Title: Week 1 Assignment
NAME: VISHAL KUMAR
Course name: ISOL536-Security
Architecture and Design
Date: January 21st,
Instructor name: Dr.
Ahmed Ben Ayed
List two ways to build visual model of your system.
data flow diagram DFD maps out the flow of information for any process or
system. Symbols such as rectangles ,circles, and arrows are use. On top of it
short labels are also written to show data inputs, outputs storage points and
the path between every destination. Data flow diagram can be simple and can be
drawn on a piece of paper to explain the process or system or it can be drawn
in depth with multi-level Data flow diagram that gives the picture of the
process in depth and with so much of detail.. it is used to anayze an existing
system or make a new model for the for the organization. Data flow diagram make
it easier to explain the process through diagrams and visual presentation of
the process which makes it easier to understand as some time words can be
difficult to understand.
is crucial to mention that data flow diagram were popularized in the late 1970s
arising from the book structured design, by computing pioneer Ed Yourdon and
Larry Constantine. There were other contributors too contributing to the
development of data flow diagram, Tom DeMarco, Chris Gane and Trish sarson
hence the name of the symbols and notations comes from their name Yourdon and
Coad, Yourdon and DeMarco, Gane and Sarson. One main difference in their
symbols is that Yourdon-Coad and Yourdon-DeMarco use circle for processes while
Gane and Sarson use rectangles with rounded corners, sometimes called lozeges.
There are other way of symbol variation in use as well. it is crucial to keep
in mind few rules and tip when crating a data flow diagram, they are as
Each process should
have at least one input and an output.
Each data store should
have at least one data flow in and one data flow out.
Data stored in a
system must go through a process.
All processes in a DFD
go to another process or a data store.
Swim lane which is also known as SwimLane diagram is a type of flowchart in
which it also clarifies who does what in the process. It gives visual
representation of connections, communication and handoffs between different
organization level and it also can show inefficiency of the employee or wastage
in the process. Other names given to Swim lane diagram is Rummler-Brache
diagram or cross-functional diagram. They are called functional bands too. Swim lane diagram was first published in the
year 1990 in Geary Rummler and Alan Brache book, improving processes.
several benefit of using swimlanes they are as follows:
makes sure person who look at swim lanes diagram know whats happening the
company and everybody know what every body is doing..
is less chance of duplication of work. For example, different departments doing
the same work. It even cut down on unnecessary step in the process.
second swim diagram can be used to model a better way of doing things in the
organization. Swimlane Diagrams can be formalized as a way
to integrate processes between teams or departments, resulting in cleaner
processes on an ongoing basis. swimlanes
introduce parallel or vertical or horizontal lines grouping the process steps
by actor, such as employee, work group department or even an information
(2) What is the best definition of a
A trust boundary can be
thought of as line drawn through a program. On one side of the line, data is
untrusted. On the other side of the line, data is assumed to be trustworthy.
The purpose of validation logic is to allow data to safely cross the trust boundary
– to move from untrusted to trusted. A trust boundary violation occurs when a
program blurs the line between what is trusted and what is untrusted. By
combining trusted and untrusted data in the same data structure, it becomes
easier for programmers to mistakenly trust unvalidated data.
Data entering from across a trust boundary
indicates every place where the receiving systems need to validate the inbound
data. Data crossing a trust boundary also means that you have identified a
place where you should examine the security of the data. It doesn’t mean
you mustencrypt or that you must authenticate,
but as you analyze the connection for vulnerabilities, you may discover that
encryption and/or authentication remediates the issues.
(3) What are the 3 most essential
questions to ask in threat modeling?
What are you building?
What can go wrong?
What are you going to do about it?
(4) In the Star Wars mnemonic, what
threat does Luke Skywalker embody?
ANSWER: In the Star Wars mnemonic, Luke
Skywalker embody Elevation of privilege
Kind of a threat.