Short note on Security Assessment.

-

Security Assessment 

- Security assessment has something in common with a safety assessment.

- It is intended to demonstrate that the system cannot enter some state (an unsafe or an insecure state) rather than to demonstrate that the system can do something.

- However, there are differences

  • Safety problems are accidental; security problems are deliberate;
  • Security problems are more generic - many systems suffer from the same problems; Safety problems are mostly related to the application domain


Security validation

Experience-based validation

- The system is reviewed and analyzed against the types of attacks that are known to the validation team.

Tool-based validation

- Various security tools such as password checkers are used to analyze the system in operation.

Tiger teams

- A team is established whose goal is to breach the security of the system by simulating attacks on the system.

Formal verification

- The system is verified against a formal security specification.



Comments

Post a Comment

Popular posts from this blog

Discuss classification or taxonomy of virtualization at different levels.

-
Image
Taxonomy of virtualization Virtualization is mainly used to emulate the execution environment, storage, and networks. The execution environment is classified into two: – Process-level – implemented on top of an existing operating system.  – System-level – implemented directly on hardware and does not or minimum requirement of the existing operating system. OR,  Virtualization covers a wide range of emulation techniques that are applied to different areas of computing. A classification of these techniques helps us better understand their characteristics and use  V irtualization is mainly used to emulate  ● Execution Environments: To provide support for the execution of the programs eg. OS, and Application.  ○ Process Level: Implemented on top of an existing OS that has full control of the hardware  ○ System Level: Implemented directly on Hardware and do not require support from existing OS.  ● Storage: Storage vi...
Read more

Suppose that a data warehouse consists of the three dimensions time, doctor, and patient, and the two measures count and charge, where a charge is the fee that a doctor charges a patient for a visit. a) Draw a schema diagram for the above data warehouse using one of the schemas. [star, snowflake, fact constellation] b) Starting with the base cuboid [day, doctor, patient], what specific OLAP operations should be performed in order to list the total fee collected by each doctor in 2004? c) To obtain the same list, write an SQL query assuming the data are stored in a relational database with the schema fee (day, month, year, doctor, hospital, patient, count, charge)

-
Image
Solution: a) Star Schema is shown in the figure below: b) First, we should use the roll-up operation to get the year 2004(rolling-up from the day then month to a year). After getting that, we need to use the slice operation to select (2004). Second, we should use roll-up operation again to get all patients. Then, we need to use the slice operation to select (all). Finally, we get a list of the total fee collected by each doctor in 2004. So, 1. roll up from day to month to year 2. slice for year = “2004” 3. roll up on patient from the individual patient to all 4. slice for patient = “all” 5. get the list of the total fees collected by each doctor in 2004 c) Select doctor, Sum(charge) From fee Where year = 2004 Group by doctor
Read more

Explain cloud computing reference model .

-
Image
 CLOUD COMPUTING REFERENCE MODEL The cloud computing reference model is a general high-level architecture and is meant for a cloud computing reference architecture provided, which outlines the primary performer/actor and the understanding of the cloud computing needs, uses, features, and standards. An overview of the NIST primary players, as indicated in the figure below. Each performer is an entity that might be a person or a cloud computing activity and role. The NIST cloud computing reference architecture identifies five organization that takes part in a transaction or process and complete duties in cloud computing. 1. Cloud consumer:  The cloud consumer is the cloud computing service's most significant stakeholder. A cloud consumer is a person or organization who has a commercial connection with a cloud provider and consumes its services. A cloud consumer browses a cloud provider's service catalog, requests the right service, establishes service contracts with the cloud pr...
Read more