Please enable JavaScript.

Coggle requires JavaScript to display documents.

SDLC - Coggle Diagram

- - - - Candidate Keys
        
        Subset of attributes that can be used to uniquely identify any record in a table.
        
        No two records in the same table will ever contain the same values for all attributes composing a candidate key.
      - Primary Keys
        
        Primary key is selected from the set of candidate keys for a table to be used to uniquely identify the records in a table
        
        Each table has only one primary key, selected by the database designer from the set of candidate keys
        
        RDBMS enforces the uniqueness of primary keys by disallowing the insertion of multiple records with the same primary key.
      - Foreign Keys
        
        A foreign key is used to enforce relationships between two tables, also known as referential integrity
        
        Referential integrity ensures that if one table contains a foreign key, it corresponds to a still-existing primary key in the other table in the relationship.
  - - - Information stored in the database is always correct or at least has its integrity and availability protected.
      - Databases that fail to implement concurrency correctly may suffer from the following issues
        
        Lost Updates
        
        Dirty Reads
      - Concurrency uses a “lock” feature to allow one user to make changes but deny other users access to views or make changes to data elements at the same time. Then, after the changes have been made, an “unlock” feature restores the ability of other users to access the data they need
    - - Ensures that user actions don’t violate any structural rules, stored data types are within valid domain ranges, ensures that only logical values exist, and confirms that the system complies with any and all uniqueness constraints.
    - - Content-dependent access control
        
        Based on the contents or payload of the object being accessed.
        
        Because decisions must be made on an object-by-object basis, content-dependent control increases processing overhead.
      - Cell suppression
        
        Concept of hiding individual database fields or cells or imposing more security restrictions on them.
      - Context-dependent access control
        
        How each object or packet or field relates to the overall activity or communication.
        
        Any single element may look innocuous by itself, but in a larger context that element may be revealed to be benign or malign.
    - - Database partitioning is the process of splitting a single database into multiple parts, each with a unique and distinct security level or type of content.
      - Administrators might employ database partitioning to subvert aggregation and inference vulnerabilities
    - - Occurs when two or more rows in the same relational database table appear to have identical primary key elements but contain different data for use at differing classification levels.
      - Often used as a defense against some types of inference attacks
      - If polyinstantiation is used, two records could be inserted into the table. The first one, classified at the top-secret level, would reflect the true location of the ship and be available only to users with the appropriate top-secret security clearance. The second record, classified at the secret level, would indicate that the ship was on routine patrol and would be returned to users with a secret clearance.
    - - Administrators can insert false or misleading data into a DBMS in order to redirect or thwart information confidentiality attacks
      - Extremely careful when using this technique to ensure that noise inserted into the database does not affect business operations
  - - - They must be an “all-or-nothing” affair. If any part of the transaction fails, the entire transaction must be rolled back as if it never occurred.
    - - Transactions must begin operating in an environment that is consistent with all of the database’s rules (for example, all records have a unique primary key). No other transaction should ever be able to use any inconsistent data that might be generated during the execution of another transaction.
    - - Principle requires that transactions operate separately from each other. If a database receives two SQL transactions that modify the same data, one transaction must be completed in its entirety before the other transaction is allowed to modify the same data.
    - - Ensure durability through the use of backup mechanisms, such as transaction logs.
  - - - Feature that allows applications to communicate with different types of databases without having to be directly programmed for interaction with each type.
      - Proxy between applications and backend database drivers, giving application programmers greater freedom in creating solutions without having to worry about the backend database system.
    - - Many organizations are turning away from the relational model for cases where they require increased speed or their data does not neatly fit into tabular form. NoSQL databases are a class of databases that use models other than the relational model to store data.
      - Major Classes of NOSQL database
        
        Graph Databases
        
        store data in graph format, using nodes to represent objects and edges to represent relationships.
        
        useful for representing any type of network, such as social networks, geographic locations, and other datasets that lend themselves to graph representations.
        
        Document Stores
        
        similar to key/value stores in that they store information using keys, but the type of information they store is typically more complex than that in a key/value store and is in the form of a document.
        
        Common document types used in document stores include Extensible Markup Language (XML) and JavaScript Object Notation (JSON).
        
        Key/Value Stores
        
        store information in key/value pairs, where the key is essentially an index used to uniquely identify a record, which consists of a data value.
        
        useful for high-speed applications and very large datasets.
    - - Primary
        
        memory consists of the main memory resources directly available to a system’s CPU
        
        Primary memory normally consists of volatile random-access memory (RAM) and is usually the most high-performance storage resource available to a system.
      - Secondary storage
        
        consists of more inexpensive, nonvolatile storage resources available to a system for long-term use
        
        magnetic and optical media, such as tapes, disks, hard drives, flash drives, and compact disc/digital versatile disc (CD/DVD) storage.
      - Virtual Memory
        
        allows a system to simulate additional primary memory resources through the use of secondary storage
        
        For example, a system low on expensive RAM might make a portion of the hard disk available for direct CPU addressing.
      - Virtual Storage
        
        Allows a system to simulate secondary storage resources through the use of primary storage
        
        common example of virtual storage is the RAM disk that presents itself to the operating system as a secondary storage device but is actually implemented in volatile RAM
        
        provides an extremely fast filesystem for use in various applications but provides no recovery capability.
      - Random Access Storage
        
        allows the operating system to request contents from any point within the media. RAM and hard drives are examples of random access storage resources
      - Sequential Access Storage: requires scanning through the entire media from the beginning to reach a specific address. Eg. Magnetic tapes
      - Volatile Storage Loses
        
        Loses its contents when power is removed from the resource. RAM is the most common type of volatile storage resource
      - Non-volatile storage
        
        Not depend on presence of power
        
        Magnetic, Optical, NVRAM
    - - Threat of illegitimate access to storage resources
        
        Administrators should also protect against attacks that involve bypassing operating system controls and directly accessing the physical storage media to retrieve data. Use of an encrypted filesystem, which is accessible only through the primary operating system
        
        Adequate controls to ensure that shared memory and storage resources are set up with fail-safe controls so that data from one classification level is not readable at a lower classification level. :
        
        Amazon’s Simple Storage Service (S3), should take particular care to set strong default security settings that restrict public access and then to carefully monitor any changes to that policy that allow public access.
      - 2.Covert channel attacks
        
        Covert storage channels allow the transmission of sensitive data between classification levels through the direct or indirect manipulation of shared storage media
        
        Complex covert storage channels might be used to manipulate the amount of free space available on a disk or the size of a file to covertly convey information between security levels.
- - - - Configuration Status Accounting
      - Configuration Audit
      - Configuration Control
      - Configuration Identification
      - Release Control
      - Change Control
      - Request COntrol