1

Abstract—Course Information System supporting Accreditation (CISA) is a web-based database driven tooldeveloped for Division of Computing Studies (DCST) of Arizona State University (ASU) to provide dynamic course information web pages and to help demonstrate outcome-based evaluation required for accreditation in the department. The system maintains a single database containing complete course information and outcomes of DCST. The secured view of CISA is authenticated and provides a series of simple user interface web pages to insert, update, and delete information to the database for authorized users of DCST. The public view of CISA provides dynamic web pages displaying detailed course information of courses offered in the department. The public view also provides an easy way to display the mappings between course activities, course outcomes, program outcomes, and ABET outcomes for accreditation. CISA is developed using the ASP.NET 2.0 technology with Microsoft Visual Studio .NET framework 2005. The application uses PostgreSQL as backend database and employs ADO.NET technology with Npgsql data provider for data access. The user interfaces are developed as ASP.NET Web form pages. Security is implemented in the application by using ASP.NET forms authentication.

Index Terms— ABET, Accreditation, ADO.NET, ASP.NET, CIS, CISA, Npgsql, Outcome-based evaluation, Outcomes

I. INTRODUCTION

A. Problem Statement

he Division of Computing Studies (DCST) at Arizona State University (ASU), as most of the ASU departments,

does not offer dynamic course information web pages butrather offers web pages created with static Hyper Text Markup Language (HTML). Thus, whenever updates in course information are made, each web page that requires the update has to be modified, and regular maintenance of these HTML pages becomes time-consuming requiring the intervention of a HTML skilled individual.

In addition, for the DCST to obtain program accreditation

Project report submitted on December 1, 2006. This work was done as part of Masters of Computing Studies in Arizona State University (ASU). The project was led by a 3 member committee of Dr. Timothy Lindquist, Dr. Kevin Gary, and Prof. Richard Whitehouse.

Vidhya Sampath Kumaran is a graduate student in the Division of Computing Studies, Arizona State University, Mesa, AZ 85212, USA. (e-mail: vidhya.sampathkumaran@ asu.edu).

through the Accreditation Board for Engineering and Technology (ABET), it needs to clearly demonstrate that the programs offered by the department meet the quality standards established by the profession for which the department prepares its students [1]. Thus, ABET mandates that the department follow and demonstrate an outcome-based assessment and evaluation process for the accreditation of programs [1], whereby outcomes are “clear, observable demonstrations of student learning that occur after a significant set of learning experience” [2]. Therefore, in order to accredit the degree programs, the departments have to clearly show that each degree Program Outcomes satisfies the outcomes criteria set by ABET [1]. Currently, the DCST does not have an efficient software tool that maintains all the required data to clearly demonstrate that the department is following an outcome-based evaluation process for accreditation.

Therefore, there is a clear need for a database-driven web-based course information system that can provide dynamic course information web pages as well as help in the departmental accreditation process.

B. Background

The course information web pages offered in the DCST are maintained by faculty members and are created in static HTML. Thus, there is no single repository that maintains all the course information offered in the department and there is currently no tool to automate the entering and displaying of course information.

The DCST is currently making an effort to accredit its degree programs through ABET. To accredit the programs, the department has to demonstrate that each degree Program Outcomes satisfy the outcomes criteria set by ABET. Each Course offered in the department has a set of Course Outcomes that satisfies a set of degree Program Outcomes. Course Outcomes, in turn, are satisfied by Course Activities which normally consists of a set of assignments and projects for each Course. The references from one outcome to another, otherwise known as outcome mappings, required for the accreditation process are not in a single repository file system. In addition, no tool exists to help the department in the accreditation process.

A database-driven web application can effectively provide a solution to address these problems. Database-driven Web Application (DBWA) runs on a web server rendering dynamic web pages in web browsers containing information from a database. The database driven retrieval and storage of

Web-based Course Information System supporting Accreditation using ASP.NET

Vidhya Sampath Kumaran, Division of Computing Studies, ASU

T

2

information in the web application provides a powerful method for the end-user to change the web page content dynamically without editing the HTML. Also, web based applications offer several advantages such as universal accessibility via World Wide Web (WWW), flexibility and easy updates to the application without the need for extra software downloads [3].

C. Objective

The objective of this project is to design and develop a database driven web-based Course Information System supporting Accreditation (CISA) tool for the DCST at ASU to provide dynamic course information web pages and to help the department demonstrate outcome-based evaluation required for ABET accreditation.

D. Scope

The scope of the project is to come up with an optimal database that stores complete information of courses along with the reference mappings to various outcomes required for accreditation. In addition, a software tool called CISA that provides a public and a secured view to display and maintain information from the database is to be developed. The CISA also should implement the security features outlined in the section IIIA.

E. Project Assumptions

The project is developed with the following assumptions:1. The application will be developed primarily for

DCST at ASU.2. Secure Socket Layer (SSL) will not be implemented

for authentication in this project.3. PostgreSQL database will handle problems of

concurrency and access control. The application will not implement any concurrency techniques for concurrent updates to same data in the database.

4. The application will not keep track of semester or year of data entered. This means that updating course information will erase any information previously entered.

5. Secured CISA is to be accessed only by users of the department who are in Administrator role. Additionally, the secured CISA will provide a view only for Administrator role.

F. Technologies and Software

Technologies Used: ASP.NET 2.0 ADO.NET Languages: C#

Software Used: Visual Studio .NET 2005 Npgsql - .Net data provider for PostgreSQL PostgreSQL server 8.1 Internet Information Services (IIS) 6.0 ASP.NET Development Server 8.0 Ant 1.6.5

II. LITERATURE REVIEW

A. Related Work

Various tools and methodologies have been developed in several universities such as Columbia University, University of Bridgeport, and York College of Pennsylvania to demonstrate the outcome assessment and evaluation process required for ABET accreditation. Software has been developedthat stores in a single file system information about degree programs offered by the university and courses in the degree programs. This outcome-based software is then used to help obtain accreditation for the university degree programs.

The Web Course Evaluation System (WCES) developed by Columbia University’s Foundation School of Engineering and Applied Sciences allows students to complete course surveys prepared by faculty and generates reports for curricula improvement [4].

The University of Bridgeport, School of Engineering has developed an electronic web based assessment system that provides an assessment presentation website and courses material website allowing the evaluator to browse from the objectives and outcomes to specific course materials along with course versus outcomes matrix and individual course grids [5].

EnableOA, developed by Douglas Walcerz, York College of Pennsylvania is a web-based software driven outcome-assessment process designed to meet the assessment needs of the institutions [6]. Based on EnableOA, a web based assessment commercial software product called TrueOutcomesTM has been developed for different universities and their departments. This product stores data about courses and programs from university departments and generates a matrix of course versus outcomes for each academic major for accreditation [7].

ASU’s DCST has evaluated the TrueOutcomesTM to helpin its accreditation process. In the evaluation process, integration of the TrueOutcomesTM software with ASU’s Course Management Software (CMS) BlackBoard has been performed by the students of DCST [8] [9]. However, it has been concluded that the integration still requires possible extensions like mappings between course outcomes and program outcomes and course activities and course outcomes [8].

In addition to tools for assessment and evaluation, Course Information Systems primarily providing course information web pages also have been developed and adopted by different universities. For example, an online database driven Course Information System currently used by East Tennessee State University, provides complete details of all the courses offered in different departments in the university along with capabilities such as searching for courses by department, faculty name, course number, and course title [10]. Also, Web-based Course Information System (CIS) developed byWilhelm-Schickard Institut, Germany, facilitates administrative tasks arising with courses like maintaining and presenting student submissions and grades, and assignments of students to teaching assistants [11].

3

B. Technologies

1) ASP.NETASP.NET is a part of MicrosoftTM .NET and is a

programming framework built on common language run time that can be used to build dynamic and interactive web applications. [12].

Web Forms is one of the development technologies in ASP.NET that can be used to create dynamic form based ASP.NET web pages [13]. The Web Forms consist of 2 main blocks. One is the HTML template (with .aspx extension) containing the page layout information and User Interface (UI) elements. Another block consists of ASP.NET code-behind, which implements the application logic and is responsible for generating the dynamic content of the Web Form [13].

An ASP.NET Web Forms Page is processed as follows: The code-behind file is compiled into a Dynamic Link

Library (.dll) and both the .aspx page and its associated .dll are made available to the web server containing the ASP.NET engine. When a user requests the page for the first time, the ASP.NET Engine compiles the .aspx page and generates a class that represents the page. This class then is able to generate HTML and JavaScript that are then returned to the user’s browser. The dynamic content of the page is provided by the code-behind file. When the user clicks a button, the page is posted back to a server which is called a “Post-back.” This action in turn causes a specified method to be executed,rendering an updated page to the user. The “Mouse-Over” events and form validation are performed in the user’s browser without causing a round trip to server [14].

The CISA is developed as an ASP.NET 2.0 web forms application consisting of a series of web pages developed using Visual Studio .NET 2005 implemented in C# language.

2) ADO.NETADO.NET is an integral part of .NET framework that

consists of a set of classes that provide access to relational, XML, and application data. [6].

ADO.NET consists of two components for accessing and manipulating the data: DataSet and .NET Framework data providers [6].

The DataSet is the core component of the disconnected architecture of ADO.NET. It provides an in-memory view of data consisting of a collection of DataTable objects which are made up of rows and columns of data [15].

The .NET Framework data providers connect to the database, execute commands, and retrieve results. It consists of several key objects like Connection, Command, DataAdapter, and DataReader. The Connection object provides connectivity to a data source. The Command object enables access to database commands to return data, modify data, run stored procedures, and send or retrieve parameter information. The DataAdapter object provides the bridge between the DataSetobject and the data source. The DataAdapter uses Commandobjects to execute SQL commands at the data source to both load the DataSet with data, and reconcile changes made to the data in the DataSet back to the data source. The DataReader

provides a forward-only, always connected high-performance stream of data, from the data source.

ADO.NET based Npgsql, which is a .NET framework data provider to communicate with the PostgreSQL database [16] is used in developing the CISA. The application therefore uses ADO.NET interface classes IDbDataAdapter, IDbConnection, IDbCommand as well as Npgsql implementation classes such as NpgsqlDataAdapter and Npgsqlconnection to access the database.

III. SOFTWARE DESIGN AND ARCHITECTURE

A. System Requirements

The database-driven CISA has the following requirements:1) Database: An optimal database to store course

information and outcomes is required.2) Secured View: A secured view is required for

authorized users to login to the secured CISA to perform insert, update, and delete operations to Course, Course Outcomes, Course Activities, Program, Program Objectives, Program Outcomes, and ABET Outcomes. Also, the secured view is required to provide user interfaces to enter the mappings between Course Activities, Course Outcomes, Program Objectives, Program Outcomes, and ABET Outcomes.

3) Public view: A public view is required for any user wanting to access the course information web pages of courses and the different outcome mappings in the department.

4) Security: The secured view of CISA needs to be protected from unauthorized users. In this work, this type of security is referred to as Application Security. Also, the user credentials stored in the database must be secure. This type of security is referred to as Data security in this work. Hence two types of securities are required for this application.

5) Authorized access: The secured view of CISA needs to provide authorized access only to users who are defined as administrators.

The functional requirements of the CISA application can be captured with Use Case diagrams. The secured and public functional requirements are shown in Fig. 1 (a) and Fig. 2respectively. Fig. 1 (a) depicts the Admin user interaction in CISA with use-case functionalities such as manage course and manage program. The abbreviations for different terms used in this report are described in Fig. 1 (b). Fig. 2 shows the public user interaction in CISA with use-case functionalities such as view course information and view program outcomes.

4

Fig.1 (a). Use Case Diagram depicting secured view of CISA

Fig. 1 (b). Abbreviations used

B. Database Design

The CISA employs the PostgreSQL database. The database schema is designed per project requirements and has 15 tables.The Entity Relationship (ER) diagram of the CISA databasewith entities, relationships, and key attributes is shown in Fig.3 and the Relational Model Diagram (RDM) of the database is shown in Appendix A.

The ROLES table has roleid as the primary key field with five values: Admin, Faculty, Chair, TA, and Staff. The USERS table stores the users’ personal information. Each user can have the multiple roles defined above and is stored in USERS_ROLES table.

The ABETOUTCOMES table stores the outcomes criteria defined by ABET. PROGRAM table stores the names of the degree programs offered in the department. Each degree program has its defined program objectives stored in PROGRAMOBJECTIVES table and program outcomes stored in PROGRAMOUTCOMES table.

Fig. 2. Use Case Diagram depicting public view of CISA

The COURSE table stores the primary course information. It has fields instructorid and coursecoordinatorid which are foreign keys to Faculty users in the USERS table.

The COURSEACTIVITIES table stores the different activities associated with the course while COURSEOUTCOMES table stores the different outcomes defined for each course.

The DEPARTMENT table currently has only one value ‘dcst’ and it is created mainly to extend the functionality ofthis application to multiple departments in the future; and, this table and its references, is not used anywhere in the current CISA application.

In addition, tables that represent relevant mappings between activities, objectives, and different outcomes can also be seen in Appendix A.

The schema uses PostgreSQL SERIAL data type for some attributes like programobjectiveno and programoutcomeno for assigning a unique auto increment sequence number by the database.

C. Software Architecture

The CISA follows the 3-tier System Architecture, which divides the application components into the Presentation tier, Logical tier and Data tier. The project’s architecture is shown in Fig. 4.

Public user

View Course Desc.

View Course Out.

View Prog Obj.

View Prog Out.

View supp Prog. Obj.

View supp. ABET Out.

View ABET Out.

View Cos.Act.

CISA unsecured

View supp. Prog Out.

View supp. Course Out.

Manage Course Info.

Manage Course Out.

Manage Prog.

Manage Prog. Obj.

Assign supp. Prog. Obj.

Manage ABET Out.

Change Password

AdminUser

Manage Course Act.

CISA secured

Assign supp. Prog. Out.

Assign supp. Course Out.

Assign supp. ABET Out.

Manage Prog. Out.

Manage Users

Prog. = ProgramCos. = CourseObj. = ObjectivesOut. = OutcomesDesc. = DescriptionAct. = ActivitiesSupp. = supported Info. = Information

5

Fig. 3. ER diagram of CISA database

The Presentation Tier consists of user interface ASP.NET Web Forms pages compiled by ASP.NET container to produce JavaScript and HTML that are rendered in the user’s browser.

Fig. 4. 3 tier System Architecture of CISA

The Logical Tier consists of the Business Logic Layer(BLL) and Data Access Layer (DAL). While, BLL consists of C# code-behind files compiled into .dll, DAL consists of C# data access classes compiled into the .dll. C# code-behind classes provide the application logic of the web form pageswhereas the data access classes contain the data access code to access the database via ADO.NET technology. The DAL classes communicate with the database and contain code for issuing Select, Insert, Update, and Delete commands [17].

The final Data Tier consists of PostgresQL database, where SQL queries are executed from the DAL. By adopting the 3-tier architecture, the Presentation Tier never accesses the Data Tier directly thereby providing good ‘separation of concerns’ in the application.

The CISA also implements the Model View Controller (MVC) design pattern for modularizing the user interface functionality. This design provides increased reusability of the data access code and reduces code dependencies, thus facilitating code changes [18].

The Model-View-Controller (MVC) pattern separates the modeling, presentation, and actions of the domain into the three separate classes of Model, View, and Controllerrespectively [18].

Client Client

ASP.NET Web Forms (.aspx)

Business Logic Layer (BLL)ASP.NET Code-behind

Data Access Layer (DAL)

Presentation Tier

Logic Tier

Data Tier

PostgresDatabase

Internet

Browser

ADO.NET

Browser

Internet

6

Fig. 5. MVC implementation in CISA

Fig. 5 shows the relationship between the Model, View, and Controller and its implementation in the CISA application. As shown in the figure, the View class manages the presentation of information [18] and is implemented in .aspx web forms. The Controller class is responsible for the user actions and informs the Model or View to change the data appropriately [18]. This Controller class is implemented in the code-behind files with extension “.aspx.cs”. ASP.NET inherently facilitates this implementation of View and Controller by providing a code-behind file for each of the web form.

The Model class responds to the request for displaying the data from the View and modifies the data based on the request from the Controller. [18]. This Model class is implemented using a Table Data Gateway pattern [19] and has file extension “Model.cs.” In CISA, a separate Model class is created for every main entity in the database and each class contains methods that handle the Select, Insert, Update, and Deletequeries to the corresponding table.

All the Model classes with their methods are shown in Fig.6.The methods in Model classes can be divided into four categories: Get, Add, Update, and Delete. For example, methods like getAllCourses() and getCourseActivityinfo() belong to the category Get. Likewise, methods AddCourse() and AddCourseOutcome() belongs to category Add and so on.

All the methods associated with category Get execute Selectqueries against one or multiple tables and return the results as a DataSet. Since complex database relationship and returning of data as a collection of data entities is required in CISA, a DataSet proves to be advantageous when compared to other methods [20].

Other methods that are associated with Add, Update, and Delete have their input data passed as scalar values. Passing data as scalar values like ‘string’ or ‘int’, provides efficient use of memory [20]. However, some methods in the category Add or Update require passing of several rows of input data, which cannot be passed as scalar values. In such cases, input data is passed as a DataTable that is capable of containing several rows of data. Passing a DataTable instead of scalar values avoids invoking several method calls, thereby increasing the performance and efficiency of CISA [20].

Fig. 6. Table Data Gateway (Model) classes in CISA

IV. METHODOLOGY

A. System Analysis

1) Secured View of CISA:Secured View of the CISA application is implemented

according to the functional requirements specified in section IIIA. Fig. 7 shows how the authorized users can navigate through the web pages in secured CISA to perform add, update, or delete functionalities.

The complete sequence of actions the user follows in accessing the following menus in the secured CISA web application is described below:

i. Login: a. User accesses the “Login” page. If the user

forgets the login password, the user invokes “Forgot Password” to retrieve a new password, which is sent to his or her

Model Model.cs

View.aspx

Controller.aspx.cs

7

Fig. 7. Navigation Structure of Secured CISA

email address. The user then enters his or her credentials in the login page.

b. If the user is authenticated and authorized to access the application, an encrypted cookie is set and the user is redirected to the requested page or to the default page.

c. If the user is not authenticated or authorized he or she is redirected to the login page with an error message.

ii. Course Management: After “Login”, the user can access the CISA Course Management menu to perform the following actions:

a. User invokes “Modify Course” functionality to perform Add, Update, or Delete Course.

b. User invokes “Modify Course Outcomes” to perform Add, Update, or Delete Course Outcomes for a selected Course.

c. User invokes “Modify Course Activities” toperform Add, Update, or Delete Course Activities for a selected Course.

d. User invokes “Edit Course Outcomes Supported” to assign Course Outcomes supported by a selected Course Activity.

e. User invokes “Edit Program Outcomes supported to assign Program Outcomes supported by a selected Course Outcome.

Fig. 8. depicts the sequence diagram when the user accesses the Course Management menu. The diagram shows the interaction of the user with the model classes Course, CourseOutcomes, and CourseActivities defined in section III.C. Messages displayed in the sequence diagrams like AddCourse(), getAllCourses() are methods defined in the Model classes.

Menus Program Management, ABET Outcomes Management, and User Management also shown in Fig. 7 follow action sequences similar to Course Management.

Secured

Login

AdminUser

Course Management

ABET Outcomes Management

User Management

Logout

Modify Course

Modify Cos. Out.

ModifyCos. Act.

Add

Edit

Delete

Add

Edit

Delete

Edit supp. Prog. Out.

Add

Edit

Delete

Edit supp. Cos. Out.

Modify Program

Modify Prog. Obj.

Modify Prog. Out.

Add

Edit

Delete

Add

Edit

Delete

Add

Edit

Delete

Edit supp. Prog Obj.

Edit supp. ABETOut

Program Management

Modify ABET Out.

Add

Edit

Delete

Modify User

Add

Edit

Delete

Change Passwd

8

Fig. 8. Sequence Diagram depicting the Course Management

2) Public View of CISAPublic view of CISA is implemented according to the functional requirements specified in section IIIA. The complete user navigation structure for public CISA is shown in Fig. 9. The data that is added, updated, or deleted in

secured CISA is available for display in the public view of CISA. The user can thus view web pages for Course Description, Course Activities, Course Outcomes, Program Objectives, Program Outcomes, and ABET Outcomes. In addition, the mappings between the various supported outcomes are displayed as web pages in “Pop-up” window. Also, the system in this view provides the ability to demonstrate bi-directional mappings between various outcomes. For example, user can see the list of program outcomes supported by each course outcome and also view the course outcomes supporting each program outcome. This bi-directional mappings feature will be very effective for the accreditation process.

Fig. 9. Navigation structure of Public CISA

B. Security

There are two types of security realized in the CISAapplication:

1) Application Security: Security in the CISA web application is a two layered

process. When the user tries to access the web pages in secured CISA, HTTP request from web clients are first handled by the IIS layer. If the user is authorized by IIS, the request is then handed over to the ASP.NET engine. Any unauthorized access is denied either by IIS or ASP.NET. This

courseact: CourseAct

getAllCourses()

List of Courses

AddCourse()

getCourseInfo (courseId)

UpdateCourse()

getCourseOutcomes (courseId)

AddCourseOutcome()

getCourseOutcomeInfo (courseId, courseoutno)

UpdateCourseOutcome()

getAllCourseActivities(courseId)

List of Course Activities

AddCourseActivity()

getCourseActivityInfo(courseId, activityno)

UpdateCourseActivity()

getCourseOutcomesSupported()

SaveCourseOutcomessupported()

Admin: User course: Course

courseout: Courseout

CISAHome

Courses

Lower Div

Upper Div

Grad Div

Select Course

CourseDesc.

Cos Act.

CosOut

Cos.Out.Supp.

ProgOut. supp

Prog Obj. and Out

Select Course

Course Desc.

CosAct

CosOut

CosOutSupp

ProgOut. supp

Select Course

Course Desc.

CosAct

CosOut

CosOutSupp

ProgOut. supp

ProgObj

Prog. Out.

ProgObj. Supp

ABET Out. Supp

ABETOut

CompProg

9

double layered security makes the application robust. In the ASP.NET security layer, authentication and

authorization of the user is performed by the ASP.NET forms authentication technique. In CISA, forms authentication is triggered by a configuration file called Web.config placed in the application deploy directory.

Unauthorized requests to any page are redirected to a login page. After the user enters valid credentials in the login pagehe or she is authenticated and an encrypted cookie is created. The user is then directed back to the originally requested web page. Subsequent web pages access the cookie to obtain the user information. If the credentials entered in the login page are not valid, access is denied [14].

2) Data SecurityTo ensure that the information in the database is secure,

CISA adopts two commonly used practices: Using hashed passwords: It is generally not preferable to

store user credentials as clear text. Therefore, CISA handlespasswords by creating and storing a hash of the password in the database. The application employs a Secure Hash Algorithm SHA1 using the “SHA1CryptoServiceProvider” class to create a one-way hash of the password entered by the user [21]. To minimize the risk of generating the same hash when multiple users choose the same password and to minimize the dictionary attacks, the application creates a hash combining the username and the entered password. This hash is stored as the user’s password in the database. And, during password validation, a hash of the entered username and the password is again generated using SHA1 and compared with the one stored in the database.

One of the common mechanisms in a web application is to mail the password if the user forgets the password. But since passwords are stored as a hash value there is no mechanism to recover the original password from the database [21]. Therefore, the application generates a random password of fixed length, updates the database, and mails the password to the user’s registered email address.

Using Parameterized Queries: In order to protect against SQL injection attacks, the CISA application uses parameterized queries. Hence, any malicious user inputs in the web forms are treated as literal and never appended to the SQL code [21].

C. Web User Interface

Many new ASP.NET 2.0 web server controls and features are used in building user interface web pages in the CISA application.

The CISA application uses a new ASP.NET 2.0 navigation control called TreeView [22] for primary navigation in public and secured CISA. The TreeView control used in public CISA is dynamic and is programmatically built each time a page is loaded from the database. However, the TreeView in secured CISA is static and uses a new ASP.NET 2.0 feature called site map as its data source for navigation.

The CISA uses a new ASP.NET 2.0 ChangePassword [22]web server control, which provides a standard template for

changing the current user’s password.The CISA also uses many new Data-Bound Controls such as

GridView, DataList, and Repeater in addition to the standard Data-Bound controls DropDownList and ListBox. The GridView control is used to display the data in a table [22] in different web pages. The DataList web sever control is used to display rows of data in customized templates [22]. And, the Repeater control is included in CISA to display rows of data in an ordered and unordered list [22]. These Data-Bound controls are bound directly to the DataSet containing the set of data results.

The secured view of CISA extensively uses the ASP.NET validation controls to ensure that the user input is valid before posting the data to the server [22]. The following validation controls are used in the application:

RequiredFieldValidator Server control: This ensures that the user does not skip a required form entry field [22].

RegularExpressionValidator Server control: This checks the user’s input against a pattern [22] and is used to validate email address fields in the application.

ValidationSummary control: This displays the error messages as an unordered list [22].

In addition to the pre-defined web server controls, the CISA application also uses some custom user controls such as the Banner and Footer.

The CISA also implements a new ASP.NET 2.0 feature called Master Page. A Master page provides a common layout and contains some core elements like Header, Footer, and Navigation that can be used by all web pages that inherits theMaster page [23]. The public view of CISA, for example, hasa Master Page defined as “MasterPage.master” and contains a Banner User Control, TreeView Control, and Footer User Control. All the other web pages in the public view specify this page as its “Master”. This feature in addition to providing uniform look and feel for the web application facilitates changes.

D. Deployment

The CISA web application is deployed in the IIS web server running on a Windows machine. The CISA application usesthe Ant tool to compile the code-behind C# files and other C# classes into .dlls. The Ant tool then places the .dll files in the deploy\bin directory. While the .aspx pages created for public CISA are placed in deploy\public directory, .aspx pages created for secured CISA are placed in deploy\Admindirectory. The CISA web application is deployed in IIS by creating a virtual directory in IIS and pointing the virtual directory to the CISA’s deploy directory. The CISA web application is then accessed using the following URLs:Public CISA:

http://<servername>/<virtualdirectoryname>/public/Default.aspx

Secured CISA:http://<servername>/<virtualdirectoryname>/Admin/Login.aspx

E. Testing

The CISA web application has been tested and found to meet all the system requirements. In addition, the application

10

has been confirmed to work in multiple browsers like Internet Explorer 6.0, Mozilla FireFox 1.5, and Netscape 7.0.

V. CONCLUSION AND FUTURE WORK

A database-driven CISA tool has been developed in this work that meets the predefined requirements. Also, an optimal database that stores in a single repository the course information, outcomes, and their mappings is designed and implemented.

The user friendly CISA tool developed in this work provides dynamic course information web pages along with the ability to display references between various outcomes to demonstrate the outcome mappings. Thus, the CISA tool provides solutions to the problems identified in the beginning of this work outlined in section IA. CISA, hence can potentially be a powerful tool in helping the ASU DCST obtain accreditation from ABET.

The CISA application employs many of the best practices that are generally recommended while developing web applications. CISA uses a 3-tier architecture to address separation of concerns, parameterized queries to prevent SQL injection attacks, prepared statements for increased efficiency, and proper closing of connections to prevent wastage of system resources.

Many features available in the ASP.NET technology used to develop CISA, helped reduce the overall size and time of writing the code, thereby increasing productivity. Hence, the author finds ASP.NET a powerful technology in building dynamic web-applications.

Owing to the limited scope and the time constraints of this project, full functionality of the application is not realized. The following functionalities should be considered for future work:

1) Segregation of CISA secured view based on roles: Currently secured CISA only permits users in the Administrator role to login to the application. In the future, CISA should provide different views for users logging in different roles and should grant access accordingly.

2) Keeping track of Semester or Year of data: The application currently does not keep track of the semester or year in which the data entry occurs. The database schema, hence, needs to be modified to include this information.

3) Displaying ABET Outcomes for different programs: The application currently has the provision to display ABET Outcomes and mappings only for a particular type of program. For example, CISA currently stores ABET Outcomes defined for Computing Programs and it does not have provision to store multiple sets of ABET outcomes. Thus, modification in the database schema has to be done.

4) Improving CISA Performance: In the future, performance enhancement techniques like Caching can be adopted to avoid roundtrips to the database thereby increasing performance.

5) Security i. Implementing Secure Socket Layer (SSL):

In the future, secured CISA should use a standard secure communication technology such as Secure Socket Layer (SSL) to encrypt the users’ credentials before transmitting them to the server in addition to the presently used forms authenticationscheme. The secured view will then use httpsinstead of present http protocol.

ii. Encrypting Connection String in web.config file: In the future, CISA can store the connection information in an encrypted formin the web.config file to prevent storing connection information to the database as clear text.

iii. Creating Tamper Proof URLs: To protect against tamper attacks in query string parameters passed in URLs future CISA can use tamper-proof URLs.

ACKNOWLEDGMENT

Vidhya Sampath Kumaran greatly thanks her committeechair Dr. Timothy Lindquist for giving his valuable guidance and advice throughout this work. The various ideas andsuggestions provided by the committee members Prof. Richard Whitehouse and Dr. Kevin Gary have added success to this project. She also extends her thanks to Ramon Anguamea for his help in the deployment of this project in the department server.

Vidhya thanks her husband Aravind G. Mangudi for his moral support and encouragement without which this task would have not been possible. Finally, she is grateful to her parents and in-laws for their everlasting support and love.

REFERENCES

[1] ABET, “Accreditation: Basics”. Available: http://www.abet.org (Oct 16, 2006).

[2] Spady, W., Marshall, K. , “Light, not heat on OBE”, The American School Board Journal, pp.29-33, Nov. 1994.

[3] Ong, K.R., “Just-in-time Database-Driven Web Applications”, in Proc.16th IEEE. Symposium. Computer-Based Medical Systems, June 2003, pp. 28-34.

[4] McGourty, J., Shuman, L., Besterfield-Sacre, M., Hoare, R.,“Using Technology to enhance Outcomes Assessment in Engineering Education”, presented at FIE Conference, Reno, NV, Oct10-13, 2001.

[5] Walcerz, D.B., “ EnableOA: A Software-Driven Outcomes Assessment Process Consistent with the Principles of Good Practice for Assessing Student Learning”, presented at ASEE Mid-Atlantic Conference, NJ, April 17, 1999.

[6] Outcomes Assessment Solutions, “TrueOutcomes”. Available: http://www.trueoutcomes.com (Oct 16, 2006)

[7] Petrova, R., Tibrewal, A., Sobh, T., “An Electronic Web-Based Assessment System ” , presented at ASEE Annual Conference, Salt Lake city, Utah, June 2004.

[8] Pallapu, S., “Automating Outcomes Based Assessment”, presented at ACM conference, Island of Hawaii, Jan 2005.

[9] Alzubi, O., “BlackBoard and True Outcomes Integration Software”, Arizona State University East, 2005.

11

[10] East Tennessee State University “Course Information system”. Available: http://www.etsu.edu/dbonline/cis/course/number.asp?Action=Text (Oct 16, 2006).

[11] Gast, H., Haug, A., Loos, R., Simonis, V., Weiss, R., “CIS: A Web-Based Course Information System”. Available: http://www-pu.informatik.uni-tuebingen.de/users/gast/docs/cis.pdf (Oct 16, 2006).

[12] Microsoft Corporation, “What is ASP.NET?” Available:http://msdn2.microsoft.com/en-us/asp.net/aa336565.aspx

(Oct 16, 2006).[13] Microsoft Corporation, “Introduction to ASP.NET “. Available:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconintroductiontoasp.asp (Oct 16, 2006).

[14] Lindquist, T. (2004), “Web applications with .NET”. Available:http://pooh.poly.asu.edu/Cst556 (Oct 16, 2006).

[15] Microsoft Corporation, “Overview of ADO.NET”. Available:http://msdn2.microsoft.com/en-us/library/h43ks021.aspx (Oct 16, 2006).

[16] “Npgsql:User’s manual”. Available: http://npgsql.projects.postgresql.org/docs/manual/UserManual.htm (Sep 19, 2006).

[17] Mitchell, S. (2006), “Working with Data in ASP.NET 2.0:: Creating a Data Access Layer”. Available: http://www.asp.net/learn/dataaccess/tutorial01vb.aspx?tabid=63 (Sep 19, 2006).

[18] Microsoft Corporation,” Implementing Model-View-Controller in ASP.NET”. Available: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpatterns/html/ImpMVCinASP.asp (Sep 19, 2006).

[19] Fowler, M., “Patterns of Enterprise Application Architecture”, Addison-Wesley, 2003.

[20] Microsoft Corporation, “Designing Data Access Components and Passing Data through Tiers”. Available: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/BOAGag.asp (Oct 19, 2006).

[21] Microsoft Corporation, Building Secure ASP.NET web applications, Microsoft Press, 2003.

[22] Evjen, B., Hanselman, S., Muhammad, F., Sivakumar, S., Rader, D., Professional ASP.Net 2.0, Wiley publishing, 2006.

[23] Hart, C., Kauffman, J., Sussman, D.,Ullman, C., Beginning ASP.NET2.0, Wiley publishing, 2006.

Vidhya Sampath Kumaran received the Bachelor of Engineering degreein Electrical and Electronics from University of Madras (Crescent Engineering College, Chennai), India in May 2002. She is currently pursuing her Masters degree in Computing Studies in Arizona State University. She worked as a Software Developer in Whizel Technologies, Chennai, India in 2003 developing client server software in Java. She also worked as a Software Engineer Intern in IntraScript LLC, AZ developing web applications in ASP.NET during summer 2006. She is currently working as a Teaching Assistant in the Division of Computing Studies at ASU since the spring of 2006. Her areas of interest include distributed web-based applications in .NET framework and J2EE, Database Management Systems, and Software Engineering.

12

APPENDIX A: RDM diagram of CISA database

13

Fig:1. CourseActivities.aspx and Course OutcomesSupported.aspx

Fig.2. CourseOutcomes.aspx and ProgramOutcomesSupported.aspx

APPENDIX B: CISA Public View Screenshots

14

Fig. 3. ProgramOutcomes.aspx and ABETOutcomesSupported.aspx

Fig. 4. CourseDescription.aspx

15

APPENDIX C: CISA SecuredView Screenshots

Fig. 1. AdminCourseOutcomes.aspx

Fig. 2. EditProgramOutcomesSupported.aspx