Nash, Smith & Adler - July, 20031 Spreadsheet Auditing and Change Analysis John Nash Neil Smith Andy Adler.

Slides:



Advertisements
Similar presentations
This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
Advertisements

1 jNIK IT tool for electronic audit papers 17th meeting of the INTOSAI Working Group on IT Audit (WGITA) SAI POLAND (the Supreme Chamber of Control)
A Toolbox for Blackboard Tim Roberts
Unveiling ProjectWise V8 XM Edition. ProjectWise V8 XM Edition An integrated system of collaboration servers that enable your AEC project teams, your.
Microsoft Excel 2003 Illustrated Complete Excel Files and Incorporating Web Information Sharing.
4 1 4 C H A P T E R Software: Systems and Application Software.
Software Configuration Management Donna Albino LIS489, December 3, 2014.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Access 2007 Product Review. With its improved interface and interactive design capabilities that do not require deep database knowledge, Microsoft Office.
CVS Selim Çıracı Ahmet Kara Metin Tekkalmaz. CVS – Open Source Version Control System Outline What are Version Control Systems? And why do we need them?
Nu Project Management Office A web based tool to Manage Projects.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Microsoft Visual Source Safe 6.01 Microsoft Visual Source Safe (MVSS) Presented By: Rachel Espinoza.
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.
Maintaining and Updating Windows Server 2008
Distributed Software Development
Definitions Collaboration – working together on team projects and sharing information, often through ad-hoc processes, to accomplish project goals. Document.
Slide 1 of 9 Presenting 24x7 Scheduler The art of computer automation Press PageDown key or click to advance.
Presented By: Shashank Bhadauriya Varun Singh Shakti Suman.
Linux Operations and Administration
By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.
Git for Version Control These slides are heavily based on slides created by Ruth Anderson for CSE 390a. Thanks, Ruth! images taken from
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Chapter - 2 What is “GIT” VERSION CONTROL AND GIT BASICS.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Virtual Mechanics Fall Semester 2009
Introduction to Version Control with SVN & Git CSC/ECE 517, Fall 2012 Titus Barik & Ed Gehringer, with help from Gaurav.
Operating System. Architecture of Computer System Hardware Operating System (OS) Programming Language (e.g. PASCAL) Application Programs (e.g. WORD, EXCEL)
Module 8 Configuring and Securing SharePoint Services and Service Applications.
XP New Perspectives on Microsoft Office Access 2003 Tutorial 12 1 Microsoft Office Access 2003 Tutorial 12 – Managing and Securing a Database.
CIM6400 CTNW (04/05) 1 CIM6400 CTNW Lesson 6 – More on Windows 2000.
jpasswd A common password change client for Unix and NT Marty Wise Jefferson Lab October, 2000.
A Web Crawler Design for Data Mining
Nightly Releases and Testing Alexander Undrus Atlas SW week, May
1 Lecture 19 Configuration Management Software Engineering.
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
MMS DresdenGermany – Dresden - Slide N°1Adolf Liepelt Final Project Review Newcastle upon Tyne, April 19, 2004 AESOP Platform.
1. Chapter 25 Protecting and Preparing Documents.
National Center for Supercomputing Applications NCSA OPIE Presentation November 2000.
Object-Oriented Analysis & Design Subversion. Contents  Configuration management  The repository  Versioning  Tags  Branches  Subversion 2.
The SharePoint Shepherd’s Course for End Users Based on the book by Robert L. Bogue Copyright 2011 AvailTek LLC All Rights Reserved.
CVS – concurrent versions system Network Management Workshop intERlab at AIT Thailand March 11-15, 2008.
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.
INFSO-RI Enabling Grids for E-sciencE SCDB C. Loomis / Michel Jouvin (LAL-Orsay) Quattor Tutorial LCG T2 Workshop June 16, 2006.
The HTTP is a standard that all Web browsers and Web servers must speak in order for the Web portion of the Internet to work.
CVS – concurrent versions system AROC Guatemala July 19-23, 2010 Guatemala City, Guatemala.
Experiment Management System CSE 423 Aaron Kloc Jordan Harstad Robert Sorensen Robert Trevino Nicolas Tjioe Status Report Presentation Industry Mentor:
WinCvs. WinCVS WinCvs is a window based version control system. Use WinCvs when  You want to save every version of your file you have ever created. CVS.
ASP. ASP is a powerful tool for making dynamic and interactive Web pages An ASP file can contain text, HTML tags and scripts. Scripts in an ASP file are.
Privilege Escalation Two case studies. Privilege Escalation To better understand how privilege escalation can work, we will look at two relatively recent.
Configuring and Deploying Web Applications Lesson 7.
THE WINDOWS OPERATING SYSTEM Computer Basics 1.2.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring Windows Server 2008 Printing.
Visual Source Safe –A Quick Tour. CONTENTS What is VSS ? How to install VSS ? How does VSS track versions? VSS Concepts & Features Utilities available.
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
DDM Central Catalogs and Central Database Pedro Salgado.
PC Windows CVS Server PC Linux Triple’A Test Server Triple’A CVS Versioning 2. Add object to CVS Server - add.sh [format_name.fmt] - cvs commit 1. Export.
 Project Team: Suzana Vaserman David Fleish Moran Zafir Tzvika Stein  Academic adviser: Dr. Mayer Goldberg  Technical adviser: Mr. Guy Wiener.
Source Control Repositories for Enabling Team Working Doncho Minkov Telerik Corporation
1 Ivan Marsic Rutgers University LECTURE 2: Software Configuration Management.
Open Science Grid Configuring RSV OSG Resource & Service Validation Thomas Wang Grid Operations Center (OSG-GOC) Indiana University.
SoftUpdate New features and management technique.
Architecture Review 10/11/2004
Chapter 2: System Structures
Introduction to Operating System (OS)
Maintaining software solutions
Concurrent Version Control
Presentation transcript:

Nash, Smith & Adler - July, Spreadsheet Auditing and Change Analysis John Nash Neil Smith Andy Adler

Nash, Smith & Adler - July, Initial Motivations Course mark management: – Multiple teaching assistants submit marks as spreadsheet files after each assignment – Merge into master – Re-submissions after the merge Easier methods to review and check spreadsheet models for “bugs”

Nash, Smith & Adler - July, Spreadsheet Auditing - a 2-part task A tool and technique that presents the status and changes in a spreadsheet file A Server-based system to ensures overall integrity and continuous record of changes in all relevant files

Nash, Smith & Adler - July, SSScan – the audit tool Tool for auditing spreadsheet files – Change tracking + content analysis Reads OpenOffice.org Calc file format – Underlying XML structure – Calc Reads/writes Excel files (up to 97/2000) – Open Source taking hold in various industry sectors – Java stand-alone program Multi-platform operation (Windows/Mac/Unix) Auditor / user not required to have Calc

Nash, Smith & Adler - July, Change display panel

Nash, Smith & Adler - July, Filter panel

Nash, Smith & Adler - July, Spreadsheet content panel

Nash, Smith & Adler - July, Spreadsheet Report panel

Nash, Smith & Adler - July, Server-based system Need to protect the file(s), control access Many issues – Efficient operation – Minimal fuss and bother for user – Maximal security and freedom from errors – Version history and checkpointing – Cross-platform usage

Nash, Smith & Adler - July, Server architecture Graphics in VNC (virtual networked computing) Apache server Highly customized configuration of oocalc Perl scripts to configure and glue together components Web based interface to allow cross-platform use

Nash, Smith & Adler - July, Server architecture (cont.) Runs own password/user base CVS back-end to provide for versioning and checkpointing DB_File::Lock file locking Many “fixes” needed to components Advantages and obstacles with each choice made in the implementation…

Nash, Smith & Adler - July,

Nash, Smith & Adler - July,

Nash, Smith & Adler - July,

Nash, Smith & Adler - July,

Nash, Smith & Adler - July, Status and prognosis SSScan is working and quite stable – But filter customization is important to make audit efficient for particular situations Server configuration and setup is tricky – Large number of disparate components – Many customizations for efficiency – Interaction with OS and network – Some weaknesses, but with known “fixes”

Nash, Smith & Adler - July, Status (cont.) Need a viable business model Current view: – “Package” customization of SSScan and configured server hardware – Release each customization as Open Source, but delay installer until experience is gained

Nash, Smith & Adler - July, Structure: Apache – SSL Config – SSL – Directories – httpd.conf Runs as www-data, member of group ssheet Cookies Login --> database of users/passwords & files/permissions

Nash, Smith & Adler - July, Apache-SSL cont. File locking & versioning » --> ssheet userdb {users & shuids & files} » ssheet-userdb.lock – Copy file to indir – Grow user name – (select new random password) – Create web page » Active content for vnc » Custom vncviewer.jar – Check in file in outdir (CVS manages “real” changes

Nash, Smith & Adler - July, SHUIDs: a “farm” of pseudo-users – Runs as ssheet-uid**** (start-ssheet.sh opens m sshuid's) – Member of www-data – Start vncserver --> xstartup (perl script) – Wait on indir (group read) – Copy to procdir (shuid only) – Edit user – (insert new password for vnc) – Oocalc initiated with special profile – (mechanism to kill oocalc) – Move file to outdir – (kill password)

Nash, Smith & Adler - July, CVS Server – /var/www/ssheet/repository – INIT: » Take each file and check in – CHECKIN by shuids » Comment string from www-data – Web interface to versioning » Modified CVSWeb accesses repository

Nash, Smith & Adler - July, Admin Interface (to do) – Add new files to repository » Verify change recording is “on” – Sophisticated import » Set user name » Set previous history – Handling of “duplicate” files – Handling of different permissions for different users – User creation, modification, deletion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.