IAB201 : Modelling Information Systems - Process Modelling - Assessment-Answer

Modelling Information Systems

Case Scenario/ Task SCENARIO: ONLINE AUTHENTICATION AT MYBANK In the following, the procedure of online authentication at MyBank is described. The typical routine for logging into an Internet bank account starts once the credentials entered from the user have been retrieved. First, the username is validated. If the username is not valid, the routine is interrupted and the invalid username is logged. If the username is valid, the number of password trials is set to zero. Then the password is validated. If this is not valid, the counter for the number of trials is incremented and if lower than three, the user is asked to enter the password again, this time together with a CAPTCHA test to increase the security level. If the number of failed attempts reaches three times, the routine is interrupted and the account is frozen. Moreover, the username and password validation may be interrupted should the validation server not be available. Similarly, the server to test the CAPTCHA may not be available at the time of log in. In these cases, the procedure is interrupted after notifying the user to try again later. At any time during the log in routine, the customer may close the web-page, resulting in the interruption of the routine TASK 1 Develop a Petri net system that captures all the processes in the proposed scenario description. As this model will be used as a basis for implementing an information system to support MyBank’s business, it must reflect the proposed scenario as close as possible. Ensure that your model is free of syntactic errors. The model must be semantically valid and complete as per the proposed scenario description, i.e., every execution sequence of your Petri net system must reflect a valid sequence of steps from the scenario description and every sequence of steps from the scenario description must be reflected in some execution sequence of your Petri net system. TASK 2 Discuss limitations of Petri nets that you have experienced when capturing the proposed scenario description. Which aspects of the proposed scenario have found their representation in the Petri net system that you developed to accomplish Task 1 and which aspects were not captured? For every aspect of the scenario that was not (precisely) reflected in your Petri net system, explain why (in your opinion) Petri nets are not appropriate for modelling the respective aspect. IAB201 – Assignment 2 – Process Modelling with Petri Nets MARKING CRITERIA Task 1: 1) Proposed Petri net system has no syntactic errors, i.e., it follows the rules for constructing Petri nets. 2) Proposed Petri net system correctly captures the following process aspects: a. Initial input of username and password b. Handling of valid username and password entries c. Handling of invalid username d. Interruption upon unavailability of the validation server e. Interruption upon unavailability of the CAPTCHA server f. Handling of invalid password g. Handling of three password entry attempts h. Handling of account freezing upon three invalid password entries Task 2: Your answers to Tasks 1 and 2 must cover the proposed scenario, i.e., every aspect of the proposed scenario must be either modelled in your answer to Task 1 or discussed in your answer to Task 2. In addition, the ratio between the information from the proposed scenario reflected in your answers to Task 1 and Task 2 must be reasonable, i.e., all the information on process steps and their dependencies must be captured in the proposed Petri net system, while those aspects that were not captured in your model due to the limitations of Petri nets must be mentioned and discussed in Task 2. Your answer to Task 2 can be short

Petri nets graphical diagrammatic tools that are used to design and model concurrency. In addition they are also used to model synchronization in distributed systems. They were first modeled by Carl Adam Petri in 1962 and adopted widely in technology companies as a visual aid to model the behavior of systems. A petri net consists of states of the system represented as circles and transitions which are represented by rectangles. Arcs or arrows are used to connect Circles to rectangles. TASK 1 The diagram is presented in the next page. TASK 2 Discuss limitations of Petri nets that you have experienced when capturing the proposed scenario description • Petri nets can become too large for a small non trivial process, when generating all the states and transitions. • The petri nets can become too large to analyze, mostly because of the sheer size of the representations. • Very large nets are designed to represent a small process such as user authentication and data validation. When other processes of the system are added for petri net representation the system becomes too large and difficult to analyses and interpret. Which aspects of the proposed scenario have found their representation in the Petri net system that you developed to accomplish Task 1? The petri nets captured most of the scenario that was given as the task. The user inputs, the control flow of the systems, such as iteration as password count is incremented, branching for decision making in case the input is invalid or evaluated as incorrect. Introduction of the CAPTCHA was well displayed and captured in the system, with convenience that, it’s first authenticated and if correct the password is authenticated next for better system usability. Which aspects were not captured? The petri nets were not able to represent the data type of the credentials. There is a high likelihood SQL injections can be fed into the system and exploit vulnerabilities. SQL injections are structured query language constructs that are written to be executed when fed into a form and may cause deletion and modification of database records, they may also result to database data dumps of customer information. Persistent of the memory state of the password trials' counter is not clearly represented in the Petri net. For proper iteration the counter state could be held so that evaluation whether it’s above three or not could be successful. Some aspects of the system where both actions and also states could not be represented as both. E.g. user display or feedback. This may cause confusion and difficult in drawing the petri nets and interpretation. The limitation of using only a square and circle limits the extent of representation. For every aspect of the scenario that was not (precisely) reflected in your Petri net system, explain why (in your opinion) Petri nets are not appropriate for modelling the respective aspect Petri net represent user inputs clearly and easily. Nevertheless, it does not represent in anyway the type of user data that is being brought in to the system. This net cannot therefore be used by system developers to develop the system and or improve it. Petri nets are graphical representation for documentation and cannot have memory state persistence during representation. Novice developers or employees may have difficult in following the chart consistently. Petri nets are limited to only circles and squares to represent states and transitions. It is common knowledge to design and document a whole system other factors come into play and the need to simplify the system may not be achieved and all factors and system variables may not be adequately represented. Conclusion There are multiple petri nets variants and it’s up to the user to decide which variant is most suitable for commercial or learning purposes. The definition of a petri net and its correspondent design principles are rather subjective and it is left to the reader to objectively study the petri nets correlate other definitions and choose the best term possible. Nevertheless, in developing systems simplicity is key and petri nets seem like a lot of work to represent a basic idea or complex multifaceted system. Thus major alterations and improvements need to be made to simplify design, so that it’s not laid aside to other tools like Flow charts.