Presentation is loading. Please wait.

Presentation is loading. Please wait.

Instructor: Tasneem Darwish1 University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department Software Systems.

Published byCameron Marshall Modified over 8 years ago

Similar presentations

Presentation on theme: "Instructor: Tasneem Darwish1 University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department Software Systems."— Presentation transcript:

1 Instructor: Tasneem Darwish1 University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department Software Systems Architecture Achieving Qualities

2 Instructor: Tasneem Darwish2 Outlines  Introducing Tactics  Availability Tactics  Modifiability Tactics  Performance Tactics  Security Tactics  Testability Tactics  Usability Tactics  Relationship of Tactics to Architectural Patterns  Architectural Patterns and Styles

3 Instructor: Tasneem Darwish3 Security Tactics  Tactics for achieving security can be divided into:  those concerned with resisting attacks,  those concerned with detecting attacks, and  those concerned with recovering from attacks.  Fore example: putting a lock on your door is a form of resisting an attack, having a motion sensor inside of your house is a form of detecting an attack, and having insurance is a form of recovering from an attack.  The figure shows the goals of the security tactics.

4 Instructor: Tasneem Darwish4 RESISTING ATTACKS  In chapter4, we identified nonrepudiation, confidentiality, integrity, and assurance as goals in our security characterization.  The following tactics can be used in combination to achieve these goals: 1.Authenticate users. Authentication is ensuring that a user or remote computer is actually who it claims to be.  Passwords,  one-time passwords,  digital certificates, and  biometric identifications

5 Instructor: Tasneem Darwish5 RESISTING ATTACKS 2.Authorize users. Authorization is ensuring that an authenticated user has the rights to access and modify either data or services.  This is usually managed by providing some access control patterns within a system.  Access control can be by user or by user class.  Classes of users can be defined by user groups, by user roles, or by lists of individuals

6 Instructor: Tasneem Darwish6 RESISTING ATTACKS 3.Maintain data confidentiality.  Confidentiality is usually achieved by applying some form of encryption to data and to communication links.  Encryption provides extra protection to persistently maintained data beyond that available from authorization.  Encryption is the only protection for passing data over publicly accessible communication links.  The link can be implemented by a virtual private network (VPN) or by a Secure Sockets Layer (SSL) for a Web-based link.  Encryption can be symmetric (both parties use the same key) or asymmetric (public and private keys).

7 Instructor: Tasneem Darwish7 RESISTING ATTACKS 4.Maintain integrity  Data should be delivered as intended.  It can have redundant information encoded in it, such as checksums or hash results, which can be encrypted either along with or independently from the original data. 5.Limit exposure.  Attacks typically depend on exploiting a single weakness to attack all data and services on a host.  The architect can design the allocation of services to hosts so that limited services are available on each host.

8 Instructor: Tasneem Darwish8 RESISTING ATTACKS 6.Limit access.  Firewalls restrict access based on message source or destination port.  Messages from unknown sources may be a form of an attack.  It is not always possible to limit access to known sources. A public Web site, for example, can expect to get requests from unknown sources.  One configuration used in this case is the so-called demilitarized zone (DMZ).  A DMZ is used when access must be provided to Internet services but not to a private network.  It sits between the Internet and a firewall in front of the internal network.

9 Instructor: Tasneem Darwish9 DETECTING ATTACKS  The detection of an attack is usually through an intrusion detection system.  Such systems work by comparing network traffic patterns to a database.  In the case of misuse detection, the traffic pattern is compared to historic patterns of known attacks.  In the case of anomaly detection, the traffic pattern is compared to a historical baseline of itself.  Frequently, the packets must be filtered in order to make comparisons.  Filtering can be on the basis of protocol, TCP flags, payload sizes, source or destination address, or port number.

10 Instructor: Tasneem Darwish10 DETECTING ATTACKS  Intrusion detectors must have:  some sort of sensor to detect attacks,  managers to do sensor fusion,  databases for storing events for later analysis,  tools for offline reporting and analysis,  and a control console so that the analyst can modify intrusion detection actions.

11 Instructor: Tasneem Darwish11 RECOVERING FROM ATTACKS  Tactics involved in recovering from an attack can be divided into:  those concerned with restoring state and  those concerned with attacker identification (for either preventive or punitive purposes).  The tactics used in restoring the system or data to a correct state overlap with those used for availability  they are both concerned with recovering a consistent state from an inconsistent state.  One difference is that special attention is paid to maintaining redundant copies of system administrative data such as passwords, access control lists, domain name services, and user profile data.

12 Instructor: Tasneem Darwish12 RECOVERING FROM ATTACKS  The tactic for identifying an attacker is to maintain an audit trail.  An audit trail is a copy of each transaction applied to the data in the system together with identifying information.  Audit information can be used to trace the actions of an attacker,  Audit information support no repudiation (it provides evidence that a particular request was made), and support system recovery.  Audit trails are often attack targets themselves and therefore should be maintained in a trusted fashion.

13 Instructor: Tasneem Darwish13 Testability Tactics  The goal of tactics for testability is to allow for easier testing when an increment of software development is completed.  Architectural techniques for enhancing the software testability have not received as much attention as modifiability, performance, and availability,  But, as we stated in Chapter4, since testing consumes such a high percentage of system development cost, anything the architect can do to reduce this cost will yield a significant benefit.

14 Instructor: Tasneem Darwish14 Testability Tactics  Although in Chapter4 we included design reviews as a testing technique, in this chapter we are concerned only with testing a running system.  The goal of a testing regimen is to discover faults.  This requires that input be provided to the software being tested and that the output be captured.

15 Instructor: Tasneem Darwish15 Testability Tactics  Executing the test procedures requires some software to provide input to the software being tested and to capture the output. This is called a test harness.  We discuss two categories of tactics for testing:  providing input and capturing output,  and internal monitoring.

16 Instructor: Tasneem Darwish16 Testability Tactics (INPUT/OUTPUT)  There are three tactics for managing input and output for testing: 1.Record/playback 2.Separate interface from implementation 3.Specialize access routes/interfaces

17 Instructor: Tasneem Darwish17 Testability Tactics (INPUT/OUTPUT) Record/playback.  Record/playback refers to both capturing information crossing an interface and using it as input into the test harness.  The information crossing an interface during normal operation is saved in some repository and represents output from one component and input to another.  Recording this information allows test input for one of the components to be generated and test output for later comparison to be saved. Comp 1 interface Comp 2 Test harness

18 Instructor: Tasneem Darwish18 Testability Tactics (INPUT/OUTPUT) Separate interface from implementation  Separating the interface from the implementation allows substitution of implementations for various testing purposes.  Stubbing implementations allows the remainder of the system to be tested in the absence of the component being stubbed.  Substituting a specialized component allows the component being replaced to act as a test harness for the remainder of the system.

19 Instructor: Tasneem Darwish19 Testability Tactics (INPUT/OUTPUT) Specialize access routes/interfaces.  Having specialized testing interfaces allows the capturing or specification of variable values for a component through a test harness as well as independently from its normal execution.  Specialized access routes and interfaces should be kept separate from the access routes and interfaces for required functionality.  Having a hierarchy of test interfaces in the architecture means that test cases can be applied at any level in the architecture and that the testing functionality is in place to observe the response.

20 Instructor: Tasneem Darwish20 Testability Tactics (INTERNAL MONITORING)  A component can implement tactics based on internal state to support the testing process.  Built-in monitors.  The component can maintain state, performance load, capacity, security, or other information accessible through an interface.  This interface can be a permanent interface of the component or it can be introduced temporarily.  A common technique is to record events when monitoring states have been activated.  Monitoring states can actually increase the testing effort since tests may have to be repeated with the monitoring turned off.

21 Instructor: Tasneem Darwish21 Usability Tactics  usability is concerned with how easy it is for the user to accomplish a desired task and the kind of support the system provides to the user.  Two types of tactics support usability, each intended for two categories of "users.”:  The first category, runtime, includes those that support the user during system execution.  The second category is based on the iterative nature of user interface design and supports the interface developer at design time. It is strongly related to the modifiability tactics.

22 Instructor: Tasneem Darwish22 Usability Tactics (RUNTIME TACTICS)  Once a system is executing, usability is enhanced by:  giving the user feedback as to what the system is doing  and by providing the user with the ability to issue usability-based commands. For example, cancel, undo, aggregate, and show multiple views support the user in either error correction or more efficient operations.

23 Instructor: Tasneem Darwish23 Usability Tactics (RUNTIME TACTICS)  Researchers in human–computer interaction have used the terms "user intiative," "system initiative," and "mixed initiative" to describe which of the human–computer pair takes the initiative in performing certain actions and how the interaction proceeds.  The usability scenarios combine initiatives from both perspectives.  For example, when canceling a command the user issues a cancel (user initiative) and the system responds.  During the cancel, however, the system may put up a progress indicator—"system initiative."  Thus, cancel demonstrates "mixed initiative."  We use this distinction between user and system initiative to discuss the tactics that the architect uses to achieve the various scenarios.

24 Instructor: Tasneem Darwish24 Usability Tactics (RUNTIME TACTICS)  When the user takes the initiative, the architect designs a response as if for any other piece of functionality.  The architect must list the responsibilities of the system to respond to the user command.  For example, when the user issues a cancel command:  the system must be listening for it (thus, there is the responsibility to have a constant listener that is not blocked by the actions of whatever is being canceled);  the command to cancel must be killed;  any resources being used by the canceled command must be freed;  and components that are collaborating with the canceled command must be informed so that they can also take appropriate action.

25 Instructor: Tasneem Darwish25 Usability Tactics (RUNTIME TACTICS)  When the system takes the initiative, it must rely on:  some information about the user,  the task being undertaken by the user, or  the system state itself.  Each model requires various types of input to accomplish its initiative.  The system initiative tactics are those that identify the models the system uses to predict either its own behavior or the user's intention.  Encapsulating this information will enable an architect to more easily adapt and modify those models.  Tailoring and modification can be either dynamically based on past user behavior or offline during development.

26 Instructor: Tasneem Darwish26 Usability Tactics (RUNTIME TACTICS) Maintain a model of the task.  In this case, the model maintained is that of the task.  The task model is used to determine context so the system can have some idea of what the user is attempting and provide various kinds of assistance.  For example, knowing that sentences usually start with capital letters would allow an application to correct a lower-case letter in that position.

27 Instructor: Tasneem Darwish27 Usability Tactics (RUNTIME TACTICS) Maintain a model of the user.  It determines the user's knowledge of the system, the user's behavior in terms of expected response time, and other aspects specific to a user or a class of users.  For example, maintaining a user model allows the system to pace scrolling so that pages do not fly past faster than they can be read.

28 Instructor: Tasneem Darwish28 Usability Tactics (RUNTIME TACTICS) Maintain a model of the system.  It determines the expected system behavior so that appropriate feedback can be given to the user.  The system model predicts items such as the time needed to complete current activity.

29 Instructor: Tasneem Darwish29 Usability Tactics (DESIGN-TIME TACTICS)  User interfaces are typically revised frequently during the testing process.  That is, the usability engineer will give the developers revisions to the current user interface design and the developers will implement them.  This leads to a tactic that is a refinement of the modifiability tactic of semantic coherence:  Separate the user interface from the rest of the application

30 Instructor: Tasneem Darwish30 Usability Tactics (DESIGN-TIME TACTICS) Separate the user interface from the rest of the application.  Localizing expected changes is the basis for semantic coherence.  Since the user interface is expected to change frequently both during the development and after deployment, maintaining the user interface code separately will localize changes to it.  The software architecture patterns developed to implement this tactic and to support the modification of the user interface are:  Model-View-Controller  Presentation-Abstraction-Control  Seeheim  Arch/Slinky

Download ppt "Instructor: Tasneem Darwish1 University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department Software Systems."

Similar presentations

Computer Systems & Architecture Lesson 2 4. Achieving Qualities.

Computer Systems & Architecture Lesson 2 4. Achieving Qualities.
Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,

Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Chapter 19: Network Management Business Data Communications, 5e.

Chapter 19: Network Management Business Data Communications, 5e.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Chapter 1 – Introduction

Chapter 1 – Introduction
Chapter 19: Network Management Business Data Communications, 4e.

Chapter 19: Network Management Business Data Communications, 4e.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 12 Network Security.

Chapter 12 Network Security.
 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.

 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.
Instructor: Tasneem Darwish

Instructor: Tasneem Darwish
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
1 Steve Chenoweth Tuesday, 10/18/11 Week 7, Day 2 Right – One view of the layers of ingredients to an enterprise security program. From www.451group.com/security/451_security.php.www.451group.com/security/451_security.php.

1 Steve Chenoweth Tuesday, 10/18/11 Week 7, Day 2 Right – One view of the layers of ingredients to an enterprise security program. From

Similar presentations

Ads by Google