Software Analysis and Design
Bldg/Room: BYAC-270 (ASU, Tempe)
Course portal: http:/my.asu.edu (CSE 460/598)
Design Patterns: Elements of Reusable Object-Oriented Software (DP), E.
Gamma, R. Helm, R. J
An Interactive Sentiment Analysis Application
In this report, we present the implementation and application of a sentiment analysis classifier to architect the behavior of
a Twitter response b
Conducting penetration testing to measure overall security posture.
I would say that conducting penetration testing to measure overall security posture is most important.
For instance, penetration testing would allow to see system security from an attacke
Explain rootkits and how they can be used to attack systems. What is the most dangerous
aspect of a rootkit? Why?
The rootkit is an application that hides itself or other applications on a system by staying in the
lower layer of the system that makes them
Define scanning and why its considered one of the most important phases of intelligence
gathering for an attacker. Discuss what kind of information is collected through scanning
and explain why it is important to security practitioners and to hackers.
Describe different types of handheld or mobile devices, including smartphones, music players, or
wireless storage devices and identify ways an attacker can hack into handheld devices. Include at
least two examples in your answer.
The different types of ha
Describe and discuss three of the Web Application Threats discussed in your text book. Use the Internet to
research one the threats find a case in which one of these attacks was successfully used to breach a
system. Give details about the attack.
Apple. (2015). About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004 Apple Support. Retrieved from https:/support.apple.com/en-us/HT204659
Khandelwal, S. (2015). Apple Failed to Patch Rootpipe Mac OS X Yosemite Vulne
Explain what database hacking is and why databases are targeted by hackers.
A database is a collection of information that is available in an organized way so it could be
easily accessible, managed and updated when needed. Computer databases typically con
Web server attacks are some of the most public and horrific attacks that a company can face in today's
connected web. Research and describe a recent company that has fallen victim to a web server attack.
Describe how the attacker gained access, what the a
Discuss the risks associated with Penetration Testing and steps (if any) needed to minimize
the risk to both the tester and the client.
Penetration testing is a process to evaluate the security safeguards of an IT infrastructure. The
system is attacked by
Discuss the role of security practitioners and penetration testers by defining concepts such
as hacker, cracker, ethical hacker, and script kiddies. Include in your discussion the
classifications of ethical hackers. Do you think hacking can be an ethical
1. The question asked you to identify the kind of password attack where the attacker has some
information about the password. The correct response is 'rule-based.'
2. The question asked you about the nature of a file holding a lot of information, some of
1. The question asked you to identify the spoofing technique that allows an attacker to choose the path a
packet will take through the Internet. The correct answer is source routing.
2. The question asked you about discovering ports that might be open on
1. The question asked you about the mechanism MySQL uses to prevent SQL injection attacks. The
correct response is 'It replaces single quotation marks with escaped single quotation marks'.
2. The question asked you how SQL injection attacks exploit buffer
1. The question asked you to identify what session hijacking takes advantage of. The correct response is
a 'trust relationship.'
2. The question asked you about an attacker sending packets to a target host using a spoofed IP address
of a trusted host on a
Test 2, page 1 of 5 pages
Out: 6 Jul 10, Due: 13 Jul 10
1. (1 point) A free point just for following directions! Put your name at the top of every sheet and provide auxiliary
numbering if you need extra sheets. For example, if you cannot t
Test 1, page 1 of 10 pages
Out: 17 Jun 10, Due: 22 Jun 10
1. (1 point) A free point just for following directions! Put your name at the top of every sheet and provide auxilliary
numbering if you need extra sheets. For example, if you cannot
Quiz 8 - 9, page 1 of 3 pages
Out: 22 Jul 10, Due: 27 Jul 10
Instructions: This is a take-home quiz. It is worth twice the value of normal quizzes. It is an open-book, open-notes quiz.
However, you may not discuss the quiz among yourselves.
Quiz 7, page 1 of 1 pages
Out: 20 Jul 10, Due: 20 Jul 10
You are given a language L on alphabet and a Turing machine M = (Q, , , , q0 , 2, F ) : wi L, M performs
a computation of the form q0 wi
the form q0 wj
y1 qfj y2 , where qfj F . I
Describe the algorithm for and build the transition graph of a stayoption Turing machine that reads a 2s complement binary
number, n. If n < 0 the machine should output a 1, otherwise it
should output a 0. The computations are symbolically shown
Prove L = cfw_w : na(w) > nb(w) is not a linear contextfree language
Solution: use the pumping lemma for linear contextfree languages
Try w L = amb2mam+1. As shown below, the
inequality |uvyz| m forces both v and y to contain
Let G = (cfw_S, A, cfw_a, b, S, cfw_S a | bSA, A a | bA). Show
the transitions for a npda that accepts all strings
generated by the grammar
You should notice it is in GNF, thus
(q0, , Z) =
Let G be a context-free grammar with production
Find equivalent grammar with no unit-productions.
Line 2: variable dependency graph S
Line 3: E = cfw_(S, A), (S, B), (A, B), (B, A)
Line 4 non-unit productions include the following
Use the pumping to show that
Pumping lemma: true for all regular languages L
First select an arbitrary m.
Now choose w = ambm = xyz L
Per pumping lemma |xy| m and |y| > 1
Obviously this forces y = ak
Therefore w = ambm = (x)(y)(z) =
Linearized suffix trees
Virtual suffix trees
Enhanced suffix arrays
Suffix cactus, suffix vectors,
String any sequence of characters.
Substring of string S string composed of
characters i through j,
Binary Tries (continued)
Similar to split algorithm for unbalanced binary
Construct S and B on way down the trie.
Follow with a backward cleanup pass over the
constructed S and B.
Suppose you are at node x, which
Digital Search Trees & Binary Tries
Analog of radix sort to searching.
Keys are binary bit strings.
Fixed length 0110, 0010, 1010, 1011.
Variable length 01, 00, 101, 1011.
Application IP routing, packet classification,
IPv4 32 bit IP addr
Bottom-Up Splay TreesAnalysis
Actual and amortized complexity of join is
Amortized complexity of search, insert, delete,
and split is O(log n).
Actual complexity of each splay tree operation
is the same as that of the associated splay.