisms.

D2: Source code implementation of the authentication and authorization system integrated into
their software application.
▪ Folder Structure: Overview of the folder structure and organization of the source code.
▪ Authentication Module: Implementation of the authentication process, including user
registration, login, and password recovery functionality.
▪ Authorization Module: Implementation of the access control mechanisms, including
defining roles and permissions, and enforcing authorization rules.
 ▪ Secure Session Management: Implementation of techniques to ensure secure session
management, such as using secure session tokens and session expiration mechanisms.
▪ Security Libraries and Frameworks: Documentation of any external libraries or frameworks
used to enhance the security of the system.

D3: User documentation on how to use and manage the authentication and authorization
features.
▪ User Guide: Step-by-step instructions on how to use the authentication and authorization
features of the software application.
▪ User Management: Explanation of how users can register, log in, manage their passwords,
and update their profile information.
▪ Role Management: Instructions on how administrators can define roles, assign
permissions, and manage user access.
▪ Best Practices: Recommendations for users to follow best practices for password security
and account protection.

D4: Test cases and test results demonstrating the effectiveness and security of the
implemented system.
▪ Test Cases: Comprehensive list of test cases covering different scenarios related to
authentication, authorization, and session management.
▪ Test Results: Documentation of the test results, including any issues encountered and their
resolutions.
▪ Security Assessment: Evaluation of the security measures implemented, including
vulnerability assessments.

Submission guidelines
▪ Each group will be sent a link to their own Google Drive folder where the deliverables are submitted
▪ Format:
Font size (body): 12
Font size (page number): 11 – top right
Margins: Left – 1.5”, Right – 1”, Top – 1”, Bottom – 1”
Paper size: letter (short)
▪ Files to submit:

Filename File type Remarks Due date

D1_<members surnames> pdf Content of Deliverable 1 July 4, 2023, 11:59PM
D2_<members surnames> pdf Content of Deliverable 2 July 21, 2023, 11:59PM
D3_<members surnames> pdf Content of Deliverable 3 July 21, 2023, 11:59PM
D4_<members surnames> pdf Content of Deliverable 4 July 21, 2023, 11:59PM
Full_paper_<members Printed, soft Must contain cover page, table of July 21, 2023, 11:59PM
surnames> bind contents, D1 to D4