Please look this over and make sure it makes sense and is written right. Also, make sure it is all correct. If a question is not correct please fix it. Thank you.

Make a seven (7) layer diagram of an operating system. Explain the function of each layer, and how they interact. Then discuss what types of encryption are used in each layer. You should also identify when encryption is not used on layers, and explain why this is not a common practice.

There are n numbers of users who use computer network and are located over the world. So to ensure, national and worldwide data communication, systems must be developed which are compatible to communicate with each other ISO has developed a standard. ISO stands for International organization of Standardization. This is called a model for Open System Interconnection (OSI) and is commonly known as OSI model.

The ISO-OSI model is a seven layer architecture. It defines seven layers or levels in a complete communication system. They are:

1 Application Layer

2 Presentation Layer

3 Session Layer

4 Transport Layer

5 Network Layer

6 Datalink Layer

7 Physical Layer

Below we have the complete representation of the OSI model, showcasing all the layers and how they communicate with each other.

OSI Model Layer 1: The Physical Layer

1 Physical Layer is the lowest layer of the OSI Model.

2 It activates, maintains and deactivates the physical connection.

3 It is responsible for transmission and reception of the unstructured raw data over network.

4 Voltages and data rates needed for transmission is defined in the physical layer.

5 It converts the digital/analog bits into electrical signal or optical signals.

6 Data encoding is also done in this layer.

OSI Model Layer 2: Data Link Layer

1 Data link layer synchronizes the information which is to be transmitted over the physical layer.

2 The main function of this layer is to make sure data transfer is error free from one node to another, over the physical layer.

3 Transmitting and receiving data frames sequentially is managed by this layer.

4 This layer sends and expects acknowledgements for frames received and sent respectively. Resending of non-acknowledgement received frames is also handled by this layer.

5 This layer establishes a logical layer between two nodes and also manages the Frame traffic control over the network. It signals the transmitting node to stop, when the frame buffers are full.

OSI Model Layer 3: The Network Layer

1 Network Layer routes the signal through different channels from one node to other.

2 It acts as a network controller. It manages the Subnet traffic.

3 It decides by which route data should take.

4 It divides the outgoing messages into packets and assembles the incoming packets into messages for higher levels.

OSI Model Layer 4: Transport Layer

1 Transport Layer decides if data transmission should be on parallel path or single path.

2 Functions such as Multiplexing, Segmenting or Splitting on the data are done by this layer

3 It receives messages from the Session layer above it, convert the message into smaller units and passes it on to the Network layer.

4 Transport layer can be very complex, depending upon the network requirements.

Transport layer breaks the message (data) into small units so that they are handled more efficiently by the network layer.

OSI Model Layer 5: The Session Layer

1 Session Layer manages and synchronize the conversation between two different applications.

2 Transfer of data from source to destination session layer streams of data are marked and are resynchronized properly, so that the ends of the messages are not cut prematurely and data loss is avoided.

OSI Model Layer 6: The Presentation Layer

1 Presentation Layer takes care that the data is sent in such a way that the receiver will understand the information (data) and will be able to use the data.

2 While receiving the data, presentation layer transforms the data to be ready for the application layer.

3 Languages(syntax) can be different of the two communicating systems. Under this condition presentation layer plays a role of translator.

4 It perfroms Data compression, Data encryption, Data conversion etc.

OSI Model Layer 7: Application Layer

1 Application Layer is the topmost layer.

2 Transferring of files disturbing the results to the user is also done in this layer. Mail services, directory services, network resource etc are services provided by application layer.

3 This layer mainly holds application programs to act upon the received and to be sent data.

Explain, in detail, the problem of buffer overflow. Be sure to explain: when it occurs, how it occurs and what protections you can build into your code in order to avoid it. Explain the differences in the protections you would use with Java, and a language such as C++. Why are these languages different in this regard?

A buffer is a temporary area for data storage. When more data than was originally allocated to be stored in a buffer gets placed there by a program or system process, the extra data will overflow, hence the name, causing some of that data to leak out into other buffers, which can corrupt or overwrite whatever data they were holding.

In a buffer-overflow attack, the extra data sometimes holds specific instructions for actions intended by a hacker or malicious user; for example, the data could trigger a response that damages files, changes data or unveils private information.

Hackers would use a buffer-overflow exploit to take advantage of a program that is waiting on a user's input. There are two types of buffer overflows: stack-based and heap-based. Heap-based, which are difficult to execute and the least common of the two, attack an application by flooding the memory space reserved for a program. Stack-based buffer overflows, which are more common among hackers, exploit applications and programs by using what is known as a stack: memory space used to store user input.

A stack can only hold a certain amount of data, and if the input string is longer than the amount of space reserved, then the result is an overflow, creating a security hole. Savvy malicious hackers seek out these flaws with specially written commands that cause an overflow and trigger an attack. Once the malicious command causes the overflow, the hacker must still execute the command by indicating a return address that points to the command. The buffer overflow causes the application to crash partially, but it tries to recover by going to the return address, which has been redirected to the malicious command by the hacker.

When the buffer-overflow attack runs the command found at the new return address, the program thinks it is still running. This means that the command prompt window that has been opened is running with the program's or application's same set of executable permissions as the application that was compromised, allowing the hacker to gain full control of the operating system.

How to stop a buffer overflow from attacking applications

1. Avoid using library files: Library files, which are used in programming language and are inherently insecure, are a target for hackers during application attacks. Any weakness found by a hacker in a library file will also exist in all applications that use that library file, giving hackers a glaring target for a potential attack.

2. Filter user input: Filtering out possibly dangerous HTML code and characters that could cause database problems. For example, in ASP code, the apostrophe, quotation mark and ampersand symbols are all reserved symbols. These reserved symbols can't be included within a user's input or they will cause the application to crash. Filter them out and replace them with something else to avoid complications and problems.

3. Test applications: Be sure to test all applications prior to deployment; trying to break into every application to ensure secure coding. If the application breaks, it will be clear that there is a problem that needs to be fixed before a hacker is able to exploit it.

The point to remember is that "Buffer Overflow" is the name for a trick used to hack systems as well as the name of a common programming error.

Java protects the programmer from the common programming error called "Buffer Overflow" by consistently throwing ArrayIndexOutofBounds exceptions whenever an attempt to access an array outside its bounds is made.

Java defends the system from the common hacking technique called "Buffer Overflow" by making sure that attempts to access outside the bounds of allocated memory does not cause memory corruption.

C and C++ are vulnerable to the hacking technique called "Buffer Overflow" because they allow access of unallocated memory and merely state that the effect of this activity is undefined.

Assume that we want to model a system where security administrators (SAs) have control over objects, and determine who (i.e., userid) is allowed to access what object. However, the security administrators are not allowed to access the objects themselves. How would you model this, in terms of access control protections?

consider a system is having objects and security administrator would have to assign these to the users. For every system there is a way to create this objects and to view this objects. So inorder to make the security administrators to restrict these object access to view the data inside it.

Rather than that we can give him just the display objects access without giving edit or change permissions. So that he will be having the permission to display obects only. So that when ever he need to give the object permission to any user he will just give the object name to the user permissions tab. In this case user will get the control over that but in any case security administrator can't have the permission to see the object .

For example to understand clearly if we take SAP as example to develop and access objects we have the transaction SU24 but if we disable the transaction security administrators can't access the objects. But when the time of user creation or object assignment he can give directly the objects in the objects tab. Here the work of security admin has been done with out accessing object as well as the user got the control over object.

Diagram a typical PC Bus structure, and explain the function of all the items on the diagram.

A group of lines that serves as a connecting path for several devices is called bus.

Bus is a subsystem that transfers data between computer components inside a computer or between computers.

A computer bus structure is provided which permits replacement of removable modules during operation of a computer

wherein means are provided to precharge signal output lines to within a predetermined range prior to the usage of the

signal output lines to carry signals, and further, wherein means are provided to minimize arcing to pins designed to

carry the power and signals of a connector.

=> Most computers have both internal and external buses.

=> An internal bus connects all the internal components of a computer to the motherboard (and thus, the CPU and internal memory).

=> These types of buses are also referred to as a local bus, because they are intended to connect to local devices.

=> An external bus connects external peripherals to the motherboard.

* The time needed to execute a instruction is called the processor time.

* This hardware comprises the processor and the memory which are usually connected by the bus as shown in the fig

* Let us examine the flow of program instructions and data between the memory and the processor.

* The processor and relatively small cache memory can be fabricated on a single IC chip.

* A program will be executed faster if the movement of instructions and data between the main memory and the processor is minimized, which is achieved by using the cache.

* Processor circuits are controlled by a timing signal called clock.

PCI

****

Peripheral Component Interconnect Also called Local Bus

Used fo

Just about any peripheral

Can support mulBple high-performance devices

Graphics, full-moBon video, SCSI, local area networks, etc.

Expansion Bus

***************

These are slots on the motherboard

ISA Industry Standard Architecture

PCI Personal Component Interconnect

EISA Extended ISA

SIMM Single Inline Memory Module

DIMM Dual Inline Memory Module

MCA Micro-Channel Architecture

AGP Accelerated Graphics Port

VESA Video Electronics Standards AssociaBon

PCMCIA Personal Computer Memory Card InternaBonal

Disk Interfaces

****************

Floppy disk

SCSI Small Computer Systems Interface (servers)

***************************************************

Used for Disk drives, CD-ROM drives, tape drives, scanners, printers,etc.

Accelerated Graphics Port

*************************

Parallel, point-to-point(only one AGP port / system)

Data rates up to 532 Mbytes/s

Ethernet - Now exists as a standard - IEEE 802.3

USB

***

Universal Serial Bus (USB) is an industry standard developed in the mid-1990s

Versions = USB 1.x, USB 2.0, USB 3.0, USB 3.1

=> On PCs, a serial interface implies a COM port , or communicaBons port

Write a simple program that uses the fork() and join() to complete two series of mathematical calculations and compare the results to each other. The calculation results to be compared should be the results of one of a simple substitution cypher. (The user should be able to input a phrase, pass it to both threads, have the same cypher applied and the results compared against each other)

import java.util.concurrent.ForkJoinPool;

import java.util.concurrent.RecursiveTask;

class Sum extends RecursiveTask {

static final int SEQUENTIAL_THRESHOLD = 5000;

int low;

int high;

int[] array;

Sum(int[] arr, int lo, int hi) {

array = arr;

low = lo;

high = hi;

}

protected Long compute() {

if(high - low <= SEQUENTIAL_THRESHOLD) {

long sum = 0;

for(int i=low; i < high; ++i)

sum += array[i];

return sum;

} else {

int mid = low + (high - low) / 2;

Sum left = new Sum(array, low, mid);

Sum right = new Sum(array, mid, high);

left.fork();

long rightAns = right.compute();

long leftAns = left.join();

return leftAns + rightAns;

}

}

static long sumArray(int[] array) {

return ForkJoinPool.commonPool().invoke(new Sum(array,0,array.length));

}

}