NewTutorialsLab.com - A place where your questions get answered.

We have been covering differnet fields of information and questions answers and their solution.


You can Subscribe our newsletter to get daily updates from us; We have tutorials related to programming and many subjects.


Following are the some of the Advantages of Subscribing us :-

  • Learn Easy and Get quick answers
  • More tips on programming
  • Blogging, Tweaks and Tips

What is Positive and Negative Logic?

Simply we can say that a gate will have two interpretation depending on positive and negative logics. Those can be represented by positive logic input and negative logic inputs.

Example,

1 - Higher input
0 - Lower input

And in electronics, we use two level of voltages 0V and +SV dc voltage. We can say 0 for low voltage and 1 for high voltage (+SV dc). This system of digital logic is called positive logic.

But the system of digital logic where binary 0 represents higher voltage and binary 1 represents low voltage is called negative logic.

Types of Access Control in Computer Security

Types of Access Control:

Discretionary Access Control(DAC) or Identity Based Access Control(IBAC):
Individual user sets access control mechanism to allow or deny access to an object. Access control is left to the discretion of the owner. Discretionary access controls base access rights on the identity of the subject and the identity of the object involved. Identity is the key; the owner of the object constrains who can access it by allowing only particular subjects to have access. The owner states the constraint in terms of the identity of the subject, or the owner of the subject. The owner can pass rights onto other subjects (discretion). Also their programs can pass their rights and the owner has power to determine who can access.

EXAMPLE: Suppose a child keeps a diary. The child controls access to the diary, because she can allow someone to read it (grant read access) or not allow someone to read it (deny read access). The child allows her mother to read it, but no one else. This is a discretionary access control because access to the diary is based on the identity of the subject (mom) requesting read access to the object (the diary).

Mandatory Access Control (MAC) or Rule Based Access Control:

When a system mechanism controls access to an object and an individual user cannot alter that access, the control is a mandatory access control (MAC), occasionally called a rule-based access control. System mechanism controls access to object, and individual cannot alter that access. The operating system controls access, and the owner cannot override the controls. Neither the subject nor the owner of the object can determine whether access is granted. Typically, the system mechanism will check information associated with both the subject and the object to determine whether the subject should access the object. Rules describe the conditions under which access is allowed. Subjects cannot pass the rights and subjects programs cannot pass the right to access. System controls all accesses, and no one may alter the rules governing access to those objects.

EXAMPLE: The law allows a court to access driving records without the owners' permission. This is a mandatory control, because the owner of the record has no control over the court's accessing the information.

Originator Controlled Access Control (ORCON or ORGCON):

An originator controlled access control (ORCON or ORGCON) bases access on the creator of an object (or the information it contains). Information is controlled by originator or creator of information not owner. Sometimes creator may be owner too. The goal of this control is to allow the originator of the file (or of the information it contains) to control the dissemination of the information. ORCON is the combination of MAC and DAC and the basic rules are:

- The owner of an object cannot change the access controls of the object.

- When an object is copied, the access control restrictions of that source are copied and bound to the target of the copy.

- The creator (originator) can alter the access control restrictions on a per-subject and per-object basis.

EXAMPLE: For protecting Audio/Video CD access is controlled to control piracy. Master CD is allowed to copy for selling and once copied CD is prevented to copy.

Role Based Access Control (RBAC):

Role Based Access Control (RBAC), also known as Non discretionary Access Control, takes more of a real world approach to structuring access control. Access under RBAC is based on a user's job function within the organization to which the computer system belongs.

Essentially, RBAC assigns permissions to particular roles in an organization. Users are then assigned to that particular role. For example, an accountant in a company will be assigned to the Accountant role, gaining access to all the resources permitted for all accountants on the system. Similarly, a software engineer might be assigned to the developer role.

Roles differ from groups in that while users may belong to multiple groups, a user under RBAC may only be assigned a single role in an organization. Additionally, there is no way to provide individual users additional permissions over and above those available for their role. The accountant described above gets the same permissions as all other accountants, nothing more and nothing less.

The Bell-LaPadula Model:

A confidentiality policy, also called an information flow policy, prevents the unauthorized disclosure of information. Unauthorized alteration of information is secondary. For example, the navy must keep confidential the date on which a troop ship will sail. If the date is changed, the redundancy in the systems and paperwork should catch that change. But if the enemy knows the date of sailing, the ship could be sunk. Because of extensive redundancy in military communications channels, availability is also less of a problem.

The Bell-LaPadula Model corresponds to military-style classifications. It has influenced the development of many other models and indeed much of the development of computer security technologies. The simplest type of confidentiality classification is a set of security clearances arranged in a linear (total) ordering. These clearances represent sensitivity levels. The higher the security clearance, the more sensitive the information and the greater the need to keep it confidential. A subject has a security clearance levels like C (for CONFIDENTIAL), TS (for TOP SECRET). An object has a security classification levels like S (for SECRET), UC (for UNCLASSIFIED). When we refer to both subject clearances and object classifications, we use the term "classification". The goal of the Bell-LaPadula security model is to prevent read access to objects at a security classification higher than the subject's clearance.

The properties of the Bell-LaPadula model are:

- The simple security property which is “no read up”.

- The star property which is “no write down”.

A problem with this model is it does not deal with the integrity of data.

The Biba Integrity Model:

Integrity refers to the trustworthiness of data or resources. Integrity is usually defined in terms of preventing improper or authorized change to data. There are three main goals of integrity:

- Preventing unauthorized users from making modifications to data or programs.

- Preventing authorized users from making improper or unauthorized modifications.

- Maintaining internal and external consistency of data and programs.

The Biba integrity model was published in 1977 at the Mitre Corporation; one year after the Bell La-Padula model was published. The primary motivation for creating this model is the inability of the Bell-LaPadula model to deal with integrity of data. The Biba model addresses the problem with the star property of the Bell-LaPadula model, which does not restrict a subject from writing to a more trusted object.

A classification is an element of hierarchical set of elements. It consists of elements like C (for Crucial), VI (for Very Important), I (for Important). Set of categories and classification determines the level of integrity.

The properties of Biba Model are:

- The “no write-up” is essential, since it limits the damage that can be done by malicious objects in the system. For instance, “no write-up” limits the amount of damage that can be done by a trojan horse in the system. The trojan horse would only be able to write to objects at it integrity level or lower. This is important because it limits the damage that can be done to the operating system.

- The “no read-down” prevents a trust subject from being contaminated by a less trusted object.

Characteristics of a Good Security Policy

Characteristics of a Good Security Policy

If a security policy is written poorly, it cannot guide the developers and users in providing appropriate security mechanisms to protect important assets. Certain characteristics make a security policy a good one.

- Coverage

A security policy must be comprehensive/ all-inclusive: It must either apply to or explicitly exclude all possible situations. Furthermore, a security policy may not be updated as each new situation arises, so it must be general enough to apply naturally to new cases that occur as the system is used in unusual or unexpected ways.

- Durability

A security policy must grow and adapt well. In large measure, it will survive the system's growth and expansion without change. If written in a flexible way, the existing policy will be applicable to new situations. However, there are times when the policy must change (such as when government regulations mandate new security constraints), so the policy must be changeable when it needs to be.

An important key to durability is keeping the policy free from ties to specific data or protection mechanisms that almost certainly will change. It is preferable to describe assets needing protection in terms of their function and characteristics, rather than in terms of specific implementation.

- Realism

The policy must be realistic. That is, it must be possible to implement the stated security requirements with existing technology. Moreover, the implementation must be beneficial in terms of time, cost, and convenience; the policy should not recommend a control that works but prevents the system or its users from performing their activities and functions.

- Usefulness

An obscure or incomplete security policy will not be implemented properly, if at all. The policy must be written in language that can be read, understood and followed by anyone who must implement it or is affected by it. For this reason, the policy should be succinct, clear, and direct.

Risk Analysis:

Risks are events or conditions that may occur, and whose occurrence, if it does take place, has a harmful or negative effect. Exposure to the consequences of uncertainty constitutes a risk. In everyday usage, risk is often used synonymously with the probability of a known loss. In information security, a risk is defined as a function of three variables:
the probability that there is a threat
the probability that there are any vulnerabilities
the potential impact.

In general, there are three strategies for risk reduction:

- avoiding the risk, by changing requirements for security or other system characteristics

- transferring the risk, by allocating the risk to other systems, people, organizations, or assets; or by buying insurance to cover any financial loss should the risk become a reality

- assuming the risk, by accepting it, controlling it with available resources, and preparing to deal with the loss if it occurs

Good, effective security planning includes a careful risk analysis. Risk analysis is the process of examining a system and its operational context to determine possible exposures and the potential harm they can cause.

Steps of Risk Analysis

By following well-defined steps, we can analyze the security risks in a computing system. The basic steps of risk analysis are listed below.


1. Identify assets.

2. Determine vulnerabilities.

3. Estimate likelihood of exploitation.

4. Compute expected annual loss.

5. Survey applicable controls and their costs.

6. Project annual savings of control.


Access Control:

Access control is the ability to permit or deny the use of a particular resource by a particular entity. Access control mechanisms can be used in managing physical resources (such as a movie theater, to which only ticketholders should be admitted), logical resources (a bank account, with a limited number of people authorized to make a withdrawal), or digital resources (for example, a private text document on a computer, which only certain users should be able to read).

In any access control model, the entities that can perform actions in the system are called subjects, and the entities representing resources to which access may need to be controlled are called objects.

What Makes a Good Security Policy? Properties of Security

What Makes a Good Security Policy?


The characteristics of a good security policy are:

1. It must be implementable through system administration procedures, publishing of acceptable use guidelines, or other appropriate methods.

2. It must be enforceable with security tools, where appropriate, and with sanctions, where actual prevention is not technically feasible.

3. It must clearly define the areas of responsibility for the users, administrators, and management.

Basic Properties of Security (Basic Principles of Security):

Confidentiality: Let X be a set of entities and let I be some information. Then I has the property of confidentiality with respect to X if no member of X can obtain information about I. Confidentiality implies that information must not be disclosed to some set of entities. It may be disclosed to others. The membership of set X is often implicit – for example, when we speak of a document that is confidential. Some entity has access to the document. All entities not authorized to have such access make up the set X.

Integrity: Let X be a set of entities and let I be some information or a resource. Then I has the property of integrity with respect to X if all members of X trust I. In addition to trusting the information itself, the members of X also trust that the conveyance and storage of I do not change the information or its trustworthiness (this aspect is sometimes called data integrity). If I is information about the origin of something, or about an identity, the members of X trust that the information is correct and unchanged (this aspect

is sometimes called origin integrity or, more commonly, authentication). Also, I may be a resource rather than information. In that case, integrity means that the resource functions correctly (meeting its specifications). This aspect is called assurance. As with confidentiality, the membership of X is often implicit.

Availability: Let X be a set of entities and let I be a resource. Then I has the property of availability with respect to X if all members of X can access I. The exact definition of "access" varies upon the needs of the members of X, the nature of the resource, and the use of the resource. If a book-selling server takes up to 1 hour to service a purchase request, that may meet the client's requirements for "availability." If a server of medical information takes up to 1 hour to service an anesthetic allergy information request, that will not meet an emergency room's requirements for "availability."

Policy can be expressed in:

- Natural language, which is usually imprecise but easy to understand;
- Mathematics, which is usually precise but hard to understand;
- Policy languages, which look like some form of programming language and try to balance precision with ease of understanding.

Security Mechanism:

Security Mechanism is a method, tool, or procedure for enforcing a security. A security mechanism is an entity or procedure that enforces some part of the security policy. If there is a conflict in policies, discrepancies may create security vulnerabilities. A security mechanism is an entity or procedure that enforces some part of the security policy. Mechanisms may be

- Technical mechanism enforces the policy inside the system. For example, mechanism that enables a password to authenticate user before using the computer.

- Procedural mechanism enforces the policy outside the system. For example, mechanism that sensor's a disk containing a game program obtained from an unreliable source.

Consider a scenario; suppose a university’s computer lab has a policy that prohibits any student from copying another student’s homework files. The computer system provides mechanisms for preventing others from reading a user’s file. Suppose, Anna fails to use these mechanisms to protect her homework files, and Bill copies them. A breach of security has occurred, because Bill has violated the security policy. If the policy said students has to read-protect their homework files, then Anna did breach security, as she didn’t do this.

Example: In the preceding example, the policy is the statement that no student may copy another student's homework. One mechanism is the file access controls; if the second student had set permissions to prevent the first student from reading the file containing her homework, the first student could not have copied that file.

Security policies are often implicit rather than explicit. This causes confusion, especially when the policy is defined in terms of the mechanisms. This definition may be ambiguous - for e.g., if some mechanisms prevent a specific action and others allow it. Such policies lead to confusion, and sites should avoid them.

The difference between a policy and an abstract description of that policy is crucial to the analysis that follows. A security model is a model that represents a particular policy or set of policies. A model abstracts details relevant for analysis. Analyses rarely discuss particular policies; they usually focus on specific characteristics of policies, because many policies exhibit these characteristics; and the more policies with those characteristics, the more useful the analysis. There is a result that says no single nontrivial analysis can cover all policies, but restricting the class of security policies sufficiently allows meaningful analysis of that class of policies.

Goals of Security:

Prevention is to prevent the attackers from violating security policy. Prevention means that an attack will fail. Typically, prevention involves implementation of mechanisms that users can not override and that are trusted to be implemented in a correct ways so that the attacker can't defeat the mechanism by changing it.

Detection is to detect attackers’ violation of security policy. So it occurs after someone violates the policy. The mechanism determines that a violation of the policy has occurred (or is underway) due to attack, and reports it. The system must then respond appropriately. Detection is most useful when an attack can't be prevented.
Recovery is to stop attack and to assess and repair any damage caused by attack. With recovery, it should be such that the system continues to function correctly, possibly after

a period during which it fails to function correctly, due to attacks.

For example if the attacker deletes a file, one recovery mechanism is to restore the file from backup tapes.

Protection State:

The state of a system at any instance is defined by the collection of the current values of all memory locations, all secondary storage, and all registers and other components of the system. The subset of this collection that deals with protection defines the protection state of the system. Access control matrix model is the most precise model used to describe a protection state.

Consider a set of possible protection states P. Suppose there is a subset Q of P consists exactly those states in which system is authorized to reside. So, whenever the system state is in Q, the system is supposed to be secure. When the system state is in P-Q, the system is not secure. So enforcing security means that the system state is always from the subset Q. Any operations like reading, writing, altering and execution of data or instruction cause the change in state of the system i.e., state transition occurs. We are concerned with only those state transitions that will lead to the authorized states.

Access Control Matrix Model:

Access to protected information must be restricted to people who are authorized to access the information. The computer programs, and in many cases the computers that process the information, must also be authorized. This requires that mechanisms be in place to control the access to protected information

Access control matrix model is the simplest framework for describing a protection system. It defines the right of users over files in matrix.

- Set of objects O; the set of all protected entities that are relevant to the protection state.
- Set of subjects S; set of active objects such as processes and users
Now the access control matrix model designated by a matrix A defines the relationship between these entities with the rights drawn from a set of rights R in each entry of , where , , and . The subject s has a set of rights over the object o. The set of protection states of the system is represented by the triple (S, O, A)

For example:

file1 file2 process1 process2

Process 1 read, write read read, write, write own execute, own

Process 2 append read, own read read, write execute, own

Access Control List(ACL)

Access Control List is the easier way to represent access control matrix and it is most commonly used implementation of access control matrix. The ACL permits any given user to be allowed or disallowed access to any object. The columns of an ACL show a list of users attached to protected objects. One can associate access rights for individuals and resources directly with each object.

Assumptions and Trust:
All security policies and mechanisms rest on assumptions specific to the type of security and the environment in which it is to be employed.

As policies are to define the issue of security, they have to define security correctly for the particular site. For example, a web site has to be available, but if the security policy does not mention availability, the definition of security is inappropriate for the site. Also, a policy may not specify whether a particular state is “secure” or “non-secure.” This ambiguity causes problems. Hence proper assumptions should be made before defining a concrete policy.

As mechanisms are to enforce policy, they must be appropriate. For example, cryptography does not assure availability, so using cryptography in the above situation won’t work. Trusting the mechanisms work requires several assumptions;

- each mechanism is designed to implement one or more parts of security policy,

- the union of mechanisms implements all aspects of the security policy,

- the mechanisms are implemented correctly,

- the mechanisms are installed and administered correctly

e security mechanisms may be secure, precise, or broad. Let P defines set of all possible states.


Secure Precise Broad
Possible States (P)
Secure States (Q)
Reachable States (R)
Set Q be the set of secure states, as specified by the security policy. Let R be the set of some reachable states that a system can enter ( ).

Then a security mechanism is;
- secure if all the reachable states, R are in the set of secure states Q, i.e. .
- precise if all the reachable states are secure and all the secure states are reachable, i.e.
- broad if some reachable states are non secure states, i.e. there are states r such that and .

Assurance:
Assurance is a measure of how well the system meets its requirements; more informally, how much we can trust the system to do what it is supposed to do. It does not say what the system is to do; rather, it only covers how well the system does it. System specification, design and implementation can provide a basis for determining “how much” to trust a system. This aspect of trust is the assurance. It is an attempt to provide a basis for supporting how much one can trust a system.
Specification is a statement of the desired functioning of the system. Specifications arise from requirements analysis, in which the goals of the system are determined. The specification says what are the requirements and what the system must do to meet those requirements. It is a statement of functionality, not assurance, and can be very formal (mathematical) or informal (natural language). The specification can be high-level or low-level (for example, describing what the system as a whole is to do vs. what specific modules of code are to do).

Design architects the system to meet the specifications. The design of a system translates the specification into the components that will implement them. The design is said to satisfy the specification if the design will not permit the system to violate those predefined specifications.

Typically, the design is layered by breaking the system into abstractions, and then refining the abstractions as we work our way down to the hardware. An analyst also must show whether the design matches specifications or not.

Implementation is the actual coding of the modules and software components. These must be correct (perform as specified), and their aggregation must satisfy the design. Thus, implementation creates a system that satisfies the design. This leads that implementation will also satisfy the specifications.

Operational Issues with Security:

Security does not end when the system is completed. Its operation affects security. A “secure” system can be breached by improper operation (for example, when accounts with no passwords are created). The problem is how to assess the effect of operational issues on security.

Cost-Benefit Analysis: This weighs the cost of protecting data and resources with the costs associated with losing the data. If the data or resources cost less, or are of less value, than their protection, adding security mechanisms and procedures is not cost-effective because the data or resources can be reconstructed more cheaply than the protections themselves.

Similarly other considerations are the overlap of mechanisms’ effects (one mechanism may protect multiple services, so its cost is amortized), the non-technical aspects of the mechanism (will it be impossible to enforce), and the ease of use (if a mechanism is too cumbersome, it may cost more to retrofit a decent user interface than the benefits would warrant).

Risk Analysis: Risks are events or conditions that may occur, and whose occurrence, if it does take place, has a harmful or negative effect. A risk analysis involves identifying the most probable threats to a system and analyzing the related vulnerabilities of the system to these threats. The risk analysis also should determine the impact of each type of potential threat on various functions or units within the system.

What happens if the data and resources are compromised? This tells us what we need to protect and to what level. Cost-benefit analyses help determine the risk here, but there may be other metrics involved (such as customs).

Laws and Customs: These constrain what you can do. E.g. Encryption use can be unlawful. Laws restrict the availability and use of technology and affect procedural controls. Hence any policy and any selection of mechanisms must take into account legal considerations. Customs involve non-legislated things, like the all the employees are to provide their DNA samples in a company for authentication purpose. That is legal for the company, but it is not socially acceptable, as an alternative to a password. Thus society/customs distinguish between legal and acceptable practices.

Human Issues with Security:
Organizational Problems:
With the organizational problems, the question is of who is responsible for security. The key here is that those responsible for security have the power to enforce security. Otherwise there is confusion, and the architects need not worry if the system is secure because they won’t be blamed if someone gets in. This arises when system administrators, for example, are responsible for security, but only security officers can make the rules. Preventing this problem (power without responsibility or vice versa) is tricky and requires capable management. What’s worse is that security is not a direct financial incentive for most companies because it doesn’t bring in revenue. It merely prevents the loss of revenue obtained from other sources.

Lack of resource is another common problem. Securing a system requires resources as well as people. It requires time to design a configuration that will provide a sufficient level of security, to implement the configuration, and to administer the system.

People problems:
People problems are by far the main source of security problems. Outsiders are attackers from without the organization; insiders are people who have authorized access to the system and, possibly, are authorized to access data and resources, but use the data or resources in unauthorized ways. It is speculated that insiders account for 80-90% of all security problems, but the studies generally do not disclose their methodology in detail, so it is hard to know how accurate they are. Social engineering, or two-faced, is quite effective, especially if the people gulled are inexperienced in security (possibly because they are new, or because they are tired).

The Security Life Cycle: Threats

Policy

Specification

Design

implementation

Operation and Maintenance

The considerations discussed till now appear to flow linearly from one to the next as shown in figure above. In addition, each stage of the cycle feeds back to the preceding stage, and through that stage to all earlier stages. Thus each stage affects all the ones that come before it. Feedback from operation and maintenance is critical, and often overlooked. It allows one to validate the threats and the legitimacy of the policy.

Computer Security / Information Security

Computer Security / Information Security:

Information security means protecting information and information systems from unauthorized access, use, modification, or destruction. The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated and share the common goals of protecting the confidentiality, integrity and availability of information.

With the introduction of the computer, the need for automated tools for protecting the files and other information stored on the computer became evident. This is especially the case for a shared system as like internet. Thus, computer security is the generic name for the collection of tools designed to protect data and to prevent hackers.

Computer Security rests on confidentiality, integrity and availability.

Confidentiality:

Confidentiality is the concealment of information or resources. Cryptography can be the better choice for maintaining the privacy of information, which traditionally is used to protect the secret messages. Similarly, privacy of resources, i.e. resource hiding can be maintained by using proper firewalls.  Confidentiality is sometimes called secrecy or privacy.

Integrity:
Integrity ensures the correctness as well as trustworthiness of data or resources. For example, if we say that we have preserved the integrity of an item, we may mean that the item is: precise, accurate, unmodified, modified only in acceptable ways, modified only by authorized people, modified only by authorized processes, consistent, meaningful and usable.
Integrity mechanisms fall into two classes; prevention mechanisms and detection mechanisms. Prevention mechanisms are responsible to maintain the integrity of data by blocking any unauthorized attempts to change the data or any attempts to change data in unauthorized ways.  While detection mechanisms; rather than preventing the violations of integrity; they simply analyze the data’s integrity is no longer trustworthy. Such mechanisms may analyze the system events or the data itself to see if required constraints still hold.
Availability:
Availability refers to the ability to use the information or resource desired. An unavailable system is as bad as no system at all. An object or service is thought to be available if;
·         It is present in a usable form.
·         It has capacity enough to meet the service's needs.
·         It is making clear progress, and, if in wait mode, it has a bounded waiting time.
·         The service is completed in an acceptable period of time.
Availability is usually defined in terms of “quality of service,” in which authorized users are expected to receive a specific level of service. The aspect of availability that is relevant to security is that someone may intentionally arrange to deny access to data or to service by making it unavailable
Fig 1. : Relationship between Confidentiality, Integrity and Availability
Threats:

A threat to a computing system is a set of circumstances that has the potential to cause loss or harm. It is a potential violation of security, means that it is a possible danger that might exploit vulnerability.

Attack is an assault on system security that derives from an intelligent threat, i.e. attack is an intelligent act that is an intentional attempt to evade security services and violate the security policy of a system. 

Threats can be categorized into four classes:

Disclosure- Unauthorized access to information
                                           Snooping
                                    Deception- Acceptance of false data
                                          Modification, Spoofing, denial of receipt, Repudiation of origin
                                    Disruption- Interruption of correct operation
                                          Modification
Usurpation- Unauthorized control of some part of system   
                                         Modification, Spoofing, denial of service, delay

Snooping- It is an unauthorized interception of information. It is passive, means that some entity is listening to communications or browsing the system information. Passive wiretapping is an example of snooping where attackers monitors the network communications.

Modification- It is an unauthorized change of information. It is active, means that some entity is changing the information. Active wiretapping is an example of modification where data across the network is altered by the attackers.

Spoofing / Masquerading- It is an impersonation of one entity by another. E.g.:  if a user tries to log into a computer across the internet but instead reaches another computer that claims to be the desired one, the user has been spoofed. Delegation is basically authorized spoofing. The difference is that the ones to which authority is delegated does not impersonate the delegator; he/she simply asserts authority to act as an agent for the delegator. So masquerading is a violation of security, whereas delegation is not.

Repudiation of origin- A false denial that an entity sent something, is a form of deception.

Denial of receipt- A false denial that an entity received some message or information, is a form of deception.

Delay- It is a temporal forbiddance of service. E.g.: If delivery of a message or a service requires time t; if an attacker can force the delivery time to be more than t, then there is delayed delivery.

Denial of service- It is an infinite delay i.e., a long term inhibition of service. E.g., an entity may suppress all messages directed to a particular destination. Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade the performance.

Security Policy:

Policy is a set of mechanisms by means of which your information security objectives can be defined and attained. Security policy governs a set of rules and objectives need by an organization.

The purpose of the information security policy is:

  • To prescribe mechanisms that help identify and prevent the compromise of information security and the misuse of data, applications, networks and computer systems.
  • To define mechanisms that protect the reputation of the organization and allow the organization to satisfy its legal and ethical responsibilities with regard to its networks' and computer systems' connectivity to worldwide networks.
  • To prescribe an effective mechanism for responding to external complaints and queries about real or perceived non-compliance with this policy.

Advantages and Disadvantages of Waterfall Model

Advantages and Disadvantages of Waterfall Model: In this article, we are going to talk about one of the system development model called waterfall model.

First of all, you may need to know a little bit about what is waterfall model; The waterfall model describes a system development method that is linear and sequential in nature follow-ing gradually downwards similar to waterfall.

Once a phase of development is completed, the development proceeds to the next phase and never turns back. 

Waterfall model will have different stages of the approach will go from top to bottom;

Problem Definition will be the first stage and same way it will go and end up with System Maintenance. The main problem in waterfall model is that it will never turn back for backtracking;
  • Problem definition
  • Feasibility Study
  • Requirement Analysis
  • System Design
  • Coding and Testing
  • Implementation
  • System Maintenance
Waterfall model of system development has advantages and disadvantages so let's discuss those here;

Advantages and Disadvantages of Waterfall Model ;

Advantages of Waterfall Model;
  • If we talk about complexity it, not that complex; Simple and easy to use and understand.
  • It's really simple and easy to manage because it has a top to down approach for development model and has specific deliverables and review process.
  • In this model phases are processed and completed at one time there is no overlap or backtracking. 
  • Waterfall model is best for smaller projects
Disadvantages of Waterfall Model:
  • Once an application is in the testing stage, there is no possibility to go back and track the error.
  • You cannot change the process; You have to start it from the beginning. 
  • High amount of risk and uncertainty because the client may change anything anytime.
  • Not a good model for complex and object oriented projects.
  • This waterfall model is not suitable for high risk of changing projects.

Why Gray Codes are used in K-MAP instead of Binary Code?

Gray code belongs to a class of codes called minimum change code in which the only one-bit code group changes when going from one step to the next. This is an un-weighted code which means that there are no specific weights assigned to the bit positions.


Advantages of Gray Code

In Gray Code, if we go from one decimal number to next, only one bit of the Gray code changes. Because of this feature, an amount of switching is minimized and the reliability of the switching systems is improved.

Gray Codes are used in K-MAP instead of Binary Code
Gray codes actually follow Adjacency property i.e between two successive gray codes there is only one-bit change and in the binary code, there will be multiple value changes.

Because of Adjancey property when one plots a K-MAP, literals can be grouped keeping other literal constant.

For example: 00, 01, 11, 11
Like 01, 11

Example of Binary to Gray code conversion.

Convert 1011 Binary to Gray

1011 the binary value, there are two values MSB as well as LSB
[MSB] [1 from left] - 1011 - [LSB] [1 from right]

Rules to convert Binary to Gray code

  • Write MSB as it is. 
  • Add MSB in a next and neglect carry if occurs.

Convert 1011 (Binary) to (Gray)

  • MSB is 1 and writes it as it is as 1. 
  • Now add MSB [1] next to next value [0] and add both of them, if a carry occurs discard it. 
  • Now follow same way for all the numbers 0, 1 & 1.

IC Digital Logic Families

Integrated Circuits

Digital circuits are invariably constructed with integrated circuits. An integrated circuit is a small silicon semiconductor crystal, called a chip containing electrical components such as transistors, diodes, resistors, and capacitors.

The various components are interconnected inside the chip to form an electronic circuit. The chip is mounted on a metal or plastic package, and connections are welded to external pins to form the IC.

IC Digital Logic Families

Why Integrated Circuits are used? 

Integrated circuits are very small electronic circuits which were built to perform a particular function made of active and passive components such as transistors, diodes, resistors, capacitors etc... And these are sometimes called a chip or microchip, is a semiconductor wafer on which thousands or millions of tiny resistors or capacitors or transistors will be fabricated.

IC Digital Logic Families will have either NAND or NOR gate is a logic gate. Because NAND and NOR gates are universal gates and these will help IC to perform efficiently as well as it will make them a smaller size.

With the help of NAND and NOR representation, these ICs will cost little lower than other gates representation because any gates can be represented by NAND and NOR gate.

TTL - Transistor Transistor Logic

TTL has an extensive list of digital functions and is currently the most popular logic family. Which has been built from bipolar junction transistors (BJTs) and resistors.

The term transistor-transistor is because both logic function and amplification is done by the transistor. Using TTL logic families, many logic gates can be fabricated in a single integrated circuit. For logic gate built using TTL logic families, input are given to the emitters of the input transistor.

ECL - Emitter Coupled Logic

ECL is used in systems requiring high-speed operations. This logic family will be integrated for high-speed operations and integrated circuit will be bipolar transistor logic family. ECL uses an overdriven BJT (bipolar junction transistors) differential amplifier with single ended input and limited emitter current to avoid the saturated region of operation and it's slow to turn off behavior. 

MOS - Metal-oxide semiconductor

The metal–oxide–semiconductor field-effect transistor (MOSFET, MOS-FET, or MOS FET) is a type of field-effect transistor (FET). It has an insulated gate, whose voltage determines the conductivity of the device.

CMOS - Complementary Metal-oxide Semiconductor

CMOS is used in systems requiring low power consumption. Mostly CMOS technology is used in microprocessors, microcontrollers, or even on static RAM and other digital logic circuits as well as devices. 
CMOS technology is also used for several analog circuits such as image sensors (CMOS sensor), data converters, and highly integrated transceivers for many types of communication.

I2L - Integrated-Injection Logic

Integrated injection logic is a class of digital circuits built with multiple collector bipolar junction transistors (BJT). It can also be used in devices like which consume lower power. Most effectively it can be used in VLSI chips. 
Although the logic voltage levels are very close (High: 0.7V, Low: 0.2V), I2L has high noise immunity because it operates by current instead of voltage. It is sometimes also known as merged transistor logic.

Binary Logic & Logical Gates and Representation

Binary Logic

Binary logic deals with variables that take on two discrete values and which operations that assume logical meaning. The two values the variables take may be called by different names (e.g true and false, yes and no). But for our purpose, it is convenient to think in terms of bits and assign the values of 1 and 0.

Binary logic is used to describe, in a mathematical way, the manipulation, and processing of binary information. It is particularly suited for the analysis and design of digital systems.

Actually binary logic consists of binary variables and logical operations. The variables are designated by letters of the alphabet such as A, B, C, x, y, z, etc...with each variable having two and only two distinct possible values; 1 as true and 0 as a false (0 and 1). And there are few logical operations that can be called as a AND, OR and NOT.

While explaining these logical operations

AND: is known as a multiplication and represented by . sign in digital logic and in a formal expression it can be written as an A.B = AB or 1.1 = 1 or we can say that x.y = z.

OR: is known as an addition and it can be represented by the + in digital logic the formal expression can write as an A+B = C or 1+1 = 1.

NOT: this operation is the inverse of all where we can represent this by writing following x' = z or 1 = 0. We will be complementing the value of the input.

Registers and Register Transfer

Registers

A register is a group of binary cells. Since cell stores one bit of information. It follows that a register with n cell can store any discrete quantity of information that contains n bits. The state of a register is an n-tuple number of 1's and 0's, with each bit designating the state of one cell in the register.
The content of a register is a function of the interpretation given to the information stored in it. Consider, for example following 16 cell register.

1 1 0 0 0 0 1 1 1 1 0 0 1 0 0 1

Physically one may think of the register is composed of 16 binary cells, with each cell storing either a 1 or a 0. Suppose that the bit configuration stored in the register is as shown. The state of the register is the 16 tuple number.

Register with n cell can be in one of 2n possible states. Now if one assumes that the content of the register represents a binary integer, then obviously the register can store any binary number from 0 to 216 - 1.

Register Transfer

A digital computer is characterized by its registers. The memory unit is known as a collection of thousands of registers for storing digital information. The processor unit is composed of various registers that store operands upon which operations are performed.

The control unit uses registers to keep track of various computer sequences, and every input or output device must have at least one register to store the information transferred to or from the device.

Alphanumeric Codes & Binary Storage and Registers

Alphanumeric Codes

Digital computers' applications require handling of the data that requires not only of numbers but also of letters. For example, an insurance company with millions of policy holders may use a digital computer to process its files.

To processes holder's name in the binary form, it requires having a binary code for the alphabet. In addition, the same binary code must represent decimal number and some other special characters.

An alphanumeric code is a binary code of a group of elements consisting of the ten digits. The 26 letters of the alphabet. And a certain number of special symbols such as $.

The total number of elements in an alphanumeric group is greater than 36. Therefore, it must be coded with a minimum of six bits 26 = 64 but  25 = 32 is insufficient.

Binary Storage and Registers

binary storage and registers
The discrete elements of information in a digital computer must have a physical existence in some information storage medium. Furthermore, when discrete elements of information are represented in binary form, the information storage medium most contain binary storage elements for storing individuals bits.

A binary cell is a device that possesses two stable states and is capable of storing one bit of information.

The input to the cell receives excitation signals that set it to one of the two states. The output of the cell is a physical quantity that distinguishes between the two states. The information stored in a cell is a 1 when it is in one stable state and a 0 when in the other stable state.

Example of the binary cell are electronic flip-flop circuits, ferrite cores used in memories, and positions punched with a hole or not punched in a card. 

Universal Logic Gates - NOR Gate and NAND Gate

Simply in digital logic, a universal logic gate is a logic gate that can be used to construct all other logic gates like AND, OR & NOT. These basic gates can be represented or created with the help of universal digital logic gates.

NOR gate - Universal Logical Gate

It is the combination of NOT and OR gate in such a way that output of OR gate is connected to the input of the NOT gate. 

To talk about its input and output this will take one or multiple inputs but the output of the gate is high only when the input is low. Hence its outputs are the reverse of OR gate. 

NOR gate - Universal Logical Gate

Truth Table

Input               Output
A      B            Y=(A.B)'
0       0             1 
0       1             0 
1       0             0 
1       1             0

Boolean Equation  
Y = (A.B)'

NAND Universal Logic Gate

It is the combination of NOT and AND gate in such a way that output of NAND gate is connected to the input of the NOT gate. 

The output of this gate is low only when all inputs are high. Hence this gate is a reverse of AND gate. 



Truth Table

Input               Output
A      B            Y=(A.B)'
0       0             1 
0       1             1 
1       0             1 
1       1             0

Boolean Equation

Y = (A.B)'

Digital Logic : Basic AND gate OR gate and NOT gate.

A digital circuit having one or more input signals but only one output is called a logic gate or simply a gate. Logic gates are the basic building blocks of any digital systems.

The table which shows different combination of input along with their possible outputs is called truth table. Moreover, truth table will help us to find out the exact output of the inputs for different gates i.e AND gate OR gate and NOT gate.

Basic AND Gate

The AND gate has two or more inputs and a single output. The AND gate provides a high output only when all inputs are high. AND gate performs logical multiplication as a function. 

Basic AND Gate

Truth Table

Input                Output
A     B             Y=A.B
0      0               0
0      1               0
1      0               0
1      1               1

Boolean Equation

Y=A.B

Basic OR gate

The OR gate will have two or more inputs and a single output. The OR gate provides a high output if any or all inputs are high. The AND gate performs logical addition, more commonly known as OR function.

Basic OR gate

Truth Table

Input                Output
A     B             Y=A.B
0      0               0
0      1               1
1      0               1
1      1               1

Boolean Equation
Y= A+B

Basic NOT gate

The not gate will have only one input and one output. The NOT gate provides high output if an input is low. It provides the low output if an input is high. The NOT gate performs a basic logical function called inversion or complementation.

Most commonly NOT is also called as an inverter because output state is always opposite to input state. 

Basic NOT gate

Truth Table

Input      Output
A            Y=A'
0              1
1              0

Boolean Equation
Y = A'

What is Gray Code? and Gray Code's Advantages

This code belongs to a class of codes called minimum change code in which only one bit in the code group changes when going from one step to the next. This is an un-weighted code which means that there are no specific weights assigned to the bit positions.

Because of this the Gray code is not suited for arithmetic operations but finds applications is input/output devices and some types of analog to digital converters (ADCs)

Advantages of Gray Code

In Gray code, if we go from one decimal number to next, only one bit of the gray code changes. Because of this feature, an amount of switching is minimized and the reliability of the switching systems is improved. 

What is Digital Operation?

The operations performed in digital electronics are called digital operations. Some common digital operations are counting, arithmetic operations and logic operations.

The counting operation is performed by "Counters". The arithmetic operation is performed by Arithmetic and logic unit and are addition, subtraction, multiplication, and division and are accomplished with other digital circuits. The logic operations too are performed by ALU and they include inversion (NOT), AND and OR gates.

Selecting a single output of multiple inputs (Multiplexing) or giving out many outputs with single inputs (Demultiplexing) are can also be treated as digital operation. Similarly, the process of encoding and decoding are also digital operations. These operations are performed by different data processing circuits like Multiplexes, de-multiplexes, encoder, decoder etc... 

Definition for Digital Signals

Digital signals are discrete time signals generated by digital modulation. It is a signal where amplitude can have only given discrete values between defined limit. Simply, it is a signal that change amplitude is discrete steps.

Digital signals are obtained when discrete time signals are quantized and then coded. Generally, digital signals are less subjected to deterioration during transmission.

Digital signals are denoted by the square wave. The output of the digital computer is an example of the digital signal. The waveform of a digital signal is known as a digital waveform.


What is Blogging? How to Create a Blog?

Blogging means the art of writing and sharing new thoughts or opinion about the particular topic via web journal. 

A Blog is also called as a weblog or web log which means website consisting of pages or posts where a person can share his/her thoughts about the topics. 

Nowadays's blogging has become so popular because this has influenced every online business as well as companies information sharing pattern. 

In this article, you are going to learn, 

How to create a blog?

I'm using Blogger platform for this blogging series tutorial. This is one of the easiest platforms for creating a blog. 

Step 1: You have to have a Gmail account to create a blog on blogger. 
Step 2: Now you have to go to Blogger.com to create your own blog. 
Step 3: Just fill necessary information on blogger form to create a blog. 

 
Step 4: Now click on create a blog! button and you are good to go with your blogging journey. 

Blog creation is that simple, you can just log in your Gmail account and choose google's blogger platform and start your own online journal or diary. 

What is Digital Logic?

Digital logic is the representation of signals and sequences of the digital circuit through numbers.

It is the basis for digital computing and provides a fundamental understanding of how circuits and hardware communicate with a computer.

Digital logic is typically embedded into most electronic devices including a computer, video games, calculators etc.

Digital logic involves the study of digital electronics in a logical way. It is of two positive logics and negative logic.

What is Digital Signal?

Digital signals are discrete time signals generated by digital modulation. It is a signal where amplitude can have only given values between defined limit.

Simply, it is a signal that changes amplitude is discrete steps.

Digital Signals are obtained where discrete time signals are quantized and then coded.

Generally, digital signals are less subjected to deterioration during transmission.

Digital signals are denoted by a square wave. The output of the digital computer is an example of the digital signal. 

Create Simple Navigation Using HTML and CSS

Create Simple Navigation Using HTML and CSS

Create Simple Navigation Using HTML and CSS

HTML CODE


<html>

<head>
 <meta charset='utf-8'/>
 <title>Title</title>
 <link rel="stylesheet" type="text/css" href="menu.css">
</head>
<body>
 <div id='top_nav'>
  <ul>
   <li><a href="#">Home</a></li>
   <li><a href="#">C</a>
    <ul>
     <li><a href="#">Web Development</a></li>
     <li><a href="#">C Programming</a></li>
     <li><a href="#">Java Tutorials</a></li>
    </ul>
   </li> 

   <li><a href="#">Java</a>
    <ul>
     <li><a href="#">Web Development</a></li>
     <li><a href="#">C Programming</a></li>
     <li><a href="#">Java Tutorials</a></li>
    </ul>
   </li> 

   <li><a href="#">PHP</a>
    <ul>
     <li><a href="#">Web Development</a></li>
     <li><a href="#">C Programming</a></li>
     <li><a href="#">Java Tutorials</a></li>
    </ul>
   </li> 
   <li><a href="#">About</a></li>
   <li><a href="#">Contact</a></li>
   <li><a href="#">Privay</a></li>
   <li><a href="#">Terms</a></li>

  </ul>

 </div>
</body>
</html>

CSS CODE

Create New Text File and Copy this code and save it as menu.css and keep both the HTML file and css file in same folder.  

#top_nav li:hover ul{
 display: block;
}

#top_nav{
 display: block;
 position: relative;
 background: #067;
 border: 1px solid rgb(200,140,0);
 font: bold 14px ubuntu;
 width: 1000px;
 height: 40px;
 margin: 0px auto;
}

#top_nav ul{
 margin: 0px;
 padding: 0px;
}

#top_nav li{
 position: relative;
 float: left;
 list-style-type: none;
}

#top_nav ul:after{
 content: *.*;
 display: block;
 height: 0px;
 clear: both;
 visibility: hidden;
}

#top_nav ul ul{
 position: absolute;
 display: none;
 left: 0px;
 width: 0px;
}

#top_nav li a{
 text-decoration: none;
 display: block;
 color: #fff;
 padding: 10px;
}

#top_nav ul ul li{ 
background: #fff;
}

#top_nav ul ul li a{ 
 color: #000;
 width: 100%; 
}