Achieving Qualities 1 Võ Đình Hiếu. Contents Architecture tactics Availability tactics Security tactics Modifiability tactics 2.

Slides:



Advertisements
Similar presentations
Computer Systems & Architecture Lesson 2 4. Achieving Qualities.
Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Chapter 19: Network Management Business Data Communications, 5e.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Quality Attributes Or, what’s wrong with this: Exterminator kit – place bug on block, strike with mallet.
Lecture 13 Enterprise Systems Development ( CSC447 ) COMSATS Islamabad Muhammad Usman, Assistant Professor.
Chapter 19: Network Management Business Data Communications, 4e.
Chapter 7 HARDENING SERVERS.
1 CSSE 377 – Intro to Availability & Reliability Part 2 Steve Chenoweth Tuesday, 9/13/11 Week 2, Day 2 Right – Pictorial view of how to achieve high availability.
Network Security Testing Techniques Presented By:- Sachin Vador.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
1 Steve Chenoweth Tuesday, 10/18/11 Week 7, Day 2 Right – One view of the layers of ingredients to an enterprise security program. From
Applied Cryptography for Network Security
Vakgroep Informatietechnologie – IBCN Software Architecture Prof.Dr.ir. F. Gielen Quality Attributes & Tactics (4) Modifiability.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Copyright © 2015 Pearson Education, Inc. Processing Integrity and Availability Controls Chapter
Achieving Qualities. Architectural Tactics  A tactic is a design decision that influences the control of a quality attribute response.  A collection.
Instructor: Tasneem Darwish1 University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department Software Systems.
Storage Security and Management: Security Framework
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
Describe How Software and Network Security Can Keep Systems and Data Secure P3. M2 and D1 Unit 7.
Wireless Network Security. What is a Wireless Network Wireless networks serve as the transport mechanism between devices and among devices and the traditional.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Instructor: Tasneem Darwish1 University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department Software Systems.
Achieving Qualities © Len Bass, Paul Clements, Rick Kazman, distributed under Creative Commons Attribution License.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Software System Architecture Software System Architecture Chapter 6:Air Traffic Control: A Case Study in Designing for High Availability. Chapter 6:Air.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 10 Case Study: Conducting an Information Systems Audit.
Chapter 2 Securing Network Server and User Workstations.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Air Traffic Control Guy Mark Lifshitz Sevan Hanssian.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Cloud Computing and Architecture Architectural Tactics (Tonight’s guest star: Availability)
Network Security Introduction
Business Continuity Planning for OPEN OPEN Development Conference September 18, 2008 Ravi Rajaram IT Development Manager.
1 Software Architecture in Practice Architectural Design (Again, the amputated version)
Vakgroep Informatietechnologie – IBCN Software Architecture Prof.Dr.ir. F. Gielen Quality Attributes & Tactics (1)
Dr. Awais Majeed Achieving Quality CSE 861- Software System Design & Architecture.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
IDS And Tripwire Rayhan Mir COSC 356. What is IDS IDS - Intrusion detection system Primary function – To monitor network or host resources to detect intrusions.
Keimyung University 1 Network Control Hong Taek Ju College of Information and Communication Keimyung University Tel:
IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.
1 Advanced Software Architecture Muhammad Bilal Bashir PhD Scholar (Computer Science) Mohammad Ali Jinnah University.
Chapter 5: Availability © Len Bass, Paul Clements, Rick Kazman, distributed under Creative Commons Attribution License.
Securing Network Servers
Chapter 19: Network Management
Chapter 7: Modifiability
Chapter 9: Security © Len Bass, Paul Clements, Rick Kazman, distributed under Creative Commons Attribution License.
Design for Security Pepper.
Achieving Qualities.
Security of a Local Area Network
Quality Attributes Or, what’s wrong with this:
Systems Design Chapter 6.
INFORMATION SYSTEMS SECURITY and CONTROL
Quality Attributes Or, what’s wrong with this:
Security network management
Designing IIS Security (IIS – Internet Information Service)
Quality Attributes Or, what’s wrong with this:
Confidentiality, Integrity, Nonrepudiation
Presentation transcript:

Achieving Qualities 1 Võ Đình Hiếu

Contents Architecture tactics Availability tactics Security tactics Modifiability tactics 2

Architectural Tactics A system design is a collection of decisions – Some ensure achievement of the system functionality – Others help control the quality attribute responses A tactic is a design decision that influences the control of a quality attribute response. A collection of tactics is called an architectural strategy. 3

Architectural Tactics Tactics to Control Response StimulusResponse 4

Goal of Availability Tactics Tactics to Control Availability FaultFault Masked or Repair Made 5

Availability Tactics Fault detection Fault recovery Fault prevention 6

Fault Detection Tactics Ping/echo – one component issues a ping and expects to receive back an echo within a predefined time. Heartbeat – one component emits a heartbeat periodically and another component listens for it. Exceptions – one method for recognizing faults is to encounter an exception raised when a fault is discovered. 7

Fault Recovery Tactics Voting – Processes running on redundant processors each take equivalent input and compute an output value that is sent to a voter that makes a decision on what to do. Active redundancy (hot restart) – All redundant components respond to events in parallel and the response from only one component is used (usually the first to respond). 8

Fault Recovery Tactics Passive redundancy (warm restart/dual redundancy/triple redundancy) – One component (the primary) responds to events and informs the other components (the standbys) of state updates they must make. When a fault occurs the system must first make sure that the backup state is sufficiently fresh before resuming services. Spare – A standby spare computing platform is configured to replace many different failed components. It must be rebooted to the proper software configuration and have its state initialized when a failure occurs. 9

Fault Prevention Tactics Removal from service – The removal of a component from service to undergo activities to prevent failures. Transactions – The bundling of several sequential steps in which the entire bundle can be undone at once. Process monitor – Monitoring for a fault in a process and deleting the nonperforming process and creating a new instance of it. 10

Summary of Availability Tactics Availability Fault Detection Recovery- Preparation and Repair Recovery- Reintroduction Prevention Ping/Echo Heartbeat Exception Voting Active Redundancy Passive Redundancy Spare Shadow State Resyn- chroniztion Rollback Removal from Service Trans- actions Process Monitor Fault Masked Or Repair Made 11

Security Tactics Three categories of security tactics – Resisting attacks – Detecting attacks – Recovering from attacks 12

Goal of Security Tactics Tactics to Control Security AttackSystem Detects, Resists, or Recovers from Attacks 13

Resisting Attacks Authenticate users – ensuring that a user or remote computer is actually who it purports to be (e.g., via passwords). Authorize users – ensuring that an authenticated user has the rights to access and modify either data or services (e.g., via access control by user or user class within the system). Maintain data confidentiality – data should be protected from unauthorized access (e.g., via encryption of persistent data or use of VPN or SSL for a Web-based link). 14

Resisting Attacks Maintain integrity – data should be delivered as intended (e.g., via use of redundant encoded information like checksums or hash results). Limit exposure – allocate services to hosts so that limited services are available on each host. Limit access – restrict access based on message source or destination port if possible (e.g., via firewalls) 15

Detecting Attacks The detection of an attack is usually done through an intrusion detection system. These systems compare network traffic patterns to a database of patterns. 16

Recovering from Attacks Tactics concerned with restoring state: these overlap with availability tactics Concerned with attacker identification (for either preventive or punitive purposes) 17

Summary of Security Tactics Security Resisting Attacks Detecting Attacks Recovering from an Attack Authenticate Users Authorize Users Maintain Data Confidentiality Maintain Integrity Limit Exposure Limit Access Intrusion Detection Restoration Attack System Detects, Resists, or Recovers from Attacks See Availability Identification Audit Trail 18

Modifiability Tactics 3 groups – Localize modification – Prevent ripple effect – Defer binding time 19

Localize modification Maintain semantic coherence Anticipate expected changes Generalize the module Limit possible options 20

Prevent ripple effect Hide information Maintain existing interfaces Restrict communication paths Use an intermediary 21

Defer binding time Runtime registration Configuration files Adherence to defined protocols 22

23

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.