Wednesday, April 8, 2009

Secure Software Systems Engineering - DVD Rental - Case Study

 

 

SECURE SOFTWARE SYSTEMS ENGINEERING

Johnson Muthyapaga

Narendran Calluru Rajasekar

Vamsikrishna Marri

April 8th, 2009

 

Supervised by

Dr. Haris Mouratidis

 

UEL Logo

MSC Internet Systems Engineering

University of East London,

 

Table of Contents

 

1 Case Study

2 Abstract

3 Ethical, Legal, Professional and Social Issues (Part 1)

3.1 Evaluation of severity of Ethical, Legal, Professional and Social Issues

3.1.1 Ethical Issues

3.1.2 Legal Issues

3.1.3 Professional Issues

3.1.4 Social Issues

3.2 Assessment of Social Issues (by 0827477 - Johnson Muthyapaga)

3.3 Assessment of Legal Issues (by 0822532 - Narendran Calluru Rajasekar)

3.4 Assessment of Professional Issues (by 0850331 - Vamsikrishna Marri)

4 Secure Analysis and Design (Part 2)

4.1 Early Requirement Model

4.1.1 Security Enhanced Actor Model

4.1.2 Admin Department Goal Model

4.1.3 Customer Service Department Goal Model

4.1.4 Dispatch Department Goal Model

4.2 Late Requirement Model

4.2.1 Security Enhanced Actor Model

4.2.2 System Goal Model

4.3 Architectural Design Model

5 Automated Tool and Peers critical evaluation (Part 3)

5.1 Evaluation by 0827477 - Johnson Muthyapaga

5.1.1 Evaluation of SecTro Tool

5.1.2 Evaluation of peer (0822532 - Narendran Calluru Rajasekar)

5.1.3 Evaluation of peer (0850331 - Vamsikrishna Marri)

5.2 Evaluation by 0822532 - Narendran Calluru Rajasekar

5.2.1 Evaluation of SecTro Tool

5.2.2 Evaluation of peer (0827477 - Johnson Muthyapaga)

5.2.3 Evaluation of peer (0850331 - Vamsikrishna Marri)

5.3 Evaluation by 0850331 - Vamsikrishna Marri

5.3.1 Evaluation of SecTro Tool

5.3.2 Evaluation of peer (0827477 - Johnson Muthyapaga)

5.3.3 Evaluation of peer (0822532 - Narendran Calluru Rajasekar)

6 Appendix - Acronyms

7 Useful Links

8 Bibliography

 

^table of contents^

 

1 Case Study

JNV DVD Rentals Inc., Founded in Feb, 2009 is an online DVD rental service with wide collection of DVDs. JNV rent DVDs that provide entertainment to London (UK) at low cost. The services include shipping and streaming DVDs to home. They operate with tag line "Your DVDs are just few clicks away".

Movie and Game DVDs will be made available for rental out of which only movies can be viewed online. Games cannot be downloaded through web. However, both movies and games can be ordered online to get them shipped to home. Only the English version of movies and games will be made available for rental and "R18" rated DVDs will not be available for rental or streaming.

Secure DVD rental web application will be launched which can be accessed through Internet. The web application will be designed to include the following functionalities:

Member Registration - Members can register with the system using this page. Members will have to enter their personal details such as name, shipping address, email address, phone number, credit card info etc. Member will have to select a user name and password which will be used for authenticating user. Proper security constraints will be in place for all communication via online.

View / Edit Member Details - Members can view, edit or update their information here. Information such as credit card information will be secured using SSL certificate.

Online Movie & Game Catalog Management - Administrators or authorized personnel will be able to update the catalog information such as list of DVDs available and price.

Online Catalog - Members / Non members will have access to online catalog where they can browse through the available DVDs and also check the price of DVDs. Search capability will be included here to facilitate users to browse through the vast database.

Place Order - Only registered members will have access to this page where they can place orders. They will be charged on their credit/ debit card details provided by them. Secure hypertext transfer protocol with SSL certificate will be used to secure the communication between client and web server.

Customer Support - Live chat will be implemented in the system where our technical support team will be assisting customers to answer their queries and solve their problem. Alternatively customers can also send email to the technical support team to get their issues resolved.

Manage Customers - Administrators will have access to this page where they can verify and accept membership after the payment is successful. Administrator will have only certain privileges to edit member information which is related to DVD Rental system where as they will not have privilege to change members personal details.

Order Status - Once the order is placed, members can track their order status here. System will be integrated with Royal Mail Tracking service where users can track the shipping status also with the unique tracking number assigned for their order.

Online Streaming - Using this functionality member will be able to watch DVDs online. Mechanism to prevent copying videos will be in place, also digital watermarking will be used for online streaming to prevent piracy of the content. Members can enroll to different subscription plans to watch online video or use Pay per view plan to pay and view a specific DVD.

An online catalog will be maintained in the web application where all the information such as movies, games etc will be available. Visitors can browse through the catalogue and place the orders. The online catalog will be kept up to date by a team of experts with the help of "Online Catalog Management" functionality which is available in the online web application.

Flexible membership plans will be drafted according to customer needs where customers can enroll with a plan to rent DVDs. A verification mechanism would be in place to verify if the member is genuine to get enrolled in the system. The verification process would be outsourced to a 3rd party vendor who will verify and approve the customer.

Members can rent DVDs or stream (Pay per view) the video to watch it instantly over the Internet. Members can place the orders online and the DVDs will be shipped to the members through Royal Mail Service.

Rental kiosks will be installed at various places in London where members can rent DVDs. The kiosk version of web application will be used in the kiosks with touch screen. Members can use the same login which would be used in actual version of web application. The DVDs rented in kiosks should be returned only in kiosks but not necessarily the same kiosk. All kiosks will be monitored using CCTV.

Warehouses would be maintained in London to stock all DVDs and supply it on demand. All the DVDs will be attached with unique RF tags which will enable easy management of the DVDs.

Once the order is received, DVDs will be shipped using Royal Mail. RF tags attached to DVDs will be associated with the tracking number provided by Royal Mail. Prepaid envelop will be sent along with DVDs using which users can return the DVDs. The tracking information will be integrated with the web application which will enable quick status updates.

 

^table of contents^

 

2 Abstract

Our objective is to design and develop a web based solution for JNV DVD Rentals Inc. which will facilitate DVD rental in London. Taking into account the security policies and all ethical, legal, professional & social issues, we will analyze and design the system. Develop the system model using the SecTro tool (Secure Tropos Methodology).

In Part 1, we had discussed about the social, ethical, legal and professional issues that we might encounter in starting the business presented in the case study. We have used generalized rating model to rate the issues and assessed top three classes with high risk.

In Part 2, we had discussed the designing of web based application for facilitating the business process presented in the case study. Our main aim is to focus on the security constraints right from the initial stage and discuss in detail in further stages.

Businesslink.gov.uk is a useful website to start with initial analysis. This website is interactive and helps us quickly find the steps required to start a business in U.K.

All the references in this document are cited with "[]".

Useful links, acronyms and bibliography are presented at the end of the document.

 

^table of contents^

 

3 Ethical, Legal, Professional and Social Issues (Part 1)

In this part, the ethical, legal, professional and social issues has been rated and listed based on the severity of impact using generalized model. Top three classes are selected and each member of the team has discussed on one of the class assigned to them based on the mutual understanding.

3.1 Evaluation of severity of Ethical, Legal, Professional and Social Issues

3.1.1 Ethical Issues

S. No Issues Rating Scale
1. This online based DVD rental system is familiar for the people in London and it was showing good results. There won't be anything like asking people to behave outside their standards.
2. Normally people used to go to shops and rent DVDs. But from this online DVD rental system they can rent from their house. That is the only difference from their norm. There is no other difference from their norm in ethical point of view. +3 -3 to +3
3. Renting DVDs from home is outside their norm +3 -3 to +3
4. People's life becomes sophisticated as they make use of technology and benefit out of it. +3 -3 to +3
5. This already implemented by many companies and also people have shown keen interest in renting DVDs through online. Hence people will react well to this project. +3 -3 to +3
6. This is not the first online DVD rental system. People receive fairly this type of technology. +3 -3 to +3
7. There is no negatives to compensate as per ethical issues. 0 0 to 2
8. Based on the research done they are fairly accurate because we thoroughly understand the scope of this online based rental system.
9. Severity of risk. +3 (very low) -3 to +3

3.1.2 Legal Issues

S. No Issues Rating Scale
1. Only one country (UK) is involved in this project as all the operations are carried out only in London. Hence the risk involved would be low. +1 -3 to +3
2. There are about 25 laws involved in this project out of which 22 laws are generic to all business which involves employing people and e-commerce and 3 laws specific to "Video, DVD and computer game rental" business category. Since all regulations are well defined risk involved will be low. +1 -3 to +3
3. Although all legal information for implementing this project can be obtained from Internet and books, lack of experience in the domain might impose high risk. -2 -3 to +3
4. The above risk can be overcome by involving legal advisers, which could counter the imposed risk. -2 -3 to +3
5. There is possibility of running close to laws such as Video Recordings Act, Distance Selling Regulations Act, The Licensing Act 2003 etc. -2 -3 to +3
6. The regulations are well defined and are implemented since the start of company. Hence the risk of running outside the laws is low. +3 -3 to +3
7. Overall severity of Legal Issues 0 0 to 2

3.1.3 Professional Issues

S. No Issues Rating Scale
1. Creates employment - This web based system creates employment in several areas like warehouse, customer service, department of marketing, department of sales/purchase, maintenance. +2 -3 to +3
2. There are about 9 professional bodies involved in this project. In which some of them are also come under trade bodies. Since every case well defined risk will be less. +1 -3 to +3
3. There are some codes of ethics involved in this project like confidentiality, integrity, meeting customer's requirements etc. Since they are all took into consideration there won't be any risk. +1 -3 to +3
4. Even though all the professional issues sorted out there are some risks with lack of experience in business, recession, competition. -2 -3 to +3
5. There is no restriction on R18 rated movies for the people who are above 18. There will be a grave danger with this one (explained in the assessment). -3 -3 to +3
6. There is lot of trade bodies and consultants to help people's business, because of severity of risk in R18 rated DVDs there won't be any DVDs available for rent. So it is possible to overcome risks. +1 0 to 2
7. Overall severity of risk 0 (medium)

3.1.4 Social Issues

S. No Issues Rating Scale
1. For everyone who has passion in watching movies or playing games.
2. This will make their life easy. In past they had to go to DVD rental shop and rent a DVD. Now they can access DVD from their home.
3. People can watch movies from their home. They can watch a DVD several times. 2 0 to 3
4. This Online DVD rental system brings DVD to their home with some clicks
5. It will benefit them in lot of aspects, like saving journey time, lessen their strain to rent a DVD from a shop. 2
6. With unsecured browser setting or unsecured internet connection there are lot of problems like credit card theft etc -3 -3 to 0
7. Hackers will misuse their credit card/ debit card information or hackers will enter with their username & password and misuse the website content.
8. If they have lost their credit/ debit card information or their account details they have to face lot of consequences. -3 -3 to 0
9. Create awareness in the public about the security threats and unsafe internet connections. 1
10. They are all accurate.
11. Overall severity of risk -1 (High)

From the above rating method it is evident that, ethical issues are the least severity risk. Hence we would be discussing the other three risks in the following sections.

3.2 Assessment of Social Issues (by 0827477 - Johnson Muthyapaga)

1. Who will project impact on?

Online rental a boon for those with small children. For families, it's worth considering that we ones often like watching films looped again and again for weeks.

2. How will it impact on them?

A - Most of the children like games DVD online. Likewise youngsters as well as elders like movies .If at all people are more interested to watch films online it's the best way to rent online.

3. What benefits will it bring to them/their community?

A - Many aspects of entertaining the community, employing in certain aspects. If at all they purchase in a monthly rental systems then they can get a discount. At the community aspect of view, it can be developed as a professional manner. As people now a day's require comfortable manner, so as the technology improved.

4. How will it benefit them?

A - Convenience. The main reason why most people sign up to rent DVD movies online is due to the fact that this is the most convenient option. You do not even have to leave your home to rent your discs as they are all delivered in the mail. Once you make your order you will typically receive it within a few days, depending on your specific membership plan As online rental DVDs can be held for much longer, It saves you buying a film they'll quickly outgrow and never watch again.

Why renting beats buying?

Buy a new release DVD and it will easily set you back £10 - £20. This isn't cheap, especially if you only watch it once. Suppose you want "Pirates of the Caribbean 3"; while this would cost £2-ish to rent, the cheapest price to buy is £15. So you'd have to watch it 7.5 times before it'd be worth buying. Now think how many films in your collection you've only watched once or twice.

Would rental have been cheaper? Unless the cost of buying the DVD is very cheap, the best strategy is rent the film, then decide whether you'll watch it again, if you will and it'll be a constant rewatch; go out and buy it. Otherwise just rent it out again the next time you want to watch it.

5. To what extent will it benefit them?

A - Reduces travel for the people. They can sit at home and enjoy movies, games etc.A community will be developed if it has well educated in the area. Means children should not be addicted to the movies or games.

Should enhance the prospective of the community. As of Security prospect has been efficiently good. Data Mining aspects are well observed.

6. What negative things will it bring to them their community?

A - community has very little negative things like employment may slightly reduce. Theft can be reduced in online application.

7. How will this negative impact on them?

A - A divided community eg. Library, Women will impact online renting DVD. Standard acceptable to the society at the large extent. Reducing staff and replacing with technology. Deskilling impacts on the people.

8. To what extent will it negative?

A - Introduction of Kiosks and Internet based rental will lead to reduction in employment. Advertisement may lead to the distraction of the people.

9. Any ideas for compensating for the negative with benefits

A - As kiosks have been introduced it's a fast processing for the dvd rental but in the same time it's been reducing the employment. Control authority has been in the whole process. As this has been an online system the bank details of the customer are the main security issue.

10. To what extent do you consider your answers to above Q1-9 are accurate?

A - The overall consideration of the aspect of these issues is average. Because there has been an equal benefits as well as negative things.

3.3 Assessment of Legal Issues (by 0822532 - Narendran Calluru Rajasekar)

The implementation of DVD Rental service in London, UK would involve the following laws:

* Copyright for computer programs[1]

* Copyright, Designs and Patents Act 1988

* Copyright and Rights in Database Regulations 1997

* Law of confidence

* Patents Act 1977

* Registered Designs Act 1949

* Trade Marks Act 1994

* Companies Act 2006 (E-Commerce Regulation)

* The Privacy and Electronic Communications Regulations

* The Distance Selling Regulations 2000

* Sexual Offences Act 2003

* Unfair Contract Terms Act 1977 (UCTA)

* Consumer Credit Act 2006

* Consumer Protection from Unfair Trading Regulations 2008

* Data Protection Act 1998

* Sale of Goods Act

* Competition Act 1998

* Enterprise Act 2002

* Computer Misuse Act 1990

* Criminal Damages Act 1971

* Theft Act 1968

* Telecommunications Act 1984

* Human Rights Act 1988

* Packaging (Essential Requirements) Regulations SI 2003/1941

* Video Recordings Act 1984

* The Obscene Publications Act 1959

* The Licensing Act 2003

* The Local Government (Miscellaneous Provisions) Act 1982

* Highways Act

* London Local Authorities Act

* Disability Discrimination Act 1995 (DDA)

License should be obtained from The British Board of Film Classification (BBFC) to rent DVDs in London and also special DVDs which are permitted for rental service[6] should be acquired. According to the Local Government (Miscellaneous Provisions) Act 1982, "R18" rated content would require a special license from Salford City Council[8] and also it is required to check the ID of the customer to confirm his age, hence "R18" DVDs cannot be rented through mail or kiosks. An article published in the news paper The Guardian with the title "Judges ban sale of porn videos on net" [3] says that high court judges banned selling of R18 Films through mail or Internet.

In the article "DVD Rental Kiosk Patented... Redbox Sued" [9], Mike Masnick cites that Redbox is being sued for patent infringement. Kiosks which is a DVD dispensing machine coupled to rental service [4] and the web application which acts as movie rental and notification system[5] has patent registered, hence patent law needs to be considered and royalty should be paid for the patent holder. Permission should be obtained from Local Authorities to install kiosks on public pavements so as to satisfy Highways Act and London Local Authorities Act [7]. Since CCTVs are used to monitor kiosks, Information Commissioner has to be notified and should comply with Data Protection Act 1998.

The web application developed for this project should comply with The Privacy and Electronic Communications Regulations [26] and The Distance Selling Regulations 2000[43] since it involves e-commerce. Also the website should comply with Disability Discrimination Act 1995 (DDA)[34], according to this act it is illegal to discriminate a disabled person by refusing to provide the service. For instance, a web page whose functionality is purely based on colors should be avoided; rather it should also include text which may be helpful for people with color blindness. In the article "Disability Discrimination Act (DDA) & web accessibility"[10] by web credible, it says that one can be sued under DDA for accessibility issues of the website. This can be avoided by complying with W3C accessibility guidelines. Copyright for computer programs and other computer related laws mentioned above should also be considered for developing the web application.

Businesslink.gov.uk is an interactive website developed in partnership with subject experts within government and relevant business-support organisations to help people comply with regulations. Using this tool effectively and taking advice from experts may reduce the overall legal issues.

The overall severity of legal issue is of positive balance; hence the risk is low in legal aspect to implement this project.

3.4 Assessment of Professional Issues (by 0850331 - Vamsikrishna Marri)

The total severity of these professional issues is medium. Some of the important professional issues are

* Employment/unemployment

* Behavioral issues

* Professional bodies

* code of ethics

Employment:

It creates good employment opportunities in different categories. Various roles include warehouse assistants to help in managing stock, packing, handling damaged disks, stock statistics etc [36]. Customer Service assistants to take orders and helping customers with any of their issues. Sales assistants to promote sales and marketing team to help promote company and its products.

Behavioral issues:

It has been found in one of surveys that for every 1000 teenage girls in United Kingdom, who are under eighteen, above 40 of them are getting pregnant every year from 1997[37]. We should not neglect the fact that some of them might be influenced by 18 rated movies. It is also illegal to rent/sent any movies via mail any of these movies.

JNV can rent movies which are rated 18 through kiosk. However, by considering above factors, it is committed not to rent any movies which are rated 18.

Professional Bodies:

HM revenue & customs (HMRC):

This HMRC is responsible for indirect tax and direct tax such as value added tax, income tax and corporation tax. It also deals with enforcement of national minimum wages, national insurance number for employees. According to HMRC from 1 December 2008 to 31 December 2009 VAT (value added tax) is 15% and from 1 January 2010 until further notice it will be 17.5%[38] .

Federation Against Copyright Theft (FACT):

FACT protects from threats to film and online broadcast companies[39].

Hire Association Europe (HAE):

HAE develops, protects, promotes and supports rental and hire industry[40].

Video Standards Council (VSC):

This is charity organization which promotes high quality standards in the video and game industry. It demonstrate the offensive acts by using Video Recordings Act 1984 like it is illegal to mail R18 to the customers[41].

British Board of film classification (BBFC):

BBFC is responsible to rate movies, DVD, and some video games by considering Video Recordings Act 1984[42].

E- Commerce Directive:

This is responsible to implement E-commerce in U.K. In broad way any online system has to fallow the act called Electronic Commerce (EC Directive) Regulations 2002[43].

National Market Traders Federation (NMTF):

It gives information and advice for the market traders throughout the U.K[44].

The Entertainment Retailers Association (ERA):

This organization deals with wholesale and retail sectors of DVD, video[45].

Code of ethics:

Codes of ethics involved in this DVD Rental System are

* Integrity

* Honesty

* Due Diligence

Integrity:

Ensure that everyone getting credit for their contribution and work. Take responsibility for their own errors.[47]

Honesty:

Privacy and Confidentiality should be maintained with customer details. There won't be any allowance to amend the customer details. In any circumstances the personal data of customer must not use for other purposes.[46]

Due Diligence:

Ensure that it wouldn't send any DVDs or any other materials which will cause any harm to customers or any other else.[47]

 

^table of contents^

 

4 Secure Analysis and Design (Part 2)

Our case study involves secure analysis and design of Online DVD Rental System for JNV DVD Rentals Inc. The DVD Rental service belongs to "Video, DVD and computer game rental" business sector. The rationale behind the introduction online DVD Rental System is to enjoy the following benefits by both company and the customer.

* It is convenient for the customers to order the DVDs from home and will reach many customers as Internet is ubiquitous.

* Members can instantly watch movies using "Pay Per View" facility available in the web application.

* It reduces manual operations such as member registration, tracking etc. for the company and hence reduces cost inquired by human resource and at the same time increases performance and reliability.

* The shipping status can be tracked online.

* It will enable integration between systems and facilitate easy access.

In this section we will discuss the Early Requirement Model, Late Requirement Model and System Overview of Architectural Design Model.

4.1 Early Requirement Model

In Early Requirements, we analyze the business process involved in the company and list the stake holders and dependencies among them in order to achieve their goals. The requirements are analyzed considering all security aspects of the system.

The following actors and agents are involved in this system.

Admin Department - This department control all the other departments in JNV DVD Rental Inc. Although some of the major tasks are delegated to other departments, they manage movie player, membership plans and DVD Warehouse. They also take care of managing kiosks and update DVDs in kiosks.

Customer Service Department - This department is responsible for managing customers and answering all their queries, member registration and owns resources such as membership plans, daily dispatch list, order details and customer personal information.

Dispatch Department - This department is responsible to get the dispatch list from customer service department on daily basis and ship the DVDs through Royal Mail. They also get the package tracking information from Royal Mail and update Customer Service Department so that they can keep the customers up to date

Customer - The one who rents DVDs

Online Movie Player - Players through which movies can be viewed via Internet.

Analyst - They keep track of new movies and games coming to market and update the catalog accordingly. They also notify stock management department to buy new DVDs.

Stock Management - They are responsible for managing DVD Warehouse.

Kiosk - It is automated vending machine where customers can rent and return DVDs. The DVDs rented out of kiosks can only be returned in kiosk as it will simplify stock management process and the tracking will be effective. Customized version of web application will be hosted in kiosk which will be compatible with touch screen.

CCTV - Closed-circuit television (CCTV) is used for surveillance of kiosk which will prevent misuse.

DVD Whole Sale - The Agency from whom the rental DVDs are bought.

Post Box - The regular post box where customers have to return DVDs.

Mailing Service (Royal Mail - 3rd Party Vendor) - Mailing service to ship DVDs to customers. They provide package tracking information to Dispatch Department.

Customer Verification Agent (3rd Party Vendor) - Agency to verify if the customer is genuine.

BBFC - The British Board of Film Classification (BBFC)[42] is an independent, non-governmental body, which has classified cinema films since it was set up in 1912, and videos since the passing of the Video Recordings Act in 1984. JNV DVD Rentals should register with BBFC and comply with their regulations.

Information Commissioner - Since CCTV is used in for kiosk surveillance, license should be obtained from Information Commissioner and comply with Data Protection Act 1998[20].

4.1.1 Security Enhanced Actor Model

The security enhance actor model (Figure 4.1) depicts the dependencies among the actors and agents along with the security constraints. Most of the functionalities are focused around Admin Department and Customer Service Department. The Admin Department owns the DVD Warehouse where all the DVDs are stocked. Each DVD is associated with a RF Tag which consists of a unique ID which is used to uniquely identify DVD and associate it with orders and hence ease the tracking process. The Admin Department has to ensure the compliance with the regulations imposed by BBFC. The "R18" rated DVDs would require an ID from customers showing their proof of age. Since system is based on remote selling, it is not possible to physically verify customer's age and hence "R18" rated DVDs should not be rented through mail service or kiosks.

Whenever new member register with the company, a formal check need to be done to ensure that correct postal address is provided and the customer is genuine. The Admin Department has delegated this task to a Customer Verification Agency which is a 3rd party agency. The Customer Verification Agency verifies the customer and provides consent to the Admin Department and hence forth the customer will be registered and allowed to rent DVDs. The Customer Verification Agency is advised to keep the customer personal information confidential and should not use this details for any other purpose.

Early Requirements - Security Enhanced Actor Diagram.

Figure 4.1 - Early Requirements - Security Enhanced Actor Diagram.

The Admin Department depends on Customer Service Department to manage customers and customer's personal information. The Customer Service Department takes care of Customer Registration, Customer Service, Managing Orders and Dispatch List. They also maintain order status and package tracking information which they provide to customers upon request. Customers can obtain only their own order status and package tracking information. The payment for the orders is done through a secure gateway. Customer registers with JNV DVD Rental Inc., by enrolling in any of the membership plans.

Kiosk is a machine which depends on the Admin Department to maintain it. The Admin Department keeps track of all the activities that takes place in a kiosk and updates the DVDs according to the Movie & Game Catalog provided by Analysts.

Movie Player is a software agent which allows customers to view movies online. It has the capability to authenticate users before they can stream movies. Also, it is capable of streaming different quality videos as the Internet speed varies across customers and they may prefer different quality of videos. It adds digital water mark to all videos streamed in order to avoid piracy. The Admin Department holds a server where they store all the movies as per Movie & Game Catalog so that it can be streamed using the Movie Player.

The Dispatch Department depends on the Customer Service Department for the daily dispatch list as they are the ones who take the order and maintain this list. The DVDs from DVD Warehouse are collected and prepared for shipping as per the daily dispatch list with correct shipping address. Once the packaging is completed, it is shipped through 3rd party Mailing Service (Royal Mail), they in turn provide tracking numbers for each and every packages to enable effective tracking. The Dispatch Department passes this information to Customer Service Department so that it can be provided to customers when it is requested.

4.1.2 Admin Department Goal Model

Admin Department aims at three main goals i.e., Manage Movie Player, Update Membership Plans and Manage DVDs (Figure 4.2). Manage Movie Player goal can be achieved by satisfying soft goals identified. The compatibility of player with different operating systems and browsers can be achieved by using different players and different streaming qualities can be achieved by using different sources of videos. As and when new DVDs arrive to warehouse, the videos are encoded and stored in the video server. There are two security constraints to be imposed to stream movies; authentication and restrict piracy. The user should be authenticated with user name and password and should be checked for validity if the user is in correct plan. The piracy can be restricted by digital water marking of videos streamed.

They are responsible for updating membership plans which mainly aims to be profitable, attractive and competitive. The validity of user are checked against this membership plans.

DVDs in kiosks are managed by the Admin department. The kiosks are scrutinized regularly to check its functioning and the outdated DVDs are replaced with the new ones according to the Movie and Game Catalog.

Early Requirements - Admin Department - Goal Diagram.

Figure 4.2 - Early Requirements - Admin Department - Goal Diagram.

4.1.3 Customer Service Department Goal Model

All the goals involving customers directly are handled by Customer Service Department. According to the actor diagram this customer service department actor has been imposed by four security constraints (Keep Information Private, Secure Payment, and Keep Information Confidential). By analyzing the customer service department we have total one secure resource (Customer Personal Information), three resources (Membership Plans, Movie And Game Catalogue, Dispatch List), and five goals (Register With The System, Place Order, Queries, Check Order List, Manage Customers).

Among these goals the main goal is Managing Customers. This is sub-divided into several goals, namely Register With The System, Check Order Status, Place Order, Rent DVD, Queries, Among this the Check Order List is restricted by two constraints (Keep Information Private) imposed by customer to customer service department and these are satisfied by two secure tasks (Provide Payment Status, Package Tracking Information). The next goal, register with the system satisfies with a soft goal (Provide Authentication Mechanism) which is satisfied with a secure plan (Username and Password). This goal has been restricted by keep information confidential imposed by customer to customer service department which is satisfied by a secure plan (Collect Customer Information), the secure resource (Customer Personal Information) contributes to this plan.

The other sub-goal (Place Order) further has sub-goal (Receive Payment From Customer) which has been restricted by secure payment imposed to customer service department. This constraint is satisfied by a secure plan (electronic payment) which has three secure sub-tasks (Chip & Pin, Direct Debit, and Credit Card Payment).

The other sub-goal is rent DVD which can be achieved by three different ways (Update Dispatch List Once the Payment Is Received, Check If Customer Is Valid, and Check If In Valid Plan).

Early Requirements - Customer Service Department - Goal Diagram.

Figure 4.3 - Early Requirements - Customer Service Department - Goal Diagram.

4.1.4 Dispatch Department Goal Model:

There are no security constraints for Dispatch Department. The main goals for dispatch department are update tracking information and send DVDs to mailing service. The first goal is satisfied by a plan (update customer service department with package tracking information) and has been contribution with two soft goals (update of information ask as quick as possible, obtain package tracking information form mail service).One of two soft goals (obtain package tracking information from mail service) is satisfied by a plan (integrate software agents) and contribution with other goal (send DVDs to mailing service).

Other hard goal is Send DVDs to mailing service has been satisfied by a plan (package DVDs and ship) which is divided into two other plans (get DVDs from warehouse, get dispatch list from customer service department).

Early Requirements - Dispatch Department - Goal Diagram.

Figure 4.4 - Early Requirements - Dispatch Department - Goal Diagram.

4.2 Late Requirement Model

In this stage, the functional, security and other non-functional requirements are described [2]. The system-to-be is introduced in this stage, the dependencies are redefined and constraints are further analyzed and security goals and entities necessary for the system to guarantee the security constraints are identified [2].

4.2.1 Security Enhanced Actor Model

One of the main aims of JNV DVD Rentals Inc. is to rent DVDs in efficient way which will improve company's profit and facilitate customers by making use of the advantage of Internet. The Online DVD Rental System to be introduced automates most of the process and enables remote selling. The following goals are identified to accomplish the system: Register with the system, Place Order, Check Order Status, Customer Queries, Movie & Game Catalog and Update List. All the goals in turn have sub goals which are satisfied by specific plans which are discussed in detail in next section (System Goal Model). The security constraints are further analyzed in this stage and ensured that all the security goals are satisfied.

As depicted in Figure 4.5, once the system is introduced, the dependencies among the actors are altered such that most benefits are achieved from the system-to-be. In early requirement stage the Customer was dependent on Customer Service Department for goals such as Registering With System, Place Order, Check Order Status, Queries, Catalog where as in this stage he depends on the system-to-be for all these goals. The system-to-be depends on Customer Service Department to Approve Customers, Answer Customer Queries. Also the goals are modified and delegated to adapt to the system-to-be.

Late Requirements - Security Enhance Actor Diagram.

Figure 4.5 - Late Requirements - Security Enhance Actor Diagram.

4.2.2 System Goal Model

Once the dependencies are modified after introducing the system, the goals, security goals and security constraints are further analyzed in detail to model the system. For instance to receive payment from Customer, it has been identified that a secure payment gateway is required. Hence a secure soft goal is introduced for the transactions to be secured which satisfies the security constraint. This secure soft goal is achieved by implementing the secure plan Use SSL, i.e., Secure Socket Layer should be used to ensure that the transactions are secured. The main consideration for the system from security point of view is Confidentiality, Integrity and Availability. Similarly all the security constraints are satisfied by a secure goal which in turn satisfied by a secure plan.

Late Requirements - System - Goal Diagram.

Figure 4.6 - Late Requirements - System - Goal Diagram.

4.3 Architectural Design Model

The architectural design phase defines the system's global architecture [2]. The architectural design diagrams are automatically generated by SecTro tool based on the models designed in Early Requirements and Late Requirements. Since the tool was not able to handle large model, the system goal diagram presented in previous section was drawn in a different project. Hence the tool was able to generate only one level of decomposition diagram as shown below.

Late Requirements - System Decomposition.

Figure 4.7 - Late Requirements - System Decomposition.

The SecTro also failed to generate the Architectural Style diagram, but based on the business requirements and the design model it is obvious that an online web application would need client server architecture to maintain integrity and confidentiality.

 

^table of contents^

 

5 Automated Tool and Peers critical evaluation (Part 3)

5.1 Evaluation by 0827477 - Johnson Muthyapaga

5.1.1 Evaluation of SecTro Tool

5.1.1.1 SECTION (A): MODELLING TOOL

1. Does the SecTro modelling tool allow graphical modelling of all elements and links that are required for your course work?

Yes the Sectro tool provides all type of tools and links. Which has given the links and elements are well suitable for the implementation of modelling.

2. Do the elements and links work as you expected?

Yes the elements and links work as expected. But in drawing the early requirements the links and the goal diagrams i.e secure constraints are not well inbuilt.

3. Do the elements and links work as you expected?

Yes The tool has all type of construction model ,constructing a small diagram is difficult.

4. How convenient is this modeling tool in working with smaller models (diagram)? (For e.g. only with few elements and links)

Modelling tool in working with smaller models For e.g. only with few elements and links Great, I can construct small model but there are few problems.

5. How convenient is this modelling tool in working with large model? (For e.g. with many elements, goal diagram etc).

Convenient way of modelling tool in working with large model For e.g. with many elements, goal diagram.

5.1.1.2 SECTION (B): AUTOMATION AND RULE CHECKING

9. Please state at least three ways this modeling tool could facilitate the rule checking and consistencies either with various elements and links or between various stages of the development process?

SecTro tool has helped you to better understand the theory behind Secure Software System Engineering by the goal diagrams and links helped me to understand the diagrams.The links easily makes me to understand the evaluation of the whole diagram.

5.1.1.3 SECTION (C): LEARNING AND FEEDBACK OF MODELLING TOOL

10. Do you feel the SecTro tool has helped you to better understand the theory behind Secure Software System Engineering?

During the development of the process a few bugs has been to be removed.

11. How do you think this tool assists your learning experience during the development process?

Ease of learning of the SecTro modelling tool,good It took me some time to learn to use it, Need documentation.

The depender always depends on the dependee but the secure constraint should be evaluated more.

12. How would you define the ease of learning of the SecTro modeling tool?

Resources and the constraints should have to be developed means the links between them should be evaluated more.

13. How would you rate the feedback provided by the tool?

In building a new project of the software the model really builds the aspect. It really reduces the cost of the project. Security constraints are satisfied by a secure goal which in turn satisfied by a secure plan. It provides most of the feedback like clearly giving every single option, constraints, links, elements, goal diagram, soft goals etc.

14. What kind of feedback you would expect to receive, which is not currently provided by this tool?

The errors are rare as the tool has a good feedback,errors between resources and soft goal diagram.

5.1.1.4 SECTION (D): ERROR REPORTING & USABILITY

15. How often do you encounter bugs or error while using this modelling tool?

The usefulness of the SecTro modelling tool, great it does most of the thing I expect it to do.

Overall satisfaction of the SecTro modelling tool.

16. How would you rate the usefulness of the SecTro modeling tool?

Great It is wonderful. As i felt with the project is has been satisfied ,as I have the knowledge to built a newly project.

17. How would you rate the overall satisfaction of the SecTro modeling tool?

SecTro modeling tool has easy way to understand the tools, but the difficulty arises in the building links between various soft and main goals as well as resources.

5.1.2 Evaluation of peer (0822532 - Narendran Calluru Rajasekar)

Naren has the good mutual understanding between us and good communicational skills, has the best knowledge of tool and the subject. He is the main member in the group , he added most of his inputs in the project.

5.1.3 Evaluation of peer (0850331 - Vamsikrishna Marri)

Vamsi gives new ideas in the topic and well capturing the situation of the project, he has the ability to prospect the project in new ways.

5.2 Evaluation by 0822532 - Narendran Calluru Rajasekar

5.2.1 Evaluation of SecTro Tool

5.2.1.1 SECTION (A): MODELLING TOOL

1. Does the SecTro modeling tool allow graphical modeling of all elements and links that are required for your course work?

Yes

Though the elements in the tool is sufficient for modeling the course work, I was not able to do Trust and Delegation Analysis in the tool. Adding partially satisfied link would help achieving some functionalities like partially satisfying goals.

Do the elements and links work as you expected?

No

* Sometimes links act up leaving behind stray marks.

* There is limitation of 3 security constraints between a goal and an actor when we choose from properties of link. However, I was able to add new constraint separately and link between the goal and the actor.

Does the tool allow construction of models (diagram) during all the stages (Early, Late, Architectural & Detail Design stage)?

No

* When we change dependency link in Late Requirement Model, the dependency links in the Early Requirement Model also changes which is wrong. Hence we had to create two different projects for Early Requirement Model and Late Requirement Model in order to complete the design. Adding rules may help us to overcome this issue. For example, the tool should create actors, goals and links automatically in Late Requirements when we add these elements in Early Requirements but when we change these elements in Late Requirements it should not alter anything in Early Requirements. This can be achieved by creating new objects in Late Requirements when an object is created in Early Requirement rather than referring to the previous object and also define appropriate rules.

* Tool is supposed to generate Architectural Style diagram automatically which it did not. This functionality has to be implemented.

* System doesn't allow goal diagram for agents. This would be required as the agent also has goals.

* While drawing Goal diagram in late requirements, the goal diagram keeps disappearing whenever a new element is added. This seems to be a bug in the tool, which is very annoying. I created a new project just to draw System goal diagram, but the catch is; I was not able to generate correct decomposition diagram as the sub goals are not in the main project.

How convenient is this modeling tool in working with smaller models (diagram)? (For e.g. only with few elements and links)

Good

Though I am able to construct small models, the interface is not very user-friendly. The following features would make it more user-friendly.

* Allow editing text within the symbol instead of opening a new dialog.

* Ability to copy and paste elements.

How convenient is this modeling tool in working with large model? (For e.g. with many elements, goal diagram etc).

Not Good

It is very difficult to work with large diagrams. The tool gives an average performance with many actors and goals without links, but when the links are added, the tool becomes adversely slow. Also I noticed that when the size of the file "object1.dat" is less than 7000 KB, the tool at least works slowly. When the size goes beyond 7000 KB, the tool just stopped working. Introducing following features would be very helpful to handle large diagrams.

* Auto format option to automatically format and position the diagram.

* Adding co-ordinates as properties to all elements would help to fix alignment issues quickly instead of dragging elements.

* Ability to convert elements such as Actor to agent, goals to resource etc with validations

* Ability to convert normal element to secure element and vice versa.

* Ability to change the order of the elements, i.e., to bring an element to front or take it back of another element.

5.2.1.2 SECTION (B): AUTOMATION AND RULE CHECKING

If you were developing this modeling tool, please state at least three changes you would make to automate the process of constructing models either at each stage or between various stages of the development process?

* Dependency check should be implemented i.e., if the tool should not allow a dependency link without a depender or dependee.

* As mentioned earlier, system should automatically check consistency between different stages of modeling.

* Ability to do Trust Analysis and Delegation Analysis and also generate appropriate goal diagrams by defining rules.

* Ability to draw data flow diagram, sequence diagram and collaboration diagram which will ease the further designing.

Please state three functionalities you would like to see being added to the SecTro modeling tools? (For e.g., print functionalities).

In addition to the feature I had mentioned for question 5, I would like the following features

* Exporting diagrams to different image formats such as JPG, TIFF etc.

* Detailed documentation which includes rules of each elements (This will keep the tool in sync with the methodology and also help users to learn methodology from the tool instead of depending on other sources).

* Save As functionality to save the project with a different name and continue from there on.

Currently this modeling tool doesn't provide any mechanism for checking rules and consistencies either with various concepts (elements and links) or during various stages of the development process. (For e.g., Decomposition link could be used to decompose Actor element, which is not meant to happen!).

Please state at least three ways this modeling tool could facilitate the rule checking and consistencies either with various elements and links or between various stages of the development process?

* Though the system is flexible to draw links which may be wrong sometimes and is required intermediately, introduction of a validate functionality which validates all the links in the diagram would facilitate easy modeling.

* Soft goals should not accept satisfied link, rather should accept contributes link.

* Once the system is introduced in later requirement stage, rules could be automated for changing dependencies among actors and systems by validating it with the dependencies in early requirement stage. Also a validation should be provided to check if all the dependencies are satisfied in late requirement stage.

5.2.1.3 SECTION (C): LEARNING AND FEEDBACK OF MODELLING TOOL

Do you feel the SecTro tool has helped you to better understand the theory behind Secure Software System Engineering?

No

Following existing rules and validation in SecTro tool is misleading and doesn't help to understand the theory rather creates confusion. Though the validation is not yet implemented in the tool, a documentation which explains the rules of the element would help us to understand the theory behind.

How do you think this tool assists your learning experience during the development process?

The tool helped us to understand very basic concepts like actors, goals, dependency links etc. The bugs in the system like the wrong dependencies between stages helped us to think more about it and we had to do little bit of research to understand the concept. Eventually both positive and negatives of the tool helped us to learn the methodology.

How would you define the ease of learning of the SecTro modeling tool?

Good

Since I am familiar with handling many tools, and also we had lectures on this topic; I was able to learn the tool fairly quickly. As I mentioned before, documentation would be required to ease the learning of tools and theory behind it.

How would you rate the feedback provided by the tool?

Not Good

I don't see any status provided by the tool when it is performing some action. The following are the points that I noted while using the tool

* I clicked on project save > clicked cancel. System says "project successfully saved" but my aim is to cancel the changes.

* When some exception occurs, the java exception message is shown to the user. This doesn't make sense to the user.

* Saving large projects is taking time, while the project is saving there is no status displayed and also allows other action like changing the diagram, which should not be allowed while the system is trying to save the project.

What kind of feedback you would expect to receive, which is not currently provided by this tool?

I would expect the following feedback from the tool:

* A status bar which shows the status of current operation.

* A user friendly message when exception occurs.

* Tool tip text for the elements in the diagram showing their properties.

5.2.1.4 SECTION (D): ERROR REPORTING & USABILITY

How often do you encounter bugs or error while using this modeling tool?

Very Often

* I clicked on project save > clicked cancel. System says "project successfully saved" but my aim is to cancel the changes.

* When handling large models, I noticed very bad performance of save functionality and sometimes nullify the whole project. Using Microsoft Visual Source Safe helped me to take back up frequently which helped me to revert back the changes.

* Often encounter stray marks when drawing links.

* When large projects are opened, the diagram is not displayed immediately. The image is painted only after scrolling a bit.

How would you rate the usefulness of the SecTro modeling tool?

Good

The tool helps us to understand the theory behind Secure Tropos methodology. It could be improved further by providing complete documentation, which should include both the usage of tool and theory behind it.

How would you rate the overall satisfaction of the SecTro modeling tool?

Fair

The overall objective to the tool is not achieved, that is learning and implementing Secure Tropos. It could be achieved by fixing the bugs mentioned above and adding new features which is also mentioned above.

Please state your comments or experience with using SecTro modeling tools?

* An option to enable logging of actions performed and errors. This will help us to get feedback from all the users using the tool as each user will have their own way of handing tools and also usage scenarios and environment may differ.

* Tool doesn't allow multiple selections - Multiple selections will be very helpful for formatting the diagram.

* When I clicked on show goal diagram option, the goal diagram's outer ring became very huge. It took lot of time to move element and correct the position. Adding co-ordinate property to element would help to fix the alignment issues quickly

* System allows moving the goal diagram (circle) away from actor. Once goal diagram is moved away from it, there is no reference which binds them to the actor. If there are multiple actors and goal diagrams which are moved away, it would become difficult to identify actor goal association.

* There is no option to duplicate a project. For drawing late requirements actor diagram, I had to repeat everything that I done in early requirement which is very time consuming.

5.2.2 Evaluation of peer (0827477 - Johnson Muthyapaga)

John contributed good ideas for the course work. He initially showed keen interest in group discussion but later his other responsibilities took priority. He missed out few team meetings.

5.2.3 Evaluation of peer (0850331 - Vamsikrishna Marri)

Vamsi showed keen interest and participated in team meeting effectively. Initially his thoughts were very much focused on spiritual aspects and were not global, but later aligned with team's focus and contributed good ideas. He is a good team player and has good attitude to work. He is open to criticisms and adapts quickly.

 

5.3 Evaluation by 0850331 - Vamsikrishna Marri

5.3.1 Evaluation of SecTro Tool

5.3.1.1 SECTION (A): MODELLING TOOL

1. Does the SecTro modelling tool allow graphical modelling of all elements and links that are required for your course work?

Yes

2. Do the elements and links work as you expected?

No

This is about every link and element. When I tried to select element, link was highlighting. Even though we deleted the link or elements there are some stray marks in the back ground.

3. Do the elements and links work as you expected?

No

The dependencies will change in late requirements. The tool has to update late requirements from early requirements. The tool is not updating the late requirements diagram properly. Tool is also not generating architectural design properly.

4. How convenient is this modelling tool in working with smaller models (diagram)? (For e.g. only with few elements and links)

Good

It's good to work with small diagram. It's easy to save, open, manipulate.

5. How convenient is this modelling tool in working with large model? (For e.g. with many elements, goal diagram etc).

Fair

The large diagram taking lot of time to save or to reopen. Sometimes it is hanging up and nullify everything we did.

5.3.1.2 SECTION (B): AUTOMATION AND RULE CHECKING

6. If you were developing this modelling tool, please state at least three changes you would make to automate the process of constructing models either at each stage or between various stages of the development process?

* While working on early requirements, both late requirements and architectural design have to update as per the dependencies.

* Error checking must be included

* It is better to have auto correcting also.

7. Please state three functionalities you would like to see being added to the SecTro modelling tools? (For e.g., print functionalities).

* (copy or cut) and paste elements, links

* Multiple selections of links and elements.

* Print

* Multiple Windows.

* Help

8. Currently this modelling tool doesn't provide any mechanism for checking rules and consistencies either with various concepts (elements and links) or during various stages of the development process. (For e.g., Decomposition link could be used to decompose Actor element, which is not meant to happen!).

* In late requirement design dependencies have to change with respect to system.

* Check whether all the dependencies of an actor are satisfied or not

* Check whether links are using for the right purpose or not. Eg. For main goal there must be satisfactory link or means ends link.

 

9. Please state at least three ways this modeling tool could facilitate the rule checking and consistencies either with various elements and links or between various stages of the development process?

* In late requirement design dependencies have to change with respect to system.

* Check whether all the dependencies of an actor are satisfied or not

* Check whether links are using for the right purpose or not. Eg. For main goal there must be satisfactory link or means ends link.

5.3.1.3 SECTION (C): LEARNING AND FEEDBACK OF MODELLING TOOL

10. Do you feel the SecTro tool has helped you to better understand the theory behind Secure Software System Engineering?

Yes

I understand the importance of security from this tool by putting security constraints.

11. How do you think this tool assists your learning experience during the development process?

It teaches me the importance of security and how to analyze a system.

12. How would you define the ease of learning of the SecTro modeling tool?

Fair

The material provided is not very much good to develop the design. For me it took lot of time to learn which link I have to put between elements. It has to very clear and must provide some examples for the links. We searched a lot of documents to make sure that we are going in right track or not.

13. How would you rate the feedback provided by the tool?

Fair

It is not telling whether I'm going in the correct way or not. It is not reporting anything.

13. What kind of feedback you would expect to receive, which is not currently provided by this tool?

It has to notify me when I'm doing any mistake with links or elements. If there is any wrong it has to notify me the other possible ways.

5.3.1.4 SECTION (D): ERROR REPORTING & USABILITY

14. How often do you encounter bugs or error while using this modelling tool?

Often

When I click on save it is showing save or cancel. Even though I click on cancel it is saving successfully instead of cancel the saving. It is very slow. Sometimes it is hanging up and nullify everything what I did. There are some marks in the back ground even though it's been deleted. Late requirements are not updating properly.

15. How would you rate the usefulness of the SecTro modelling tool?

Fair

It has to be user friendly, check the usability perspective, error detecting, auto correcting, auto check the links whether they are in the proper order or not, like doing analysis in the possible ways the links can be connected.

16. How would you rate the overall satisfaction of the SecTro modelling tool?

Good

I found this tool is good. This tool has to improve in a some ways. Like usability, user friendly. Must add help for this one.

17. Please state your comments or experience with using SecTro modelling tools?

First I found it, easy to work with this one. Whenever I was going deeper and deeper I found it very difficult to work with this tool because of insufficient material, help for those links. We have spent some sleepless nights to sort those things out.

5.3.2 Evaluation of peer (0827477 - Johnson Muthyapaga)

Because of his residence and other responsibilities he didn't participate in some team meetings. Apart from that one he did decent work and research.

5.3.3 Evaluation of peer (0822532 - Narendran Calluru Rajasekar)

He has lot of dedication and determination towards work. He can spend sleepless nights to work on coursework. Friendly nature, optimistic, zeal to learn something, lot of passion to do something. He helped me a lot in coursework.

 

^table of contents^

 

6 Appendix - Acronyms

Term Definition
JNV Initial letters of team member names
DVD Digital Versatile Disc
Pay Per View Pay for a movie and watch it online
CCTV Closed-circuit television (CCTV) - used for surveillance
SecTro Secure Tropos
BBFC British Board of film classification
HAE Hire Association Europe
VSC Video Standards Council
FACT Federation Against Copyright Theft

 

^table of contents^

 

7 Useful Links

1. http://www.businesslink.gov.uk/

2. http://www.troposproject.org/

3. http://www.opsi.gov.uk/

4. http://www.berr.gov.uk/

5. http://www.bbfc.co.uk/

6. http://www.videostandards.org.uk/

 

^table of contents^

 

8 Bibliography

[1] Mouratidis, H. and P. Giorgini (2007). Integrating security and software engineering: advances and future visions. Hershey, PA, Idea Group Pub.

[2] H. Mouratidis, P. G. (2004). Enhancing secure Tropos to effectively deal with security requirements in the development of multiagent systems. Safety and Security in Multiagent Systems. N.Y. USA.

[3] Dodd, V. (2005). Judges ban sale of porn videos on net. The Gaurdian. London, Guardian News and Media Limited.

[4] Robert, H. (1998). Automated Video Cassette Dispensing Terminal Coupled to Stores Computerized Rental System. Foreign Patent Document. U. S. Patent. United States, Thru-The Wall Corporation. 5,013,897.

[5] Stacy, V. (2006). Movie Rental and Notification System. Foreign Patent Document. U. S. Patent. United States. US 7,085,727 B2.

[6] BBFC (2008, April 25, 2009). "BBFC.online LICENCE." Retrieved April 25, 2009, from http://www.bbfc.co.uk/downloads/pub/BBFConline/BBFC_online_Aggregators_Licence_1_1.pdf.

[7] Council, N. (2009). "Warning to shops about trading on pavements." Retrieved 2009, April 25, from http://www.newham.gov.uk/News/2007/May/WarningToShops.htm.

[8] Council, S. C. (2008). "Application to licence a sex shop." Retrieved 2009, April 25, from http://www.salford.gov.uk/business/licensing/licensing-trading/licensing-traderstrading/sexshop.htm.

[9] Masnick, M. (2008, October 29). "DVD Rental Kiosk Patented... Redbox Sued." Retrieved April 28, 2009, from http://www.techdirt.com/articles/20081029/0258362681.shtml.

[10] Webcredible (2009). "Disability Discrimination Act (DDA) & web accessibility." Retrieved April 27, 2009, from http://www.webcredible.co.uk/user-friendly-resources/web-accessibility/uk-website-legal-requirements.shtml.

[11] Office, I. C. s. (2009). "CCTV." Retrieved 2009, April 25, from http://www.ico.gov.uk/Home/for_organisations/topic_specific_guides/cctv.aspx.

[12] OPSI (2008). "Sale of Goods Act 1979 (c. 54)." Retrieved April 17, 2009, from http://www.opsi.gov.uk/RevisedStatutes/Acts/ukpga/1979/cukpga_19790054_en_1.

[13] OPSI (2008). "Computer Misuse Act 1990." Retrieved April 2, 2009, from http://www.opsi.gov.uk/acts/acts1990/ukpga_19900018_en_1#pb1-l1g3.

[14] OPSI (2008). "Human Rights Act 1998." Retrieved April 17, 2009, from http://www.opsi.gov.uk/acts/acts1998/ukpga_19980042_en_1.

[15] OPSI (2008). "The Telecommunications Act 1984 (Extension of Relevant Period) (No. 3) Order 1992." Retrieved April 17, 2009, from http://www.opsi.gov.uk/si/si1992/Uksi_19921684_en_1.htm.

[16] OPSI (2008). "Theft Act 1968 (c. 60)." Retrieved April 17, 2009, from http://www.opsi.gov.uk/RevisedStatutes/Acts/ukpga/1968/cukpga_19680060_en_1.

[17] OPSI (2008). "Criminal Damage Act 1971 (c.48)." Retrieved April 17, 2009, from http://www.opsi.gov.uk/RevisedStatutes/Acts/ukpga/1971/cukpga_19710048_en_1.

[18] OPSI (2008). "Enterprise Act 2002." Retrieved April 17, 2009, from http://www.opsi.gov.uk/acts/acts2002/ukpga_20020040_en_1.htm.

[19] OPSI (2008). "Competition Act 1998." Retrieved April 17, 2009, from http://www.opsi.gov.uk/acts/acts1998/ukpga_19980041_en_1.

[20] OPSI (2008). "Data Protection Act 1998." Retrieved April 17, 2009, from http://www.opsi.gov.uk/acts/acts1998/ukpga_19980029_en_1.

[21] OPSI (2008). "The Consumer Protection from Unfair Trading Regulations 2008." Retrieved April 17, 2009, from http://www.opsi.gov.uk/si/si2008/uksi_20081277_en_1.

[22] OPSI (2008). "The Consumer Credit Act 2006." Retrieved April 17, 2009, from http://www.opsi.gov.uk/si/si2008/uksi_20082444_en_1.

[23] OPSI (2008). "Unfair Contract Terms Act 1977 (c.50)." Retrieved April 17, 2009, from http://www.opsi.gov.uk/RevisedStatutes/Acts/ukpga/1977/cukpga_19770050_en_1.

[24] OPSI (2008). "Sexual Offences Act 2003." Retrieved April 17, 2009, from http://www.opsi.gov.uk/acts/acts2003/en/ukpgaen_20030042_en_1.

[25] OPSI (2008). "The Consumer Protection (Distance Selling) Regulations 2000." from http://www.opsi.gov.uk/si/si2000/20002334.htm.

[26] OPSI (2008). "The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2004." Retrieved April 17, 2009, from http://www.opsi.gov.uk/si/si2004/20041039.htm.

[27] OPSI (2008). "Companies Act 2006." Retrieved April 17, 2009, from http://www.opsi.gov.uk/acts/acts2006/ukpga_20060046_en_1.

[28] OPSI (2008). "Trade Marks Act 1994." Retrieved April 17, 2009, from http://www.opsi.gov.uk/acts/acts1994/ukpga_19940026_en_1.

[29] OPSI (2008). "Patents Act 1977 (c. 37)." Retrieved April 17, 2009, from http://www.opsi.gov.uk/RevisedStatutes/Acts/ukpga/1977/cukpga_19770037_en_1.

[30] OPSI (2008). "The Copyright and Rights in Databases Regulations 1997." Retrieved April 17, 2009, from http://www.opsi.gov.uk/si/si1997/19973032.

[31] OPSI (2008). "Copyright, Designs and Patents Act 1988." Retrieved April 17, 2009, from http://www.opsi.gov.uk/acts/acts1988/Ukpga_19880048_en_1.htm.

[32] OPSI (2008). "Freedom Of Information Act 2000." Retrieved April 17, 2009, from http://www.opsi.gov.uk/acts/acts2000/en/00en36-b.htm.

[33] OPSI (2008). "The Copyright (Computer Programs) Regulations 1992." Retrieved April 17, 2009, from http://www.opsi.gov.uk/si/si1992/Uksi_19923233_en_1.htm.

[34] OPSI (2008). "Disability Discrimination Act 1995 (c. 50)." Retrieved April 30, 2009, from http://www.opsi.gov.uk/acts/acts1995/ukpga_19950050_en_1.

[35] OPSI (2009). "Registered Designs Act 1949." Retrieved April 17, 2009, from http://www.opsi.gov.uk/RevisedStatutes/Acts/ukpga/1949/cukpga_19490088_en_1.

[36] DRS. (2009). "Daily Dispatch routine procedures." Retrieved april 20, 2009, from http://www.dvdrentalsystem.com/files/html/dispatch.htm.http://www.dvdrentalsystem.com/files/html/dispatch.htm.

[37] Erpho. (2009). "Teenage Conception Statistics for England1998-2007." Retrieved April 20, 2009, from http://www.erpho.org.uk/download.aspx?urlid=17354&urlt=1.

[38] HMRC. (2009). "Introduction to VAT." Retrieved April 20, 2009, from http://www.hmrc.gov.uk/vat/start/introduction.htm.

[39] FACT. (2009). "The federation against copyright theft." Retrieved April 22, 2009, from http://www.fact-uk.org.uk/index.htm.

[40] HAE. (2009). "About the Association." Retrieved April 22, 2009, from http://www.hae.org.uk/pages/index.cfm?page_id=4.

[41] VSC. (2009). "Welcome to the Video Standards Council " Retrieved April 22, 2009, from http://www.videostandards.org.uk/.

[42] BBFC. (2009). "About The BBFC." Retrieved April 22, 2009, from http://www.bbfc.co.uk/about/index.php.

[44] OPSI. (2002). "The Electronic Commerce (EC Directive) Regulations 2002." Retrieved April 22, 2009, from http://www.opsi.gov.uk/si/si2002/20022013.htm.

[45] NMFT. (2009). "Working for market traders, safeguarding the industry." Retrieved April 22, 2009, from http://www.nmtf.co.uk/index.php?id_cpg=14.

[46] ERA. (2009). "About Us- What is ERA." Retrieved April 23, 2009, from http://www.eraltd.org/content/About.asp.

[47] BASW. (2009). "Values and Principles." Retrieved April 22, 2009, from http://www.basw.co.uk/Default.aspx?tabid=64.

[48] ASPA. (2006). "ASPA's Code of Ethics." Retrieved April 22, 2009, from http://www.aspanet.org/scriptcontent/index_codeofethics.cfm.

 

^table of contents^

 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.