Binding assurance requirements to functional requirements
1.The preferable approach is binding assurance requirements to functional requirements
This is because what the system will do involves Functional requirements system should do while how the functional requirements will be implemented and tested is what Assurance requirements is all about .
For example, Consider car safety test. conducting tests stress to check fabric, lock testing procedure, making sure that intention of the application will be meant by the belt the ,is all about Verification test for the functions of seat belt, thus functional tests been completed ., this will me done by crashing of the car inside with the crash-test dummies for proving that the seat belt is safe for use under normal conditions and that it can withstand the harsh conditions is what assurance testing is all about.(Huber, Flynn& Mansfield,2013)
Assurance requirements and functional requirements are both needed in software, for the purpose of gaining confidence of the before launch of the products into a wild environment such as the Internet.
2.A mechanism for analyzing the security state of a system is provided by logs , to check if the will system will be put in a non-secure state by a action requested, or events leading to non-secure state of the system also determined . If all transitions states caused by events , as well as the values changed objects previous and new values , the state of the system can be reconstructed at any particular time by use of the system logs. Security problems might be eliminated when a subset of information is recorded. And the remainder gives a valuable start point for further clarity .
Confidentiality and integrity are essential for a Chinese Wall model which is a complex commercial policy. “conflict of interest” class know as COIs and partition which are as a result of COI into company datasets know as CD are partitions of a model for the set of all subjects and objects. This may contain information sanitized which nyone can read it, or sensitized information which only subject in COI class can read it , or by a COI class in which they are in the class similar to an object and another particular object in CD (O) has already accessed.
san(O) which is a predicate is true if information accceptable is contained only in O, and false if information unsanitized is contained .there is relevance of any sanitization . logging of object identifiers and subject for each transaction, the action, and the result either a failure or a success will enable the constraints be determine by the auditor to whether they are satisfiable. The auditing of a Chinese Wall systems requires logging Time.
specific requirements for logging time in while logging information to detect security violations. In all cases, information recording that would be, that is at the beginning time information that would be used to log on the changes it should be recorded.
Subject and object identifiers can also be logged in to achieve the same purpose. Then after sanitization of an object system must also log, and provide information to enable reconstruction of the membership of relevant CDsand CDsCOIs for the auditor. sanitized
3.Is a table whereby a column represents an object while the row represents the subject
a.A.matrix for the solution
|
Developers |
Employees |
Outsiders |
|
|
Alice |
R |
Rw |
rw |
|
Bob |
Rr |
Rw |
W |
Augmented matrix Employees Developers Outsiders Bob, write read, read read write Alice, write read, read, write read
The rules of transformation are:- developers should propose that a projected product in future be accomplished. The employees could propose that product should be fit for the customer.
b.problem that may occur
Confidentiality of the information the privacy of an object maybe interferes
Integrity the trustworthiness and dependability
c.The SSO class members should not be allowed to apply the change the members of that class
because they may change important rights to the user and integrity and confidendiality of the data maybe interfered with
4.The process can be automatically terminate by making sure you have the PID of the process If you don’t know how to get the PID: Only way to know the PID is by the only process that created the process . The file should have been stored in for you. In the parent process is better . Putting in the PID in a variable (process & mypid=$!) and use that.
If for some reason you want to get to a process purely by name, you understand that this is a broken method, you want to do it anyway, the pkill command should probably be used . the killall command for the GNU or Linux System can also be used though its not really recommended killall because it kills every process on some systems on the entire system. It’s good to avoid the command it unless its really needed(Hay,2011)
5.a.Expression the time of exact 1AM in the second interpretation
The interpretation is exactly 1.00 AM (that is 1:00:00 AM)
b.The expression of “any time during the 1AM hour” in first interpretation
Sometime during the 1.00AM hour (that is 1:00:00 to 1:59:59 AM)
c.Any time during the 1AM hour is more powerful because legal times are ranges. Except in a specific situation when the time allowed specified to an exact second. The exact time specification is useless because a program may obtain the time at the required exact second and this may cause denial of service.
The interpretation of latter for the specification are a range rather than exact time.
References.
Huber, K. D., Flynn, J. J., & Mansfield, W. G. (2013). U.S. Patent No. 8,522,312. Washington, DC: U.S. Patent and Trademark Office.
Hay, B., Nance, K., & Bishop, M. (2011, January). Storm clouds rising: security challenges for IaaS cloud computing. In System Sciences (HICSS), 2011 44th Hawaii International Conference on (pp. 1-7). IEEE..
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
