Q1>What are the requirements of secure operating system

Most modern information computer systems provide concurrent execution of multiple applications in a single physical computing hardware (which may contain multiple processing units). Within such a multitasking, time-sharing environment, individual application jobs share the same resources of the system, e.g., CPU, memory, disk, and I/O devices, under the control of the operating system. In order to protect the execution of individual application jobs from possible interference and attack of other jobs, most contemporary operating systems implement some abstract property of containment, such as process (or task) and TCB (Task Control Block), virtual memory space, file, port, and IPC (Inter Process Communication), etc. An application is controlled that only given resources (e.g., file, process, I/O, IPC) it can access, and given operations (e.g., execution or read-only) it can perform.

· Use of unprotected system resources illegitimately. For example, a worm program launches attack via emails to all targets in the address book of a user after it gets control in a user account.

· Subversion of application enforced protection through the control of underneath system. For example, to deface a Web site by gaining the control of the Web server of the site, say changing a virtual directory in Microsoft IIS.

· Gain direct access to protected system resources by misusing privileges. For example, a compromised “sendmail” program running as root on a standard Unix OS will result in super user privileges for the attacker and uncontrolled accesses to all system resources.

· Furnish of bogus security decision-making information. For example, spoof of a file handle of Sun’s NFS may easily give remote attackers gaining access to files on the remote file server.

Q2>what does database security mean.

Database security refers to the collective measures used to protect and secure a database or

database management software from illegitimate use and malicious threats and attacks.

It is a broad term that includes a multitude of processes, tools and methodologies that ensure

security within a database environment.

Database security concerns the use of a broad range of information security controls to protect

databases (potentially including the data, the database applications or stored functions, the

database systems, the database servers and the associated network links) against compromises of

their confidentiality, integrity and availability. It involves various types or categories of controls, such

as technical, procedural/administrative and physical. Database security is a specialist topic within the

broader realms of computer security, information security and risk management.

Database security is generally planned, implemented and maintained by a database administrator

and or other information security professional.

Some of the ways database security is analyzed and implemented include:

Restricting unauthorized access and use by implementing strong and multifactor access and

data management controls.

Load/stress testing and capacity testing of a database to ensure it does not crash in a

distributed denial of service (DDoS) attack or user overload.

Physical security of the database server and backup equipment from theft and natural

disasters

Reviewing existing system for any known or unknown vulnerabilities and defining and

implementing a road map/plan to mitigate them.

Security risks to database systems include, for example:

Unauthorized or unintended activity or misuse by authorized database users, database

administrators, or network/systems managers, or by unauthorized users or hackers (e.g.

inappropriate access to sensitive data, metadata or functions within databases, or inappropriate

changes to the database programs, structures or security configurations);

Malware infections causing incidents such as unauthorized access, leakage or disclosure of

personal or proprietary data, deletion of or damage to the data or programs, interruption or

denial of authorized access to the database, attacks on other systems and the unanticipated

failure of database services;

Overloads, performance constraints and capacity issues resulting in the inability of authorized

users to use databases as intended;

Physical damage to database servers caused by computer room fires or floods, overheating,

lightning, accidental liquid spills, static discharge, electronic breakdowns/equipment failures and

obsolescence;

Design flaws and programming bugs in databases and the associated programs and systems,

creating various security vulnerabilities (e.g. unauthorized privilege escalation), data

loss/corruption, performance degradation etc.;

Data corruption and/or loss caused by the entry of invalid data or commands, mistakes in

database or system administration processes, sabotage/criminal damage etc.

Q3>what is SSL and SET.

1. SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

The Secure Socket Layer (SSL) and Transport Layer Security (TLS) is the most widely deployed security protocol used today. It is essentially a protocol that provides a secure channel between two machines operating over the Internet or an internal network. In today’s Internet focused world, the SSL protocol is typically used when a web browser needs to securely connect to a web server over the inherently insecure Internet.

Technically, SSL is a transparent protocol which requires little interaction from the end user when establishing a secure session. In the case of a browser for instance, users are alerted to the presence of SSL when the browser displays a padlock, or, in the case of Extended Validation SSL, when the address bar displays both a padlock and a green bar. This is the key to the success of SSL – it is an incredibly simple experience for end users

Secure Electronic Transaction- Although the technology already is in place, I-commerce (Internet Commerce) hasn’t really taken off. The primary reason for this reluctance is that most consumers still consider financial transactions over the Internet unsafe. In Europe the use of credit cards online is further hindered by national legislation, that in some countries prohibit online credit card transactions because these are considered not fulfill the requirement that all card transactions must be physically signed by the cardholder. In order to eliminate this barrier to the evolution of Icommerce, a consortium headed by Visa and MasterCard has developed a standard for secure electronic transactions (SET). SET is a complex standard combining advanced cryptography for safe data transfer, and hashing technologies for data integrity, with digital certificates for authentication of the parties involved in the transaction. Being such a complicated standard there have been quite some problems with developing and now with implementing it. Another is the issue of systems integration between merchant side SET-applications and the business systems already in use. These and many 8 other must be answered before we can expect SET to become a widely implemented standard.

The purpose of this Project is to research how Internet commerce applications can be made SET compliant, and to develop a prototype that clarifies the systems integration process and the main problem areas of the technology involved.. The task is to develop a prototype to evaluate the difficulties of systems integration between the SET application and the merchant I-commerce system.

Q4>what is antivirus software and how does it work

An anti-virus software program is a computer program that can be used to scan files to identify and

eliminate computer viruses and other malicious software(malware).

Anti-virus software typically uses two different techniques to accomplish this:

Examining files to look for known viruses by means of a virus dictionary

Identifying suspicious behavior from any computer program which might indicate infection

Most commercial anti-virus software uses both of these approaches, with an emphasis on the virus

dictionary approach.

Virus dictionary approach

In the virus dictionary approach, when the anti-virus software examines a file, it refers to a dictionary

of known viruses that have been identified by the author of the anti-virus software. If a piece of code in

the file matches any virus identified in the dictionary, then the anti-virus software can then either

delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to

spread, or attempt to repair the file by removing the virus itself from the file.

To be successful in the medium and long term, the virus dictionary approach requires periodic online

downloads of updated virus dictionary entries. As new viruses are identified "in the wild", civically

minded and technically inclined users can send their infected files to the authors of anti-virus software,

who then include information about the new viruses in their dictionaries.

Dictionary-based anti-virus software typically examines files when the computer's operating system

creates, opens, and closes them; and when the files are e-mailed. In this way, a known virus can be

detected immediately upon receipt. The software can also typically be scheduled to examine all files

on the user's hard disk on a regular basis.

There are various methods of encrypting and packing malicious software which will make even well-

known viruses undetectable to anti-virus software. Detecting these "camouflaged" viruses requires a

powerful unpacking engine, which can decrypt the files before examining them. Unfortunately, many

popular anti-virus programs do not have this and thus are often unable to detect encrypted viruses.

Companies that sell anti-virus software seem to have a financial incentive for viruses to be written and

to spread, and for the public to panic over the threat.

Q5 write short note –

1> Embedded operating system

An embedded operating system is an operating system for embedded computer systems. These

operating systems are designed to be compact, efficient at resource usage, and reliable, forsaking

many functions that non-embedded computer operating systems provide, and which may not be

used by the specialized applications they run. They are frequently also referred to as real-time

operating systems, and the term RTOS is often used as a synonym for embedded operating system.

Usually, the hardware running an embedded operating system is very limited in resources such

as RAM and ROM therefore systems made for embedded hardware tend to be very specific, which

means that due to the available resources (low if compared to non-embedded systems) these

systems are created to cover specific tasks or scopes. In order to get advantage of the processing

power of the main (or only) CPU, system creators often write them in assembly. This machine

efficient language "squeezes" the potentiality in terms of speed and determinism, which means

maximizing the responsiveness of the operating system. Though, it is not an absolute rule that all

embedded operating systems are written in assembly language, as many of them are written in more

portable languages, like C.

An important difference between most embedded operating systems and desktop operating systems

is that the application, including the operating system, is usually statically linked together into a

single executable image. Unlike a desktop operating system, the embedded operating system does

not load and execute applications.[1] This means that the system is only able to run a single

application.

2> Compnents of wireless network

Wireless networking equipment includes wireless hubs, switches, routers, and cards.

Each type of wireless networking component use an Ethernet connection to interface with

a computer, printer, or other wired devices. Most desktop and laptop computers come

with built-in Ethernet adapters and simply need to be connected to a dial-up, cable, or

DSL modem. A wired computer can be connected to a modem through a wireless hub or

wireless switch instead, to create a wireless network.

Wireless networking routers are wireless networking components that act as a gateway between an Internet connection, such as a cable modem, and a wireless network. Broadband routers are a combination of an access point and a switch, usually consisting of four Ethernet ports to allow more devices on the network, such as a printer, and a wide area network (WAN) port for the broadband connection. Broadband wireless routers include built-in dynamic host configuration protocol (DHCP) servers, which automatically assign IP addresses to each device connected to the router. The benefit of a wireless networking router over a wireless hub is the multiple connection capability and additional security features, such as a firewall. Most computers produced today come with built-in wireless adapters that automatically detect a wireless network. Older computers can be outfitted with wireless network components such as a wireless networking card. Wireless networking cards detect and interface with a wireless network and come in a variety of networking standards. 

he key hardware components of a wireless computer network includeadapters, routers and access points, antennas andrepeaters.