IEEE Spectrum's Article on DDoS Attacks

In this article by Amy Nordrum, she discusses the distributed denial-of-service (DDoS) cyberattacks that were inflicted via botnets on the major internet services company, Dyn, a few weeks ago. Dyn provides internet services for some very popular websites like Twitter, Netflix, and Reddit. Dyn's services were on hold for 2 hours that Friday morning during the first attack and then Dyn detected a second attack closely after, which they were able to fend off (probably with difficulty). 

Sometimes I hear of these attacks and I am just so curious to understand how they could possibly happen. This article did a great job explaining the rudimentary procedure for how botnets can be made using malware sent to people unwittingly or how the internet of things (IoT) can be harnessed for cyberattacks. Having just joined the Cyber Security Club here at the College of Charleston, I am starting to get an idea of the process (not that I would ever use it, of course!!). I think it is important for students studying computer science or computer information systems to have a deep understanding of these concepts so that, even if we are more interested in being software developers, we are better able to build systems that can withstand attacks like this. It is far better to prevent attacks than to scramble around during one, trying to get them to stop. 

HW22: Chapter 17

17.10 > Your company wishes to move from using desktop applications to accessing the same functionality remotely as services. Identify three risks that might arise and suggest how these risks may be reduced.

  1. Security - there is definitely a risk that the information needed for the company will be less secure if it is able to be accessed remotely. This risk may be reduced by implementing extra security precautions as well as decreasing accessibility of information to only certain parties. 
  2. Failure Management - if the system is available remotely as a service, it becomes more complicated with many more parts involved in the success of the system. The system will rely on all components (the computer, the server, access to the server) functioning properly in order to work. So there is a higher risk that the system will fail because there are more components that need to work together.
  3. Transparency - because of the different components that have to work together, there is a higher risk that users will be aware of flaws in the system and inconsistencies in the software. I found this really great research paper from a student at the University of Texas. Author Sudheer Mantena discusses "Transparency in Distributed Systems":
  • Transparency: The distributed systems should be perceived as a single entity by the users or the application programmers rather than as a collection of autonomous systems, which are cooperating. The users should be unaware of where the services are located and also the transferring from a local machine to a remote one should also be transparent. (Page 2)

HW21: Chapter 20

20.10 > You work for a software company that has developed a system that provides information about consumers and that is used within a SoS by a number of other retail businesses. They pay you for services used. Discuss the ethics of changing the system interfaces without notice to coerce users into paying higher charges. Consider this question from the point of view of the company's employees, customers, and shareholders.

No! This is terrible. I am sure from the shareholder perspective, they would not mind if the users were not informed of the increase in price, but this is completely unethical. A software company has a lot of power when it comes to hiding things from the public and from their customers, but they should not take advantage of this. The employees of the software company might feel uncomfortable with having to make this unethical change to the system, but will probably be unlikely to speak up in case they lose their jobs. Customers, being unaware of the change, will not have an opinion UNTIL (because it is bound to come out eventually) it is found out that the software company increased prices without notifying consumers. Then the shareholders will pretend they had no idea and blame it on the developers. The employees will probably be out of a job anyway once the consumers find out about everything, and then those employees have a stain on their record for the rest of their careers. So, all in all, it is a terrible idea, both for ethical reasons and practical ones.

HW20: Chapter 19

19.3 > Why is it impossible to infer the emergent properties of a complex system from the properties of the system components?

The emergent properties of a system characterize the entire system - all of a system's components' properties are included in this as well as their ability to work together. The emergent properties include properties such as performance, reliability, usability, safety, and security. A component can often be considered reliable, safe, etc. when functioning on its own, but when it is a part of a system, those properties are not enough. Emergent properties encompass component properties as well as defining whether the components work together or not. It is difficult to distinguish emergent properties of a complex system from the system components because the emergent properties depend on the components working as expected.

HW19: Team Progress I

Our team project has been steadily improving over the course of the semester. My team has been absolutely awesome because we are all willing to meet on the weekends and work together to accomplish milestones in the project. We did not know each other at the beginning of the semester, but we have quickly become very trusting of each other's skills and play to our individual strengths and weaknesses very well. Together we have learned how to navigate the command line, merge our ideas with GitHub, write automating BASH scripts, build HTML pages, compile and run drivers, and program in C++. 

Our first milestone came when we met up together to clone, compile, and run our original project choice: the mWater app. Due to lack of helpful documentation and a ridiculously complicated list of dependencies, we decided (with some advice from Dr. Bowring) to not continue with testing mWater, but to work with Celestia, a space simulation application that has been around since the early 2000s. Even though it was unnecessary, Team International (that's us!) got together one Saturday morning and composed a lengthy documentation of every step it takes to get Celestia running on an Ubuntu LinuxOS using the terminal. 

After successfully being able to use the open source program, our next challenge was to begin writing tests to analyze the reliability of the software. We chose to run our tests mostly on the Math Library because some of the simpler methods (such as squaring a number or finding the area of a circle) were easy algebraic or geometric calculations that we could perform ourselves. Working with a C++ library proved challenging because we could not run the code from the command line - we had to create a .CPP driver first which we would have to compile before we were able to pass any inputs to the mini-program. Our team worked late into the night to get the drivers working and by now, it seems like it should have been easy!

We have just finished working on automating the testing process using a BASH script that will iterate through all the testCase.txt files that we will make (at least 25 of them), use the associated driver to pass an input to, and compare the return value with the expected value. And, once this magic is complete, we will open an .HTML file that displays the results of the test in a browser window. Again, after many texts, meetings, late-night delivered pizzas, and excited "whoops" of triumph later, we are almost to the point where we just need to clean up our project and make it presentable. If we are to make our GitHub repository public, we will need to organize the project a little bit better and provide better documentation of all our steps. 

We have all felt that the project has greatly increased our knowledge in a variety of directions. I myself had never even written a script before this course, so I consider it a huge success that I can now write one that uses the information in my file system as fodder for its calculations. Good job, team!

 

Here is a screenshot of the browser window that is displayed once the tests are run. We will be working on some .CSS formatting for it (because it is hideous at the moment!) and adding some more information about the tests.