Professional Documents
Culture Documents
Summer 2011
1
Computer Science
theory fundamentals
Software Engineering
the practicalities of developing delivering useful software
is concerned with
Dependability
Software must be trustworthy (reliable, secured and safe);
Efficiency
Software should not make wasteful use of system resources;
Acceptability
Software must accepted by the users for which it was designed. This means it must be understandable, usable and compatible with other systems.
Delivery
Developing techniques that lead to faster delivery of software;
Trust
Developing techniques that demonstrate that software can be trusted by its users. Reliable, Secured and Safe.
Engineering Example
Building a house: Land and finances garden, garage, you are used to age wine, enjoy to sit by the fireplace, lots of storage, dont like Bauhaus Architect will define number of floors and rooms, orientation of the driveway, size of the garage type of bricks, color of the walls, Construction Entering Living in the house Fixing minor problems, leaking in the roof
7
Waterfall Weakness
High risk for new systems because of specification and design problems. Low risk for well-understood developments using familiar technology. Usually requirements change, are incomplete or even not known ( Result: Thats not what I meant ! ( go back to last step ) WF-Model reacts very statically: Each stage must be completed before next one starts
Validation
Product Design
Verification
Detailed Design
Verification
Code
Unit Test
Integration
System Test
Operation + Maintenance
Revalidation
8
Specification
Outline description
Development
Intermediate versions
Validation
Final version
Transformational
High risk because of need for advanced technology and staff skills.
9
Product design
Detailed design
Focuses attention on reuse options. Focuses attention on early error elimination. Puts quality objectives up front. Integrates development and maintenance. Provides a framework for hardware/software development. Contractual development often specifies process model and deliverables in advance. Requires risk assessment expertise.
10
PUBLIC CLIENT AND EMPLOYER PRODUCT JUDGMENT MANAGEMENT PROFESSION COLLEAGUES SELF
12
Various forms of copy protection have been used to discourage piracy, including: Installation diskettes that record the number of times the software is installed. Hardware locks, without which the program cannot function. Passwords, serial numbers, or other codes required for installation.
14
16
Network Security
Classic properties of secure systems:
Confidentiality
Encrypt message so only sender and receiver can understand it.
Authentication
Both sender and receiver need to verify the identity of the other party in a communication: are you really who you claim to be?
Authorization
Does a party with a verified identity have permission to access (r/w/x/) information? Gets into access control policies.
Integrity
During a communication, can both sender and receiver detect whether a message has been altered?
Non-Repudiation
Originator of a communication cant deny later that the communication never took place
Availability
Guaranteeing access to legitimate users. Prevention of Denial-of-Service (DOS) attacks.
17
Cryptography
plaintext Encryption ciphertext Decryption plaintext
Encryption algorithm also called a cipher Cryptography has evolved so that modern encryption and decryption use secret keys
Only have to protect the keys! => Key distribution problem Cryptographic algorithms can be openly published plaintext ciphertext plaintext Encryption Decryption
Key KA
Key KB
18
Cryptography
Cryptography throughout history:
Julius Caesar cipher: replaced each character by a character cyclically shifted to the left. Weakness?
Easy to attack by looking at frequency of characters
Mary Queen of Scots: put to death for treason after Queen Elizabeths Is spymaster cracked her encryption code WWII: Allies break German Enigma code and Japanese naval code
Enigma code machine (right)
19
Cryptography
Cryptanalysis Type of attacks: Brute force: try every key Ciphertext-only attack: Attacker knows ciphertext of several messages encrypted with same key (but doesnt know plaintext). Possible to recover plaintext (also possible to deduce key) by looking at frequency of ciphertext letters Known-plaintext attack: Attacker observes pairs of plaintext/ciphertext encrypted with same key. Possible to deduce key and/or devise algorithm to decrypt ciphertext. Chosen-plaintext attack: Attacker can choose the plaintext and look at the paired ciphertext. Attacker has more control than known-plaintext attack and may be able to gain more info about key Adaptive Chosen-Plaintext attack: Attacker chooses a series of plaintexts, basing the next plaintext on the result of previous encryption Differential cryptanalysis very powerful attacking tool But DES is resistant to it Cryptanalysis attacks often exploit the redundancy of natural language Lossless compression before encryption removes redundancy
20
Key KA
Key KB
Caesar Cipher
According to Suetonius, Caesar simply replaced each letter in a message with the letter that is three places further down the alphabet. As shown below, it is clear to see that the cipher text alphabet has been shifted by three places. Hence this form of substitution is often called the Caesar Shift Cipher.
23
Pigpen Cipher
The Pigpen Cipher was used by Freemasons in the 18th Century to keep their records private. The cipher does not substitute one letter for another; rather it substitutes each letter for a symbol. The alphabet is written in the grids shown, and then each letter is enciphered by replacing it with a symbol that corresponds to the portion of the pigpen grid that contains the letter. For example:
Plain Text
Cipher text :
24
modern Transposition ciphers take in N bits and permute using lookup table : called P-Boxes
25
Question???
26