eGovernanceUnder guidance of

Dr. P.V. Kamesam

IBM Research Lab

New Delhi

Ashish Gupta3rd YearB.Tech , Computer Science and Engg.

IIT Delhi

IntroductionDefinition of eGov

It can be defined as the civil and political conduct of government, including service provision, using information and communication technologies.

e-Gov solution

Government GovernmentTransactions

Citizens

Overview of PresentationPart 1 : Content ManagerPart 2 : Audit Trails in Distributed Databases

Intro to Content Manager

The Problem A Major challenge in eGov : Data Management

E.g. Land Records , Citizen Database etc. Content Manager : a Possible Solution

What is Content Manager ?

Content Manager (a product from IBM) is a scalable solution for storing and retrieving documents of various types.

Content ManagerBrief Overview of the features of CM

1. Lets you store content regardless of format.( Unstructured data )

E.g. text documents, scanned images, audio, video, forms any binary object

2. Stores data on distributed servers and provides single point access.

3. Provides many sophisticated features like Access control Storage management – Archiving , Purging , Migration User management Automated Workflow Enterprise wide search from Internet or intranet clients. Streaming audio and video.

The Beginners Guide to CM Provides an introduction to a layman about

Content Manager Covers essential topics of CM Relevant Figures to explain important concepts All discusses development of Client Application

for CM Useful Appendices with extra info like installation,

references etc.

Developed an easy to use CM Programming API

Benefits Makes it very easy to perform operations on

the CM Database Encapsulates the complexity of CM API Object Oriented Approach allows easy

integration into new apps Speeds up Application Development Time

Extensibility : Acts like a new layer on top of CM

New layers like Custom Access Control , Audit Layer can be added

Content Manager APIFolder Manager APILibrary Client API

SimpleCMAPI

Application

Security LayerAudit Layer

Developed a new easy to use API on top of Content Manager Programming API

A Prototype Application

Defining the problem

Proposed a prototype solution

Developed an Application in Visual C++ on top of Content Manager

Demonstrates use of our new API with additional layersWorkflow

Security Layer

Audit Layer

Inner Line Permit for VISITOR

RESIDENTSHIP

Requirements for entering Arunachal Pradesh

OR

Some Screenshots of the Application developed

Security Layer

Workflow in CM

Two databases:

•Citizen Database

•Inner Line Permit Database

Main Screen

Definition of Audit TrailAn audit trail is a series of records of computer events, about an operating system, an application, or user activities.

Purpose of Audit Trail Individual Accountability: track individual actions

to facilitate audit. Reconstructing Events: reconstruct events as and

when required. Problem Monitoring: online tools to help monitor

problems Intrusion Detection: identifying attempts to

penetrate a system and gain unauthorized access.

Audit Trails on Distributed Databases

The eGov MiddlewareData Virtualization

Isolates logical view of data storage available to the application developer from the physical placement

Data Virtualizer

TransactionCommands

Query processor and optimizer

Database Database Database Database

MIDDLEWARE

Application

Audit Trail Component : A module responsible for managing the audit trail of eGov applications across the entire system.

Problem DescriptionWhere can we place the Audit Trail Component in the eGov

Architecture ?

Possible options:1. Application2. In the Middleware , above DV Module3. In the Component Databases

Issues Involved in the Placement Security Issues

Risking security at the hands of applications Tamper proofing of Audit Trail

Implementation Issues Application Complexity Database design Complexity

Audit Trail Transparency to the application developers

Consistency of Audit Trail across the entire system Ease of Audit Policy Management

Proposed Solution

Data Virtualizer

Query processor and optimizer

Database Database Database Database

Audit Policy Database

MIDDLEWARE

TransactionCommands

Audit Trail Agent

Application

SECURITY

Further Research IssuesAudit Trail Agent Architecture

Storage of Audit Trail is an issue Distributed or Centralized ?Possible Solution:A Buffered Distributed - Centralized Architecture Amalgamation of audit trail data at the central server

• Timestamping issues to ensure correct chronological sequencing of audit trail for analysis – Time sync , which time to use

• Proper Categorization of Audit Trail data to facilitate analysis Ensuring Tamperproofing of Audit Trail for the Auditor

• Authentication of Distributed Sources• Encryption• Access Control • Secure Transmission

Audit trail management (Archiving and purging) Access Control to Audit Trail

Conclusion

Extensible API developed for Content Manager along with an application

Audit Trail Architecture in eGov

Working at IRL Team work Research Experience Responsibility

Thanks

Things Learnt Enterprise Database Technology Visual C++ / Database Interaction API Wrapper Technology Distributed Database Systems Audit Trail Technology and Middleware Tech. Security Issues in large scale databases

IIT Education• File Systems Course

• CS120 and CS130

Other Tasks Laid down a list of requirements for eGov data

management solutions A document on security issues of smart cards

Future Work

Integration of EIP with CM

Further extension of the new CM API with focus on security and audit trail layers

Development of applications for more real life scenarios

Architecture of CM

LibraryServer

Multiple Object Servers

Client

Fig: Architecture of Content Manager for a single Implementation