tag:blogger.com,1999:blog-23312060834538149292024-03-13T23:42:10.478-07:00Software ArchitectureHi my name is Rohit Sood, I love solution architecture and have spent 15 years doing large scale enterprise, systems, solution, application architecture and their evaluations. I enjoy SOA, JavaEE, Mobile, Web 2.0, BigData and Cloud compute. I post one article every Sunday evening and answer to expertise requests over LinkedIn. I hope this adds value to your efforts.Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comBlogger110125tag:blogger.com,1999:blog-2331206083453814929.post-390632009591470002013-09-08T16:19:00.001-07:002013-09-08T16:19:06.901-07:00Not Only SQL<p>NO SQL is basically a highly scalable disruptive data storage technology. The basic downsides included proprietary APIs (no standard SQL), evolving capabilities, loads of vendors, lack of skills. </p> <p>Here’s some information from the net…</p> <p>FoundationDB – has the added advantage of providing data consistency.<br> <br>MapR - SQL capabilities over large-scale distributed systems including Hadoop and NoSQL databases<br> <br>GridGain - brings in-memory capabilities to MongoDB. Achieves elastic scale and automatic transparent re-sharding<br> <br>Scientel - Gensonix® stores structured/unstructured data in Relational, Hierarchical, Network, and Column formats, and scales to trillions of real-time transactions.<br> <br>Accumulo - enable online model building and dynamic indexing to support both retrospective analysis and enrichment of streaming data.<br> <br>Microsoft - Windows Azure Tables offer the best of both scalability and ACID guarantees.<br> <br>RavenDB - a schema-less document database that offers fully ACID transactions, fast and flexible search, replication, sharding, and a simple RESTful API<br> <br>eXist-db - High-performance native XML database engine and all-in-one solution for application building.<br> <br>Cloudant - providing strong-consistency for single-document operations.<br> <br>Aerospike - optimized for SSDs through a highly parallelized, distributed architecture.<br> <br>StarCounter - an in-memory database that processes millions of database transactions per second on a single machine.</p> Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-53575444275119188402013-07-21T18:00:00.000-07:002013-07-21T18:00:00.414-07:00Role of Senior Architects<p>A key strategy is delegation. This works well if you are comfortable with it.</p> <p>I espouse a personal philosophy that says if a decision can reasonably be made by someone with a more narrow scope of responsibility, defer the decision to that person or group. <p>Trust, but verify. Review. Review. Review. Ask open ended questions and have an open channel of communicating early ‘red flags’. <p>And then hold the group accountable to see through the results of the decision into a tangible deliverable.</p> Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-9094813123301213272013-07-07T18:00:00.000-07:002013-07-07T18:00:00.678-07:0010. ATAM Phase 3 and Conclusion<h3> </h3> <p>Purpose: Follow up. This phase is conducted after the conclusion of the ATAM evaluation. <h4><a name="_Toc355702212">Phase 3 Step 1: Produce the Final Report</a></h4> <p>Purpose: To write the final report. <p>Evaluators will write the final report that summarizes the entire ATAM evaluation. <h4><a name="_Toc355702213">Phase 3 Step 2: Hold the Post Mortem Meeting</a></h4> <p><em>Team members fill out </em> <ul> <li>Evaluation team post-exercise survey </li> <li>Method improvement survey </li> <li>Evaluation team post-exercise effort survey </li></ul> <p><em>Team leader arranges and facilitates meeting and </em> <ul> <li>Collects process observer’s report </li> <li>Collects effort data </li></ul> <p> <h4><a name="_Toc355702214">Phase 3 Step 3: Build Portfolio and Update Artifact Repository</a></h4> <p>Six months after the evaluation the team leader arranges for the customer to complete the long-term benefit survey. <h3><a name="_Toc355702215">Conclusion</a></h3> <p>ATAM is a stakeholder-oriented cross-functional team facilitated architectural review process that results in Risk Themes. Founded on Quality Attributes, Tradeoffs, Sensitivity Points and Risks this process is a proven repeatable method of evaluating software architectures. This process and it’s templates should be customized.</p> Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-44438521576776285012013-06-30T18:00:00.000-07:002013-06-30T18:00:02.919-07:009. ATAM Phase 2<h3><a name="_Toc355702205">ATAM Phase 2</a></h3> <p>Bring the producers and consumers together to ensure that there are no discrepancies. <p>Write Risk Themes early at least start risk themes documentations early – and try to stick to 5. Not all risks map to a theme, there can be some outliers. The following are two groups of activities in Phase 2: <p>1. Testing – involves checking the results to date against the needs of all relevant stakeholders <p>2. Reporting –involves presenting the results of the ATAM <p>Phase 2 involves bottom-up information gathering and analysis. <p>- Consumers of the system <p>o End users <p>o Application builder <p>o External entities <p>- Servicers of the system <p>o System Admin <p>o Network Admin <p>o Maintainers <p>Review Step 1 -6 with the Phase 2 group. Why? This helps Step 7 because these materials are useful in brainstorming. Do not constrain the group, and changes can be made to the utility tree and other artifacts. <p>Note: Ask for any documentation (architecture) that was requested in Phase 1. Do accept new documentation created “just for Phase 2”. Just a new view, ensure that existing views are not changed/upgraded or modifying the architecture. <p><a href="http://lh6.ggpht.com/-rmneEFskhnI/UY2QUtMOM9I/AAAAAAAACTQ/ZWhGTMeQ2GE/s1600-h/image4.png"><img style="background-image: none; border-right-width: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh5.ggpht.com/-dL2m04nVkbM/UY2QVenKqUI/AAAAAAAACTY/WBBs6YbSfIA/image_thumb2.png?imgmax=800" width="518" height="324"></a> <h5><a name="_Toc355702206">Risk Theme</a></h5> <p>A risk theme is a summarization of multiple similar risks discovered during the analysis of qualified attribute scenarios. <p>The point out bigger issues in the architecture and are <p>- Either Commission – i.e. multiple questionable decisions made in the architecture <p>- Or Omission – i.e. decisions NOT made or requirements not included in the architecture <p>E.g. Risk Theme: “There is no holistic approach to resource management…” Impacts Business Goals: “Cost, time-to-market, ability to compete with competitors”. Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-78268022019610791982013-06-23T18:00:00.000-07:002013-06-23T18:00:02.286-07:008. ATAM Scenario Documentation example<h5><a name="_Toc355702203"><font size="1">Scenario Documentation</font></a></h5> <p><font size="1">The following are templates filled out for scenarios for illustration not completeness. </font> <table style="width: 506px; height: 82px" border="1" cellspacing="0" cellpadding="0"> <tbody> <tr> <td valign="top" width="124"> <p><b><font size="1">(H,H) Scenario </font></b></p></td> <td valign="top" width="466"> <p><font size="1">Port new to Operating System</font></p></td></tr> <tr> <td valign="top" width="124"> <p><b><font size="1">Attributes</font></b></p></td> <td valign="top" width="466"> <p><font size="1">Portability</font></p></td></tr> <tr> <td valign="top" width="124"> <p><b><font size="1">Environment</font></b></p></td> <td valign="top" width="466"> <p><font size="1">Operating system</font></p></td></tr> <tr> <td valign="top" width="124"> <p><b><font size="1">Stimulus</font></b></p></td> <td valign="top" width="466"> <p><font size="1">New Device</font></p></td></tr> <tr> <td valign="top" width="124"> <p><b><font size="1">Response</font></b></p></td> <td valign="top" width="466"> <p><font size="1">The developers deliver a production quality PAMD Image that supports new device within two months.</font></p></td></tr> <tr> <td valign="top" width="124"> <p><b><font size="1">Architectural Decisions</font></b></p></td> <td valign="top" width="104"> <p><b><font size="1">Sensitivity</font></b></p></td> <td valign="top" width="110"> <p><b><font size="1">Tradeoff</font></b></p></td> <td valign="top" width="106"> <p><b><font size="1">Risk</font></b></p></td> <td valign="top" width="146"> <p><b><font size="1">Nonrisk</font></b></p></td></tr></tbody></table> <table border="1" cellspacing="0" cellpadding="0"> <tbody> <tr> <td valign="top" width="133"> <p><b><font size="1">(H,H) Scenario </font></b></p></td> <td valign="top" width="522"> <p><font size="1">Port new hardware to existing infrastructure and operating system(s)>\.</font></p></td></tr> <tr> <td valign="top" width="133"> <p><b><font size="1">Attributes</font></b></p></td> <td valign="top" width="522"> <p><font size="1">Portability</font></p></td></tr> <tr> <td valign="top" width="133"> <p><b><font size="1">Environment</font></b></p></td> <td valign="top" width="522"> <p><font size="1">N/A for now</font></p></td></tr> <tr> <td valign="top" width="133"> <p><b><font size="1">Stimulus</font></b></p></td> <td valign="top" width="522"> <p><font size="1">A new device is selected to inclusion into the ecosystem.</font></p></td></tr> <tr> <td valign="top" width="133"> <p><b><font size="1">Response</font></b></p></td> <td valign="top" width="522"> <p><font size="1">PAMD developers deliver a production quality PAMD images is developed for the new device within 2 months (business) or 1 year (IT Arch). [Negotiated to 6 months between Business Owner and IT Architect]</font></p></td></tr> <tr> <td valign="top" width="133"> <p><b><font size="1">Architectural Decisions</font></b></p></td> <td valign="top" width="111"> <p><b><font size="1">Sensitivity</font></b></p></td> <td valign="top" width="122"> <p><b><font size="1">Tradeoff</font></b></p></td> <td valign="top" width="122"> <p><b><font size="1">Risk</font></b></p></td> <td valign="top" width="167"> <p><b><font size="1">Nonrisk</font></b></p></td></tr></tbody></table> <table border="1" cellspacing="0" cellpadding="0"> <tbody> <tr> <td valign="top" width="133"> <p><b><font size="1">(H,H) Scenario </font></b></p></td> <td valign="top" width="522"> <p><font size="1">Data type incompatibility</font></p></td></tr> <tr> <td valign="top" width="133"> <p><b><font size="1">Attributes</font></b></p></td> <td valign="top" width="522"> <p><font size="1">Reliability</font></p></td></tr> <tr> <td valign="top" width="133"> <p><b><font size="1">Environment</font></b></p></td> <td valign="top" width="522"> <p><font size="1">Run-time</font></p></td></tr> <tr> <td valign="top" width="133"> <p><b><font size="1">Stimulus</font></b></p></td> <td valign="top" width="522"> <p><font size="1">The data type understood by the application changes, without an updated plug-in</font></p></td></tr> <tr> <td valign="top" width="133"> <p><b><font size="1">Response</font></b></p></td> <td valign="top" width="522"> <p><font size="1">The system raises an error, informing the user that the data type is incompatible.</font></p></td></tr> <tr> <td valign="top" width="133"> <p><b><font size="1">Architectural Decisions</font></b></p></td> <td valign="top" width="111"> <p><b><font size="1">Sensitivity</font></b></p></td> <td valign="top" width="122"> <p><b><font size="1">Tradeoff</font></b></p></td> <td valign="top" width="122"> <p><b><font size="1">Risk</font></b></p></td> <td valign="top" width="167"> <p><b><font size="1">Nonrisk</font></b></p></td></tr></tbody></table> <table border="1" cellspacing="0" cellpadding="0"> <tbody> <tr> <td valign="top" width="133"> <p><b><font size="1">(H,H) Scenario </font></b></p></td> <td valign="top" width="522"> <p><font size="1">Loading PAMD plug-ins and applications</font></p></td></tr> <tr> <td valign="top" width="133"> <p><b><font size="1">Attributes</font></b></p></td> <td valign="top" width="522"> <p><font size="1">Reliability</font></p></td></tr> <tr> <td valign="top" width="133"> <p><b><font size="1">Environment</font></b></p></td> <td valign="top" width="522"><font size="1"></font></td></tr> <tr> <td valign="top" width="133"> <p><b><font size="1">Stimulus</font></b></p></td> <td valign="top" width="522"> <p><font size="1">User loads 1 additional plug-in or applications that exceeds the system capacity limits.</font></p></td></tr> <tr> <td valign="top" width="133"> <p><b><font size="1">Response</font></b></p></td> <td valign="top" width="522"> <p><font size="1">The system responds by loading the new plug-in or application without crashing.</font></p></td></tr> <tr> <td valign="top" width="133"> <p><b><font size="1">Architectural Decisions</font></b></p></td> <td valign="top" width="111"> <p><b><font size="1">Sensitivity</font></b></p></td> <td valign="top" width="122"> <p><b><font size="1">Tradeoff</font></b></p></td> <td valign="top" width="122"> <p><b><font size="1">Risk</font></b></p></td> <td valign="top" width="167"> <p><b><font size="1">Nonrisk</font></b></p></td></tr></tbody></table></p> <p>Here is the clearest definitions I could come up with: </p> <p>Risk – a clear risk to the architectural design relative to a single quality attribute.</p> <p>Nonrisk – a good decision.</p> <p>Tradeoff – two quality attributes are being balanced here.</p> <p>Sensitivity Point – a single quality attribute is impacted by </p> Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-53601880229949683352013-06-16T18:00:00.000-07:002013-06-16T18:00:02.045-07:007. ATAM Utility Tree Example<p><a href="http://lh4.ggpht.com/-Vq2VIdi78Pg/UY2OkV75huI/AAAAAAAACS8/ZgNjancv-jg/s1600-h/image5.png"><img style="background-image: none; border-right-width: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh6.ggpht.com/-c0geVILv-Jc/UY2OlLqEuGI/AAAAAAAACTA/OMUi5fU8coU/image_thumb3.png?imgmax=800" width="547" height="685"></a></p> <p>I think a utility tree is a visualization of quality attribute exposures for a given architecture, however it can get pretty cumbersome and the details will loose the big picture. In practice, it really depends on the people reading this and how well familiar they are. Chances are they will not be and the goal will be then for the architect to familiarize the stakeholders or create an alternate artifact.</p> Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-59028290572434082352013-06-09T18:00:00.000-07:002013-06-09T18:00:03.917-07:005. ATAM Phase 0: Evaluation<h4> </h4> <p>Purpose: Partnership & Preparation: Usually present the ATAM to a small group. Get the Business Drivers. <p>Step 1: Purpose to ensure that the client understands the mechanics of the evaluation method; make sure the client understands the CBA of an architecture evaluation. Record questions for possible FAQ list. Consultants may write up work plans. 75 man days for evaluation team effort– duration best case is 3 weeks. <p>Step 2: Initial description of the candidate system. Client provides existing documentation describing the system. Client conveys main architectural drivers e.g. business goals, requirements, constraints etc. <p>Client and evaluation organization agree on necessary architecture documentation – “3 main views”. <p>NDA – for evaluation team is done at this step. <p>Evaluators record general business goals, quality attributes, architectural constraints and list of architecture documentation to be delivered to the evaluation team. <p><img src="http://4.bp.blogspot.com/_m6r6vWATkho/TLMbr5d62RI/AAAAAAAAAP4/KsAAAOly-kk/s1600/crescent_moon_800.jpg" width="293" height="293"> <p>Step 3: Go/No-Go decision with respect to conducting ATAM. <p>Evaluation organization representatives understand the state of the architecture well enough to make a decision and ensure that the candidate system is ready for evaluation. <p>Evaluation team takes a look at the context drawing and multiple views of the system (e.g. run time etc.) <p>The list of named participants and their roles with respect to the system must be provided. <p>Step 4: SOW presentation and negotiation. <p>Step 5: Form core evaluation team. Aim for 4-6 evaluators. <p>Modifiability – coupling, encapsulation, contract based interactions, cohesion etc. <p>Step 6: Conduct evaluation team kick-off meeting. <p>Team Leader: establishes the time and place for the meeting. <p>Stickies on a board that can be grouped by risk themes are helpful…or use “Mind Maps”. <p>Tools like “Enterprise Architect” are used for evaluation in some companies. <p>Step 7: Prepare and Plan for Phase 1. <p>Review the purpose of the ATAM phases with the client. <p>Confirm the time and place for the evaluation for the client to present the system architecture & business goals, architect to present the system architecture and arrange for supplies. <p>Step 8: Preliminary review of the system’s software architecture. <p>Hold a brief post-mortem.</p> Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-68944918136929916862013-06-02T18:00:00.000-07:002013-06-02T18:00:03.702-07:004. ATAM Phases Overview<h3> </h3> <p>There are 4 phases of the ATAM evaluation: Phase 0-3. <p>Phase 0: Partnership & Preparation <p>· Usually present the ATAM to a small group. Get the Business Drivers. <p>Phase 1: Initial Evaluation: Step 1-6 <p>· Steps 1-5: We don’t pre-judge here. Just gather information and focus on the pros. <p>· Step 6: This is still phase 1. Ask questions about the architectural decisions, and do they map back to business drivers? <p><img alt="20110604moonA.jpg" src="http://chaocnx.up.seesaa.net/image/20110604moonA.jpg"> <p>Phase 2: Complete Evaluation: Step 7-9 <p>· Step 7: (Brainstorm & Prioritize) – Phase 2: Show Phase 1 scenarios, you recap. <p>· Step 8: Analyze Architectural Approaches: You have more stakeholders. <p>· Step 9: Report out <p>Phase 3: Follow-up</p> Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-21669126988415467712013-05-26T18:00:00.001-07:002013-05-26T18:00:02.167-07:003. The Benefits of ATAM Evaluations<h4> </h4> <blockquote> <p>The following are the benefits of Architecture Tradeoff Analysis Methodology (ATAM) - </p></blockquote> <p>· Clarified QARs <p>· Improved Architecture documentation </p> <p>· Documented basis for architectural decisions </p> <p>· Identify risks early in the life cycle </p> <p>· Increased communication among stakeholder </p> <p><img src="http://www.best-of-robotics.org/css/images/BRICS_Maskotchen/9_Architekt.jpg" width="107" height="160"></p> <p>· <i>The results are dramatically improved software architectures.</i></p> Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-78315262496222302752013-05-26T18:00:00.000-07:002013-05-26T18:00:01.362-07:002. ATAM Conceptual Model<p>The ATAM process if a facilitated interaction between stakeholders leading to the identification of risks, non-risks, sensitivities and trade-offs. <p>Sensitivity Points – a property of one or more components that is critical for achieving a particular quality attribute response. Example – queue depth is a sensitivity point. Changing this can help scalability or/and throughput. <p>Trade off – is a property that affects more than one attribute. E.g. Having a queue that is persistent or non-persistent impacts durability, availability and throughput. This is a trade-off. <p>The following model shows Business Drivers to Scenarios decoupled from Architectural Plan to Architectural Decisions. <p><img alt="A conceptual flow of the ATAM" src="http://www.sei.cmu.edu/architecture/tools/evaluate/images/atam_flow_2-gif.jpg"> <p>See Conceptual Model here: <a href="http://www.sei.cmu.edu/architecture/tools/evaluate/atam.cfm">http://www.sei.cmu.edu/architecture/tools/evaluate/atam.cfm</a> <p>In practice, Architectural Approaches is where QARs tagged to distinct approaches are derived from the plan. So you take the plan/presentation à Architectural Approaches à Quality Attributes à Architectural Decisions is probably more accurate. <p>Advice: Never do Phase 1 and Phase 2 in the same week. Give yourself 1-2 weeks in between.</p> Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-91608754985994390292013-05-19T18:00:00.000-07:002013-05-19T18:00:06.107-07:00Understanding Architectures with Pictures<p> <p>“Pictures speak a 1024 words.” – this is a quote I used a lot for the past 10 years or so. Why? Well this is because architectures need to be visualized. Bredemeyer Consulting’s Visual Architecting Process, SEI’s SAPP, RUP’s UML, Zachman, TOGAF etc. all dwell on visualizing abstractions. But how do you translate that to real projects, and especially those that claim to be agile and misunderstand that to mean no design and no plans? As one of the many signatories of the agile manifesto it is clear to me that those projects that do not know what the architecture is can not deliver software in a timely manner with good quality attributes. <p><img alt="Circuit Board On A Blueprint Background Royalty Free Stock Photos - Image: 7848798" src="http://thumbs.dreamstime.com/x/circuit-board-blueprint-background-7848798.jpg"> <p>Software Architecture should be represented by a set of views that support its analysis. Usually the following views are most often used: <p>Advice: At least 3-views recommended by SEI: <p>1. Module View <p>2. Component View <p>3. Deployment View <p>Plus a sequence diagram can be added as the forth.</p> <p>Multiple views of a software architecture allow it to be understandable without any confusion by the entire team and its stakeholders.</p> Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-56823905292292501552013-05-12T18:00:00.000-07:002013-05-12T18:00:02.166-07:00Architect with security in mind as a first thought<div dir="ltr" style="text-align: left;" trbidi="on">
So if you’re doing a solution architecture review, make sure you first look at the security design of the system including authentication, digital signatures, secret key cryptography, public key cryptography, authorization, and non-repudiation from the perspective of a digital firm. Authentication and authorization are the founding stones of security which needs to be understood and deployed across the enterprise. <br />
<img alt="http://images.appleinsider.com/att-security-guard-070607.jpg" height="218" src="http://images.appleinsider.com/att-security-guard-070607.jpg" width="191" /><br />
The use of digital signatures has seen tremendous growth in recent years and with the onset of new technologies, in particular Web-services, promises to be the dominant area in security. Corporate espionage is on the rise, and security can not be overlooked. <br />
Ensure your system vulnerabilities are checked - Cross Site Scripting seems to be the worst offender in modern systems. Make sure your internet-facing applications are hosted on supported and patched platforms. Approach it with an outside-in, basic-first strategy for your IT department instead of focussing on obtuse things like bit-encryption levels first, ensure you can prioritize defenses against the most probably threat vectors first.</div>
Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-67080216701476098512013-05-05T18:00:00.001-07:002013-05-05T18:00:03.269-07:00Software Architectures need to be evaluated.<p>What constitutes an architecture? <p>“You employ stone, wood and concrete, and with these materials you build houses and palaces. That is construction. Ingenuity is at work. <p>But suddenly you touch my heart, you do me good, I am happy and I say ‘This is beautiful’. That is Architecture.” <p>- Le Corbusier, 1923 <p>- Quoted in Architecture: From Prehistory to Post-modernism <p>Well, then what is <strong>software architecture</strong>? <p>There is no universal agreed upon formal definition of software architecture, however, the Software Engineering Institute (SEI) has defined it as follows: <p>“The software architecture of a system is the structure of structures of the system, which comprise software components, the externally visible properties of those components and the relationships among them.” - SEI’s definition of Software Architecture. <p>- It is a vehicle for communication among stakeholders. <p>- It is the manifestation of the earliest design decisions. <p>- It is a reusable, transferable abstraction. <p>Software elements – modules, components etc. Externally visible properties – does provide for internal flexibility. E.g. a contract is externally visible. <p>All designs involve tradeoffs. Architecture is the earliest life-cycle artifact that embodies significant design decisions: choices and tradeoffs. <p>Predict a system’s quality attributes by studying its architecture. We can analyze architecture for achievement of quality attributes – it determines risk not a “grade”. <p>Bottom line: an evaluation should result in architectural “Risks Themes”. See SEI’s web-site for details. Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-87791317100766845842013-05-05T18:00:00.000-07:002013-05-05T18:00:00.420-07:00Evaluation of Software Architecture is essential to determine Risks<p>I love change for positive growth and innovation because it makes me excited and feel like I am making a difference to the people using the product that was once in my head and now in their hands.</p> <p>Sometimes I encounter software architectures just “evolved” out of need. At times teams “end up” with architectures that just happened to them, other times projects are proposed and designs sketched up to deliver the software. Evaluation of software is essential in all cases. </p> <p><img src="http://1.bp.blogspot.com/-FqzQAtSRqEM/TuQkLLq72sI/AAAAAAAAA1U/gPPkco_9e4A/s1600/habitat67.jpg" width="433" height="330"></p> <p>Look at this structure, to me this looks really ugly, however to the contractor it may be the most lucrative structure to the people living inside it doesn’t matter. Risks, Non-Risks, Tradeoffs and Sensitivity points are great ways to highlight risk themes so that a design decision can be made once they are understood.</p> <p>The point is : no architecture is good or bad, there are simply risk themes which when elaborated gives the person information to personally judge it based on their needs.</p> Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-62416793968347054312013-04-29T18:00:00.000-07:002013-04-29T18:00:03.932-07:00ATAM<p>The ATAM process is a short, facilitated interaction between the stakeholders to conduct the activities outlined in the blackboard, leading to the identification of risks, sensitivities, and tradeoffs: <p>• risks can be the focus of mitigation activities, e.g. further design, further analysis, prototyping <p>• sensitivities and tradeoffs can be explicitly documented <p>Architecture reviews are not repeatable without a process. ATAM gives a defined process to achieve a repeatable architecture evaluation process. <p>The federally funded Software Engineering Institute Carnegie Mellon has pioneered this method for evaluation of software architectures. Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-7927413801569893122013-04-06T13:32:00.001-07:002013-04-06T13:32:28.525-07:00Milk Adulteration in India<p>This post is a departure from my normal range of topics.</p> <p>I have done some research on Milk contamination in India. In the past two weeks during my visit to India I have personally recognized "suspicious milk" in either <em>chai </em>in various <em>dhabas </em>or in <em>paneer </em>in various meals. Milk that smells funny, looks a little weird and tastes 'synthetic'; and Paneer that is just "too white" when I cut into it - and too pasty or chewy than what i remember paneer to be. <p>I spent a few hours researching this - and here is what I found and I thought it was worth sharing. <p>State by state milk samples were taken across the country and after various chemical tests, the milk standards conformity across states varied differently. <p>I was shocked to see that <b>100% of West Bengal milk sampled by the government of India is adulterated and contaminated. Punjab 81%, Delhi 70% milk is contaminated, and Maharashtra is 65% - see the report link in PDF.</b> <p><b><br></b> <p><b>This means the suppliers to brand named milk marketeers like Mother Dairy, Amul etc are adulterated as well as "loose milk" is contaminated. Profit over health - see the video report.</b> <p><img src="http://www.hindu.com/2008/07/29/images/2008072958560301.jpg"></p> <p><br>Here is what the scientific tests done by the Govt. of India reports:</p> <p>"The non-conforming sample in the descending order of percentage with <p>respect to the total sample collected in different states were as follows: Bihar <p>(100%), Chhattisgarh (100%), Daman and Diu (100%), Jharkhand (100%), <p>Orissa (100%), West Bengal (100%), Mizoram (!00%), Manipur (96%), <p>Meghalaya (96%), Tripura (92%), Gujarat (89%), Sikkim (89%), Uttrakhand <p>(88%), Uttar Pradesh (88%), Nagaland (86%), Jammu & Kashmir (83%), <p>Punjab (81%), Rajasthan (76%) Delhi (70%), Haryana (70%), Arunachal <p>Pradesh (68%), Maharashtra (65%), Himachal Pradesh (59%), Dadra and Nagar <p>Haveli (58%), Assam (55%), Chandigarh (48%), Madhya Pradesh (48%), <p>Kerala (28%), Karnataka (22%), Tamil Nadu (12%), and Andhra Pradesh <p>(6.7%). " <p>Reference: <p>Executive Report from FSSAI <a href="http://www.fssai.gov.in/Portals/0/Pdf/sample_analysed(02-01-2012).pdf">http://www.fssai.gov.in/Portals/0/Pdf/sample_analysed(02-01-2012).pdf</a> <p>News Report <a href="http://www.youtube.com/watch?v=ZSFogugc0-w">http://www.youtube.com/watch?v=ZSFogugc0-w</a> <p>What actions or behavior modifications should be taken? I think we need to drop consumption of all milk based products and switch to green tea, black coffee, no curd, lassi or paneer, butter or ghee. It may be too extreme a step but I believe there is a risk of contamination and ill health. <p>If you must drink milk - make sure you see it come out of the cow and bring it home, or else find Organic certifications that are reliable. Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-24370180681843347912013-02-10T19:52:00.000-08:002013-02-10T19:52:00.207-08:00Non-repudiation–not a non-issue<p>To understand electronic non-repudiation, we must understand traditional non-repudiation from a legal perspective. The basis for a legal repudiation of a manual signature can pass only if the signature is a forgery, or an authentic signature was obtained via unconscionable conduct by a party to a transaction, fraud instigated by a third party, and undue influence exerted by a third party (McCullagh & Caelli, 2000). <p>From a technical perspective non-repudiation (NR) is basically proof that a certain principal sent or received the message in question. Every message exchange can be tied to a principal with a guarantee. An NR token is generated and verified that is sent by the principal – this way the principal cannot deny sending that message. In the same way, an NR token for a message received by the principal is created – this way the receipt of the message cannot be denied either. <p>The technical meaning of non-repudiation shifts the onus of proof from the recipient to the alleged signatory or entirely denies the signatory the right to repudiate a digital signature (McCullagh & Caelli, 2000). The use of a trusted system can solve the authentication, authorization and consequently non-repudiation issues by leveraging digital signatures. <p><a name="_Toc103089423">Web-services.</a> With more and more e-commerce being conducted on the Web and business-to-business transactions occurring, the importance of non-repudiation and digital signatures has gained a lot of importance. In the future, digital signatures will be commonly used in this area for providing non-repudiation services to the enterprise. <p><img src="http://www.whowillwinthe2012election.com/wp-content/uploads/Your-fault.png" width="454" height="352"> Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-28880664554189341202013-02-03T19:51:00.000-08:002013-02-03T19:51:01.016-08:00Authorization–Legal Drinking Age ?<p>Authorization is the process by which valuable resources are protected and only limited access provided to principals who are authenticated. Principals are entities that request access to resources. Principals can be people or other servers. It is important to note that authorization can take place only when authentication of the principal has occurred previously. This makes sense because principals who are unable to prove their identity should not be given permission to access sensitive information. <p><img alt="http://whatisscotch.com/wp-content/uploads/2011/10/scotch-Whisky-Glass.jpg" src="http://whatisscotch.com/wp-content/uploads/2011/10/scotch-Whisky-Glass.jpg"> <h4><a name="_Toc103089415">Authorization in the </a>Enterprise</h4> <p>In the enterprise environment access control comes in many flavors including discretionary, role-based, mandatory, and firewall types of access control. Discretionary authorization is the process by which two principal are given mutually exclusive access to the same resource. For example, principal A can be give read-only access to resource C while principal B can be given full access to the same resource. Usually such access control mechanisms are hierarchical in nature. <h4><a name="_Toc103089416">Access Control List</a></h4> <p>Discretionary access-control mechanisms typically maintain a list of principals and their associated permissions in an access control list (ACL). ACLs can be stored separately that can be accessed during the authentication or authorization process. Principals can also be parts of groups and have group access permissions applied. Role-base access control is applied when a usage role has to be applied across several principals. If there are multiple system users then a user group is created and a common ACL applied. Once the ACL is applied to the group, all principals that belong to the group automatically inherit the permissions too. It is still possible in most cases to override, overload or perform other polymorphic behaviors to user-permissions applied to principals. Applying access controls to security groups and principals works well in most cases. <p><a name="_Toc103089417">Classifications</a>. Classification levels may be used to specify authorization levels, in this scheme the resource, principal and groups are all supplied with a pre-defined authorization level, the level of comparative authorization defines the actual access roles. For example, if resource C is tagged as classified, resource D as unclassified, principal A as classified and principal B as unclassified then principal A can access both C & D while principal B can access only D. Such parallel hierarchies can determine the access logic with ease. In general, if a principal’s classification level is higher than that of the resource then the principal is given access to the resource. <p><a name="_Toc103089418">Firewalls</a>. Inter-network communications is often protected by a firewall in the enterprise. A firewall is a mechanism by which access to particular transport control protocol/Internet protocol (TCP/IP) ports on some network of computers is restricted based on the location of the incoming connection request. Firewalls are often a gateway that connects two or more networks. Rules can be applied to firewalls that can block certain ports, protocols and Internet protocol (IP) addresses from access the network. Proxy-servers are sometimes installed inside corporate networks that typically bypass the firewall. <p><a name="_Toc103089419">Trust domains</a>. Domains can be defined and be used to protect sensitive resources. This is accomplished by grouping all servers and processes that have the same access control policy into a domain. This trust-domain can interact at the micro level with a level of trust defined by the ACL. IP address with specific ports and communications can also be included in the domain as well. Security policy domains are also sometimes called realms. <p><a name="_Toc103089420">Java technology</a>. Java employs stringent security standards in the Java Virtual Machine (JVM), however when security domains are pre-defined, code can be executed over uniform resource locators (URL) within the trust-domains. Also multiple domains can be defined and trust at a certain level is defined, this way code executing in one domain can trust, and make useful calls to code running in another domain. The domain is thus called trusted domain. Sub-domains can be created and each sub-domain can have one or more parent domains. The partitioning of domains by creating sub-domains provides the ability to assign more restrictive permissions at the sub-domain level – but not higher access levels. Domains can also be federated; the federation of domains allows permissions to be assigned to domains and other sub-domains. <p><a name="_Toc103089421">Auditing</a>. Authorization requests can be logged by the servers, gateways and firewall. Audit logs can help isolate sequence of events of particular threads of events. Investigation of such type can be done in order to uncover any suspected authorization attempts into protected resources. A lot of information can be logged into the security log files. Typical information that is logged during a security audit is audit type events, timestamp of the event, identity of the principal requesting access, identification of the target source being requested, permission being requested on the target source, location from which the target source is being requested and any protocol-specific information respectively (Jaworski, Perrone & Chaganti, 2001). Due to the sensitive nature of security logs accessing security logs should be restricted to authorized principals. Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-73673627896357820202013-01-27T19:51:00.000-08:002013-01-27T19:51:00.630-08:00Protocols for the Security Stickler<p><font size="3" face="Century Gothic">Data communications channels are often insecure, subjecting messages transmitted over the channels to passive and active threats (Barkley, 1994). Internet protocols connect various networks and data packets are transmitted over them. An entire protocol stack exists over which computers exchange messages. For example, Web-browsers sent Hyper-text Markup Language (HTML) messages over the Hyper-text Transfer Protocol (HTTP) which sits on top of the TCP/IP stack. Additional protocols are now in places that create secure channels for such communication, Secure Sockets Layer (SSL) sits between the HTTP and TCP/IP protocols, so for secure Web-page transfers HTTP is transmitted over the standard port 443 of SSL rather than the unsecured port 80 assigned to HTTP. Together this results in HTTPS (HTTP over SSL) communication. Secure socket layer and TLS are security protocols primarily used for network transport of messages. </font> <h5><a name="_Toc103089412"></a><a name="_Toc102729604"><font size="3" face="Century Gothic">Secure Sockets Layer</font></a></h5> <p><font size="3" face="Century Gothic">The Secure Sockets Layer (SSL) protocol is a security protocol that provides communication privacy over the Internet by allowing client-server applications to communicate in a way that is designed to prevent eavesdropping, tampering or message forgery (Freier, Karlton & Kocher, 1996). SSL is composed of a handshake protocol and a record protocol, which typically sits on top of a reliable communication protocol like TCP. SSL evolved into its latest version 3.0 resulting in the transport layer security protocol.</font> <h5><a name="_Toc103089413"></a><a name="_Toc102729605"><font size="3" face="Century Gothic">Transport Layer Security</font></a></h5> <p><font size="3" face="Century Gothic">The primary goal of The Transport Layer Security (TLS) protocol is to provide privacy and data integrity between two communicating applications; this is used for encapsulation of various higher level protocols (Dierks & Allen, 1999, p. 3). The TLS is actually a combination of two layers, the TLS Record Protocol and the TLS Handshake Protocol. The TLS Record Protocol has two basic properties: connection privacy and reliability. The TLS Handshake protocol has three basic properties: peer identity authentication, shared secret negotiation, and negotiation reliability.</font> <p><font size="3" face="Century Gothic">One advantage of TLS is that is independent of the application protocol (Dierks & Allen, 1999, p. 4). Higher-level protocols can be layered on top of this protocol. This leaves the decision of TLS initiation of handshaking and authentication certificate exchanges to the judgment of higher-level protocol designers. The primary goals of the TLS protocol, thus, are to provide cryptographic security, interoperability, and extensibility. These are fundamental requirements of enterprise security.</font> <p><font size="3" face="Century Gothic"><img src="http://static.usenix.org/event/sec02/full_papers/rescorla/rescorla_html/FIGURE17.gif" width="412" height="327"></font> <p><font size="3" face="Century Gothic"></font> <p><font size="3" face="Century Gothic"></font></p> Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-82706219415242087122013-01-20T19:50:00.000-08:002013-01-20T19:50:00.776-08:00Message Digests and Keys<h4><img src="http://www.bigplastichead.com/wp-content/uploads/2009/02/obama-signature.jpg" width="477" height="338"></h4> <p>A message digest is analogous to the hand signatures in the real world. Digests are a convenient and useful way of authenticating messages. <p>Web-o-pedia defines message digest as: <p>The representation of text in the form of a single string of digits, created using a formula called a one-way hash function. Encrypting a message digest with a private key creates a digital signature, which is an electronic means of authentication (p.1) <p>A message in its entirety is taken as input and a small fingerprint created, this message along with its unique fingerprint is sent with the document. When the recipient is able to verify the fingerprint of the document it ensures that the message did not change during transmission. A message may be sent in plain text along with a message digest in the same transmission. The idea is that the recipient would be able to verify that the plain text was not transmitted unaltered by examining the digital signature. The most popular algorithm for message digests is the MD5 (IrnisNet.com, n.d.). Created at Massachusetts Institute of Technology, it was published to public domain as Internet RFC 1321. <h5><a name="_Toc103089404"></a><a name="_Toc102729597"></a><a name="_Toc102728956">MD5</a></h5> <p>The MD5, developed by Dr. Roland R. Rivest, is an algorithm that takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input (Abzug, 1991). While not mathematically proven, it is conjectured that it is not feasible to create a message from the digest. In other words, it is computationally infeasible to “produce any message having a given pre-specified target message digest” (Abzug, 1991). <p>MD5 is described in the request for comment (rfc) 1321. Rivest (1992) summarized MD5 as: <p>The MD5 algorithm is an extension of the MD4 message-digest algorithm. MD5 is slightly slower than MD4, but is more "conservative" in design. MD5 was designed because it was felt that MD4 was perhaps being adopted for use more quickly than justified by the existing critical review; because MD4 was designed to be exceptionally fast, it is "at the edge" in terms of risking successful cryptanalytic attack. MD5 backs off a bit, giving up a little in speed for a much greater likelihood of ultimate security. (p.3)<a name="_Toc102728957"></a><a name="_Toc102729598"></a> <p>Message digest 5 is an enhancement over MD4 – Rivest (1992) describes this version as more conservative as its predecessors and easier to codify the algorithm compactly. The algorithm provides a fingerprint of a message of any length. In order to come up with two messages (plain text) resolving to the exact same fingerprint is of the order 2 to the power of 64 operations. To reverse-engineer a fingerprint with a matching plain text message required 2 to the power of 128 operations. Such great numbers provide current computational infeasibility. <h5><a name="_Toc103089405">SHA-1</a></h5> <p>The Secure Hash Algorithm 1(SHA-1) algorithm is an advanced algorithm adopted by the United States of America as a Federal Information Processing Standard. SHA-1, as explained in the RFC 3174, is employed for computing a condensed representation of a message or a data file (Jones, 2001). This algorithm can accept a message of any length (theoretically less than 2 to the power of 64 bits); the output is a 160-bit message digest that is computationally unique to the input given. This signature can be used for validation against the previous signature. <p><a name="_Toc103089406">Demonstration.</a> For example, if the user registers with a password “purdue1234” the SHA-1 algorithm can be applied which will result in a 160-bit “8ad4d7e66116219c5407db13280de7b4c2121e23”. This digest can be saved in the database instead of the plain text password the user registers with. The next time the user signs on with the same plain-text password – it will get converted to the same signature which can then be compared to authenticate the user. If the user enters a different password say “rohit1234” the SHA-1 digests it as “fb0f57cb70fbd8926f2912585854cbe4bcf83942”. This triggers a mismatch and the authentication fails. The algorithm guarantees to generate the same 160-bit signature given the plain-text, and it is computationally infeasible to reverse the digest into the plain-text. Therefore even if the database is “hacked” the passwords will not be usable. This is one of the most common techniques employed in the industry for saving sensitive data that only needs to be verified and not reused.<br><a name="_Toc102729599">DSA</a> <p>Digital Signature Algorithm (DSA) is an algorithm inherited from the National Security Agency (NSA) and published by the National Institute of Standards and Technology (NIST) in the Digital Signature Standard (DSS) as part of the United States government’s Capstone project (RSA Laboratories, n.d.). In order to gain a better understanding of DSA, the discrete logarithm problem needs to be explained. RSA Laboratories documentation explains that for a group element g, if g is multiplied by itself n times, it is represented by g<sup>n </sup>; the discrete logarithm problem is as follows: take two group elements <i>g</i> and <i>h </i>which belong to a finite group G, find an integer x such that g<sup>x</sup>=h. The discrete logarithm problem is a complex one, it is considered more complex and a harder one-way function than those algorithms that are based on the factoring problem. <p>Algorithm implementations that have emerged are quick with a big of “O(O(n))”. The big-O notation is a theoretical measure of the execution of an algorithm usually the time or memory needed given the problem size n, which is usually the number of item (NIST, 1976). Signature verification is faster than signature verification, whereas with the RSA algorithm the verification is much faster than the generation of the actual digest itself (RSA Laboratories, n.d.). Initial criticism of the algorithm surrounded around the lack of flexibility when compared with the RSA cryptosystem, the verification performance, adoption issues as cited by hardware and software vendors that had standardized on RSA, and finally the discretionary selection of the algorithm by NSA (RSA Laboratories, n.d.). DSA has now been incorporated by several specifications and implementations. This can now be considered a good choice for adoption by the enterprise. <h4><a name="_Toc103089407"></a><a name="_Toc102729600"></a><a name="_Toc102728958">Secret Keys</a></h4> <p>Two general types of cryptosystems have evolved over the decades: secret-key cryptography and public-key cryptography. In secret-key cryptography, as the name suggests, a key is maintained and kept secretive from the public domain, only the recipient and the sender have knowledge of the key. This is also known as symmetric key cryptography. In a public-key cryptography system, two keys play a role in ensuring security. The public key is well published or can be requested, the private key is kept secret by the individual parties. This scheme requires a Certificate Authority such that tampering of public keys is prevented. The primary advantage of this scheme over the other is that no secure courier is needed to transfer the secret key. The main disadvantage is that broadcasting of encrypted messages is not possible. <h5><a name="_Toc103089408"></a><a name="_Toc102729601"></a><a name="_Toc102728959">Symmetric Keys</a></h5> <p>This scheme is characterized by the use of one single key that can encrypt and decrypt the plain text message. The encryption and decryption algorithms now exist in the public domain, the only way this scheme can be used is by the knowledge of a key. If the key is known only to the parties that are in a secured communication mode, secrecy can be provided (Barkley, 1994). When symmetric key cryptography is used for communications and the messages are intercepted by a hacker, it is computationally infeasible to derive the key or decrypt the message from the cipher even if the encryption algorithm is known. The cipher can only be decrypted if the secret key is known. Because the secret key is known only by the message sender and the message receiver, the secrecy of the transmission can be guaranteed. <p><a name="_Toc103089409">MAC.</a> While secrecy can be guaranteed the integrity of the message cannot be guaranteed. In order to ensure that the message has integrity, a cryptographic checksum called the Message Authentication Code (MAC) is appended to the message. A MAC is a type of message digest, it is smaller than the original message, a MAC cannot be reverse engineered, and colliding messages are hard to find. The MAC is computed as a function of the message being transmitted and the secret key (Barkley, 1994). This is done by the message originator or the sender. <h4><a name="_Toc103089410"></a><a name="_Toc102729602"></a><a name="_Toc102728960">Asymmetric Keys</a></h4> <p>Asymmetric key cryptography is different in the sense that there is only one key that is well known to both parties and another set of keys that is private. This scheme is also known as public-key cryptography. The public key is used to generate a function that transforms text (Barkley, 1994). The private key is secret and is known only to the parties who own their respective public keys. The public keys are meant to be distributed. Both the keys are part of a pair and either one can be deemed public and the other private. Each key generates a transformation function, because the public key is known its transformation can be derived and be made known also. In addition, the functions have an inverse relationship. If one function encrypts a message the other can be used to decrypt it (Barkley, 1994). How these transformation functions are used is as follows: the public key of the destination is requested, the sender uses the public key of the destination and transforms the data to be transmitted using it. The sender then transmits the encrypted data to the desired sender. Note that the transmission of the data is encrypted and can only be decrypted by the other pair of the public key that was used. The private key of the receiver can decrypt the message. The receiver uses the private key after receiving the encrypted message and then uses it to decrypt the message, after which the message can be consumed. <p>The advantage of such a scheme is that two users can communicate with each other without having to share a common key; usually with symmetric key cryptography a common key is saved. The common key which is usually a secret key is not something that should be shared in the first place. Also, distribution of secret keys adds to the layer of complexity associated with the security of the system. Using public-key cryptography this issue is easily resolved. Because it is computationally infeasible for the private key to be derived from the public key, it is also, therefore, infeasible to decrypt the message encrypted with the public key. While there is convenience there is an issue with the inefficiency of the mechanism. The time taken to complete the encryption of plain text can take a long time; also the length of the cipher text can be longer than the plain text message itself. Also, distribution of messages is not possible because the private key is held by only one principal. Therefore it is not possible to use this scheme for encrypted broadcasts. Applications for public-key cryptography are often seen in the enterprise: authentication, integrity and non-repudiation. Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-24115430760255428092013-01-13T19:50:00.000-08:002013-01-13T19:50:00.044-08:00Cryptography–It’s the Key<p>Julius Caesar encrypted messages so that the messenger could not understand the cipher (Faqs.org, 2003). A “shift by 3” function was used i.e. he substituted A by D, Z by C etc. Only the recipient, who knew the key, three in this case, could decipher the message. A cipher system is a way of disguising messages such that only the recipients with the knowledge of the ‘key’ can decipher it. Cryptography is the art of using cipher/crypto systems. Cryptanalysis is the art of deciphering the encrypted message without prior knowledge of the key means other than the intended. <p><img alt="http://users.telenet.be/d.rijmenants/pics/codewheel.gif" src="http://users.telenet.be/d.rijmenants/pics/codewheel.gif"> <p>A strong cryptosystem has a large key space, it will certainly produce cipher text which appears random to all standard statistical tests and it will resist all known previous attacks (Faqs.org, 2003). Several types of cryptography and standards exist today. Public Key Cryptography Standards (PKCS) is an important security standard, it defines a binary format that can be used for storing certificates. Public key cryptography and shared key cryptography can also use message digests – this is a one-way has function. Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-66452067157261679852013-01-06T19:50:00.000-08:002013-01-06T19:50:00.132-08:00Authentication–Who Are You ?<h3><a name="_Toc103089397"></a><a name="_Toc102729587"></a><a name="_Toc102728948"><font size="3" face="Century Gothic">Authentication</font></a></h3> <p><font size="3" face="Century Gothic">Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be (SearchSecurity.com, n.d.). Verifying an identity claim is more complex than it appears to be upfront. There are several authentication methodologies, several security protocols, encryption schemes and hashing algorithms. There is no “best” security solution. For every implementation, it is important to establish the best possible options available.</font></p> <div style="padding-bottom: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; float: none; padding-top: 0px" id="scid:5737277B-5D6D-4f48-ABFC-DD9C333F4C5D:4a82371e-6abf-4d41-b8b4-2ec865c754a6" class="wlWriterEditableSmartContent"><div id="d6100562-663c-47ee-a5dc-21c91c4dc534" style="margin: 0px; padding: 0px; display: inline;"><div><a href="http://www.youtube.com/watch?v=PdLIerfXuZ4&feature=youtube_gdata_player" target="_new"><img src="http://lh3.ggpht.com/-ejRFwvKcx3E/UHTwgfGJq1I/AAAAAAAACMg/whkK1tImCd8/video3525ca52c934%25255B3%25255D.jpg?imgmax=800" style="border-style: none" galleryimg="no" onload="var downlevelDiv = document.getElementById('d6100562-663c-47ee-a5dc-21c91c4dc534'); downlevelDiv.innerHTML = "<div><object width=\"448\" height=\"252\"><param name=\"movie\" value=\"http://www.youtube.com/v/PdLIerfXuZ4?hl=en&hd=1\"><\/param><embed src=\"http://www.youtube.com/v/PdLIerfXuZ4?hl=en&hd=1\" type=\"application/x-shockwave-flash\" width=\"448\" height=\"252\"><\/embed><\/object><\/div>";" alt=""></a></div></div></div> <h4><a name="_Toc103089398"></a><a name="_Toc102729590"></a><a name="_Toc102728949"><font size="3" face="Century Gothic">Authentication Types</font></a></h4> <p><font size="3" face="Century Gothic">Authentication has existed well into the history of ancient human civilization. In the enterprise environment, it is increasingly becoming important that the authentication architecture is well defined. It is common for the user to enter authentication credentials. Several types of authentication methods exist today. Entities can be authenticated based on secret knowledge (like username and password combination), biometric (like fingerprint scans), and digital certificates. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon passwords (Faqs.org, 2003).</font> <h5><a name="_Toc103089399"></a><a name="_Toc102729591"></a><a name="_Toc102728950"><font size="3" face="Century Gothic">Knowledge-based</font></a><font size="3" face="Century Gothic"> authentication</font></h5> <p><font size="3" face="Century Gothic">The most common authentication type is the knowledge-based. An identification key along with a secret pass code is required to access systems protected by such an authentication scheme. A user-id and password challenge screen is commonly seen in web-based email systems. The knowledge of the password is considered secret and is considered enough information to let the user in.</font> <p><font size="3" face="Century Gothic">Both ends of a session must have the secret password (and/or key) in order for authentication to take place. The password also needs to be transmitted from the principal’s location to the principal authenticator’s location (Jaworski, Perrone & Chaganti, 2001). This leads to an obvious exposure. The link between the locations needs to be secured such that snoop attempts are not possible or data deciphering infeasible. One way of securing such systems is by the use of Kerberos. This is a password-base authentication system where a secret symmetric key is used to cipher and decipher passwords. </font> <h5><a name="_Toc103089400"></a><a name="_Toc102729592"></a><a name="_Toc102728951"><font size="3" face="Century Gothic">Biometrics-based</font></a><font size="3" face="Century Gothic"> authentication</font></h5> <p><font size="3" face="Century Gothic">Authentication based on biometrics is still in its infancy. Unique attributes extracted from individuals are used for authentication. Fingerprints, hand geometry, facial recognition, iris recognition, and dynamic signature verification are some of the more prominent biometric technologies. Biometrics by themselves is not fool-proof technologies, there are several potential ways to hack into such systems, and this risk presents additional concern relative to privacy protection. While research is in progress for revocable biometric tokens, this technology is not commercially implemented on a mass scale yet.</font> <h5><a name="_Toc103089401"></a><a name="_Toc102729593"></a><a name="_Toc102728952"><font size="3" face="Century Gothic">Certificate-based</font></a><font size="3" face="Century Gothic"> authentication</font></h5> <p><font size="3" face="Century Gothic">This technique has grown in popularity in recent years. What is a certificate? A certificate is just data that identifies a principal. Important information contained in the certificate is the public key of the principal, the validity dates of the certificate and the digital signature issued by the certified issuer (Jaworski, Perrone & Chaganti, 2001). The signer uses its private key to generate a cipher text called signature from a block of plain text. This cipher can only be decrypted using the signer’s public key – this ensures that the signature was actually signed by the signer, because the private key, as the name suggests, is secret.</font> <p><font size="3" face="Century Gothic">This technology has significant advantages when encrypted plain text needs to be sent across otherwise unsecured connections. On a client-server architecture enabled with both server-side and client-side certificates, both parties can send encrypted information which each side knows came from the other. This is because only the public keys can decrypt the information that the private key encrypted.</font> <p><font size="3" face="Century Gothic">A well-know certificate, often called the root or Certificate Authority (CA), signs the server’s public key with its private key. This way no hacker can create a false public key and pretend to communicate with signed data with the assumed keys. The distribution of the root public keys is done in a secure fashion; browsers come pre-configured with these keys.</font> <p><font size="3" face="Century Gothic">Several certificate implementations have evolved, most significantly the X.509 v3 standard. This standard allows several different algorithms to be used for creating digital signatures. The X.509 contains information about the version of the certificate, the serial number information, information identifying the signature algorithm and its parameter, the CA identity and signature, the dates of validity and the principal identity and public key.</font> Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-32635506187864946592012-12-30T19:49:00.000-08:002012-12-30T19:49:00.312-08:00Guaranteed Integrity of Messages<p>The ability to guarantee the integrity of a document and the authentication of the sender has been highly desirable since the beginning of human civilization. Even today, we are constantly challenged for authentication in the form of picture identification, personal hand signature and finger prints. Organizations need to ensure authentication of the individual and other corporations before they conduct business transactions with them. <p><img alt="http://www.gfi.com/blog/wp-content/uploads/2009/05/security-integrity-availability-confidentiality.jpg" src="http://www.gfi.com/blog/wp-content/uploads/2009/05/security-integrity-availability-confidentiality.jpg"> <p>When human contact is not possible, the challenge of authentication and consequently authorization increases. Encryption technologies, especially public-key cryptography provide a reliable way to digitally sign documents. In today’s digital economies and global networks digital signatures play a vital role in information security. Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-85703869572232439942012-12-23T19:49:00.000-08:002012-12-23T19:49:00.352-08:00Security–the most important Quality Attribute<p><font size="3" face="Century Gothic">While digital signatures and encryption are old technologies, their importance is renewed with the rapid growth of the Internet. Online business transactions have been growing at a rapid pace. More and more money transactions occur electronically and over the Internet. Non-repudiation is important when personal contact is not possible. Digital signatures serve that purpose. Encryption ensures that information sent for the intended party can only be read, unaltered by that party. Several technologies support encryption.</font> <p><font size="3" face="Century Gothic">The enterprise security model consists of domains that get protection from resources not permitted to access or execute functions. There is a clear distinction between authorizing a resource and authenticating a resource. When a person shows a driver’s license at the bar before he gets a drink, the bar tender will look at it and compare his photograph with the actual person presenting it. This is authentication. When he checks the date of birth for legal drinking age, he has authorized the requester for the drink.</font> <p><font size="3" face="Century Gothic">In the corporate environment, it is exceedingly important that the same form of authentication and authorization take place digitally. With new business channels open on the Internet, web applications deployed on the intranet for employees, and business-to-business (B2B) commerce channels created on the extranet, millions of dollars worth of transactions occur.</font> <p><font size="3" face="Century Gothic">Business critical information is passed on the wire between computers, which if exposed to the general public or in the wrong hands could be disastrous to the company in question. For every business that exists there is a threat to the business. For e-business initiatives the anonymity of the network, especially the Internet, brings new threats to information exchange. It is important that information is exchanged secretly and confidently. </font></p> Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.comtag:blogger.com,1999:blog-2331206083453814929.post-88908852886971826342012-12-23T19:19:00.000-08:002016-12-08T07:50:46.358-08:00DSV and Custody Chaining<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Century Gothic; font-size: small;">Dynamic signature verification (DSV) is the process by which an individual’s signature is authenticated against a known signature pattern. Dynamics of the process of creating a signature is initially enrolled into the authenticating system, which is then used to compare the future signature patterns. Several factors including speed, pressure, acceleration, velocity and size ratios are taken into account. These measurements are then digitized and stored for comparison later.</span> <br />
<span style="font-family: Century Gothic; font-size: small;">Signatures have long been used to authenticate documents in the real world, before the technology wave, signatures, seals and tamper-proof envelopes were used for secure and valid message exchange. With the onset of technology and digital document interchange, a growing need for authenticating digital documents has emerged. </span> <br />
<span style="font-family: Century Gothic; font-size: small;">Digital signatures had emerged in the 1970s as a means of developing a cipher of fixed length from an input of theoretically unlimited length. The signature is expected to be collision free and computationally infeasible to reverse into the original document. Both handwritten signatures and digital signatures have to comply with the basic requirements of authenticity, integrity, and non-repudiation (Elliott, Sickler, Kukula & Modi, n.d.).</span> <br />
<span style="font-family: Century Gothic; font-size: small;">In the information technology departments of corporations, documents are regularly exchanged between teams, companies, out sourced contract workers, internal consultants and executive management. These documents are often confidential and contain company secrets. However, due to resource constraints such documents are often shared with consultants and contract workers.</span> <br />
<br />
<span style="font-family: Century Gothic; font-size: small;">It is therefore a viable solution to provide digital signatures on those documents using proper authentication protocols. One way this could be achieved would be through dynamic signature verification. An interface that can create unique digital signatures from the physical dynamic signature and apply it to the electronic document would be ideal.</span> <br />
<span style="font-family: Century Gothic; font-size: small;">The requirement of a verifiable trusted signature creation technique for enterprise-wide document collaboration is required. DSV is an ideal technology suited for this purpose. Sensitive documents can be signed using a DSV module which can electronically sign the e-document. The document can be then shared with confidence that it has not been altered in transit and the recipient will be able to trust it.</span><br />
<br />
<br />
<br />
<br />
<br />
</div>
Anonymoushttp://www.blogger.com/profile/14308374064700914258noreply@blogger.com