Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Demonstrate knowledge of hardware/software/network and system integration with a

ID: 3695665 • Letter: D

Question

Demonstrate knowledge of hardware/software/network and system integration with an in-depth research on the docker technology by studying Docker and writing a four-page report.

Using recent (say, two years) publicized security incide nts, give one example for each of the three kinds of threats (exposure of data, tempering with data, denial of service).

Describe the cause and cost, and any response from a ected companies, then either suggest a policy to prevent a speci c incident from happening, or a measure to limit the damage.

Find out which operating system is involved in each incident. How does that OS is designed to ensure each user can perform only authorized operations on authorized data, and how did that fail in that particular incident (it could be a system weakness or an operator error)?

Limit your answer to 300 words, you may use additional graph illustrations.

Compare virtual memory and segmentation techniques, discuss how memory management schemes might e ect programming paradigms.

Limit your answer to 100 words, you may use additional graph illustrations.

Explanation / Answer

Docker technology

Docker is an open-source project that automates the deployment of applications inside software containers, by providing an additional layer of abstraction and automation of operating-system-level virtualization on Linux. Docker uses the resource isolation features of the Linux kernel such as cgroups and kernel namespaces, and a union-capable file system such as aufs and others to allow independent "containers" to run within a single Linux instance, avoiding the overhead of starting and maintaining virtual machines

The Linux kernel's support for namespaces mostly[8] isolates an application's view of the operating environment, including process trees, network, user IDs and mounted file systems, while the kernel's cgroups provide resource limiting, including the CPU, memory, block I/O and network. Since version 0.9 Docker includes the libcontainer library as its own way to directly use virtualization facilities provided by the Linux kernel, in addition to using abstracted virtualization interfaces via libvirt, LXC (Linux Containers) andsystemd-nspawn.

As actions are done to a Docker base image, union file system layers are created and documented, such that each layer fully describes how to recreate an action. This strategy enables Docker's lightweight images, as only layer updates need to be propagated (compared to full VMs, for example).

According to industry analyst firm 451 Research, "Docker is a tool that can package an application and its dependencies in a virtual container that can run on any Linux server. This helps enable flexibility and portability on where the application can run, whether on premises, public cloud, private cloud, bare metal, etc.

kinds of threats

1. In terms of sheer frequency, the top spot on the list of security threats must go to viruses. According to a DTI survey, 72% of all companies received infected e-mails or files last year and for larger companies this rose to 83%. Worms and Trojan horses share the first prize in malignancy: the internet experienced three worms in only 12 days last summer, causing £1.8bn in damages, according to Symantec's Internet Security Threat Report.
2. The after-effects of viruses are so dangerous that they take second place. The vulnerability here is the back doors viruses leave in their wake, or the chinks in the corporate armour that later generations of code can exploit. For example, in January, MyDoom left a back door that was subsequently exploited by Doomjuice and Deadhat. Companies that failed to close the back door, as well as rid themselves of the primary attack, remained exposed.
Another related threat is the worms that turn PCs into remote mail servers and send cascading volumes of e-mails that cause denial of service attacks. These attacks are becoming more sophisticated.
"Most mass mail viruses require the recipient to open the attachment to run the malicious code," says Carole Theriault, security consultant at anti-virus company Sophos. "However, there are viruses that can take advantage of security flaws which means that only viewing or opening the e-mail is enough to launch the malicious code."
3. Hacks, and application-specific hacks in particular, have become even smarter. Many companies are alert to the threat posed by so-called buffer overflows, the techniques by which web servers are overloaded causing a denial of service attack. But the new kid in this category, and the one the security industry is talking about, is the more advanced SQL injection.
SQL injection forces a database to yield otherwise secure information by causing it to confuse classified data, such as passwords or blueprints, with information that is for public consumption, such as product details or contacts. It is hard to do but, according to the experts, there are plenty of hackers up to the task and plenty of customers ready to pay for the service.
"We see it all the time," says David Litchfield, founder of NGSSoftware. "It is behind breaches such as the half a million credit card numbers stolen by Russian gangs or details from the Drug Enforcement Agency being sold onto drug runners. These are documented cases. SQL injection is not getting the respect it deserves."
4. Phishing, or identity theft, is most commonly targeted at bank customers but everybody should be alert to it. The bank users receive an e-mail as if from the bank asking for their log-on and password and, according to risk specialist company mi2g, less than half of 1% of customers oblige, a significant figure if millions of e-mails are sent.
A more sophisticated version of phishing, cross-site scripting, is on the rise, where users are driven to an identical but fake version of the bank's website and are lured into handing over confidential information unawares.

5. Blended attacks are combinations of two or more of the above and are doubly alarming. The solution to protecting a company against these attacks is to combine the piecemeal security systems that protect against each kind of threat. But how secure are these security systems and who is winning, the attacker or the attacked?

The threats you face
Viruses - damages worth £1.8bn in 12 days on the internet in 2003
Virus back doors - hidden after-effects with potentially devastating impact
Application-specific hacks - advanced SQL injection could be stealing your data
Phishing - duped end-users could lose faith in ITsystems
Blended attacks - criminals use multiple methods to beat even the best security.

An IT system may need protection for one or more of the following aspects of data:

compare virtual memory and segmentation techniques

Paging is used to get a large linear address space without having to buy more physical memory. Segmentation allows programs and data to be broken up into logically independent address spaces and to aid sharing and protection.

Paging does not distinguish and protect procedures and data separately.
Segmentation distinguishes and separately protects procedures and data.

Unlike segmentation, Paging does not facilitate sharing of procedures.
Paging is transparent to programmers(system handles it automatically).

Segmentation requires programmer to be aware of memory limits as programmer
tries to allocate memory to functions and variables or tries to access read
only memory violation, which results in segmentation fault
(see Segmentation fault for more details on different types of seg. faults)

Mapping from logical to physical address is different for paging and segmentation.

Here's an illustration based on 16 bit-address space:
For paging :The 6-bit page value is used to select a proper entry in process page table. the 6-bit process entry occupying the six most significant bit and the 10-bit offset occupying the 10 least significant bit forms a 16-bit physical address.



For segmentation :

The 4-bit segment of a logical address selects the proper entry in the process segment table. The base value is added to the 12 bit offset value to get the 16 bit physical address.

Related Questions

Demand rate of lug nuts = Numbe of cars produced per day * number of wheels on e
Question #374190
Demand rate, d = 1000 units per year Production rate, p = 4000 units per year Ca
Question #374324
Demand with zero transaction costs is Q1D = 50 -P and supply is Qs = -7 + 2P. a)
Question #1234393
Demand with zero transaction costs is Q1D = 50 -P and supply is Qs = -7 + 2P. a)
Question #1234416
Demand, Supply, and Market Equilibrium (graded) Price Elasticity of Demand (grad
Question #1212234
Demand, Supply, and market Equilibrium (graded) Price Elasticity of demand (grad
Question #1212232
Demand-side solutions to relieving urban congestion might include implementing f
Question #2747516
Demand: P=30-2Q Supply: P=4Q Answer Equilibrium Price____ Equilibrium Quantity__
Question #1180125
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Demonstrate fixed point numbers and arithmetic in C programming language. The nu
Next
Demonstrate mastery of Aggregate functions, grouping, and SQL joins. /* Use the

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.