Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Health 'R' US
Murtaza Ali Imtiaz, Mohsin Irshad, Muhmammad Nasir, Muhammad Mansur
Blekinge Tekniska Högskola Ronneby, Sweden
{maim07, moir08, mund07, mbmu08}@student.bth.se
TABLE OF CONTENTS
Page 2 of 73
Health ‘R’ Us Group 17
1. Introduction
This document describes the software architecture of a health system called “Health R US”. This health system consists of
different hospitals and healthcare institutions. These are inter-connected to share information in the form of journals. These
journals contain case history of patients. These journals accompany patients from their initial medical checkup till the end of
their treatment. Patients move from one healthcare institution or hospital to another. They need their journals to be accessed
at other hospitals or healthcare institutions. A software system is to be implemented to share journals and journals data
among all hospitals and healthcare institutions. This report consists of a proposed architecture of the system in the light of
Applied Software Architecture by Christine Hofmeister, Robert Nord, Dilip Soni foreward by Cris Kobryn [1]. Software
system has functional and non-functional which are also categorized as quality requirements. Detailed introduction about
the system is presented in the form of functional and quality requirements.
Journals with patient’s information are placed on centralized servers. Each centralized server contains information for
healthcare institution or hospital. Healthcare institutions and hospitals are connected to each other via internetwork. Users
connect to the system through their standard PCs and handheld devices. Unauthorized access not denied to users, whether
they access information within a single hospital of institution or between different healthcare institutions. System provides
concurrent access for multiple users. In such an access, updated changes must be visible to all users. These updates are
visible without any delay. The system contains complete information about patients. It also supports version management
for journals. Users are able to access information for which they are designated to perform operations. During updating
information it is possible to go back and view prior information. Images and videos are stored as a part of the journal data.
The contain ultrasounds, EKG graphics, X-rays etc. Backward compatibility is possible i.e. it is possible to add digitized
versions of paper based journals.
Page 3 of 73
Health ‘R’ Us Group 17
2. System Architecture
2.1 Global Analysis
Page 5 of 73
Health ‘R’ Us Group 17
Clients can connect to system with different type of hardware devices with different operating systems installed. These users
should be able to access the system. It is not possible to develop a separate back end for each type of user platform. Let us
consider the scenario.
Influencing Factors
P1.1 Services are provided for selected clients machines.
Solutions
Use web application to make server side support platform independent for clients. Clients from any platform can access
journals through their web browser.
Related Strategies
No related strategies have been developed.
Users access to same journals concurrently. If this is read only then users do not have any problem. But if multiple users try
to access same journal with editing preferences then it becomes a problem. Such scenarios need to be solved. Similarly,
there can be a problem getting the update on the on a client machine whenever a user has updated patient information. Let
us consider issue card for this issue.
Influencing Factors
P1.2 Multiple clients request same journal at a same time.
P4.1 Network failure will stop the transfer.
Solutions
Use locking mechanism for locking edit controls for single journal, whenever one user has entered edit mode. Also, use
Ajax mechanism for bringing updates on client machines.
Related Strategies
No related strategies have been developed.
If there is one server for all hospitals it becomes a mess. It is very difficult for a server to handle all requests locally, and
remotely. Main problem arises when remote users access information. Not only network bandwidth is kept busy, but also
time find and search journal become increasingly high. There must be some phenomenon for solving this problem. Web
Page 6 of 73
Health ‘R’ Us Group 17
server has capability of handling heavy traffic. The main server which become very busy and is required for completing the
operation is database server. It contains information of all patients in the form of raw data and journals. Let us consider this
problem in the form of an issue card.
Influencing Factors
P1.4 Time for journal to reach the client depends on the distance of centralized server from the requesting client.
P1.2 Multiple clients request same journal at a same time.
P4.1 Network failure will stop the transfer.
Solutions
Use distributed database with each server containing information about other databases. Database server does not have to
fetch complete remote journal in case of client request.
Related Strategies
No related strategies have been developed.
On a couple of occasions servers are needed to be brought offline. The reasons can be for testing new software, performing
maintenance operations, or others. In such cases, server access becomes unavailable. Let us consider issue card for this
issue.
Influencing Factors
P1.4 Local servers are dedicated but still maintenance operations are required.
P4.3 Availability becomes a problem.
Solutions
One backup server is placed at each centralized location. This backup is brought up at the place of primary database server
whenever the server is brought offline.
Related Strategies
There is one related Strategies which is use distributed database.
Page 7 of 73
Health ‘R’ Us Group 17
There is a possibility that space for database servers becomes insufficient. This possibility can be due to the reason that
distributed databases not only contain data for server itself, but also data about other health care institutions as replication
updates are brought. Let us consider issue card.
Physical Storage
Physical storage can be insufficient as data size can become very large. Each centralized server is connected to its
distributed database on remote location. Data of each centralized server is distributed to other servers. In this way data
size becomes huge. There should be physical storage available for storing such data.
Influencing Factors
P1.4 Complete data for a hospital or health care institution is at a centralized location.
Solutions
Place extra physical storage at each central location.
Related Strategies
There is one related Strategies which is time to receive journal.
Now let us consider data and information systems security. Access to confidential data must be secure. Unauthorized users
must not be allowed to access the system. Users from outside world may not be able to access any kind of information.
System should also be safe from hacker’s attacks.
Influencing Factors
P1.1 Access to system
P1.5 System Security
P1.4 Centralized server
Solutions
We can use cryptography protocols for securing our data.
Related Strategies
There are no related strategies.
Page 8 of 73
Health ‘R’ Us Group 17
Influencing Factors
P4.1 Communication breakdown
P4.3 Power Failure
T5.4 Communication
T3.2 User Interface
Solutions
We can provide multiple replications of databases and web servers for availability and for usability we can use web
interfaces as most of the users are familiar with that
Related Strategies
Related strategies are secure system for web, maintenance operations and platform independence for clients.
Page 10 of 73
Health ‘R’ Us Group 17
2.2 Conceptual View
Three main activities that are involved in conceptual view are global analysis, central design tasks and final design task. Let
us go through each activity one by one.
Now we continue with next activity which includes central design tasks.
Now, we assume that user is authenticated; now user performs a different operation which is the second major activity.
These operations can be different management tasks like create a new patient journal, make an appointment, initial medical
checkup, detailed medical examination, tests, operations etc. We categorize this activity as single conceptual component
called BusinessLogic. As the application web based, this component is placed on an external entity which is a web server.
Web server acts as a container for this component. Display can be sent directory to user screens.
All management activities taking place in the conceptual component needs data access for the completion of their tasks, as
journals other records are kept in a data repository. Data repository is a database containing data. We categorize this
conceptual component which facilitates communication with database as Data. Management requests and receives data from
database through this component. As database used is a distributed database [10], it communicates with other distributed
peers across the network. Database needs to be configured and maintained. These operations are performed by a third party
Distributed Database Management System (DDBMS). Data communication between databases takes place in wide area
network, as this communication is between different hospitals and health care institutions. This network also needs to be
configured and maintained. These operations are performed by a third party Network Operations Center (NOC). We
categorize this activity as data logic.
When user gets authenticated and is authorized to perform various operations. In this case there are two types of users. One
Page 11 of 73
Health ‘R’ Us Group 17
type of users like administrative staff and nurses are allowed to view the journals only. Some of data for journals is changed
like appointments are added etc. but these changes are managed by system and maintained separately than other sensitive
data. Users like medical doctors have privileges to edit patient information. For this operation editing privileges are
required. These are second kind of users. Third kinds of users are administrative users. There users are allowed to perform
administrative tasks. These users have all privileges.
Page 12 of 73
Health ‘R’ Us Group 17
Now let us consider initial high level architecture as mentioned in figure 1. Users send operations request through their web
controls available to them. These operations are sending at PresentationLogic component, which further forwards the
control to BusinessLogic component. BusinessLogic component is the place where actual activity is takes place. Request
data is send by BusinessLogic component to PresentationLogic to complete operations. BusinessLogic component is
responsible for complete management of the activity. Now, we wonder where does the data come from which is handled by
BusinessLogic. This data comes from the database logic component. This component contains the communications
mechanism with the database. The three categorized activities are recognized as components and represented in initial high
level architecture in Figure 1.
:Health R Us
userOperation :PresentationLogic
sender
businessControl
receiver
:Control
:Control
sender
receiver
presentationControl
webServer :BusinessLogic
rawDataIn displayDataOut
dest
:Data userDisplay
:Data
displayDataIn
source
rawDataOut
dDBMS :DatabaseLogic
NOC
Figure 1. Initial High Level Architecture
Page 13 of 73
Health ‘R’ Us Group 17
In the next step we start decomposing these components. This will give the granular details of the process and activities
taking place. These activities are further categorized as components.
:Hospital R Us
receiver :PresentationLogic
:Control
sender
userOperation :JournalControl :ReportControl
:Authentication
sender Manager Manager
receiver
source
receiver
:Control
:Control
:Data
sender
dest
sender
`
:BusinessLogic
receiver
dest
source
dest
source dest
userDisplay
:Data
:Data
:Data
:Data
source
source
dest
:DataLogic
:Database
dDBMS Manipulator
NOC
First of all user authentication is required. User sends authentication request. The request is handled by Authentication
component. The request login information goes to BusinessLogic component for further processing. SecurityManager
component of BusinessLogic handles authentication. It further communicates with the data logic component. Data logic
component has DataManipulator which directly communicates with database. If login information is found in the database,
access is granted to the user. DatabaseManipulator component send user identification information to journal manager or
report manager component. Report Manager component deals with read only access to journals, where as JournalManager
component deals with edit mode access to journals. Control is transferred according to default privileges for user. Further
from BusinessLogic component, control is further transferred to JournalControlManager or ReportControlManager. These
components are responsible for complete journal management activities. Data is fetched from database through
DatabaseManipulator component, whereas these components communicate with DatabaseManipulator.
Page 14 of 73
Health ‘R’ Us Group 17
PresentationLogic Component
The PresentationLogic component is responsible for the interaction with the user. This component consists of user controls
and operations. Display is available to the user and he can perform different operations with the help of controls available to
him. Figure3 demonstrates decomposition of PresentationLogic.
Figure 3. PresentationLogic
The three main components of the PresentationLogic are: Authentication, JournalControlManager and
ReportControlManager.
The main task of Authentication component is to allow the user to log in to the system and to create new account. It also
provides the user functionality of recovering the lost password. Since the system must be made secure and unauthorized
access is prevented this only provides the representation part of the security system which is present in the lower
component. When user gets authenticated he is granted access to JournalControl Manager. With the help of this component
user can perform operations which deals with journals access. JournalControlManager is responsible for handling the
journals and their build up. Build up includes the setting up user details and details of initial check up of user. This portion is
strictly for the Doctors or for the administrators of the system. Doctors can view and edit the details of the users whose
record is present in the system. The main responsibility of ReportControlManager is to show the journals to the users or to
the nurses. This does not allow anyone to edit the journal or different types of reports present in the system. A patient or
some other user can search the records of a patient's journal.
Authentication Component
Authentication component has the following architecture composed of three components as shown in the diagram.
Page 15 of 73
Health ‘R’ Us Group 17
Page 16 of 73
Health ‘R’ Us Group 17
JournalControlManager Component
JournalControlManager is decomposed into two main components; these are accessible for the doctors only. Here the doctor
can initiate the initial check up of the user, as the doctor initiates the check up a journal is created for the user. This panel
also supports edit mode for the doctor to update the details of some previously existing user.
Find Journal component contains a component named View_data. It is meant for viewing journal.
View_data Component
Functionality of this component is demonstrated in figure.
Edit_initiate Component
Functionality of this component is demonstrated in the figure.
ReportControlManager Component
ReportControlManager consists of functionality is the main component of this system where the nurses are able to search
the record of the user and also the previous versions can also be accessed by them. A ViewJournal component accepts the
input and then sends this input to the lower level components for fetching the search based results, the view component is
responsible for the viewing of data which was requested.
Search_Request Component
Functionality of this component is demonstrated in the figure.
Page 18 of 73
Health ‘R’ Us Group 17
View_data2 Component
Functionality of this component is demonstrated in the figure.
Page 19 of 73
Health ‘R’ Us Group 17
BusinessLogic Component
BusinessLogic is the brain of the system. The main tasks are performed here and its main components are SecurityManager,
JournalManager and ReportManager as shown in figure 6.
User login information is send to DataLogic component, for authentication. When user is authenticated successfully, user
role is determined which can be doctor, nurse administrative staff etc, is sent to SecurityManager component
SecurityManager component transfers control to JournalManager of ReportManager component along with the user role
information. JournalManager and ReportManager are components where the complete activity takes place.
SecurityManager Component
SecurityManager has two main components, the AuthenticationManager, Privilege Manager and AccountsManager
component. The AuthenticationManager is responsible for granting authentication of a user based on his user name and
password. When a user logged in successfully a session ID is provided to the client and based on that session ID the user is
authenticated to use any service. User access is provided on the basis of PrivilegeManager component which fetches
privileges of the user with unique userId. With these privileges user is authorized to perform operation on the system. The
AccountManager is responsible for the process of new account creation and also checks the validity of the user data in case
of the password forget. Information is provided to these components from PresentationLogic component whereas data is
fetched through DataLogic component.
loginInfoIn userPrivilegeDaaOut accountInfoIn
:SecurityManager
source dest
:Authentication :Privilege :Accounts
Manager :userId Manager Manager
loginDataOut
userPrivilegesDataIn accountInfoDataOut
AuthenticationManager further contains a component named Authentication. It deals with complete authentication activity.
This component consists of Authentication information for the user. It is further consists of granular components. These are
Page 20 of 73
Health ‘R’ Us Group 17
Authentication, F_pass and New_Acc. The component Authentication is responsible for getting the user name and password
from the user and then sending this to the lower level components for authentication and other security checks based on his
input a message is displayed to him. Second component is F_pass provides the functionality on the user to recover
password. Here the user of the system is able to reset his password based on some security questions related to the user. The
third component New_Acc is responsible for creating new account for the new users. The account creation requires some
permission which is checked in the security manager component placed below.
. Other activities recovery for forgotten password and creating new account demonstrated below.
JournalManager Component
JournalManager can be categorized as heart or brain of the system, it is hard to decide between two, heart is a better choice.
This component has there chambers or subcomponents. First one is initial checkup; this component receives user
information, and deals with initial checkup of the user. Initial checkup is done normal medical doctor. Doctor examines the
patient and performs the diagnosis. Patient record is saved in the form of journal. If patients require detailed medical
examination, he is referred to specialist. Detailed checkup is handled by the specialist and the activity is performed by
Prescription component. Specialist performs detailed examination of the patient, if he finds that patient needs some medical
examination, patient is further referred for medical examination. Tests component deals with the activity that takes place in
medical examination department. Medical examination staff performs the medical examination, and results send to
ReportControlManager component in the form of results. Specialist obtains that information with appropriate version
managed by ReportControlManager component. Then recommendations and results are saved to user journal through
DatabaseLogic component.
InitialCheckup Component
Functionality of JournalManager is explained in figure.
Functionality of detailed checkup is also similar. Let us demonstrate how prescription is given.
Page 22 of 73
Health ‘R’ Us Group 17
Prescription Component
Functionality of JournalManager is explained in figure.
Tests Component
Functionality of JournalManager is explained in figure.
Tests component has capability of adding images, X-ray, ultra sound, and other image and video component storage into the
database. This data is embedded into the journals.
Page 23 of 73
Health ‘R’ Us Group 17
ReportManager Component
ReportControlManager is the control of ReportManager component. Search is handled by Searching component. When
specific record is found, it is checked whether a report already exists in the database. Communication with database through
out is conducted through DataLogic component. Searching component sends reportId to Reporting component. If report
does not already exist in the database then it is generated here. If it already exists then existing report is fetched. Reports are
maintained in the form of different versions. Versions contain data with time stamps. Versioning component handles this
capability.
Searching Component
Functionality of the component of explained in the figure.
Report_fetch Component
Functionality of the component of explained in the figure. Report_fetch component has capability of adding digitized
version of paper based journals to the system. Scanner are connected to this component and digitized copies of journals can
be generated.
Page 24 of 73
Health ‘R’ Us Group 17
VersionManager Component
Functionality of the component of explained in the figure.
Page 25 of 73
Health ‘R’ Us Group 17
DatabaseManipulator Component
DatabaseManipulator component is responsible for interoperating with the database. It has four subcomponents; these
components are Search, Insert, Update and QueryManager. Search has searching phenomenon implementation, Insert deals
with data insertion, whereas update deals with data updating. QueryManager component has query implementations so that
other components can perform corresponding operation. Data to Search, Insert and Delete component comes through
dataPipe. Similary, data to QueryManager component goes through QueryPipe. Funtionality of datapipe is covered in next
section.
userAccountDataIn :DataManipulator
source
reportRawDataOut
dest
:dataPipe
source
dest
:Update
:Search :Insert
:QueryPipe
:Query
Manager
DBMS
Page 26 of 73
Health ‘R’ Us Group 17
Search Component
Details of Search component is demonstrated in figure.
Insert Component
Details of Insert component is demonstrated in figure.
Update Component
Details of Search component is demonstrated in figure.
Distributed DBMS
Distributed Database Management System (dDBMS) is a third party solution which is best suited for requirements. It is
responsible for maintaining the replication of data. On database server database scripts are executed, which automatically
update all the databases around the country or locality for the changes which occur in the system. Because of the
performance issues the decision was made to execute the script once each day. Backup component is responsible for the
local backup of the system. This backup is scheduled in this component to be taken every weekend just to increase the
performance of the system.
Page 28 of 73
Health ‘R’ Us Group 17
2.2.4 Design Summary for Hospital R Us Conceptual View
Page 29 of 73
Health ‘R’ Us Group 17
Let us analyze the issues and strategies developed for solving those issues so far.
We are not able to come up with new issue so we continue with central design tasks.
The central design task includes the definition of layers and modules. We have to declare our layers keeping in view the
conceptual view which we made in the previous section. We check the initial high level conceptual view and then map
it to our strategy “Provide web applications support”. For web applications we need to take care of user view and user
interaction with the system; we have to separate our representation part from the processing part. We again apply the
strategy of “Time to Receive Journal” and identified that we need to have separate layer for the database as well since it
plays a crucial part and connects to the database locally as well as remotely for managing the replicas. Our strategy
“Time to Receive Journal” binds us that to connect to the network we need to have a separate communication layer.
1. Representation layer
2. Application Layer
3. Dbase Layer
4. Communication layer
Our Representation layer consists of components which interact with the user and based on the user’s request provide
services to him. There are three kinds of services the Representation Layer provides are to allow the user to log on to the
system(Login) , allow the doctors to develop the journal of a patient(Journal Control Panel) and allow the nurses to view
reports / journals of patients (Report Control Panel). The Application Layer is contains three sub-systems. To increase the
security we have “Security Manager” which contains all the modules which are responsible for securing the system from the
unauthorized access. The “Journal Manager” interacts with the representation layer sub-system “Journal Control Panel” and
manages all the details which doctor instructs the system to perform. The “Report Manager” interacts with the report
“Report Control Panel” and fetches all reports which are required by the user. These three sub systems also interact with
each other to perform their functionalities. Dbase layer contains the sub systems which are responsible for executing the
different queries on the database and also keeps the database up to date to perform the normal operations. This layer is
Page 30 of 73
Health ‘R’ Us Group 17
influenced by the strategy “Use distributed database” and it has to notify other databases and keep record of other databases
present over the internet for replication purposes. Communication layer is formed because of the strategy “ Use backup
servers ”. This strategy requires us to provide a way of locating alternate server if our main nearby server is not available. It
contains two subsystems, the Secure sub-system is used for providing reliable way of data transfer over the internet and the
“Server” sub system is used to locate the nearest server over the network.
After defining the layers and the sub systems present in them we need to go to the conceptual view and find out the
correspondence of these sub systems and the components of conceptual view.
Page 31 of 73
Health ‘R’ Us Group 17
Page 32 of 73
Health ‘R’ Us Group 17
Now when we have defined the modules and mapped the responsibilities of the components to the modules, we can have a
figure which shows the interaction of the modules among them. Note that we have drawn this diagram keeping in view the
conventions used and defined in the book's chapter of Module View.
Subsystem for database manipulator is shown in the figure 1.1. This sub-system has three modules namely Insert_M for
database insertion management and Update_M for updation management. Third Module is Searching_M, which performs
the searching function for the parameters it will receive from the interface QG_Sr_I.
Module Insert_M has two sub modules QG_in_M for query generation and it provides an interface QG_UP_I for the query
parameters and DB_OPO_M manages the query execution and provides an interface BDI_I for database query input.
Module Update_M has two sub modules QG_up which provides an interface QG_In_I for update query parameters, second
module is DB_op01_M which executes the query and provides the interface DB11_I.
Third module in the database manipulation sub-system is searching_M. It has two more sub-modules. First one is QG_Sr
which generates the query for searching and accepts parameters through QG_Sr_I Interface. Second module in the sub-
system is DB_op00_M which manages the query execution and accepts the query through BD_11_I interface.
Page 33 of 73
Health ‘R’ Us Group 17
Now when we have defined the modules and mapped the responsibilities of the components to the modules, we can have a
figure which shows the interaction of the modules among them. Note that we have drawn this diagram keeping in view the
conventions used and defined in the book's chapter of Module View.
Page 34 of 73
Health ‘R’ Us Group 17
Journal Manager Subsystem has three modules Initial_chk_M for initial checkup, Pres_M for Prescription and Tests_M for
Tests details. Initial check up module has four sub modules New_form_M for entering new journal record which then
checks the previous records of the customer through Rec_Rq_M Record Request Module so find out whether patient has
any previous record or not. Req_Rq_M then refers the request to Pre_D_M previous data module and if there is any relevant
record it fetches from the database using DB_op31_M module.
Second module which exists in the Journal Manager Subsystem is Pres_M for Prescription of medicines and tests.
Prescription module also has Pres_Rec_M module for previous prescriptions record handling and it provides an interface
Pres_Rec_I for this purpose. Test_Pre_M module handles the tests prescription. Similarly there is module Gen_Pre_M
inside the subsystem for general medicine information and coordinates with Db_op32_M for data management.
The third module which we have in the subsystem is Tests_M which has two modules Test_D_M and Hardware_M.
Test_D_M provides an interface Test_D_I for providing information regarding the tests. Similarly Hardware_M module
provides information about the particular hard used in the test and information about it through Hardware_I interface.
Page 35 of 73
Health ‘R’ Us Group 17
Now when we have defined the modules and mapped the responsibilities of the components to the modules, we can have a
figure which shows the interaction of the modules among them. Note that we have drawn this diagram keeping in view the
conventions used and defined in the book's chapter of Module View.
Page 36 of 73
Health ‘R’ Us Group 17
Journal control panel subsystem is an interface for journal manager basically. It has two modules View_Data_M and
Edit_Initiate_M. These two modules respectively handle data view and data edit operations as their name suggests.
Veiw_data_M has two sub modules Grid_M and Req_R_M. Grid_M displays the data grid and provides an interface Grid_I
for data display request. Second sub module is Req_R_M which is basically receives the request for displaying data. It also
communicates with Interact_M module for displaying the data in edit mode. Also we have two other module in
Edit_Initiate_M module i.e. Edit_pg_M for editing a journal and New_JrPg_M for initiating and entering a new Journal
Page.
Page 37 of 73
Health ‘R’ Us Group 17
Now when we have defined the modules and mapped the responsibilities of the components to the modules, we can have a
figure which shows the interaction of the modules among them. Note that we have drawn this diagram keeping in view the
conventions used and defined in the book's chapter of Module View.
Page 38 of 73
Health ‘R’ Us Group 17
Login subsystem has three modules Login for handling purpose and F_Pass_M for forgot password and retrieving it and last
one is NewAc_M which manages the new account. Now lets a closer look inside the Login module.
Login Module has three sub-modules up_ge_M for logging in and then it sends the User name and password to Validator
which check the authenticity of User name and password and provides this facility through Valid_I interface. If a user has
forgot password then that request is forwarded to F_Pass_M module and inside it Fpas_p_M module handles and after
resetting it send it to Validator2 module which authenticates whether user who is requesting password is valid if yes then
send password to his/her email account.
In case if the User is new and wants to sign up for a new account then his request is forwarded to NewAc_M module within
which NewAcc_p_M module creates new account and sends it for authentication of data to Ckh_D_M module. Chk_D_M
modules provide data authentication service through Chk_I interface.
Page 39 of 73
Health ‘R’ Us Group 17
Now when we have defined the modules and mapped the responsibilities of the components to the modules, we can have a
figure which shows the interaction of the modules among them. Note that we have drawn this diagram keeping in view the
conventions used and defined in the book's chapter of Module View.
Page 40 of 73
Health ‘R’ Us Group 17
Security Manager Subsystem has two modules Authentication Manager, Authentication_M and Account Manager
Accnt_Mang_M. Authentication Manager has three sub modules chk_rq_M for handling the authentication requests. If a
session ID is supposed to be generated then request is forwarded to SID_gen_M module and if a current session ID is
suppose to be checked then request is sent to SID_ch_M module. The fourth module is db_Op7_M handles the database
operations.
Account Manager Module, Accnt_Mang_M has three sub modules Accnt_chk_M, Account checking Manager and
Password Generator Check Module, pass_gen_chk_M. Account Check manager sends the data to db_Op6_M for checking
the data from database and uses the interface of Accn_I of Database operator. Password generator module generates the
password and sends the password to database for authentication to database operator using its Pass_I interface.
Page 41 of 73
Health ‘R’ Us Group 17
Now when we have defined the modules and mapped the responsibilities of the components to the modules, we can have a
figure which shows the interaction of the modules among them. Note that we have drawn this diagram keeping in view the
conventions used and defined in the book's chapter of Module View.
Page 42 of 73
Health ‘R’ Us Group 17
Report Control panel subsystem handles the Report control panel interface; it has two modules View Data Module,
Veiw_data2_M for viewing the reports and Search Request Module, Srch_frn_M for searching the information for report
generation.
View Data Module has two sub modules Grid_M for managing the data grid and Req_R_M for managing the requests for
report generation. Search_Req_M has also two modules UInteract_M for user control transfer and interaction and
srch_frn_M for searching particular detail records in the report and also for report generation.
Page 43 of 73
Health ‘R’ Us Group 17
Page 44 of 73
Health ‘R’ Us Group 17
Now when we have defined the modules and mapped the responsibilities of the components to the modules, we can have a
figure which shows the interaction of the modules among them. Note that we have drawn this diagram keeping in view the
conventions used and defined in the book's chapter of Module View.
Report Manager Subsystem handles the report generation; it has three modules Search Module search_M, Report_Fetch_M
module for fetching and generation of report and lastly Vj_M module for Version Management of journals while report
generation. Search_M, search module has three sub modules, QR_M, for Query Request which accepts the request for query
generation for search operation and forward this request to QG_M module for Query Generation Module, which generates
the query. Query Request and Query Generation both module interacts with data base module, Db_op41_M.
Second Module is for fetching the report, Report_fetch_M which has further three modules RP_Rc_M for report request
and RP_Ge_M Module for Report Generation. Report request module receives the request for report generation and forward
it to Report generation module and finally the query is forwarded to database Module, Db_op42_M for report generation.
Third module is VJ_M, Version manager for journal. It manages different detail versions of journal while report generation.
It has two sub modules VG_Rc_M, for handling Version Management requests and VJ_Gen_M for generating versions for
journal.
Page 45 of 73
Health ‘R’ Us Group 17
Figure shows the layered diagram for modules view. The presentation layer has three subsystem login, report control
manager and journal control panel. Presentation layer handles the user interface for user. Second layer is Business layer
which controls the business logic of the whole system, it has subsystems like Security manager, journal manager and report
manager.
The third and fourth layer is respectively Database and Network. Database has subsystems like replication manager and data
manipulation manager. Database layer is responsible for replication of back up server and peer servers and data
manipulation. Fourth layer is Network layer which has sub system like Secure and Server. Secure provides different
encryption facilities through SSL (Secure Socket Layer protocol) and transport layer. Network layer also has Server
subsystem which has two sub modules i.e. Web Server and Alternate. Web Server modules manages the issues related to
web server and Alternate sub module handles the data when local database server is down, it re-directs the data request to
the peer servers.
Page 46 of 73
Health ‘R’ Us Group 17
Page 47 of 73
Health ‘R’ Us Group 17
The main issues which we have to consider during the execution view are :
ISSUE: System response time increases with increase in request
Strategy: Modularize and divide the processes in such a way that concurrent requests can be handled at the same
time.
Strategy: Use distributed database
ISSUE: Data while transferred from one place to another is not captured by someone.
Strategy: Use SSL encryption for the data transferred.
Strategy: Separate client side from the server side.
ISSUE: Maintenance Operations for server
Strategy: Use a back up server or alternate server process
Our next phase is to develop mechanisms to accommodate these strategies in our design. For the first strategy we will divide
the system into large number of small processes which can run concurrently on the system to facilitate large number of
clients at the same time. Our design already has distributed databases present which are spread in different geographical
areas. For the next strategy we are using secure mechanisms of transfer and the browsers used by the client supports SSL
encryption and these things are dealt by the browser by default. In case our web server or the database went down we have
other servers present at different locations which can accommodate these maintenance operations of servers.
● Web-server
● Database
● Our-own-Software
The interaction among these entities is key in order for the system to behave according to the requirements. We will
consider the interaction between the web-server and our own system first. Our software is deployed on the web server; each
request which comes for our software is through the web server. The database resides on the same system where our
software is deployed and the interaction between both is through simple IPC.
The presentation layer of our architecture is used by the client for interacting with the system. The requests which originate
from the client are handled by the presentation layer modules. This request is then transferred through Hyper Text Transfer
Protocol to the web-server where it is handled by the respected module of business layer. This request when transferred
from client side is encrypted using encryption technique and handled by the browser for decryption of the request. A simple
view of the above description is shown here:
Page 48 of 73
Health ‘R’ Us Group 17
Our system involves several modules which are spread in different layers. But these modules (present in different layers)
interact with each other to perform certain tasks. We will consider the example of login system which uses the services of
Authentication Module for authorizing any user to use the system. Moreover, the modules are spread over different
machines as well, since login module and authentication module are on client and server side respectively. So we need to
describe the client server communication path.
Communication Paths
This system is spread over a network. Communication path uses SSL for secure communication over the internet. This
methodology is commonly used over the internet for the safe transfer of data among different computers present at different
places. This will secure the system from any kind of data sniffing as the packets of data which are transferred are encrypted
and cannot be decrypted by any sniffers. Communication between the processes inside our software architecture takes place
through standard mechanisms of IPC. The messages or data which is to be transferred between the pages is sent by IPC. The
communication which can take place between the client and server is shown as:
Defining Processes
Our next step is to define the processes and the modules which are present in the processes. Firstly we will consider the
client side; it contains a separate process which is taking place in the client browser. This process involves client interacting
with the system for the authentication and for this he has to enter some detail in the login module or the client wants a new
account. All initial activities of client are mapped into process shown as in this diagram.
Client request is received by the web server and based on the request it is transferred to the required module present on the
server side. Here the processes are divided into logically so that no extra process is executed when some request is received.
AuthProcess is separate from the AccntProc since these two are not required at the same time. Either the client wants to
login or he wants some other activity like account creation or wants to recover his password. Web server is an independent
entity and runs on its own, the interaction between our system and the web server takes place through Wserver process
which takes control of each kind of data transfer and the security of data.
Our next step is to define the processes which are taking place on the server. For this we go into the detail interaction of our
AuthProcess and AccntProc processes with the modules present in the database layer. These module are responsible for the
updating, inserting and searching. Since all these tasks are related to databases so we introduce them into one process called
DBProcess as shown in the figure below:
Page 50 of 73
Health ‘R’ Us Group 17
Keeping in mind the similar interaction between the other modules present in the layers we have the following architecture
present in the software.
Page 51 of 73
Health ‘R’ Us Group 17
Page 52 of 73
Health ‘R’ Us Group 17
When a client accesses the journal part he has couple of options available, either he can edit a previously entered journal or
he can start a new journal for a new patient. Since these two options rarely are used at the same time by the same client so
we can have them in one process called JournalClient . This processes runs on the client side browser and fetches the
required information from the initProce process. Similarly, we have a ReportClient which is used by the nurses or staff for
the puroposes of searching and viewing a record present in the database. We separated JournalClient rom the Reporclient as
these are rarely used by the same person. This will give us added benefit in the form of modularity and security of the
system.
Similar to the defining of the database interaction of login procedure, we have a similar interaction diagrams for the
database part of other processes as well. This is shown in the diagram.
Page 53 of 73
Health ‘R’ Us Group 17
We have defined all the processes and shown their individual figures for the describing the processes involved in this
architecture. Next phase of our design was to come up with the overall diagram of the system where we can see the system
as a whole and can see the overall interaction of processes. This will help us to develop understanding of overall system
interaction and how the multiplicity of the processes takes place in our system. This diagram is shown on the next page.
Page 54 of 73
Health ‘R’ Us Group 17
Page 55 of 73
Health ‘R’ Us Group 17
Resource Allocation
Our main resources include the database and the processor. We have one databases and one processor present for all the
requests. For our system we have to schedule our requests so that the resources are used in a proper manner. We now
consider two of our main functionalities for the resource allocation.
Our final design task is assigning resources to the processes. In our case there are two major functions which our system
perform, the first one includes the doctors work which includes log in by the doctor, perform some action and then each
action is saved in the database. Hence there is a databases interaction, first the request is allowed inside the system where
based on the verification by the database it is transferred to the next levels. On each level it uses the processor and at some
level it uses the Database. This is shown in the diagram below:
Our next explanation is about the ReportClient Process, this process is commonly used by the staff. This also requires
interaction with the database and also uses processor for the computation part of its interaction with the system. This
interaction is shown in the diagram below:
Page 56 of 73
Health ‘R’ Us Group 17
Page 57 of 73
Health ‘R’ Us Group 17
3. Evaluation
Architecture is complete till execution view using Christine Hofmeister [1] approach for developing software
architecture. The next activity is to evaluate the architecture developed, to identify loopholes and defects. Further we
need to validate that system developed meets system requirements. The very first step which is needed to be taken is
selecting an evaluation method. For that we must choose the right evaluation method suited for this scenario.
Let us check the evaluation methods which are available. We need to map our quality requirements to these evaluation
methods. Quality requirements against which we need to evaluation the system are increased data size, network
scalability, reliability, dependability, confidentiality, information security, availability and performance as mentioned in
section 1.1 of this report.
Now let us consider types of evaluation methods available and check for suitability. There basic types of evaluation
methods available are experience-based, simulation-based, mathematical modeling and scenario-based. Experience-
based method involves experienced software architects with prior experience of working with architectures. These
architects evaluate architecture with objective and logical reasoning. This kind of method can be used with any kind of
requirements. This method cannot be used in this scenario as architecture experts are not available. Scenario-based
methods are found useful for requirements like maintainability, reusability etc. which are development quality
requirements. Scenario-based methods are not found very useful for operational quality requirements. Scenario-based
methods like SAAM, ATAM, CBAM, ALMA etc [4] are not selected. Simulation is found very useful for operational
quality requirements like robustness, but it is a huge activity and requirements a large amount of resources. It becomes
a complete project to conduct simulation and many tools and techniques are required for performing simulation. Due to
the limitation of time and resources simulation cannot be selected for evaluation. Mathematical modeling is found
useful for determine operational quality attributes like reliability. Mathematical modeling requires complex algorithms
and models for determining quality attributes. They give numeric values for quality attributes. These attributes may not
match the practical scenario. But this method is not selected for evaluation due to limitation of time. The basic type of
evaluation methods is almost complete. Now we have to look for some other quality evaluation methods or we have to
choose one existing evaluation method. [3]
We found ABAS (Attribute-based Styles) as one of analysis techniques [5]. ABAS is based on SAAM, which is
scenario-based architecture evaluation. ABAS is proven to be very useful for analyzing quality attributes like reliability,
availability and performance [6]. These are operational quality attributes. ABAS fulfills other evaluation requirements
like evaluating dependability and information security. System can be evaluated in an elaborated manner. This method
involves architectural styles, reasoning framework and attribute specific models [6].
Exponential increase in size of Journals: There can be an incredible increase in size of journals. Total number of
journals can be exceeding 9,000,000 which are more than population of Sweden. System must be able to support large
amount of data size.
Capability of Network Operations Center (NOC): Network operations center may have to handle at least 100
interconnected hospitals. Single hospitals can have 10 or more departments.
Page 58 of 73
Health ‘R’ Us Group 17
Power and Network Failure: Power or communication failure can occur.
Erroneous Data Insertion: Some data which contains errors or is unnecessary can be inserted.
Personal Integrity Threat: Users may try to access confidential information of patients.
Unauthorized Access: Some users may try to get access more than granted to them. Some users may get access to
unnecessary information.
All time Access: System can crash. Systems may be needed to bring offline for maintenance and other operations.
Time taken from Search till reception of Journal: users may have to wait for long time since the time of request till
they receive journals.
Data Size: Data size includes size of data kept on servers and on database. Data size is measured in the form of mega
bytes, giga bytes or terra bytes.
Bandwidth: Bandwidth includes bandwidth of internal local area network as well as wide area network which includes
network operations center connectivity. As local area network bandwidth is proven to be satisfactory, we mainly focus
on bandwidth maintained between network operations centers of different hospitals.
Dependability: System can be dependable if it is able to survive both power and communication breakdown failure.
Reliability: This attributes is concerned with whether system performs error free operations. It can include faults
detectable, errors, exceptions and other erroneous problems.
Confidentiality: Confidentiality is about personal integrity and personal information kept at the system.
Security: Security is about remedial of threat to secure system information and data. This is mainly concerned with
unauthorized access of resources.
Availability: Availability is measured here in terms of Mean Time to Failure (MTTF) is the percentage the system is
comes offline in comparison with the time it is online.
Response Time: Response time is time taken from searching till time to receive data or journal. This is regardless of
whether data or journal is placed locally or remotely.
3.6 Analysis
Now let us demonstrate each quality scenario one by one and check whether system has capability of solving the
problem. Approach used is modeling system scenario into a model. Custom developed model is used in this evaluation.
Page 59 of 73
Health ‘R’ Us Group 17
The model is adopted from Markov Models [6]. Let us consider each quality attribute one by one and visualize the
system capability in the form of model. Model consists of three states. First is running, in which system is working
perfectly. Second state is critical state. In this state, failure has occurred but system recovers from this state and goes
back to running state. Third state is dangerous state; this state is achieved, when system again has a failure when it is in
critical state.
Now let us apply this model for the quality requirements. If data size grows to be very large, system does not do even to
critical state. Hard drives provided to the database servers and other server systems are sufficient. No additional space
is required. System has capability of handling ninety hundred thousand journals with each journal of size variable from
five megabyte to fifty megabyte.
Now let us consider the case when heavy traffic flows over the network. Traffic can be within the healthcare institution
of between two different healthcare institutions. Bandwidth is sufficient for communication. There is no need for
reserving additional bandwidth for data transfer. System does not go to even critical state, in case of even heavy traffic.
In case of power failure, uninterrupted power supplies are there, but in case of network communication breakdown,
system goes to critical state. System may recover from this state, when the network problem is solved. System may
come to dangerous state if network link is down more than one time. Some additional networks may be needed to keep
communication active in case of network failure.
If any changes are done with the journal data, patient journal data is updated for users with journal currently open,
without refreshing the screen by implementation of Ajax. Due to this functionality system does not go critical state and
if it does, it has capability of recovery, in case if update is a fraction slow.
There is a mechanism in the system for error and faults. It is accomplished with error recovery and logging mechanism.
If some error occurs in the system, system goes to critical state. System has capability to recover from this state and get
back to running state. If error occurs again in critical state then system enter into dangerous state. There is still a
phenomenon to recover from dangerous state but in that case system can face crash or erroneous data may be inserted
into the system. System tolerates faults and failures in operations but there is no phenomenon for automatic error
recovery.
Doctors and nurses are able to see personal information of patients. This is subject to confidentiality and personal
integrity. In this case they view information, system goes to critical state. In case if they edit information, like change in
address or other information, then system goes to dangerous state. There should be some mechanism, which at least
shows alerts and Swedish laws and regulations whenever any user tries to access such information. When information
editing is done system goes back from dangerous to error state. But previous information can be lost. But in such case
version manager maintains previous information, in the form of previous version. If wrong information is entered,
system can maintain its state or recover and go back to running state.
Web server is running on secure socket layer. Users from outside the system are automatically denied access. In this
case with outside attempts unauthorized users are automatically denied access. Users within the hospital or healthcare
institution are granted access on the basis of certificates. Differentiation between local and remote certificates is not
clearly elaborated i.e. whether users from other hospitals or healthcares institutions have same certificate, if they have
then this security violation must be handled, as system goes into critical state but there is no phenomenon to getting
back to running state. System may remain in critical or dangerous state.
Page 60 of 73
Health ‘R’ Us Group 17
Sometimes web server can crash, database server can also crash. Then system enters critical state. There must be a
phenomenon to recovers from such a state. If local server fails, system goes back to running state, contacting remote
web server at closest hospital or healthcare institution. Similarly, if database server is down system web server fetches
data from remote database server. Still it recovers from critical state and comes back to running state. In case closest
server is also down, system goes to dangerous state, but still it can recover contacting next neighbor. Users suffer slow
communication in these cases. There can also be a need for bringing servers offline for maintenance operations. There
should be some redundant servers, or backup servers for faster response and being online in case if other servers are
offline locally.
4. Transformation
Evaluation leads to certain results. There results conclude that certain changes are to be brought in to the system. Some
changes are to be made in existing architecture, as well as some additional components are needed to be added to the
system. We have to follow a methodology to bring these changes. This activity is called transformation. For this
transformation there is a standard method that is followed. This includes imposing architectural styles, imposing
architectural patterns, applying design patterns and converting quality requirements into functionality. [3]
5. Second Evaluation
Second evaluation is done using same methodology. This evaluation is conducted to validate whether quality
requirements have been satisfied after transformations. It is done using same method that was used in first evaluation.
For this evaluation we have same problem statement, quality attribute measure, and architectural styles and attribute
parameters. Evaluation analysis is done which leads to conclusions.
5.1 Analysis
In case of requirement of additional disk space, system has additional hard drives places with large disk space like 1
terra byte etc. With no budget constraints this tradeoff is easily made and disks are placed. If system goes to critical or
dangerous state, it has capability of recovering automatically.
Network has bandwidth distributed into different pipelines for different operations and processes. Due to this reason
there is no network congestion problem. System does not go to critical state. In case if more network throughput is
required for specific processes, configuration can be changed. System may go to critical state but has capability of
recovering from it through network operations center. Different applications usage priority can be changed through
network firewall configuration. System has become fool proof in this aspect. It is capable of handling heavy network
traffic.
Additional network connection is present with different service provider. In case if network goes down system goes to
critical state but automatically recovers by switching to other network. Circuit switching supports better network path
determination. System automatically recovers from critical state and gets back to running state. In case if second
network goes down system switches to wireless network connection. Then system again recovers from dangerous state
and gets back to critical state.
Additional components for error control and recovery eliminates the problems occurring during operations. System
tolerates errors, they do not become faults. If any components produce errors system displays alert messages and
system gets back to running state from critical state. Operations may not be performing successfully, but errors are
logged and malfunctions are repaired.
Alerts are displayed for users while editing sensitive information and backups are taken before edit operations. Also,
while viewing personal information users are also informed about Swedish laws for personal integrity. Due to these
functionalities, system may go to critical state when users enters those states, but has capability of recovering old
information, from backups. User activities are logged whenever user performs such operations or view personal
information. With this activity logging, this can be ensured that user was viewing such information purposely.
Similarly, information and operations performed by user performing edit operation is also logged. These logs are view
by administrators.
Use of Web Wallet [12], which has recently implemented by facebook, youtube and many other web portals, ensures
that there is no security violation from outside the network. Network firewalls already blocks access for servers from
outside world as well as inside. But still there are threats for unwanted activity from World Wide Web. Such activities
are blocked using web wallet.
Page 62 of 73
Health ‘R’ Us Group 17
Backups for web and database servers ensure availability of the system. Also user response time is not delayed even if
mains servers are offline.
Global Analysis
Influencing Factors
P1.4 Complete data for a hospital or health care institution is at a centralized location.
Solutions
Place additional hard drivers with database servers.
Related Strategies
Physical storage.
There is no implementation of this in any view of the architecture, as hard drive is hardware component.
Page 63 of 73
Health ‘R’ Us Group 17
6.3 Additional Network Connection
Whenever an end user receives an error what should happen in such a scenario. In web user interface user is notified an
error message and control is transferred back to same state. But there must be a phenomenon to deal with such a state.
Let us consider this in the form of an issue card.
Error Control
If any kind error occurs in software. Errors are classified as operational errors and technical errors. Operational errors
occur due to some operational problems in the management system. Where as technical errors occur due to some
technical problems with the software.
Influencing Factors
P4.1 Communication breakdown
P4.3 Power Failure
T5.4 Communication
T3.2 User Interface
Solutions
Use error logging. Error logging contains categories of errors. These categories can vary from severe to minor.
Immediate actions must be taken for severe errors, considerations may be required for moderate errors, and minors
may be ignored.
Related Strategies
There are no related strategies.
Page 64 of 73
Health ‘R’ Us Group 17
IErrorLog is connected to DataManipulator_M of module view. Whereas ineterface IError is to transfer control to error
recovery to transfer control back to where the error occurred.
Page 65 of 73
Health ‘R’ Us Group 17
6.5 Alerts and Display of Private Information
Whenever private or personal information of patients is displayed to any user, this component is automatically invoked
to display Swedish laws for personal integrity. Similarly, if any user edits information of patients and that information is
related to personal information, this component is invoked automatically.
Influencing Factors
Solutions
User is displayed proper alerts and information about the sensitivity of the actions he is performing.
Related Strategies
There are no related strategies.
Calling Module
(ReportManager,
JournalManager)
ISensitiveInfo IPersonalData
SensitiveInfoAlert_M SwedishLawsAlert_M
These modules are further connected to DataManipulator_M for fetching relevant data from the database.
Influencing Factors
P1.1 World Wide Web Access
P1.6 System Security
Solutions
Use Web Wallet for denying outside world access to system. Web wallet uses secure authentication phenomenon,
which is one level a head from https.
Page 67 of 73
Health ‘R’ Us Group 17
6.6.2 Implementation
Web wallet [12] is a third party component which is integrated into the system.
7. Peer Evaluation
This is a BTH peer evaluation done by another group. Evaluation was done in an evaluation meeting. Meeting included
members from both teams. In the meeting high priority quality attributes were identified. Quality attributes were
prioritized. Tradeoffs were discussed. Quality requirements and system functionality were analyzed. Then meeting
came to some conclusions which are listed as:
User Roles and Privileges Customization: Some customization in user roles is needed. Some of the users may have to
perform operations in addition to their default privileges assigned to their roles.
Local Administrators: There is should be a super user who can perform all activities. He has complete privileges. This
user can remove problems related to version management and other tasks.
User Session Management: Users sessions must be maintained. Some additional activities like activity logging should
be there. This component maintains log of activities performed by each user.
Concurrency Control: There must be a mechanism for concurrency control. This control mechanism takes care of users
who try to perform edit operations on a journal which is already being edited.
Platform Support: System should be able to provide support for multiple platform clients; presentation interface should
be there which takes care of resolution and formatting for such clients.
Implement Multithreading: Multithreading can be implemented for managing multiple processes concurrently.
Faster Request Processing: Different techniques can be used for faster request processing.
Future Work: In future enhancements can be done like standardization, personalization, profiles management etc.
For detailed information please refer to Peer Evaluation report submitted by group 15.
NOTE: - This peer evaluation meeting took place before completion of internal evaluation. Many of the issues
discussed in the meeting, were already open in internal evaluation. Initial transformation already fixed those issues.
Transformation details are available in first transformation. That is also references in the next section.
Page 68 of 73
Health ‘R’ Us Group 17
8. Transformation
8.1 Imposing Architectural Styles
Multithreading has been introduced for concurrency.
Influencing Factors
P1.1 Users can access the system through any device
P1.6 Only authorized users should be granted access
Solutions
Make user based privileges apart from role based privileges. Users with additional access are granted access to the
resources.
Page 69 of 73
Health ‘R’ Us Group 17
Related Strategies
There are no related strategies.
DataLogic component sends user authorization information along with unique user identification. On the basis of this
unique userId user authorization information can be obtained through DataLogic component. This authorization
information includes user role and privileges. Now JournalManager and ReportManager component can ask for user
role and privileges anytime. There is no possibility of assigning multiple roles to a single user. And also there is no
possibility of multiple privileges for a single resource.
With the help of these components users can be assigned any privileges. The easiest way to assign a temporary user
privileges is to assign him the role with minimum privileges, but grant him additional privileges. This section can
further be enhanced to completely customized users, roles and privileges along with policy manager, but requirements
do not demand such a system.
For roles privileges are granted by default. For users privileges can be granted. Users are allowed to perform operations
for which their role is not granted access, if they are granted privilege.
AccountsManager is managed totally by local administrators. Other users are not displayed accounts management
utility when they login. It deals with user accounts creation and removal along with assigning them roles and privileges.
Administrators have additional menus for solving problems for version management and other issues. They can view
the error logs and resolve issues with their web interface.
Influencing Factors
P1.6 Journal Editing done by users.
Solutions
Using existing components of session management allow only one session for a user. Use activity logging with
sensitive operations.
Strategy: Maintain log for editing journal, view private personal information
Log activity whenever a user is alerted and performing sensitive operation. This log contains complete activity
description along with user information.
Related Strategies
Display Swedish Laws relevant to personal integrity and perform data backup whenever user is in edit mode.
Whenever AlerterService is invoked, user activity is logged. This automatically logs user activity whenever user tries is
reaching security boundaries. Administrators can check these logs. Administrators are automatically notified when
these logs are updated.
Defining Modules
Page 71 of 73
Health ‘R’ Us Group 17
9.3 Locking of Journals
Influencing Factors
P1.6 Journal Editing done by users.
Solutions
Journal is locked for editing by other users whenever a user is performing edit operation.
Related Strategies
Perform data backup whenever user is in edit mode.
9.3.2 Implementation
No additional implementation is required. A flag is maintained in the database for each journal. Whenever any user
opens that journal, its flag is checked. When this flag is checked no other user can perform edit operation. In such case
users is informed that journal is already in edit mode, he should try that operation at some later time.
9.4 Multithreading
Multithreading is achieved by design pattern usage.
10. Summary
Building architecture of Health ‘R’ Us, we have learnt a couple of things with our experiences. We found that design
method proposed by Hofmeister et al. is a flexible method for designing architectures for software. We were not able to
find any popularity of this method in enterprise architectures and we could not found any tools or language support for
the architectural notations and instrumentation used by Hofmeister. We can perform tradeoff analysis identifying
product specific and technology specific attributes (called factors by Hofmeister), that influence software architecture.
Problems solving approach, identifying issues and making strategies was a simplified way, to reduce gaps between
requirement and software architecture. Architectural views provide viewpoint analysis of architecture with different
aspects. Conceptual view reveals conceptual component specific architecture. Module view provides modularity and
layering into the architecture. Execution view gets close to machine leading to analysis and architecture design of
processes utilizing resources. Good quality using this approach is that it is easy to make design tradeoff analysis during
any phase, meeting functional and quality requirements. Architecture can be customized flexibly and molded to meet
the requirements at any phase. Evaluation techniques give idea of how to validate requirements fulfillments. At
evaluation stage normally it is understood that architecture already meets functional requirements and is ready to go for
quality evaluation. Transformation of architecture gives an approach, how to mold architecture to meet quality specific
requirements. Transformation may also involve additional construction of components, modules and processes.
Page 72 of 73
Health ‘R’ Us Group 17
Transformed system architecture is validated again for quality satisfaction. Evaluation by third party or another peer
helps validate system, caching those system gaps from its quality requirements which could not be identified by
architecture development group internally. Transformed system architecture reveals a transformed architecture that
satisfies quality requirements.
11. References
[1] Applied Software Architecture by Christine Hofmeister, Robert Nord, Dilip Soni foreward by Cris Kobryn
[2] Software Architecture Evaluation Methods for Performance, Maintainability, Testability, and Portability, Michael
Mattsson, Håkan Grahn, and Frans Mårtensson, paper published by Institutionen för Datavetenskap och Ekonomi
(IDE), Blekinge Institute of Technology, P.O. Box 520, SE-372 25 Ronneby, Sweden.
[3] Software Architecture Design: Evaluation and Transformation, Jan Bosch & Peter Molin. Proceedings of the 1999
IEEE Engineering of Computer Based Systems Symposium (ECBS99), December 1999.
[4] Software Scenario-Based Software Architecture Evaluation Methods: An Overview, Prof. olstlaan, Department
Software Architectures, Philips Research, 4, 5656 AA Eindhoven, The Netherlands, MB, Eindhoven, Department
of Mathematics and Computing Science, Technical University Eindhoven, P.O. Box 513, Den Dolech 2, 5600, The
Netherlands.
[5] Architecture Styles. In Software Architecture, M.Klein, R.Kazman, L.Bass, J.Carriere, M.Barbacci, and H.Lipson,
AttributeBased, Proceedings of the First Working IFIP Conference on Software Architecture (WICSA1), pages
225--243, San Antonio, TX, 1999. Vol. 140, ISBN:0-7923-8453-9
[6] Attribute-Based Architecture Styles, Mehrdad Guilani, Course: CSCI 210, Professor: Dr. A. Bellaachia,November
10th, 2004
[7] Attribute Based Architecture Styles. In Software Architecture, M.Klein, R.Kazman, L.Bass, J.Carriere, M.Barbacci,
and H.Lipson, Proceedings of the First Working IFIP Conference on Software Architecture (WICSA1), pages 225--
243, San Antonio, TX, 1999.
[8] An Introduction to Hidden Markov Models, L.Rabiner, B.Juang, ASSP Magazine, IEEE, Publication Jan 1986,
Volume: 3, Issue: 1, Part 1, On page(s): 4- 16, ISSN: 0740-7467.
[9] Characteristics of Higher-Level Languages for Software Architecture. M. Shaw, D. Garlan, Technical Report
CMUCS- 94-210, Carnegie Mellon University, 1994.
[10] Concurrency Control in Distributed Database Systems, ACM Computing Surveys (CSUR), Volume 13, Issue 2,
Pages: 185 - 221, 1981, ISSN: 0360-0300.
[11] A Sampler of Circuit Switching Networks, G. M. Masson, G. C. Gingher, S. Nakamura, Volume 12 , Issue 6, Pages
32-48, 1979, ISSN:0018-9162.
[12] Web Wallet: Preventing Phishing Attacks By Revealing User Intentions, Min Wu, Robert C. Miller, Greg Little,
Source ACM International Conference Proceeding Series; Vol. 149, Proceedings of the second symposium on
Usable privacy and security, Pittsburgh, Pennsylvania, SESSION: Catching phish, Pages: 102 - 113, 2006, ISBN:1-
59593-448-0.
[13] http://www.ash-mvc.org/website/framework/framework.html
[14] Pattern-Oriented Software Architecture: Patterns for Concurrent and Networked Objects, Douglas C. Schmidt,
Hans Rohnert, Michael Stal, Dieter Schultz, 2nd edition, Pages: 666, Year of Publication: 2000, ISBN:0471606952.
[15] Analysis Of Optimal Thread Pool Size, Yibei Ling, Tracy Mullen, Xiaola Lin, ACM SIGOPS Operating Systems
Review, Volume 34 , Issue 2, Pages: 42 - 55, Year of Publication: 2000, ISSN:0163-5980.
Page 73 of 73