Sunday, August 31, 2014

Legal

Computer assisted crime .....where a computer is used as a tool to help carry a crime.
computer targeted crime...where a computer was a victim of attacker
computer is incidental....where a computer is not necessarily a attaker or attakee but happened to be involved in crime.

 Types of digital forensics science(DFS):
Media
software
network

which type is referred as computer forensics : Media

software analysis investigation involves:
trojan
author of program
reverse engineering

Network logs ......network analysis

Which group has objectives that include creation of Framework for establishing jurisdiction and extradition
COE
council of european convention on cybercrime.

Golden Rule of computer forensics;
Make sure evidence is not changed by any of the investigation action.

A virus is contained.....which stage.....action/reaction.


Principles of OED:
1. collection of personal data be limited.
2. personal data should be kept complete and current.
3. subjects should be notified of reason of collection of their personal info.
4. only with the consent of subject or law info should be disclosed
5. reasonable safeguards
6. developments practices and policies reg. per data shall be openly communicated.
7. subjects must be able to see per. data and be able to correct erroneous data.

Eithics the internet ....1087 states
1. internet is a privilege and should be treated that way.

Types of evidences:
1. material
2. relevant
3. competent



Trafficking computer passwords on gov systems/interstate/ foreign commerce:
US comp fraud and Abuse ACT.

Safe harbor.......policy agreement between US and EU in nov 2000

CERT primary objective:
comp crime emergency response and notification.

Direct evidence.....based on witness's five senses (hear,smell,touch,taste,oral)
Real evi.......physical and associative (tangible objects).
Conclusive ....incontrovertible evidence
Circumstantial....intermediate facts
Secondary......copy of evidence or oral description of its content.
Hearsay ......com based evi

Four types of comp generated evi.

1. visual output from monitor.
2. printed evidence from printer
3. printed output from a plotter
4. media output CD, tape

development of new technology usually outpaces the law, law enforcement uses which traditional laws to prosecute computer criminals:

Embezzlement, fraud, and wiretapping

The Federal Sentencing Guidelines:
 Hold senior corporate officers personally liable if their organizations do not comply with the law.

Prudent man rule require:

Senior officials to perform their duties with the care that ordinary, prudent people would exercise under similar circumstances

Information Warfare: Attacking the information infrastructure of a nation to gain military
and/or economic advantages.

Kennedy-Kassebaum Act
hippa

U.S. Government program that reduces or eliminates emanations from electronic equipment: TEMPEST

Evaluate suspects in the commission of a crime:

18 U.S.C. §2001 (1994) refers to:
Title 18, Section 2001 of the U.S. Code, 1994 edition

Enticement: Luring the perpetrator to an attractive area or presenting the perpetrator with a lucrative target after the crime has already been initiate.

Conducting a search without the delay of obtaining a warrant if destruction of evidence seems imminent is possible under:
Exigent Circumstances

The U.S. Government Tempest program was established to thwart which one of the following types of attacks:
Emanation Eavesdropping

Which entity of the U.S. legal system makes common laws?ŽThe judicial decisions made in the courts generate common law.
[administrative agencies....create administrative laws and the legislative branch
Legislative branch .......statutory laws.]

Platform for Privacy Preferences (P3P) developed by the World Wide Web Consortium (W3C)
The Platform for Privacy Preferences Project (P3P) enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents.
P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. 

World Wide Web Consortium (W3C)


Recommended practice regarding electronic monitoring of employees email:
Apply monitoring in a consistent fashion.
Inform all that e-mail is being monitored by means of a prominent log-in banner
Explain who is authorized to read monitored email.
No guarantee of e-mail privacy should be provided or implied by the employer.


The evidence life cycle:
Discovery, recording, collection, and preservation

Relative to legal evidence, what describes the difference between an expert and a non-expert in delivering an opinion:
An expert can offer an opinion based on personal expertise and facts. a non-expert can testify only as to facts.

The Federal Sentencing Guidelines state:
The officers must exercise due care or reasonable care to carry out their responsibilities to the organization.Ž

If C represents the cost of instituting safeguards
L is the estimated loss from vulnerability
a legal liability exists if the safeguards are not implemented when:
C<L

In the legal field:
term that is used to describe a computer system so that everyone can agree on a common definition:

any assembly of electronic equipment, hardware, software and firmware configured to collect, create, communicate, disseminate, process, store and control data or information.Ž

Definition includes peripheral items such as keyboards, printers, and additional memory:
An automated information system (AIS)

The CPU is synonymous with the word processorIf the CPU is integrated onto a silicon chip, it is called a microprocessor.

If the CPU is connected with memory and Input/Output (I/O) through a set of wires called a bus.

Computer crimes fall into two major categories and two additional related categories:
Major:
1. The computer is a target of the crime.[access to government and personal information]
2. Crimes using the computer. [fraud involving stock transfers]
Additional :
1. Crimes associated with the prevalence of computers. [Violation of copyright restrictions on commercial software packages, software piracy and software counterfeiting.]
2. The computer is incidental to other crimes. [the crime could be committed without the computer, but the computer permits the crime to be committed more efficiently and in higher volume]
Money laundering, keeping records and books of illegal activity and illegal gambling

[Malfeasance(wrong doing) by computer is an act involving a computer that is technically and ethically improper, but may or may not be illegal.]

valid legal issue associated with computer crime:
a. It may be difficult to prove criminal intent.
b. It may be difficult to obtain a trail of evidence of activities performed on the computer.
c. It may be difficult to show causation.

EDI makes it more difficult to tie an individual to transactions since EDI involves computer-to-computer data interchanges and this makes it more difficult to trace the originator of some transactions.

The Federal Intelligence Surveillance Act (FISA) of 1978 limited wiretapping for national security purposes as a result of the record of the Nixon Administration in using illegal wiretaps.

The Electronic Communications Privacy Act (ECPA) of 1986 prohibited eavesdropping or the interception of message contents without distinguishing between private or public systems.

The Communications Assistance for Law Enforcement Act (CALEA) of 1994 required all communications carriers to make wiretaps possible in ways approved by the FBI.

Pen register: Device that records all the numbers dialed from a specific telephone line

[Gathering information as to which numbers are dialed from a specific telephone line is less costly and time-consuming than installing a wiretap and recording the information]

A device that is used to monitor Internet Service Provider (ISP) data traffic is called: Carnivore

World Intellectual Property Organization (WIPO) sponsored a treaty under which participating countries would standardize treatment of digital copyrights. One of the items of standardization was the prohibition of altering copyright management information (CMI) that is included with the copyrighted material. CMI is:  Licensing and ownership information

The WIPO digital copyright legislation that resulted in the U.S. was the 1998 Digital Millennium Copyright Act (DMCA).
DMCA prohibits trading, manufacturing, or selling in any way that is intended to bypass copyright protection mechanisms. It also addresses Internet Service Providers (ISPs) that unknowingly support the posting of copyrighted material by subscribers. If the ISP is notified that the material is copyrighted, the ISP must remove the material. Additionally, if the posting party proves that the removed material was of lawful use,Ž the ISP must restore the material and notify the copyright owner within 14 business days.
Two important rulings regarding the DMCA were made in 2001. The rulings involved DeCSS, which is a program that bypasses the Content Scrambling System (CSS) software used to prevent viewing of DVD movie disks on unlicensed platforms. In a trade secrecy case [DVD-CCA v. Banner], the California Appellate Court overturned alower court ruling that an individual who posted DeCSS on the Internet had revealed the trade secret of CSS. The appeals court has reversed an injunction on the posting of DeCSS, stating that the code is speech-protected by the First Amendment.


European Union (EU) has enacted a Conditional Access Directive (CAD);
Unauthorized access to Internet subscription sites and pay TV services.
The focus of the CAD is on access to services as opposed to access to works. As of this writing, the EU is discussing a directive focusing on copyrights, but it has not been finalized. It is anticipated that this directive will be similar to the U.S.

U.S. Patriot Act, signed into law on October 26, 2001

a. Subpoena of electronic records
b. Monitoring of Internet communications
c. Search and seizure of information on live systems (including routers and servers), backups, and archives

Under the Patriot Act, if it suspected that notification of a search warrant would cause a suspect to flee, a search can be conducted before notification of a search warrant is given.

In a related matter, the U.S. and numerous other nations have signed the Council of Europes Cybercrime Convention.Ž In the U.S., participation in the Convention has to be ratified by the Senate.

In essence, the Convention requires the signatory nations to spy on their own residents, even if the action being monitored is illegal in the country in which the monitoring is taking place.

U.S. Uniform Computer Information Transactions Act (UCITA) is a:
Model act that is intended to apply uniform legislation to software licensing

National Commissioners on Uniform State Laws (NCUSL) voted to approve the Uniform Computers Information Transactions Act (UCITA) on July 29, 1999.

This legislation, which will have to be enacted state-by-state, will greatly affect libraries access to and use of software packages. It also will keep in place the current licensing practices of software vendors. At the present time, shrink-wrap or click-wrap licenses limit rights that are normally granted under copyright law.

Under Section 109 of the U.S. 1976 Copyright Act, the first sale provision permits the owner of a particular copy without the authority of the copyright owner, to sell or otherwise dispose of the possession of that copy."

However, the software manufacturers use the term license in their transactions. As opposed to the word sale,Ž the term license denotes that the software manufacturers are permitting users to use a copy of their software. Thus, the software vendor still owns the software. Until each state enacts the legislation, it is not clear if shrink-wrap licenses that restrict users rights under copyright law are legally enforceable.

For clarification, shrink-wrap licenses physically accompany a disk while click-on and active click wrap licenses are usually transmitted electronically. Sometimes, the term shrink-wrap is interpreted to mean both physical and electronic licenses to use software.

The focus of the UCITA legislation is not on the physical media, but on the information contained on the media.

European Union Electronic Signature Directive of January, 2000, defines an advanced electronic signature.Ž This signature must meet:

a. It must be uniquely linked to the signatory.
b. It must be capable of identifying the signatory.
c. It must be linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.

The Directive requires that the means be maintained under the sole control of the signatory.
This requirement is a particularly difficult one to achieve.
One approach is to use different tokens or smart cards for the different transactions involved.
The other answers are typical characteristics of digital signatures that can be implemented with public key cryptography.

The Electronic Signatures in Global and National Commerce Act (ESIGN) [On June 30, 2000, the U.S. Congress enacted]
To facilitate the use of electronic records and signatures in interstate and foreign commerce by ensuring the validity and legal effect of contracts entered into electronically.Ž
An important provision of the Act requires that:

Businesses obtain electronic consent or confirmation from consumers to receive information electronically that a law normally requires to be in writing.

The legislation is intent on preserving the consumers rights under consumer protection laws and went to extraordinary measures to meet this goal. Thus, a business must receive confirmation from the consumer in electronic format that the consumer consents to receiving information electronically that used  to be in written form.

This provision ensures that the consumer has access to the Internet and is familiar with the basics of electronic communications.

Goals of the Kennedy-Kassebaum Health Insurance Portability and Accountability Act (HIPAA) of 1996:

a. Administrative simplification [the goal is to improve the efficiency and effectiveness of the
healthcare system by:
Standardizing the exchange of administrative and financial data
Protecting the security and privacy of individually identifiable
health information]
b. Enable the portability of health insurance
c. Establish strong penalties for healthcare fraud
d. HIPAA is designed to provide for greater access by the patient to personal healthcare information.

HIPAA Security Rule mandates the protection of the confidentiality, integrity, and availability of protected health information (PHI) through (main categories):
a. Administrative procedures
b. Physical safeguards
c. Technical services and mechanisms

***Appointment of a Privacy Officer (mandates)

HIPAA separates the activities of Security and Privacy.
HIPAA Privacy covers individually identifiable health care information transmitted, stored in electronic or paper or oral form.
PHI may not be disclosed except for the following reasons:
 Disclosure is approved by the individual
Permitted by the legislation
For treatment
Payment

 Health care operations
As required by law
[Protected Health Information (PHI) is individually identifiable is:
health information that is:
Transmitted by electronic media
Maintained in any medium described in the definition of electronic media ƒ[under HIPAA]
Transmitted or maintained in any other form or medium]

Individual privacy rights as defined in the HIPAA Privacy Rule include consent and authorization by the patient for the release of PHI. The difference between consent and authorization as used in the Privacy Rule is:
Consent grants general permission to use or disclose PHI, and authorization limits permission to the purposes and the parties specified in the authorization.

The other individual privacy rights listed in the HIPAA Privacy Rule are:
1.  Notice (of the covered entities privacy practices)
2. Right to request restriction
3. Right of access
4. Right to amend

5.  Right to an accounting

In August of 2002, the U.S. Department of Health and Human Services (HHS) modified the Privacy Rule to ease the requirements of consent and allow the covered entities to use notice. The changes are summarized as follows:

1. Covered entities must provide patients with notice of the patients privacy rights and the privacy practices of the covered entity.
2. Direct treatment providers must make a good faith effort to obtain patients written acknowledgement of the notice of privacy rights and practices. (The Rule does not prescribe a form of written acknowledgement; the patient may sign a separate sheet or initial a cover sheet of the notice.)
3. Mandatory consent requirements are removed that would inhibit patient access to health care while providing covered entities with the option of developing a consent process that works for that entity. If the provider cannot obtain a written acknowledgement, it must document its good faith efforts to obtain one and the reason for its inability to obtain the acknowledgement.
4. Consent requirements already in place may continue.

Because of the nature of information that is stored on the computer, the investigation and prosecution of computer criminal cases have specific characteristics, one of which is:

The information is intangible.

Some of the ways in which an investigation may affect an organization are:
1. The organization will have to provide experts to work with law enforcement.
2. Information key to the criminal investigation may be co-resident on the same computer system as information critical to the dayto- day operation of the organization.
3. Proprietary data may be subject to disclosure.
4. Management may be exposed if they have not exercised Due CareŽ to protect information resources.
5. There may be negative publicity that will be harmful to the organization.

[Evidence is difficult to gather since it is intangible and easily subject to modification or destruction.]

In order for evidence to be admissible in a court of law, it must be relevant, legally permissible, reliable, properly identified, and properly preserved. Reliability of evidence means that:
The evidence has not been tampered with or modified.

U.S. Federal Rules of Evidence, Rule 803 (6) permits an exception to the Hearsay Rule regarding business records and computer records:
a. Made during the regular conduct of business and authenticated by witnesses familiar with their use
b. Relied upon in the regular course of business
c. Made by a person with information transmitted by a person with knowledge

Law enforcement officials in the United States, up until passage of the Patriot Act had extensive restrictions on search and seizure as established in the Fourth Amendment to the U.S. Constitution.
These restrictions are still, essentially, more severe than those on private citizens, who are not agents of a government entity.
Thus, internal
investigators in an organization or private investigators are not subject to the same restrictions as government officials.
Private individuals are not normally held to the same standards regarding search and seizure since they are not conducting an unconstitutional government search
However, there are certain exceptions where the Fourth Amendment applies to private citizens if they act as agents of the government/police:
a. The government is aware of the intent to search or is aware of a search conducted by the private individual and does not object to these actions.
b. The private individual performs the search to aid the government.
c. The private individual conducts a search that would require a search warrant if conducted by a government entity.

Not an exception: The private individual conducts a warrantless search of company property for the company
 Since the private individual, say an employee of the company, conducts a search for evidence on property that is owned by the company and is not acting as an agent of the government, a warrantless search is permitted.

The Fourth Amendment does not apply. For review, the Fourth Amendment guarantees:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

The exigent circumstances doctrine provides an exception to these guarantees if destruction of evidence is imminent. Then, a warrantless search and seizure of evidence can be conducted if there is probable cause to suspect criminal activity.

One important tool of computer forensics is the disk image backup. The disk image backup is:
Conducting a bit-level copy, sector by sector

Copying sector by sector at the bit level provides the capability to examine slack space, undeleted clusters and possibly, deleted files.

In the context of legal proceedings and trial practice, discovery refers to:
The process in which the prosecution presents information it has uncovered to the defense, including potential witnesses, reports resulting from the investigation, evidence, and so on.

During the investigation of a computer crime, audit trails can be very useful. To ensure that the audit information can be used as evidence, certain procedures must be followed:

There must be a valid organizational security policy in place and in use that defines the use of the audit information.
Mechanisms should be in place to protect the integrity of the audit trail information.

Internet Activities Board (IAB) considers behaviors relative to the Internet as unethical:
Negligence in the conduct of Internet experiments

The IAB document, Ethics and the Internet (RFC 1087) listed behaviors as unethical that:
1. Seek to gain unauthorized access to the resources of the Internet
2. Destroy the integrity of computer-based information
3. Disrupt the intended use of the Internet
4. Waste resources such as people, capacity and computers through such actions
5. Compromise the privacy of users

6. Involve negligence in the conduct of Internet wide experiments

Computer/network surveillance:
a. Keyboard monitoring
b. Use of network sniffers

c. Review of audit logs

A mark used in the sale or advertising of services to identify the services of one person and distinguish them from the services of othersŽ refers to a:
Service mark

It is estimated that the Asia/Pacific region accounts for about $4 billion worth of loss of income to software publishers due to software piracy.
As with the Internet, cross-jurisdictional law enforcement issues make investigating and prosecuting such crime difficult:
a. Obtaining the cooperation of foreign law enforcement agencies and foreign governments.
b. The quality of the illegal copies of the software is improving,
making it more difficult for purchasers to differentiate between legal and illegal products.
c. The producers of the illegal copies of software are dealing in larger and larger quantities, resulting in faster deliveries of illicit software.

The Business Software Alliance (BSA) is a nongovernmental anti-software piracy organization (www.bsa.org). The mission statement of the BSA is:

The Business Software Alliance is an international organization representing leading software and e-commerce developers in 65 countries around the world.

Established in 1988, BSA has offices in the United States, Europe, and Asia . . . . Our efforts include educating computer users about software copyrights; advocating public policy that fosters innovation and expands trade opportunities; and fighting software piracy.

computer forensics model:
International Organization of Computer Evidence (IOCE),
Scientific Working Group on Digital Evidence (SWGDE),
Association of Chief Police Officers (ACPO)

category of software licensing:
a. Freeware
b. Commercial
c. Academic
d. shareware


agreements:
Master agreements
end-user licensing agreements (EULAs)










































Tuesday, August 26, 2014

Software Development(Database):

Hierarchical databases are the oldest.
To access a data entity within a hierarchical database, it requires the knowledge of which branch to start with and which route to take through each layer until the data is reached.
Relational databases use INDEXES to search procedure.

Note: Links cannot be created between different branches and leaves on different layers.

Data Dictionary: contains data elements, their description and their relationships. It also contains info like data format, usage and origin.

Mechanism that ensures that a failed transaction or system failure returns the subject to a meaningful point in a process. .....checkpoint

Component of Expert system that matches facts against patterns and determines which rules are acceptable based on algorithms(that dictate system behavior) ....Inference engine

OS allows sequential use of object without refreshing it what issue can arise: Disclosure of residual data.

Network Based database Model: 
It is a flexible way of representing objects and their relationships.
Its distinguishing feature is the schema; viewed as a graph in which objects are nodes and relationships are arcs. 
It is not restricted to hierarchy or lattice. NBDB is base upon hierarchical  data model but not restricted to it.
Instead of being constrained of how to go from one branch to another and from one parent to a child to find a data element. NBDB allows each data element to have multiple parent and child records.
This gives NBDS a redundant network like structure instead of a strict tree like structure.
A network model forms a structure similar to mesh topology for sake of redundancy. and allows quick retrieval of data compared to hierarchical model.

OODB vs RDBMS
1. Have procedures RDBMS need application to have data procedure
2. OODB are more dynamic.
3. OODB handle audio, video, document
4. OODB has classes to define attributes and procedures of its objects

CC uses PP as a specific security solution and these are reusable.

Network and Network Security(Network devices and configurations) ----RED book--ITSEC-- TNI
Operating system----Orange book-- US--TCSEC--DOD

Using automated Tools and mechanism to reduce cost and streamline the process ....CASE (Computer aided software engineering)

Foreign key - attribute of one column of a table related to primary key of another table.
Schema -- describes structure of database.
Data dictionary - central repository of data elements and their relations.

OLE DB: Object Linked and embedded database:
1. It separates data components that run as a middleware on client or server.
2. It provides a low-level interface to link information across different databases, and provides access to data no matter where it is located or how it is formatted.
3. OLE DB is replaced by ODBC (Open Database Connectivity), ODBC supports a wide variety of non-relational databases and spreadsheets that do not necessarily implement SQL.
4. A set of COM(component object model, MS)-based provide applications with uniform access to data stored in diverse data sources.
5. OLE DB (because it is COM based) is limited to use by MS windows-based client tool..
6. It allows different applications to access different types of and source of data.

 OLE DB sources, the CommandType property describes the value of the CommandText property.
 ODBC sources, the CommandText property functions exactly like the SQL property, and setting the property causes the data to be refreshed

[OLE DB and ODBC are APIs that provide access to a range of data sources. Microsoft designed ODBC to access SQL data and OLE DB to access any type of data in a COM environment. Many people don't entirely understand the factors that led Microsoft to implement OLE DB. Others overestimate the current role of OLE DB in the corporate and Web-development environments.]

[architecture of ODBC and OLE DB. Both rely on specialized components (drivers in ODBC and providers in OLE DB) that connect to the data source. Within ODBC, a driver usually acts as a proxy component, passing in SQL commands to the DBMS and returning result sets. An OLE

 DB provider accepts data in any query language it supports (not only and not necessarily SQL) and returns recordsets. A data provider encapsulating a DBMS (ODBC) is limited to passing SQL commands to the underlying database server. A data provider that renders a nonrelational data store (e.g., an email store) accomplishes the additional task of creating the recordset and populating it with the data. Such a provider might support a query language that is simpler than SQL. For example, to return email from a customer, the provider needs to know only the name of the sender. This type of command]

ADO: 
ActiveX Data Objects:
Characteristics of ADO:
1. It is a high level data access programming interface to an underlying data access technology (OLE DB) 
2. It is a set of COM objects for accessing data sources and not just database access.
3. It allows a developer to write program that access data without knowing how the database is implemented.
4, SQL commands are not required to access a database when using ADO.

Row/Tuple/record/ cardinality 
column/ Attribute

Schema of a Database:

1. Schema of a db is system is structure described in  a formal language(supported by DBMS).
2. In relational db, schema defines: tables, fields, relationships, views, indexes, packages, procedures, functions, functions, queues, triggers, types, sequences, materialized views, synonyms, db links, directories, Java, XML, schemas,  are stored in data dictionary.

Note: Schema data = table, field.......


The best programmers use high cohesion because different modules(units) need to pass data and communicate(they can't be totally cohesive ) and low coupling because lower the coupling better the software design because it promotes module independence.

Software Testing Approaches:
1. Top down Testing: In this approach testing is conducted from main module to sub module. if the sub module is not developed a temporary program called STUB is used for simulate the submodule.

Advantages:

- Advantageous if major flaws occur toward the top of the program.
- Once the I/O functions are added, representation of test cases is easier.
- Early skeletal Program allows demonstrations and boosts morale.

Disadvantages:
- Stub modules must be produced
- Stub Modules are often more complicated than they first appear to be.
- Before the I/O functions are added, representation of test cases in stubs can be difficult.
- Test conditions ma be impossible, or very difficult, to create.
- Observation of test output is more difficult.
- Allows one to think that design and testing can be overlapped.
- Induces one to defer completion of the testing of certain modules.

Bottom up testing: In this approach testing is conducted from sub module to main module, if the main module is not developed a temporary program called DRIVERS is used to simulate the main module.

Advantages:

- Advantageous if major flaws occur toward the bottom of the program.
- Test conditions are easier to create.
- Observation of test results is easier.

Disadvantages:

- Driver Modules must be produced.
- The program as an entity does not exist until the last module is added.

Stubs and Drivers

It is always a good idea to develop and test software in "pieces". But, it may seem impossible because it is hard to imagine how you can test one "piece" if the other "pieces" that it uses have not yet been developed (and vice versa).

A software application is made up of a number of ‘Units’, where output of one ‘Unit’ goes as an ‘Input’ of another Unit. e.g. A ‘Sales Order Printing’ program takes a ‘Sales Order’ as an input, which is actually an output of ‘Sales Order Creation’ program.

Due to such interfaces, independent testing of a Unit becomes impossible. But that is what we want to do; we want to test a Unit in isolation! So here we use ‘Stub’ and ‘Driver.

A ‘Driver’ is a piece of software that drives (invokes) the Unit being tested. A driver creates necessary ‘Inputs’ required for the Unit and then invokes the Unit.

Driver passes test cases to another piece of code. Test Harness or a test driver is supporting code and data used to provide an environment for testing part of a system in isolation. It can be called as as a software module which is used to invoke a module under test and provide test inputs, control and, monitor execution, and report test results or most simplistically a line of code that calls a method and passes that method a value.

For example, if you wanted to move a fighter on the game, the driver code would bemoveFighter(Fighter, LocationX, LocationY);

This driver code would likely be called from the main method. A white-box test case would execute this driver line of code and check "fighter.getPosition()" to make sure the player is now on the expected cell on the board.

A Unit may reference another Unit in its logic. A ‘Stub’ takes place of such subordinate unit during the Unit Testing.

A ‘Stub’ is a piece of software that works similar to a unit which is referenced by the Unit being tested, but it is much simpler that the actual unit. A Stub works as a ‘Stand-in’ for the subordinate unit and provides the minimum required behavior for that unit. A Stub is a dummy procedure, module or unit that stands in for an unfinished portion of a system.

Four basic types of Stubs for Top-Down Testing are:

- Display a trace message
- Display parameter value(s)
- Return a value from a table
- Return table value selected by parameter

A stub is a computer program which is used as a substitute for the body of a software module that is or will be defined elsewhere or a dummy component or object used to simulate the behavior of a real component until that component has been developed.

For example, if the movefighter method has not been written yet, a stub such as the one below might be used temporarily – which moves any player to position 1.

public void moveFighter(Fighter player, int LocationX, int LocationY)

{fighter.setPosition(1);}

Ultimately, the dummy method would be completed with the proper program logic. However, developing the stub allows the programmer to call a method in the code being developed, even if the method does not yet have the desired behavior.

Programmer needs to create such ‘Drivers’ and ‘Stubs’ for carrying out Unit Testing.

Both the Driver and the Stub are kept at a minimum level of complexity, so that they do not induce any errors while testing the Unit in question.

Stubs and drivers are often viewed as throwaway code. However, they do not have to be thrown away: Stubs can be "filled in" to form the actual method. Drivers can become automated test cases.

Example - For Unit Testing of ‘Sales Order Printing’ program, a ‘Driver’ program will have the code which will create Sales Order records using hardcoded data and then call ‘Sales Order Printing’ program. Suppose this printing program uses another unit which calculates Sales discounts by some complex calculations. Then call to this unit will be replaced by a ‘Stub’, which will simply return fix discount data.


Primary Key: identifies a row within a relational database and is used for indexing.
1. Primary key is an Identifier.
2. Used for indexing in RDBMS
3. Each row must have a UNIQUE primary key to properly represent the row as one entity.
4. when a user requests to view a record, the db tracks the record by its UPK( UNIQUE primary key)

1. Matches between foreign key and primary key is important because they represent references from one relation to another.
2. And establish the connections among these relations.
3. If an attribute in one relation/table has value matching the primary key in another table and there is a relationship set up between the two of them.....the attribute/column is called foreign key

component of a knowledge based system (KBS):
Knowledge base
Inference Engine
Interface between the user and the system


Procedural code in a procedural language implies sequential execution of instructions based on the von Neumann architecture of a CPU, Memory, and Input/Output device. 
Variables are part of the sets of instructions used to solve a particular problem and, thus, the data are not separate from the statements. Such languages have control statements such as goto, ifƒthenƒelse and so on. The program execution is iterative and corresponds to a sequence of state changes in a state machine.
Knowledge base, refers to the rules and facts of the particular problem domain. 
The inference engine, takes the inputs to the KBS and uses the knowledge base to infer new facts and to solve the problem.
the interface between the user and the system through which the data are entered, displayed, and output.




In an expert system, the process of beginning with a possible solution and using the knowledge in the knowledge base to justify the solution based on the raw input data is called:
Backward chaining
Backward chaining is generally used when there are a large number of possible solutions relative to the number of inputs.
forward chaining, is the reasoning approach that can be used when there is a small number of solutions relative to the number of inputs. The input data is used to reason forwardŽ to prove that one of the possible solutions in a small solution set is the correct one.

Blackboard, is an expert system reasoning methodology in which a solution is generated by the use of a virtual blackboardŽ wherein information or potential solutions are placed on the blackboard by a plurality of individuals or expert knowledge sources. As more information is placed on the blackboard in an iterative process, a solution is generated.

An off-the-shelf software package that implements an inference engine, a mechanism for entering knowledge, a user interface, and a system to provide explanations of the reasoning used to generate a solution is called:

a. An expert system shell
An expert system shell provides the fundamental building blocks of an expert system and supports the entering of domain knowledge. Thus, for an application that is not complex and does not require the custom development of the components of an expert system, an expert system shell is a useful tool that will save development time.

An expert system shell provides the fundamental building blocks of an expert system and supports the entering of domain knowledge.Thus, for an application that is not complex and does not require the custom development of the components of an expert system, an expert system shell is a useful tool that will save development time.

A neural network is another type of artificial intelligence system that uses the neurons of the brain as a model and solves problems using nonlinear pattern-matching techniques and learningŽ approaches.

A knowledge acquisition system 
means of identifying and acquiring the knowledge to be entered into the knowledge base..
In simple terms, it is trying to determine how an expert thinks when developing a solution to a problem

key professional or professionals are required to develop an expert system:
Knowledge engineer and domain expert

The knowledge engineer usually has a computer-related and expert system background, but does not have the knowledge of the specific discipline or domain being addressed by the expert system.

For example, the expert system being developed may be a medical diagnostic system requiring input from diagnostic specialists and other types of physicians. These individuals are the domain experts.

It is the job of the knowledge engineer to elicit the critical knowledge from the domain expert and incorporate it into the expert system knowledge base.

An expert system that has rules of the form If w is low and x is high then y is intermediate,Ž where w and x are input variables and y is the output variable, is called a:
Fuzzy expert system

A fuzzy expert system is an expert system that uses fuzzy membership functions and rules, instead of Boolean logic, to reason about data.
Thus, fuzzy variables can have an approximate range of values instead of the binary True or False used in conventional expert systems.
When it is desired to convert the fuzzy output to a single value, defuzzification is used.
One approach to defuzzification is the CENTROID method:
With this method, a value of the output variable is computed by finding the variable value of the center of gravity of the membership function for the fuzzy output value.

Subject-oriented, integrated, time-variant, non-volatile collection of data in support of managements decision-making processŽ: 
Data warehouse

This definition of a data warehouse is that of Bill Inmon, a pioneer in the field. To create a data warehouse, data is taken from an operational database, redundancies are removed, and the data is cleaned upŽ in general. This activity is referred to as normalizing the data.

Then the data is placed into a relational database and can be analyzed using On-Line Analytical Processing (OLAP) and statistical modeling tool.

The data warehouse can be used as a Decision Support System (DSS), for example, by performing a time series analysis of the data. The data in the data warehouse must be maintained to ensure that it is timely and valid.

The term data scrubbing refers to maintenance of the data warehouse by deleting information that is unreliable or no longer relevant.

data mart, is a database that is comprised of data or relations that have been extracted from the data warehouse. Information in the data mart is usually of interest to a particular group of people.

For example, a data mart may be developed for all health care-related data. (specific purpose)

The process of analyzing large data sets in a data warehouse to find non-obvious patterns is called:

The equation Z = f [ wn in ], where Z is the output, wn are weighting functions, and in is a set of inputs describes:

An artificial neural network (ANN)






Each input, in , is multiplied by a weight, wn , and these products are fed into a summation transfer function, , that generates an output, Z.

Most neural networks have multiple layers of summation and weighting functions, whose interconnections can also be changed.

There are a number of different learning paradigms for neural networks, including reinforcement learning and back propagation

In reinforcement learning a training set of inputs is provided to the ANN along with a measure of how close the network is coming to a solution. Then, the weights and connections are readjusted.

In back propagation, information is fed back inside the neural network from the output and is used by the ANN to make weight and connection adjustments.

A database that comprises tools to support the analysis, design, and development of software and support good software engineering practices is called a:
Data dictionary (middleware)

Computer Aided Software Engineering (CASE) tools and an Integrated Project Support Environment (IPSE) are terms used to describe similar software engineering support environments.

data model, is a basic system of constructs used in describing reality,Ž  

DBMS: is a system that supports the creation, use, and administration of a database system. 

Data type dictionary, refers to a collection of items on which certain operations, such as insert, delete, and search, are to be performed.
This arrangement of items is in contrast to a priority queue, in which the collection of items is arranged in order of priority and the relevant operations to be performed are insert, find-max, and delete-max.

Another type of artificial intelligence technology involves genetic algorithms. Genetic algorithms are part of the general class known as: Evolutionary computing



Evolutionary computing uses the Darwinian principles of survival of the fittest, mutation, and the adaptation of successive generations of populations to their environment. The genetic algorithm implements this process through iteration of generations of a constant-size population of items or individuals. Each individual is characterized by a finite string of symbols called genomes.

The genomes are used to represent possible solutions to a problem in a fixed search space.

For example, if the fixed population of the first generation of individuals  consists of random binary numbers, and the problem is to find the minimum binary number that can be represented by an individual, each binary number is assigned a fitness value based on the individual is binary number value. The smaller the binary number represented by a parent individual, the higher level of fitness that is assigned to it. Through cross breeding among the numbers (known as crossover), mutations of the numbers, and pairing of numbers with high fitness ratings, the smallest value that can be represented by the number of bits in the binary number will emerge in later generations

Object Request Architecture (ORA) is a high-level framework for a distributed environment. It consists of four components:

a. Object Request Brokers (ORBs)
b. Object Services

c. Application Objects

The ORA is a product of the Object Management Group (OMG), which is a nonprofit consortium in Framingham, Massachusetts that was put together in 1989 to promote the use of object technology in distributed computing systems.
(www.omg.org)

1. ORB is the fundamental building block of ORA and manages the communications between the ORA entities.
2. The purpose of the ORB is to support the interaction of objects in heterogeneous, distributed environments.
3. The objects may be on different types of computing platforms.

Object Services, supports the ORB in creating and tracking objects as well as performing access control functions.

Application Objects Common Facilities support the end user and use the system services to perform their functions.

A standard that uses the Object Request Broker (ORB) to implement exchanges among objects in a heterogeneous, distributed environment is called:
A Common Object Request Broker Architecture (CORBA)

OMG Object Model provides standard means for describing the externally visible characteristics of objects.

IDL, is a standard interface language that is used by clients to request services from objects.

Another model that allows two software components to communicate with each other independent of their platforms operating systems and languages of implementation is:

Common Object Model (COM)
As in the object-oriented paradigm, COM works with encapsulated objects. Communications with a COM object are through an interface contract between an object and its clients that defines the functions that are available in the object and the behavior of the object when the functions are called.

Sandbox, is an access control-based protection mechanism. It is commonly applied to restrict the access rights of mobile code that is downloaded from a Web site as an applet. The code is set up to run in a sandboxŽ that blocks its access to the local workstations hard disk, thus preventing the code from malicious activity. The sandbox is usually interpreted by a virtual machine such as the Java Virtual Machine.


A distributed object model that has similarities to the Common Object Request Broker Architecture (CORBA) is:
Distributed Component Object Model (DCOM)

DCOM is the distributed version of COM that supports remote objects as if the objects reside in the clients address space. ACOM client can access a COM object through the use of a pointer to one of the objects interfaces and, then, invoking methods through that pointer.

Characteristic of a client in the client/server model:
a. Extensive user interface
b. May be diskless

c. Data entry screens

In the client/server model, the server is the data storage resource and is responsible for data backups and protection/maintenance of the database.

A client/server implementation approach in which any platform may act as a client or server or both is called:
Peer-to-peer

a workstation or PC uses terminal emulation software and a client application program to receive data from a host machine.
API defines how the client and server appear to each other and supports the exchange of information without either entity
knowing the details of a particular resource that is accessed using the API. One example is the Generalized Security Application Programming Interface (GSAPI) that applications can use to access security services.

GUI approach, is similar to the API implementation and employs a user interface such as SQL to access a server database.

characteristic of a distributed data processing (DDP) approach:
a. Consists of multiple processing locations that can provide alternatives for computing in the event of a site becoming inoperative.
b. Distances from user to processing resource are transparent to the user.
c. Data stored at multiple, geographically separate locations is easily available to the user.
d. Security is lowered because of networked systems.

A database management system (DBMS) is useful in situations where:
Rapid development of applications is required and pre-programmed functions can be used to provide those applications along with other support features such as security, error recovery, and access control.

A DBMS is called for when the required skilled programming resources are not available, information to be stored and accessed is common to many organizational business units, the processing requirements change frequently and timely responses are required for queries on the data.