Table of Contents
Improving Software Security
Software security has been a primary concern because of the frequent cases of computer malware that corrupts the system and destroys the data. The best way of securing the system is to consider security measures during programming. One of the safe design principles is “Threat Modeling” where the programmer analyzes various vulnerabilities to the system during software development (Krutz & Vines, 2010). Identification and understanding of the potential risks will help seal such loopholes. Secondly, the developers should employ the use of least privilege to reduce the damage caused when the system gets compromised. Further, the programmers should implement sandboxing to enable them to use the security features of the OS that restrict the sandboxed process abilities. Apart from the secure design principles, there is a need for secure coding practices to ensure the developed systems. First, limiting the utilization of unsafe string and buffer functions will reduce memory corruption of the scheme. Besides, validating the input and output will help solve some of the common vulnerabilities through checking on the data types and lengths. Dynamic memory allocations, as well as array offsets, require the use of robust integer operations to reduce the weaknesses in the developed systems. The programmers should employ all the available security measures in software development.
Security Focus on Database Design
View-based access control provides a secure agent to help in eliminating risks associated with access to MIB objectives. It creates some restrictions that are healthy for a securing the hole that may be available while accessing the MIB objects. Polyinstantiation, on the other hand, prevents the world-writable directories from various attacks such as one user on another user or a daemon. It conducts this through the creation of other directories which directs the user logging in when there is a threat suspicion. Data warehousing is the storage of large database in a single system. Losing such extensive data may create a big hole in the firm, and hence it needs security from any attack. Similarly, data mining requires safe procedures as malware may interfere with the process and corrupt the process. Finally, OLTP needs security as the presence of malware may interfere with the data and lead to leakages of data that may be costly. Since it is an online process, lack of security on the system may allow the hackers into the system (Bai, 2009).
ACID Method
SQL server uses the ACID method to control the transactions. First, the atomicity requires that a transaction that involves at least two discrete pieces of information commits either all the pieces of information or none of them. On the contrary, Consistency needs that any ongoing transaction starts just when it creates a new and valid state of data. In the case of failure, it requires that the system returns all the information to initial state. It, therefore, will help in losing data during failed transaction which may be costly. Further, in isolation, all the transactions that the system has not committed should get separated from the other interaction. The separation tries to prevent corrupting the data during the failure of one operation as it may spoil the rest if they were in the same store. Durability, however, requires that the committed data should get saved in the system (Leavitt, 2010). Keeping such data is helps in securing all the processed data during system failure and last restart. Inability to store the active transaction will, therefore, allow its loss during system failure.
Security Concerns when Using Mobile Code
There are two categories of using mobile code, the malicious functionality, and the vulnerabilities (Wasserman, 2010). Malicious functionality is where attackers trick the users of the mobile systems to install their malware in the form of Trojan apps. Such apps are always unwanted to the system and dangerous as they leak the information from the mobile device to the attacker. The users always fall at the prey of the attackers since they may think to install critical apps which however turn to be dangerous. Malicious functionality, therefore, assist the attackers in monitoring the activities in the mobile code and retrieve data. They may as well aid in sending unauthorized messages or even perform malicious transactions. The attackers may as well use them to modify the system or even impersonate the user. Vulnerabilities, however, involves the mistakes performed during design and implementation that help that expose the mobile device to harm. Such errors ay leak sensitive data, or unsafely store such data. The vulnerabilities may as well unsafely transmit sensitive data or leak the password of the system.
Object-Oriented Programming and its Benefits
Encapsulation, abstraction, and polymorphism are beneficial since they help in securing the developed system (Armstrong, 2006). Encapsulation refers to hiding data from an external object that the programmer thinks may manipulate such data. Hence, it involves the use of public methods such as setters and getters that can only manipulate the data as needed. Abstraction, on the other hand, is the removal of the implementation details of the object while creating an abstract class without the body. Hence, it allows only the inheriting class to implement the collections of the object. Polymorphism refers to the ability to implement an abstract class of the objects into multiple forms. Hence, it helps in using a single interface to object that can get applied in several ways to serve several ways. Polymorphism, therefore, allows a single function to perform several arguments during the implementation.
Conflict between Patent Law and Freedom of Expression
The patent law refers to the legal proceedings that restrict the use of several intellectual properties from the use by the public. The law bars other users from using the work of mind without seeking permission from the authorities. Books, drugs, art, processes, as well as inventions, are some of the property under the protection of the patent law. However, the use of internet has brought conflict between the patent law and the freedom of expression. The right to free speech allows people to express their ideas freely. Since the web has enabled people to communicate through the social sites, such expressions always get monitored. Hence, people have fallen into troubles with law enforcers due to the use of certain words or logos that have registration as intellectual properties. For example, a person may design a logo not for use on the website only to receive claims that it belongs to another company. Even the TV ads may have occasionally fallen victim of using certain words that had gotten utilized by other firms (Birnhack, 2003). Hence, the patent law has adversely hindered freedom of expression.
- Armstrong, D. J. (2006). The quarks of object-oriented development. Communications of the ACM, 49(2), 123-128.
- Bai, K. (2009). Damage Management in Database Management Systems.
- Birnhack, M. (2003). Acknowledging the conflict between copyright law and freedom of expression under the Human Rights Act.
- Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing.
- Leavitt, N. (2010). Will NoSQL databases live up to their promise?. Computer, 43(2).
- Wasserman, A. I. (2010, November). Software engineering issues for mobile application development. In Proceedings of the FSE/SDP workshop on Future of software engineering research (pp. 397-400). ACM.