Software Engineering (10th Edition)
10th Edition
ISBN: 9780133943030
Author: Ian Sommerville
Publisher: PEARSON
expand_more
expand_more
format_list_bulleted
Expert Solution & Answer
Chapter 13, Problem 13.7E
Explanation of Solution
Attacks on equity trading system:
In the equity trading systems, user accounts and equity prices are replicated across servers so that orders can be placed making use of user account
Some of the attacks that can happen to equity trading system and the stratergies to counter them are:
- Attack in which a malicious user gains access to the system using accredited user credentials and then malicious orders are placed and stock is bought and sold.
The strategy to counter attack is mentioned below:
- Resistance: In order to place an order a dealing password is required which must be different from login password.
- Recognition: One can send a copy of order by email to authorized user with contact phone number and maintain user’s order history and unusual trading patterns...
Expert Solution & Answer
Want to see the full answer?
Check out a sample textbook solutionStudents have asked these similar questions
Create a BPMN model (2) (Business layer) of the following Business scenario:
The company’s sales department receives an order from a buyer, while the finance department checks the buyer’s credit, and sends him/her an invoice when the order is fulfilled by the warehouse department. The order is considered complete if the buyer’s credit is sufficient, or the goods are in stock, otherwise the order fails, and the invoice isn’t sent. To fulfill the order, the warehouse department checks the availability of the order in the stock then allows to pick and then ship the order if it is available otherwise it is considered out of stock. In either case, the invoice is sent, and the order is considered complete, otherwise the order is failed.
Create any four scenarios that could possibly lead to deadlock
Denial of Service attacks are estimated to happen once every six months (twice a
year) in a mid-size company. One such company, XYZ, estimates the cost of
recovering from a single DoS attack to be $12000. The company decides to apply a
number of controls to counter these attacks. With these controls, the frequency of
successful DoS attacks against the company reduces to once a year and the cost of
recovering from an instance becomes $8000. The cost of implementing these
controls is $7,000 a year.
The annual loss expectancy (ALE) without controls is $
A . The annual loss expectancy (ALE)
with controls is $
Knowledge Booster
Similar questions
- Denial of Service attacks are estimated to happen once every six months (twice a year) in a mid-size company. One such company, XYZ, estimates the cost of recovering from a single DoS attack to be $12000. The company decides to apply a number of controls to counter these attacks. With these controls, the frequency of successful DoS attacks against the company reduces to once a year and the cost of recovering from an instance becomes $8000. The cost of implementing these controls is $7,000 a year. From a purely financial point of view, is it worth for the company to implement these controls? Calculate the prior and post ALE and do a cost-benefit analysis to answer the question. In your answer make sure that you indicate what ARO, SLE and ALE are with and without controls. State clearly whether the company should implement the controls and explain why.arrow_forwardWhat are the differences between the strategies for preventing deadlock and avoiding it?arrow_forwardImagine you are the leader of an international gang of smugglers. One of your gang member (John) has a very expensive diamond that he wants to deliver it to you through a series of middlemen. Each middleman will charge some amount to deliver the diamond to the next middleman. You want to get the diamond at a minimum cost. So you decide to tell John how exactly to deliver the diamond to you as shown in the table below. Since you are an underworld boss who has studied Data Structures and Algorithms, you decide to solve how the diamond will be delivered to you by modeling the problem as a graph and then applying an algorithm to it. Tell me the following Create a graph for this problem. (1) What algorithm will apply on it? Where will you start it from? (1) ii. Redraw the graph and highlight (make bold) the solution, i.e. make the edges and vertices of the solution. (3) (Non-anonymous questionO) * L i. ii. Person 1 | Person 2 John Brad John Micheal John George Tom Brad You Tom You Micheal…arrow_forward
- Give an example of a realistic deadlock avoidance approach and describe the basic strategy behind it.arrow_forwardQ. Consider E-wallets require customers and merchants to sign up and create accounts, then deposit and withdraw money from linked bank accounts. E-wallets like PayPal is very popular in the worldwide. 1. Show the State Transition Diagram of the deposit and withdraw money from linked bank accounts in E-wallets system.2. If a malicious entity accesses an E-wallet system then describe the state transition diagram to terminate the malicious entity’ access.3. Show the types of processes and threads involved in E-wallet system through a diagram.4. Describe the cache coherency in the E-wallet system.arrow_forwardGiven the final analysis of deadlock avoidance strategy, which of the four deadlock conditions does deadlock avoidance resolve? Group of answer choices *Hold and Wait *No preemption *Mutual exclusion *Circular Waitarrow_forward
- Choose the best description for each access control model. МАС [ Choose ] Least restrictive model Assigns permissions via a pseudo-random number generator to achieve security through obscurity Two implementations include Bell-LaPaula and the lattice model Assigns permissions to particular roles Dynamically assigns roles to subjects based on rules DAC RBAC (Role-BAC) [ Choose ] RBAC (Rule-BAC) [ Choose ]arrow_forwardBob has designed a secure login system for the student portal of the Xiamen University of Technology (XUT). In Bob's design, a two-factor authentication method is used for verifying the authenticity of the user. A brief description of the design is provided below. For the two-factor authentication, the followings are required: • Factor 1: a user first required to provide a secret password, • Factor 2: the user then needs to provide the correct answer to a security question. To securely store the user password in the system, Bob has used state-of-the-art encryption algorithm, Advanced Encryption Standard (AES), to encrypt the user password and stored the encrypted password in the system database. For securely signing in to the system: the user needs to provide his/her user ID and the corresponding password. This information will be transmitted to the system over a secure communication channel. Upon receiving this information, the system will: o locate/retrieve the corresponding…arrow_forwardDenial of Service attacks are estimated to happen once every six months (twice a year) in a mid-size company. One such company, XYZ, estimates the cost of recovering from a single DoS attack to be $10,000. The company decides to apply a number of controls to counter these attacks. With these controls, the frequency of successful DoS attacks against the company reduces to once a year and the cost of recovering from an instance becomes $6,000. The cost of implementing these controls is $12,000 a year. From a purely financial point of view, is it worth for the company to implement these controls? O None of the these Yes, because the measures will save the company $2,000. ONo, because the measures will cost the company $2,000. No, because the measures will cost the company $4,000. Yes, because the measures will save the company save $14,000.arrow_forward
- How many of the following three conditions must be satisfied before we can call a network productive and successful? Let's take it one at a time and analyze it separately.arrow_forwardSuppose Charlie had installed key logger software on all company computer systems and had made a copy of Peter's encryption key. Suppose that Charlie had this done without policy authority and without anyone's knowledge, including Peter's. Would the use of such a tool be an ethical violation on Charlie's part? Is it illegal? Suppose that Charlie had implemented the key logger with the knowledge and approval of senior company executives, and that every employee had signed a release that acknowledged the company can record all information entered on the company systems. Two days after Peter's call, Charlie calls back to give Peter his key: "We got lucky and cracked it early." Charlie says this to preserve Peter's illusion of privacy. Is such a "little white lie" an ethical action on Charlie's part?arrow_forwardPaul needs to read and write some documents. In the following, assume the system security policy is described completely by the Bell-LaPadula model. Note that the situation described may be impossible, in which case say so and show why. Please give the least clearance that Paul can have if he wishes to read a document with classification (SECRET, {NUC, EUR}) and a document with classification (CONFIDENTIAL, {ASI}). Please give the greatest clearance that Paul can have if he wishes to write to a document with classification (TOP SECRET, {EUR}) and a document with classification (SECRET, {EUR, NUC}). Please give the greatest clearance that Paul must have if he wishes to read a document with classification (SECRET, {EUR, NUC}), to write a document with classification (CONFIDENTIAL, {NUC, EUR}), and to read another document with classification (TOP SECRET, {ASIA, EUR}).arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,