170 likes | 225 Views
Ethical Hacking . Course Overview Email: scott@scottstreit.com Course Content https://content.scottstreit.com. Rules. Address me as “Scott”
E N D
Course Overview Email: scott@scottstreit.com Course Content https://content.scottstreit.com
Rules • Address me as “Scott” • Being able to do something is more important than memorizing. I will not ask you to memorize. My tests ask you to think and explain. I ask you to take a position. • Your grade on a test (mid-term, final) is not the final grade. • You must successfully complete all projects to pass the course. • You pick your grade – I'll explain.
Goals • Einstein said, As simple as possible, but no simpler. • If you cannot explain it simply, you do not understand it well enough. • Any fool can make things more complex it takes genius to find the simplicity. • Great science is simple.
How did we get here? • Turing Machine • P-V Semaphore – Unix – Flat Files • 1972, Dr. E. F. Codd invented Relational Database, Linear Algebra → Data Storage. • RDBMS – Transactions – Bob Epstein 1988 --- 1995 --- Databases fault tolerant and load balanced. They were tightly coupled. Startup and you want to do load balancing... Larger than anyone ever has..... What do you do.?
Class Overview • It is Good to be Smart, It is better to be funny. • 90% of the Material, how? • Projects – 3 Labs • Everything is negotiable • This is supposed to be fun.
Overview • Ethical Hacking • Issues in Security • Trusted Computer System Evaluation Criteria (TCSEC) - Orange Book • Measure Security • Implementation • Assurance
Overview • Ethical Hacking • Issues in Security • Trusted Computer System Evaluation Criteria (TCSEC) - Orange Book • Measure Security • Implementation • Assurance
5 Rules of Software Development W3C specifications ahead of JSR specifications. JSR ahead of defacto standards. Defacto standards ahead of custom development. Compositional patterns to create software systems. Use design patterns when creating custom code.
LAMP vs. WAR Where is LAMP best. Linux, Apache, MySQL, Php 1) Your views closely model your database design. 2) Security requirements are not excessive. Where is War best. 1) You views do not closely model your database Design. In fact there probably is not RDBMS. Elastic. 2) Serious Security Requirements (Underwriting).
Security Labels RDBMS Row ½ data on the row is Secret and ½ is Top Secret? What do you do? Label it, Row? By columns. So this drives the query and the data nuts. Typically in an RDBMS we do Row Level Labeling. So it is not granular enough for MLS.
Relational vs. Semantic Semantic Web, Web 2.0???? Databases there are two forms of storing Data. 1) is Normalized... Customer has many Accounts and a Account participates in many Transactions. 2) vs. Constantly Changing structures.
Row Wise Model - Normalized Customer Accounts Transactions
Row Wise vs. Column Wise So in the previous example... the structure was Stable. Jesus, Luke, Quickbooks does it. Not likely to change. What happens if the structure is morphing constantly. What is an example. Threats in the war on Terror. Human Genome Project
Semantic Web Logical Representation Label at Data Items So all data is represented as Subject Predicate Object …. and Provenance Therefore, we label every piece of data … and therefore …. make it MLS.
Examples The entire field of E-Commerce is defined by two sets of Ontologies - Good Relations and Schema.org. Google says …. Google says... if the world was structured and not unstructured, boy could searches be accurate. Structure... S P O.... and Provenance... What can you do easily.... MLS...