Ethical Hacking
Jan 03, 2016
Ethical Hacking
Rules Address me as “Scott” Being able to do something is more
important than memorizing. I will not ask you to memorize. My tests ask you to think and explain. I ask you to take a position.
Your grade on a test (mid-term, final) is not the final grade.
You must successfully complete all projects to pass the course.
You pick your grade – I'll explain.
Goals
Einstein said, As simple as possible, but no simpler.
If you cannot explain it simply, you do not understand it well enough.
Any fool can make things more complex it takes genius to find the simplicity.
Great science is simple.
How did we get here?
Turing MachineP-V Semaphore – Unix – Flat Files1972, Dr. E. F. Codd invented Relational Database, Linear Algebra → Data Storage.RDBMS – Transactions – Bob Epstein1988 --- 1995 --- Databases fault tolerant and load balanced. They were tightly coupled.Startup and you want to do load balancing...Larger than anyone ever has..... What do you do.?
Class Overview It is Good to be Smart, It is better to be
funny. 90% of the Material, how? Projects – 2 Adjudicators Everything is negotiable This is supposed to be fun.
Overview
Ethical Hacking Issues in Security Trusted Computer System Evaluation
Criteria (TCSEC) - Orange Book Measure Security Implementation Assurance
Overview
Ethical Hacking Issues in Security Trusted Computer System Evaluation
Criteria (TCSEC) - Orange Book Measure Security Implementation Assurance
5 Rules of Software Development
1. W3C specifications ahead of JSR specifications. 2. JSR ahead of defacto standards. 3. Defacto standards ahead of custom development. 4. Compositional patterns to create software systems. 5. Use design patterns when creating custom code.
LAMP vs. WAR
Where is LAMP best. Linux, Apache, MySQL, Php
1) Your views closely model your database design.
2) Security requirements are not excessive.
Where is War best.
1) You views do not closely model your database
Design. In fact there probably is not RDBMS.
Elastic.
2) Serious Security Requirements (Underwriting).
RDBMS
Row
½ data on the row is Secret and ½ is Top Secret? What do you do?
Label it, Row? By columns. So this drives the query and the data nuts.
Typically in an RDBMS we do Row Level Labeling. So it is not granular enough for MLS.
Security Labels
Semantic Web, Web 2.0????
Databases there are two forms of storing Data.
1) is Normalized... Customer has many Accounts and a Account participates in many Transactions.
2) vs. Constantly Changing structures.
Relational vs. Semantic
Customer Accounts
Transactions
Row Wise Model - Normalized
So in the previous example... the structure was Stable. Jesus, Luke, Quickbooks does it. Not likely to change. What happens if the structure is morphing constantly. What is an example.
Threats in the war on Terror.
Human Genome Project
Row Wise vs. Column Wise
Label at Data Items
So all data is represented as
Subject Predicate Object …. and Provenance
Therefore, we label every piece of data … and therefore …. make it MLS.
Semantic Web Logical Representation
The entire field of E-Commerce is defined by two sets of Ontologies - Good Relations and Schema.org. Google says …. Google says... if the world was structured and not unstructured, boy could searches be accurate.
Structure... S P O.... and Provenance... What can you do easily.... MLS...
Examples