Question Paper March 2014 Degree Bridge Course (Equivalent to 10 2 !td"#$ !

u%& Data Entr' (DBC (D$ )i*e+ (hours ." /ns0er the 1ollo0ing question in one sentence each&
1. Expand CPU. central processing unit

Ma,i*u* +-0 10 , 1210

2. What is Ram? RANDOM ACCESS MEMORY 3. What is the functi n f MAR? MAR holds the memory location of data that needs to be accessed. When reading from memory, !. Name an" ne f the US# De$ise. SCAN%E& 5. Expand SDRM. Synchronous dynamic random memory 6. What is W 'm? malware computer program 7. Expand SDRM. Synchronous dynamic random memory 8. Expand US#. Universal Serial Bus (USB) 9. What is c mpute' c( c) speed? , 1.50 GHz 1.! GHz *+. Exp(ain inst'ucti n set. .." /ns0er an' ten o1 the 1ollo0ing question in 2 to ( sentences each& **. W'ite at (east , t - c mp nents f the M the' # a'd. *2. W'ite the Name f the fi$e su.s"stems t c nt' ( the net/ '). i0 S&ORA1E MODU2ES ii0 3UNC&4ONA2MODU2ES 5 pe'at 's0 iii0DA&APA&6S 5s/itches and /i'es0 i$0 CON&RO2 PO4N&S $0 COND4&4ON PO4N&S *7. What is PC ca'd? A PC Card (previously known as a PCMCIA card is a credi! card"si#e $e$ory or I%& device !'a! (i!s in!o a personal co$pu!er) usually a no!e*ook or lap!op co$pu!er. Pro*a*ly !'e $os! co$$on use o( a PC Card is !'e !eleco$$unica!ions $ode$ (or no!e*ook co$pu!ers. +'ere are 16"*inary di,i! and 3-"*i! (Card.us varie!ies o( PC Cards. Ano!'er !ype o( PC card is !'e/0 por! Card. *!. 6 / 8 ice Mai( W ')s. " call to any business or home used to mean one of three things ## an answer, a busy signal or endless, unanswered ringing. $ncreasingly, it now means an encounter with %oice mail. %oice messages ha%e become a routine part of e%eryone&s day, if not the most common electronic message system used. "t wor', on your cell phone and at home, almost e%eryone has at least one %oice mail account, and sometimes more than one. *,. 3e/ D'a/.ac)s f E(ect' nic Mai(. The recipient needs access to the Internet to receive email. Viruses are easily spread via email attachments (most email providers scan emails for viruses on your behalf). Phishing - sending an email to a user falsely claiming to be a legitimate company to scam the user into providing information, such as personal information and bank account numbers on a bogus website. The details will then be used for identity theft. 10 , 22 20

No guarantee the mail will be read until the user logs on and checks their email. Spam - unsolicited email, ie unk mail. *-. 3u(( Dup(ex. " duplex communication system is a point#to#point system composed of two connected parties or de%ices that can communicate with one another in both directions, simultaneously. "n e(ample of a duple( de%ice is a telephone. )he people at both ends of a telephone call can spea' at the same time and simultaneously each be heard by the other at the same time. )he earphone reproduces the speech of the other person as the microphone transmits the speech of the local person, because there is a two#way communication channel between them. *9. Exp(ain Se'ia( Data &'ansmissi n. $n telecommunication and computer science, serial communication is the process of sending data one bit at a time, se*uentially, o%er acommunication channel or computer bus. )his is in contrast to parallel communication, where se%eral bits are sent as a whole, on a lin' with se%eral parallel channels. +erial communication is used for all long#haul communication and most computer networ's, where the cost of cable and synchronization difficulties ma'e parallel communication impractical. +erial computer buses are becoming more common e%en at shorter distances, as impro%ed signal integrity and transmission speeds in newer serial technologies ha%e begun to outweigh the parallel bus&s ad%antage of simplicity (no need for serializer and deserializer, or +er,es- and to outstrip its disad%antages (cloc' s'ew, interconnect density-. )he migration from ./$ to ./$ 0(press is an e(ample. *:. E(a. 'ate n Data Definiti n (an;ua;e. ,ata ,efinition 1anguage is used to modify the schema of the database. $t will ne%er impact the user rights for the database. 2therwise, it can erase records in some tables. $t describes three statements3 /40")0, "1)04 and ,42.. *<. Name t/ &"pe C n$e'si ns. !outine type conversion in the framework is transparent. "enerally, all you need to do is ensure that #T$% inputs have names that can be used in &"N% e'pressions. (#T$% inputs are form elements and other "(T)*&+T parameters.)

, -uilt in Type .onversion +upport / !elationship to *arameter Names 0 .reating a Type .onverter 1 2pplying a Type .onverter to an 2ction 3 2pplying a Type .onverter to a bean or model 2+. Editin; Rec 'ds=Exp(ain.
" CNAME record is an abbre%iation for Canonical Name record and is a type of resource record in the ,omain 5ame +ystem (,5+- used to specify that a domain name uses the $. addresses of another domain, the 6canonical6 domain. )his is con%enient when running multiple ser%ices (li'e an 7). ser%er and a webser%er8 each running on different ports- from a single $. address. 9ou can, for e(ample,

point ftp.example.com and www.example.com to the " record example.com, which in turn points to the $.# address. )hen, if you e%er need to change the $.#address, you only ha%e to change it in one place (" record-. /5":0 records must always be pointed to another domain name, ne%er to an $.#address.

2*. What is the c mm n use f (in)in; data? Common Data Lin !CDL) is a secure ;.+. military communications protocol. $t was established by the ;.+. ,epartment of ,efense in 1<<1 as the military&s primary protocol for imagery and signals intelligence.=1>=?> /,1 operates within the @u band at data rates up to ?AB :bit s. /,1 allows forfull duple( data e(change. )he 790C "uthorization "ct (.ublic 1aw 10<#1C!- re*uires use of /,1 for all imagery, unless wai%er is granted. )he primary reason wai%ers are granted is from the inability to carry the !00 pound radios on a small (!0 pound- aircraft. 0merging technology e(pects to field a ?#pound %ersion by the end of the decade (?010-. )he "actical Common Data Lin !"CDL) is a secure data lin' being de%eloped by the ;.+. military to send secure data and streaming %ideo lin's from airborne platforms to ground stations. )he )/,1 can accept data from many different sources, then encrypt, multiple(, encode, transmit, demultiple(, and route this data at high speeds. $t uses a @u narrowband uplin' that is used for both payload and %ehicle control, and a wideband downlin' for data transfer. 22. Exp(ain a. ut sea'ch en;ines. +earch engines are programs that search documents for specified'eywords and returns a list of the documents where the 'eywords were found. " search engine is really a general class of programs, howe%er, the term is often used to specifically describe systems li'e Google, Ding and 9ahooE +earch that enable users to search for documents on the World Wide Web.

..."/ns0er an' 1our o1 the 1ollo0ing question in 13 to 20 sentences each& 27. Exp(ain Se'ia( Data &'ansmissi n.

4 , 32 20

:any serial communication systems were originally designed to transfer data o%er relati%ely large distances through some sort of data cable. )he term 6serial6 most often refers to the 4+?!? port on the bac' of the original $D: ./, often called 6the6 serial port, and 6the6 serial cable designed to plug into it, and the many de%ices designed to be compatible with it. .ractically all long#distance communication transmits data one bit at a time, rather than in parallel, because it reduces the cost of the cable. )he cables that carry this data (other than 6the6 serial cableand the computer ports they plug into are usually referred to with a more specific name, to reduce confusion. @eyboard and mouse cables and ports are almost in%ariably serial ## such as .+ ? port and "pple ,es'top Dus and ;+D. )he cables that carry digital %ideo are almost in%ariably serial ## such as coa( cable plugged into a H,#+,$ port, a webcam plugged into a ;+D port or 7irewire port, 0thernet cable connecting an $. camera to a .ower o%er 0thernet port, 7.,#1in', etc.

2ther such cables and ports, transmitting data one bit at a time, include +erial ")", +erial +/+$, 0thernet cable plugged into 0thernet ports, the,isplay ,ata /hannel using pre%iously reser%ed pins of the FG" connector or the ,F$ port or the H,:$ port. Serial #uses :any communication systems were generally originally designed to connect two integrated circuits on the same printed circuit board, connected bysignal traces on that board (rather than e(ternal cables-. $ntegrated circuits are more e(pensi%e when they ha%e more pins. )o reduce the number of pins in a pac'age, many $/s use a serial bus to transfer data when speed is not important. +ome e(amples of such low#cost serial buses include +.$, $G/, ;5$ 2, and 1#Wire. Serial versus parallel )he communication lin's across which computersHor parts of computersHtal' to one another may be either serial or parallel. " parallel lin' transmits se%eral streams of data simultaneously along multiple channels (e.g., wires, printed circuit trac's, or optical fibres-8 a serial lin' transmits a single stream of data. "lthough a serial lin' may seem inferior to a parallel one, since it can transmit less data per cloc' cycle, it is often the case that serial lin's can be cloc'ed considerably faster than parallel lin's in order to achie%e a higher data rate. " number of factors allow serial to be cloc'ed at a higher rate3

/loc' s'ew between different channels is not an issue (for uncloc'ed asynchronous serial communication lin's-. " serial connection re*uires fewer interconnecting cables (e.g., wires fibres- and hence occupies less space. )he e(tra space allows for better isolation of the channel from its surroundings. /rosstal' is less of an issue, because there are fewer conductors in pro(imity.

$n many cases, serial is a better option because it is cheaper to implement. :any $/s ha%e serial interfaces, as opposed to parallel ones, so that they ha%e fewer pins and are therefore less e(pensi%e. 2!. Exp(ain Pa'a((e( Data &'ansmissi n. $n telecommunication and computer science, parallel communication is a method of con%eying multiple binary digits (bits- simultaneously. $t contrasts with serial communication, which con%eys only a single bit at a time8 this distinction is one way of characterizing a communications lin'. )he basic difference between a parallel and a serial communication channel is the number of electrical conductors used at the physical layer to con%ey bits. .arallel communication implies more than one such conductor. 7or e(ample, an I#bit parallel channel will con%ey eight bits (or a bytesimultaneously, whereas a serial channel would con%ey those same bits se*uentially, one at a time. $f both channels operated at the same cloc' speed, the parallel channel would be eight times faster. " parallel channel may ha%e additional conductors for other signals, such as a cloc' signal to pace the flow of data, a signal to control the direction of data flow, and handsha'ing signals. Defore the de%elopment of high#speed serial technologies, the choice of parallel lin's o%er serial lin's was dri%en by these factors3

+peed3 +uperficially, the speed of a parallel data lin' is e*ual to the number of bits sent at one time times the bit rate of each indi%idual path8 doubling the number of bits sent at once doubles the data rate. $n practice, cloc' s'ew reduces the speed of e%ery lin' to the slowest of all of the lin's. /able length3 /rosstal' creates interference between the parallel lines, and the effect worsens with the length of the communication lin'. )his places an upper limit on the length of a parallel data connection that is usually shorter than a serial connection. /omple(ity3 .arallel data lin's are easily implemented in hardware, ma'ing them a logical choice. /reating a parallel port in a computer system is relati%ely simple, re*uiring only a latch to copy data onto a data bus. $n contrast, most serial communication must first be con%erted bac' into parallel form by a uni%ersal asynchronous recei%er transmitter (;"4)- before they may be directly connected to a data bus.

)he decreasing cost of integrated circuits, combined with greater consumer demand for speed and cable length, has led to parallel communication lin's becoming deprecated in fa%or of serial lin's8 for e(ample, $000 1?IB printer ports %s. ;+D, .arallel ")" %s. +erial ")", and +/+$ %s. 7ireWire. 2n the other hand, there has been a resurgence of parallel data lin's in 47 communication. 4ather than transmitting one bit at a time (as in :orse code and D.+@-, well#'nown techni*ues such as .+:, .":, and :ultiple#input multiple#output communication send a few bits in parallel. (0ach such group of bits is called a 6symbol6-. +uch techni*ues can be e(tended to send an entire byte at once (?5C#J":-. :ore recently techni*ues such as 27,: ha%e been used in "symmetric ,igital +ubscriber 1ine to transmit o%er ??B bits in parallel, and in ,FD#) to transmit o%er C0BI bits in parallel. 2,. 8a'i us ad$anta;es f usin; D#MS. )here are many ways to store your data, so what are the ad%antages of using a ,atabase :anagement +ystem (,D:+- li'e +par'le,D o%er other storage typesK ,ata independence Application programs should be as independent as possible from details of data representation and storage. The DBMS can provide an abstract view of the data to insulate application code from such details. 0fficient data access A DBMS utilizes a variety of sophisticated techniques to store and retrieve data efficiently. This feature is especially important if the data is stored on e ternal storage devices. ,ata integrity and security !f data is always accessed through the DBMS" the DBMS can enforce integrity constraints on the data. #or e ample" before inserting salary information for an employee" the DBMS can chec$ that the department budget

is not e ceeded. Also" the DBMS can enforce access controls that govern what data is visible to different classes of users. ,ata administration %hen several users share the data" centralizing the administration of data can offer significant improvements. & perienced professionals who understand the nature of the data being managed" and how different groups of users use it" can be responsible for organizing the data representation to minimize redundancy and for retuning the storage of the data to ma$e retrieval efficient. /oncurrent access and crash reco%ery A DBMS schedules concurrent accesses to the data in such a manner that users can thin$ of the data as being accessed by only one user at a time. #urther" the DBMS protects users from the effects of system failures. 4educed application de%elopment time 'learly" the DBMS supports many important functions that are common to many applications accessing data stored in the DBMS. This" in con(unction with the high)level interface to the data" facilitates quic$ development of applications. Such applications are also li$ely to be more robust than applications developed from scratch because many important tas$s are handled by the DBMS instead of being implemented by the application. 2-. Exp(ain E(ect' nics Data P' cessin;. Electronic Data $rocessin% (ED$- can refer to the use of automated methods to process commercial data. )ypically, this uses relati%ely simple, repetiti%e acti%ities to process large %olumes of similar information. 7or e(ample3 stoc' updates applied to an in%entory, ban'ing transactions applied to account and customer master files, boo'ing and tic'eting transactions to an airline&s reser%ation system, billing for utility ser%ices. )he modifier 6electronic6 or 6automatic6 was used with 6data processing6 (,.-, especially ca. 1<C0, to distinguish human clerical data processing from that done by compute )he first commercial business computer was de%eloped in the ;nited @ingdom in 1<51, by the L. 1yons and /o. catering organization.=!> )his was 'nown as the &1yons 0lectronic 2ffice& # or 102 for short. $t was de%eloped further and used widely during the 1<C0s and early 1<A0s. (Loe 1yons formed a separate company to de%elop the 102 computers and this subse*uently merged to form 0nglish 0lectric 1eo :arconi and then $nternational /omputers 1td.- =B> Dy the end of the 1<50s punched card manufacturers, Hollerith, .ower#+amas, $D: and others, were also mar'eting an array of computers =?>. 0arly commercial systems were installed e(clusi%ely by large organizations. )hese could afford to in%est the time and capital necessary to purchase hardware, hire specialist staff to de%elop bespo'e software and wor' through the conse*uent (and often une(pected- organizational and cultural changes. "t first, indi%idual organizations de%eloped their own software, including data management utilities, themsel%es. ,ifferent products might also ha%e &one#off& bespo'e software. )his fragmented approach

led to duplicated effort and the production of management information needed manual effort. =citation
needed>

High hardware costs and relati%ely slow processing speeds forced de%elopers to use resources &efficiently&. ,ata storage formats were hea%ily compacted, for e(ample. " common e(ample is the remo%al of the century from dates, which e%entually led to the &millennium bug&. ,ata input re*uired intermediate processing %ia punched paper tape or punched card and separate input to a repetiti%e, labor intensi%e tas', remo%ed from user control and error#prone. $n%alid or incorrect data needed correction and resubmission with conse*uences for data and account reconciliation. 29. Wh" C (an;ua;e is is p pu(a'. 2:. Exp(ain #asic input and utput functi ns.

.4" /ns0er an' t0o o1 the 1ollo0ing question in (0 to 40 sentences each& 2<. Exp(ain the &"pica( causes f S"stem 3ai(u'e.

2 , 10220

2ne of the things that ma'es continuous impro%ement efforts simultaneously stimulating and frustrating is what often seems to be a constant stream of problems. +trong problem sol%ing s'ills are essential to successful continuous impro%ement acti%ities. Without these s'ills one is doomed to sol%ing the same problems repeatedly. )his paper presents a methodology for identifying and eliminating problem root causes, and specifically, the root causes of comple( systems failures. 2ur discussion begins with systems failure and systems failure analysis definitions. " systems failure occurs when a system does not meet its re*uirements. " laser failing to designate its target, an aerial refueling system failing to transfer fuel at the proper flow rate, a blood chemistry analyzer failing to pro%ide accurate test results, a munition that detonates prematurely, and other similar conditions are all systems failures. " systems failure analysis is an in%estigation to determine the underlying reasons for the nonconformance to system re*uirements. " systems failure analysis is performed to identify nonconformance root causes and to recommend appropriate correcti%e actions.

Figure 1. The Systems Failure Analysis Process. This approach assures root cause identification and effective corrective action implementation. 7igure 1 shows our recommended systems failure analysis approach. +ystems failure analysis begins with a clear understanding of the failure (i.e., a definition of the problem-. 2nce this has been accomplished, all potential failure causes are identified using fault tree analysis. )he process than obMecti%ely e%aluates each of the potential failure causes using se%eral techni*ues, including 6what&s different6 analysis, pedigree analysis, failed hardware analysis, and designed e(periments. )hese techni*ues help in con%erging on the causes of failure among many identified potential causes. 2nce the failure causes ha%e been identified, the approach outlined herein de%elops a range of correcti%e actions and then selects and trac's optimum correcti%e action implementation. &ault "ree Analysis' (denti)yin% All $otential &ailure Causes When confronted with a systems failure, there is often a natural tendency to begin disassembling hardware to search for the cause. )his is a poor approach. 7ailed hardware can re%eal %aluable information and safeguards are necessary to pre%ent losing that information from careless teardown procedures. 2ne must 'now what to loo' for prior to disassembling failed hardware. )his is where fault tree analysis enters the picture. 7ault tree analysis is a graphical techni*ue that identifies all potential failure causes. )he approach was de%eloped in the early 1<C0s by Dell 1aboratories wor'ing with the ;.+. "ir 7orce and Doeing on the :inuteman missile de%elopment program. When de%eloping this system, Doeing and the "ir 7orce were concerned about inad%ertently launching a nuclear missile. )he "ir 7orce needed a techni*ue that could analyze the missile, its launch system, the crew, and all other aspects of the complete weapon system to identify all potential causes of an inad%ertent launch. Dell 1aboratories de%eloped the fault tree techni*ue for this purpose. )he fault tree starts with a top undesired e%ent, which is the system failure mode for which one is attempting to identify all potential causes. )he analysis then continues to se*uentially de%elop all potential causes.

We&ll e(amine a simple e(ample to see how this is done, but first, let&s consider fault tree analysis symbology. 7igure ? shows the symbols used by the fault tree. )here are two categories of symbols3 e%ents and gates. 1et&s first consider the four different symbols for e%ents. )he rectangle is called a command e%ent, and it represents a condition that is induced by the e%ents immediately below it (we&ll see how shortly-. )he circle represents a basic failure e%ent (these are typically component failures, such as a resistor failing open, or a structural member crac'ing-. )he house represents a normally occurring e%ent (for e(ample, if electrical power is normally present on a power line, the house would be used to represent this e%ent-. )he last e%ent symbol is the diamond (it loo's li'e a rectangle with the corners remo%ed-, which can represent either a human error or an unde%eloped e%ent. " human error might be a pilot&s failure to e(tend the landing gear when landing an aircraft, a technician&s failure to properly adMust a %ariable resistor, or a crew member inad%ertently depressing a self#destruct button on a missile control console. "n unde%eloped e%ent is one that re*uires no further de%elopment. ;sually command e%ents considered e(tremely unli'ely are designated as unde%eloped e%ents to show that they ha%e been considered and eliminated as a possible failure causes. 7ault tree e%ents are lin'ed by gates to show the relationships between the e%ents. )here are two types of gates3 6and6 gates, and 6or6 gates. )he 6and6 gate signifies that all e%ents beneath it must occur simultaneously to result in the e%ent abo%e it. )he 6or6 gate means that if any of the e%ents beneath it occur, the e%ent abo%e it will result.

Figure 2. Fault Tree Symbology. Different symbols represent events and logic gates. )he best approach for de%eloping the fault tree is to assemble a team consisting of personnel with a good understanding of how the system is supposed to operate and associated support functions. )he team should typically include an engineer, a *uality engineer, a manufacturing engineer, an assembly technician, and perhaps others, depending on the nature of the failure. 1et&s now e(amine how all of the abo%e comes together to generate a fault tree analysis. We&ll consider a simple systems failure analysis. +uppose we ha%e a system with a light bulb that screws into a soc'et, and the light bulb illuminates when someone turns a switch on. 7igure ! shows a schematic for this system. 2ne day, we flip the switch and the light bulb does not come on.

Figure 3.

ight !ulb "iring Schematic. This is the system for #hich #e$ll prepare a fault tree analysis.

)he first step to define the problem. )he problem here is that the light bulb does not illuminate. )his becomes the top undesired e%ent in the fault tree for this system failure, and 7igure B shows it in a command e%ent (the rectangle symbol-. )op undesired e%ents are always shown in a command e%ent symbol, as they will be commanded to occur by e%ents in the tree below.

Figure %. &ndicator ight Fault Tree Analysis. This simple fault tree develops potential causes for an indicator light system failing to illuminate.

)he ne(t step is to loo' for the immediately adMacent causes that can induce the top undesired e%ent. )his is a critically important concept. " common shortcoming is to Mump around in the system, and start listing things li'e a power loss in the building, a failed switch, and perhaps other e%ents, but the fault tree re*uires discipline. 2ne has to loo' for the internal or immediately adMacent causes. "n approach for doing this is to imagine yourself as the light bulb, screwed into the soc'et, and as' 6what can happen in me or right ne(t to me to pre%ent me from illuminatingK6 $f one considers only these conditions, the answers are3

"n open light bulb filament /ontaminated terminals in the soc'et " bulb that&s not fully screwed into the soc'et 5o electrical energy from the soc'et

We show these e%ents immediately below the top undesired e%ent and determine which symbol is appropriate for each. )he open filament is a basic component failure, so it goes in a circle symbol. /ontaminated terminals in the soc'et could be caused by a %ariety of conditions, but for the purposes of this analysis we won&t fully de%elop these, and we&ll put contaminated terminals in an unde%eloped e%ent symbol (the diamond-. 5ot fully screwing the bulb into the soc'et is a human error, so it goes into a human error symbol (also a diamond-. 7inally, no energy from the soc'et is a condition that will be commanded to occur if other e%ents occur elsewhere in the system. )his e%ent becomes a command e%ent, and it goes into a rectangle.

7+. Exp(ain a. ut C mpute' Secu'it". Computer security (also 'nown as cy#ersecurity or (" security- is information security as applied tocomputers and computer networ's. )he field co%ers all the processes and mechanisms by which computer#based e*uipment, information and ser%ices are protected from unintended or unauthorized access, change or destruction. /omputer security also includes protection from unplanned e%ents and natural disasters. +ecurity by design, or alternately secure by design, means that the software has been designed from the ground up to be secure. $n this case, security is considered as a main feature. +ome of the techni*ues in this approach include3

)he principle of least pri%ilege, where each part of the system has only the pri%ileges that are needed for its function. )hat way e%en if an attac'ergains access to that part, they ha%e only limited access to the whole system. "utomated theorem pro%ing to pro%e the correctness of crucial software subsystems. /ode re%iews and unit testing are approaches to ma'e modules more secure where formal correctness proofs are not possible. ,efense in depth, where the design is such that more than one subsystem needs to be %iolated to compromise the integrity of the system and the information it holds. ,efault secure settings, and design to 6fail secure6 rather than 6fail insecure6 (see fail#safe for the e*ui%alent in safety engineering-. $deally, a secure system should re*uire a deliberate,

conscious, 'nowledgeable and free decision on the part of legitimate authorities in order to ma'e it insecure.

"udit trails trac'ing system acti%ity, so that when a security breach occurs, the mechanism and e(tent of the breach can be determined. +toring audit trails remotely, where they can only be appended to, can 'eep intruders from co%ering their trac's. 7ull disclosure to ensure that when bugs are found the 6window of %ulnerability6 is 'ept as short as possible. +ecurity "rchitecture can be defined as the design artifacts that describe how the security controls (security countermeasures- are positioned, and how they relate to the o%erall information technology architecture. )hese controls ser%e to maintain the system&s *uality attributes3 confidentiality,

2ne use of the term 6computer security6 refers to technology that is used to implement secure operating systems. :uch of this technology is based on science de%eloped in the 1<I0s and used to produce what may be some of the most impenetrable operating systems e%er. )hough still %alid, the technology is in limited use today, primarily because it imposes some changes to system management and also because it is not widely understood. +uch ultra#strong secure operating systems are based on operating system 'ernel technology that can guarantee that certain security policies are absolutely enforced in an operating en%ironment. "n e(ample of such a /omputer security policy is the Dell#1a.adula model. )he strategy is based on a coupling of special microprocessor hardware features, often in%ol%ing the memory management unit, to a special correctly implemented operating system 'ernel. )his forms the foundation for a secure operating system which, if certain critical parts are designed and implemented correctly, can ensure the absolute impossibility of penetration by hostile elements. )his capability is enabled because the configuration not only imposes a security policy, but in theory completely protects itself from corruption. 2rdinary operating systems, on the other hand, lac' the features that assure this ma(imal le%el of security. )he design methodology to produce such secure systems is precise, deterministic and logical. +ystems designed with such methodology represent the state of the art =clarification needed> of computer security although products using such security are not widely 'nown. $n sharp contrast to most 'inds of software, they meet specifications with %erifiable certainty comparable to specifications for size, weight and power. +ecure operating systems designed this way are used primarily to protect national security information, military secrets, and the data of international financial institutions. )hese are %ery powerful security tools and %ery few secure operating systems ha%e been certified at the highest le%el (2range Doo' "#1- to operate o%er the range of 6)op +ecret6 to 6unclassified6 (including Honeywell +/2:., ;+"7 +"/,$5, 5+" Dlac'er and Doeing :1+ 1"5-. )he assurance of security depends not only on the soundness of the design strategy, but also on the assurance of correctness of the implementation, and therefore there are degrees of security strength defined for /2:.;+0/. )he /ommon /riteria *uantifies security strength of products in terms of two components, security functionality and assurance le%el (such as 0"1 le%els-, and these are specified in a .rotection .rofile for re*uirements and a +ecurity )arget for product descriptions. 5one of these ultra#high assurance secure general purpose operating systems ha%e been produced for decades or certified under /ommon /riteria. $n ;+" parlance, the term High "ssurance usually suggests the system has the right security functions that are implemented robustly enough to protect ,o, and ,o0 classified information. :edium assurance suggests it can protect less %aluable information, such as income ta( information.

+ecure operating systems designed to meet medium robustness le%els of security functionality and assurance ha%e seen wider use within both go%ernment and commercial mar'ets. :edium robust systems may pro%ide the same security functions as high assurance secure operating systems but do so at a lower assurance le%el (such as /ommon /riteria le%els 0"1B or 0"15-. 1ower le%els mean we can be less certain that the security functions are implemented flawlessly, and therefore less dependable. )hese systems are found in use on web ser%ers, guards, database ser%ers, and management hosts and are used not only to protect the data stored on these systems but also to pro%ide a high le%el of protection for networ' connections and routing ser%ices. $f the operating en%ironment is not based on a secure operating system capable of maintaining a domain for its own e(ecution, and capable of protecting application code from malicious sub%ersion, and capable of protecting the system from sub%erted code, then high degrees of security are understandably not possible. While such secure operating systems are possible and ha%e been implemented, most commercial systems fall in a &low security& category because they rely on features not supported by secure operating systems (li'e portability, and others-. $n low security operating en%ironments, applications must be relied on to participate in their own protection. )here are &best effort& secure coding practices that can be followed to ma'e an application more resistant to malicious sub%ersion. $n commercial en%ironments, the maMority of software sub%ersion %ulnerabilities result from a few 'nown 'inds of coding defects. /ommon software defects include buffer o%erflows, format string %ulnerabilities, integer o%erflow, and code command inMection. )hese defects can be used to cause the target system to e(ecute putati%e data. Howe%er, the 6data6 contain e(ecutable instructions, allowing the attac'er to gain control of the processo