Professional Documents
Culture Documents
e Objective: 1. To explain the principles of Distributed database for designing 2. To narrate the concepts of Object oriented databases to real world 3. To elaborate the process of Enhanced data model design 4. To examine the techniques to deploy the client server model 5. To discuss the big data storage using Data Warehouse 6. To identify the patterns using Data Mining techniques 7. To describe the design issues of various emerging databases like web databases and mobile databases 8. To frame a database for a given application 9. To work with the concepts of temporal database 10. To identify the research issues in database design 11. To justify the use of particular database among various databases 12. To illustrate the principles of Distributed database for designing! 13. To explain the concepts of Object oriented databases to real world : CS9221 : Database Technology : ME (CSE) II Semester : Mr.M.Arun : Dr.K.Muneeswaran : 06.02.2013 : 1
Course Prerequisite: Data structure Algorithms Operating System-DBMS- Any programming language Course OutcomesProgramme Outcomes mapping (3- Substantially, 2-Moderately, 1-Slightly)
S. No 1. 2.
Course Outcomes To apply the principles of Distributed database for designing To apply the concepts of Object oriented databases to real world
Programme Outcomes 1 2 1 2 2 1 2 1 2 2 2 3 3 3 3 3 3 3 3 2 2 2 2 3 2 2 2 2 2 2 2 1 2 4 5 6 7 8 9 10 2 11 12 1
3. 4. 5. 6.
To design an Enhanced data model To deploy the client server model To store big data using Data Warehousing techniques To retrieve the patterns using Data Mining techniques
7.
various emerging databases like web databases and mobile databases 8. To design of database for a given application 9. 10. To design of temporal database To identify the research issues in database design 11. 12. To justify the use of particular database among various databases To apply the principles of Distributed database for designing 13. To apply the concepts of Object oriented databases to real world 3 3 2 2 2 2 2 3 3 2 2 1 1 3 2 2 3 3 2 1 1 2 3 2 2 2 2 2 3 2 2 3 2 2 1 1 2 3 2 3 2 2 2
Distributed Databases Vs Conventional Databases Architecture Fragmentation Query Processing Transaction Processing Concurrency Control Recovery. UNIT II OBJECT ORIENTED DATABASES 10
Introduction to Object Oriented Data Bases - Approaches - Modeling and Design - Persistence Query Languages - Transaction - Concurrency Multi Version Locks - Recovery. UNIT III EMERGING SYSTEMS 10
Enhanced Data Models - Client/Server Model - Data Warehousing and Data Mining - Web Databases Mobile Databases. UNIT IV DATABASE DESIGN ISSUES 10
ER Model - Normalization - Security - Integrity - Consistency - Database Tuning - Optimization and Research Issues Design of Temporal Databases Spatial Databases. UNIT V CURRENT ISSUES 10
Rules - Knowledge Bases - Active and Deductive Databases - Parallel Databases Multimedia Databases Image Databases Text Database TOTAL-45 H REFERENCES: R1. Elisa Bertino, Barbara Catania, Gian Piero Zarri, Intelligent Database Systems, AddisonWesley, 2001. R2. Carlo Zaniolo, Stefano Ceri, Christos Faloustsos, R.T.Snodgrass, V.S.Subrahmanian, Advanced Database Systems, Morgan Kaufman, 1997. R3. N.Tamer Ozsu, Patrick Valduriez, Principles of Distributed Database Systems, Prentice Hal International Inc., 1999. R4. R5. C.S.R Prabhu, Object-Oriented Database Systems, Prentice Hall Of India , 1998. Abdullah Uz Tansel Et Al, Temporal Databases: Theory, Design and Principles, Benjamin Cummings Publishers, 1993. R6. Raghu Ramakrishnan, Johannes Gehrke, Database Management Systems, Mcgraw Hill, Third Edition 2004. R7. Henry F Korth, Abraham Silberschatz, S. Sudharshan, Database System Concepts, Fourth Ediion, Mcgraw Hill, 2002. R8. R. Elmasri, S.B. Navathe, Fundamentals Of Database Systems, Pearson Education,
COURSE SCHEDULE Sl. N Topics (EL stands for Embedded Laboratory) o MODULE I: DISTRIBUTED DATABASES Introduction to Distributed Processing, Distributed database Architecture Distribution design issues Fragmentation Query processing and Optimization Transaction Processing Concurrency control Recovery Sub Total MODULE II: OBJECT ORIENTED DATABASES 9. 10. 11. 12. 13. 14. 15. 16. Introduction to Object Oriented Data Bases Approaches Modeling and Design Persistence Query Languages Transaction Concurrency Multi Version Locks, Recovery. Sub Total MODULE III: EMERGING SYSTEMS 17. 18. 19. Enhanced data model Client Server model Data warehousing 2 1 2 1 2 1 1 2 1 2 1 1 2 11 1 1 1 2 2 2 2 2 13
No. of Periods
Date of coverage
1. 2. 3. 4. 5. 6. 7. 8.
Sl. N Topics (EL stands for Embedded Laboratory) o 22. Mobile database Sub Total MODULE IV: DATABASE DESIGN ISSUES 23. ER Model 24. 25. 26. 27. 28. Normalization Security Integrity Consistency Database Tuning Optimization 29.
No. of Periods 2 10
Date of coverage
1 1 1 1 2 1
1 and Research Issues Design of Temporal Databases Spatial database Sub Total 2 1 11
30. 31.
MODULE V: CURRENT ISSUES 32. 33. 34. 35. 36. 37. 38. Rules - Knowledge Bases Active Databases Deductive Databases Parallel Databases Multimedia Databases Image Databases Text Database Sub Total Total No. of periods 2 1 1 2 1 1 1 09 54
DELIVERY PLAN FOR THE LEARNING UNITS (LU) MODULE I - DISTRIBUTED DATABASES Overview This module briefs the differences between distributed database and conventional database. This deals with distributed database architecture. This explains the distributed storage techniques like fragmentation. This module deals with distributed query processing, transaction processing, and concurrency control. This module overviews the recovery techniques. .
LU -1: Distributed Databases Vs Conventional Databases Architecture (2 Period) LU Objectives 1. 2. To Identify the difference between distributed database and conventional database To apply the architecture of the distributed database for designing.
LU Outcomes 1. 2. Differentiate distributed database and conventional database Identify the components of the distributed database architecture
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.N o 1. 2. 3. 4. 5. 6. Test Questions Define homogeneous database Define heterogeneous database What is distributed database? What is centralized database? Mention the different types of distributed database architecture Explain any one distributed database architecture Level R R R R R R
LU -2: Distribution design issues -Fragmentation (1 Period) LU Objectives 1. 2. Design distributed data storage for the given data Apply distributed query processing mechanisms to solve data retrieval problems
LU Outcomes 1. 2. 3. Identify the different data storage methods Design of distributed data storage using fragmentation Generate distributed query processing steps for data retrieval
Sl.No 1. 2. 3.
Test Questions What is horizontal fragmentation? What is vertical fragmentation? in the C language Given relation EMP let p1: TITLE < Programmer and p2: TITLE > Programmer be two simple predicates. Assume that character strings have an order among them, based on the alphabetical order. Perform a horizontal fragmentation of relation EMP with respect to {p1, p2}. Explain why the resulting fragmentation (EMP1, EMP2) does not fulfil the correctness rules of fragmentation
Level R R A
LU3: Query processing and optimization (1 Period) LU Objectives 1. To explain the objectives of query processing 2. To explain the characteristics and layers of query processing LU Outcomes 1. 2. Identify the query processing mechanisms. Realize the characteristics and layers of query processing
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No Test Questions 1. Define query processing in a distributed environment. 2. Illustrate the importance of site selection and communication for a chosen relational algebra query against a fragmented database. 3. List the characteristics of distributed query processing. 4. Describe the layer architecture of query processing 5. What is query optimization? Level R R R R U
LU4: Transaction Processing (1 Period) LU Objectives 1. 2. To explain the principles of distributed transaction processing To differentiate distributed and centralized transaction processing.
LU Outcomes 1. 2. 3. Identify examples for distributed transaction processing. Specify the principles of distributed transaction processing Identify the difference between distributed and centralized transaction processing.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No Test Questions Level
1. 2. 3.
Explain the difference between distributed and centralized transaction processing With example explain distributed and remote transactions Write about two phase commit mechanism
R R R
LU5: Concurrency control - (1 Period) LU Objectives 1. To study various concurrency control protocol 2. To understand the concept of concurrency control in distributed environment LU Outcomes 1. 2. Present the methods of concurrency control Implement the concurrency control techniques in distributed system
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. Test Questions What is concurrency control in distributed environment? Explain about locking protocols. Give the advantages and disadvantages of primary copy 2PL protocol and distributed 2PL protocol. Write about time stamp based protocols with example. Explain distributed dead lock management and also discuss how it differs from centralized deadlock management. Explain the types of distributed deadlock detection. Level R R R R U R
LU6: Recovery (1 Period) LU Objectives 1. To apply recovery techniques in case of data loss 2. To study various recovery techniques and apply LU Outcomes 1. 2. Explore various recovery techniques for different kinds of data loss Implement the recovery schemes for data loss
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. Test Questions Define fuzzy check point What is write ahead logging (WAL) Explain shadow paging Explain ARIES technique for recovery. Quote any two situations where shadow paging is applicable. Level R R R R U
MODULE-II - OBJECT ORIENTED DATABASES - Overview This module introduces the object oriented database. It deals with approaches and design. This explains the persistence concepts. This module overviews transaction processing, concurrency control and recovery techniques for object oriented database.
LU Objectives 1. 2. To apply the concepts of Object Oriented Data Bases. To define object oriented database and study various concepts involved
LU Outcomes 1. 2. Realize the need of object oriented database Work with object oriented database and the terms used
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. Test Questions What are complex data? What are the limitations of conventional database? Why we go for object oriented database? Name any two applications where OODB is used. Define persistent object. Give e.g. Define transient object. Give e.g. Define object oriented database. Give examples of Object Oriented Database. Differentiate object oriented database and object relational database. Level R R U A R R R R R
LU -8: Approaches (1 Period) LU Objectives 1. 2. To study the various approaches of object oriented database To design of object oriented database
LU Outcomes 1. 2. Elaborate the various approaches involved in the object oriented database Illustrate abstract object, descriptor object and behavioral object and model object oriented database
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. Test Questions List the approaches used for designing object oriented database Give examples for relational extension approach. Briefly discuss about object oriented databases Sembase, Daplex, IFO. What is an object? What is behavioral object? Define generalization. Define specialization. What is encapsulation? Design an object oriented database for a car manufacturing company. Level R U L A L A A R A
LU -9: Modeling and Design-persistence (1 Period) LU Objectives 1. 2. To define the concept of persistence. To elaborate the need for persistent programming language and discuss persistent C++ System
LU Outcomes 1. 2. Realize the need for persistent programming language Design using ODMG C++ object definition language and ODMG C++ object manipulation language
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Test Questions What is persistent programming language? Differentiate persistent programming language and embedded SQL. Define iterators. Write the persistent C++ definition for the object branch with attributes branch-name, address and assets. Level R R A A
LU Objectives 1. 2. 3. To analyze the features of SQL. To understand the need for query languages. To classify the SQL
LU Outcomes
10
1. 2. 3.
Identify the characteristics of SQL. Realize the applications of SQL Apply DDL,DML,DCL,TCL in SQL syntax
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. Test Questions Explain about Procedural language. Explain about non-procedural language. List the shared variables in embedded SQL. List the three main approaches to database programming. What are the advantages and disadvantages of each approach? When are stored procedures useful? Give an example. What is meant by SQL? State the need for SQL. What are the advantages of SQL? What is meant by database schema? What are the basic data types available for attributes in SQL Define Primary Key. Define Candidate Key Define Super key. How can the key and foreign key constraints be enforced by the DBMS? How does SQL implement the entity integrity and referential integrity constraints of the relational data model? Explain with an example. Explain how the GROUP BY clause works. What is the difference between the WHERE and HAVING clause? Discuss how NULLs are treated in comparison operators in SQL. How are NULLs treated when aggregate functions are applied in an SQL query? How are NULLs treated if they exist in grouping attributes? Level U U U R L R R R R R R R R L L L L
LU -11 - EL Transaction- Concurrency Multi Version Locks - Recovery 2- (2 Periods) LU Objectives 1. 2. 3. To Understand transaction processing in object oriented database environment To Elaborate concurrency control mechanism in OODB To Identify various recovery techniques
LU Outcomes 1. 2. 3. Elaborate transaction processing in OODB Understand concurrency control protocols Categorize the recovery techniques and explain the various techniques
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Test Questions List the different states of a transaction List the properties satisfied by any transaction Define atomicity List the various concurrency control protocols Level R R R R
11
5. 6. 7.
Explain lock based protocol Explain graph based protocol Consider the following two transactions: TA: read(A); read (B); if A=0 then B=B+1; write(B); TB: read(B); read(A); if B=0 then A=A+1; write(A) Add lock and unlock instructions to transactions TA and TB, so that they observe the two-phase locking protocol. Can the execution of these transactions result in dead lock? Mention the types of failures How recovery is done by check point mechanism?
R R A
8. 9.
R U
MODULE-III - EMERGING SYSTEMS - Overview This module explains the enhanced data model to design the database for real world application. This extends the ER model. Also, deals with client server model. To understand the storage of large data collected from various sources, data warehousing techniques are discussed. To retrieve the useful patterns from the large data, data mining algorithms are discussed. To handle web and mobile applications, database concepts are extended to deal with web database and mobile database.
LU -12 Enhanced Data Models (1 Period) LU Objectives 1. 2. To Study the concepts of enhanced data model To Design an enhanced data model for real world applications.
LU Outcomes 1. 2. Realize the need for enhanced data model, generalization concepts. Illustrate the design of real world application using EER model and specialization
Resource Reference 1. R8
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. Test Questions Define superclass with e.g. Define subclass with e.g. Differentiate ER and EER model Discuss aggregation and composition with e.g. Using enhanced data model design a university database for the following situation. University person entities are classified into faculty and student disjoint sets. Students are registering for a course which is handled by instructor researchers (graduate students). Faculty is advisors to graduate students. Instructor researchers class is a category with super class of faculty and graduate students. Faculties are having sponsored research projects with a grant supporting instruction researchers. Grants are sanctioned by different agencies. Faculty belongs to different departments. Level R U A R L
12
LU -13 Client/Server Model (1 Period) LU Objectives 1. To Deploy various client server models.
LU Outcomes 1. 2. Use the different architecture of a client server model to deploy Elaborate the architecture of a client server model
Sl.No 1. 2. 3.
Test Questions What is 2 tier and 3 tier architecture? Discuss the different types of client server mode Design a database server and transaction server.
Level R R A
LU4: Data Warehousing and Data Mining (2 Period) LU Objectives 1. 2. To study the various architecture of a data warehouse and the operations involved with the storage To retrieve patterns using data mining techniques
LU Outcomes 1. 2. 3. Design the different schema of a data warehouse Elaborate the design process for different schemas Generate the different data mining techniques.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 6. Test Questions Define data warehouse Discuss star schema and snow flake schema of a data warehouse Design a data warehouse for sales analysis system What is data mining? Describe the decision tree classifier with e.g. Level R R A R R
13
LU -12 Web Databases- Mobile Databases (2 Period) LU Objectives 1. To study the architecture of a web database and apply the transaction and concurrency control mechanisms and issues 2. To Study the architecture of a mobile database and apply the transaction and concurrency issues LU Outcomes 1. 2. Elaborate the design of a web database Describe the architecture of a mobile database with research issues
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. Test Questions What is web database? Explain the architecture of a web database. Construct a web database application. What is the need for a mobile database? Discuss the issues related to the design of a mobile database with respect to transaction and concurrency mechanisms. Create an application using mobile database. MODULE IV - DATABASE DESIGN ISSUES Overview This module explains the conceptual design of the database application using Entity-Relationship model (ER model). It explains the mapping process between ER model and table design. Relational schema is designed with optimization process using various normal forms. It discusses the integrity and security constraints to maintain the consistency in the database. To get effective usage of database, tuning is also discussed. Optimization and research issues in various databases are discussed. Also, deals with the design of temporal database and spatial database. Level R U A R U
6.
LU -13: ER Model (1 Period) LU Objectives 1. 2. To understand ER model design process To model a database application using ER model.
LU Outcomes 1. 2. Use ER model to model a database Design of ER model for various applications
14
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. Test Questions Define entity and attribute Differentiate strong and weak entity set Define derived attribute and multi valued attribute Define relationship sets The musical company wants to store information about the musicians who perform on its albums. Each musician has a musician id, a nme, an address, and a phone number. Some musicians may have the same address and some of the may have more then one phone number. Each musician may play several instruments and an instrument and may be played by several musicians. Each instrument has name and a musical key. The album recorded has a title, a copyright date, a format and an album identifier. Each album has a number of songs, where a song has a title and an author. Each song may be performed by several musicians and a musician may perform a number of songs. One of the musicians of the song acts as a producer. A producer may produce several albums. i) Draw an E-R diagram. ii) Transform the E-R diagram to a Relational Schema. Explain any one distributed database architecture Level R R R R L
7.
LU -14: Normalization (1 Period) LU Objectives 1. 2. To discuss the various normal forms To apply normalization techniques to design a database
LU Outcomes 1. 2. Identify various normal forms with e.g. Elaborate normalization process with e.g
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.N o 1 2 3 4. Test Questions Define normalization List the various normal forms Compare BCNF and 3NF Normalize the following table Empinfo(empid, branchno, branchaddr, empname, designation, workhrs) Differentiate primary and foreign key Level R R A D
5.
LU15: Security and Integrity (2 Period) LU Objectives 1. To develop integrity and security constraints to maintain consistency in the database
15
LU Outcomes 1. 2. Discuss the security and integrity constrains to database Bring out the different types of security provided to data
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1 2 3 4 5 Test Questions What is digital signature? What is encryption? Define check constraint with e.g. What is trigger? Give e.g. for assertion Level R R R R U
LU16: Database Tuning (1 Period) LU Objectives 1. To tune various database tuning parameters for performance improvement
LU Outcomes 1. 2. Identify various tuning methods to improve the database performance Apply the various database tuning techniques with parameters
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. What is What is List the List the Test Questions database tuning? benchmark? various parameters used to tune the database. different benchmark standards. Level R R R R
LU17: Research Issues Design of Temporal Databases Spatial Databases - (2 Period) LU Objectives 1. 2. To recognize the research issues in the design of database and construct temporal database and spatial database To Construct temporal database and spatial database
LU Outcomes 1. 2. Realize the research issues in database design and implementation Discuss the design of temporal database and spatial database
16
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Test Questions Discuss the research issues in designing distributed database Bring out the issues in query processing optimization Explain the research issues in mobile database Describe the various storage and retrieval techniques of spatial database Level R R R R
MODULE V - CURRENT ISSUES Overview This module explains the need for knowledge base and the concepts of Knowledge base and rule formation. It discusses the active and deductive database concepts, parallel database, multimedia database, image database and text database design and implementation.
LU18: Rules - Knowledge Bases (1 Period) LU Objectives 1. To define rules and exemplify knowledge base
LU Outcomes 1. 2. Frame rules and knowledge base Elaborate rule formation using declarative language
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions Define fact and rule. Give e.g. for declarative language. How knowledge base differs from database. Level R R R
______________________________________________________________________ LU19: Active and Deductive Databases-Parallel databases (2 Period) LU Objectives 1. 2. To construct the model for the design and implementation of an active and deductive database To analyze the various aspects of parallel database
LU Outcomes 1. 2. 3. Identify the design of active and deductive database Differentiate active and deductive database Design parallel database
Resource Reference 1. R8
17
R7:CH20 Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Test Questions Discuss event-action-model of active database with eg. Explain the relational operations in deductive database. Write briefly the parallel architecture of a database. Discuss about inter query and intra query parallelism. Level R R R R
LU Objectives 1. 2. To Justify the use of multimedia database, image database and text database To Illustrate the design of multimedia database, image database and text database storage and retrieval techniques
LU Outcomes 1. 2. Realize the need for multimedia database and handling of multimedia data Design the storage and retrieval techniques of image and text database
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. Test Questions What is multimedia database? Why we need multimedia database? Write notes on multimedia database. What is image database? What is text database? Discuss any one case study of image database. Write short notes on text database. Design an image database for retrieving faculty photo. Level R U R R R L R C
18
COURSE DETAILS ADVANCED COMPUTER ARCHITECTURE Subject Code Subject Name Semester Prepared By Approved By Effective Date Revision No. Course Objective: To review the functional components of operating system and the types of advanced operating systems. To understand how to order events in a distributed system using logical clocks. To study the various algorithms available for distributed mutual exclusion. To understand how deadlocks occur and the various methods to detect and resolve deadlocks. To study the architecture and implementation of distributed file systems. To learn the design issues and algorithms for distributed shared memory. To learn the various algorithms for load distribution in distributed systems. To study the different types of faults and the recovery methods for distributed systems. To study the design issues in multiprocessor operating systems and concurrency control in distributed operating systems Course Prerequisite: Operating Systems, Database systems, Computer organization and Architecture OutcomesProgramme Outcomes mapping (3- Substantially, 2-Moderately, 1-Slightly) Course Title : Advanced Operating Systems Programme Outcomes Course Outcomes 1 1. Identify the functional components of OS and types of advanced operating systems. 2. Compare the performance of various synchronization mechanisms in an 2 2 operating system. 3. Apply logical clocks and order events in a distributed system. 4. Analyse system. 5. Explore the design, implementation, and issues of distributed file systems. 6. Design the cache coherence protocols 1 3 2 1 3 2 2 1 the various deadlock 1 2 1 2 1 detection strategies in a distributed 2 1 1 1 2 1 1 1 2 3 4 5 6 7 8 9 10 11 12 : CS922 : ADVANCED OPERATING SYSTEMS : ME (CSE) II Semester : Ms. P. Golda Jeyasheeli : Dr. K. Muneeswaran : 06.02.2013 : 1
19
for
distributed
shared
memory of various 2 3 2
load distributing algorithms. 8. Apply fault check pointing tolerance and protocols for recovery in a 2 2 1 2 2 2 1 2 2 1
distributed system. 9. Design synchronization solutions for a multiprocessor operating system 10. Compare the working of various 2 3 2 3 1 2 2 2 concurrency control algorithms in a database operating system 3 2 2 2 2
CONCEPT MAP
20
CS 9222 ADVANCED OPERATING SYSTEMS Aim: To study about various issues in distributed operating systems like distributed mutual exclusion, distributed deadlock detection, distributed file systems, distributed shared memory and fault tolerance and also about multiprocessor and database operating systems UNIT I - INTRODUCTION 9 Overview -Functions of an Operating System Design Approaches Types of Advanced Operating System -Synchronization Mechanisms Concept of a Process, Concurrent Processes The Critical Section Problem, Other Synchronization Problems Language Mechanisms for Synchronization Axiomatic Verification of Parallel Programs -Process Deadlocks -Preliminaries Models of Deadlocks, Resources, System State Necessary and Sufficient conditions for a Deadlock Systems with Single-Unit Requests, Consumable Resources, Reusable Resources . UNIT II - DISTRIBUTED OPERATING SYSTEMS 9 Introduction Issues Communication Primitives Inherent Limitations -Lamports Logical Clock; Vector Clock; Causal Ordering; Global State; Cuts; Termination Detection. Distributed Mutual Exclusion Non-Token Based Algorithms Lamports Algorithm -Token-Based Algorithms Suzuki-Kasamis Broadcast Algorithm Distributed Deadlock Detection Issues Centralized Deadlock-Detection Algorithms -Distributed Deadlock-Detection Algorithms. Agreement Protocols Classification -Solutions Applications. UNIT III - DISTRIBUTED RESOURCE MANAGEMENT 9 Distributed File systems Architecture Mechanisms Design Issues Distributed Shared Memory Architecture Algorithm Protocols -Design Issues. Distributed Scheduling Issues Components Algorithms. UNIT IV - FAILURE RECOVERY AND FAULT TOLERANCE 9
Basic Concepts-Classification of Failures Basic Approaches to Recovery; Recovery in Concurrent System; Synchronous and Asynchronous Checkpointing and Recovery; Check pointing in Distributed Database Systems; Fault Tolerance; Issues -Two-phase and Non-blocking Commit Protocols; Voting Protocols; Dynamic Voting Protocols; UNIT V - MULTIPROCESSOR AND DATABASE OPERATING SYSTEMS 9 Structures Design Issues Threads Process Synchronization Processor Scheduling Memory Management Reliability / Fault Tolerance; Database Operating Systems Introduction Concurrency Control Distributed Database Systems Concurrency Control Algorithms. TOTAL = 45 TEXT BOOKS: 1. Mukesh Singhal and N. G. Shivaratri, Advanced Concepts in Operating Systems, McGraw -Hill, 2000 REFERENCES: 1 Abraham Silberschatz, Peter B. Galvin, G. Gagne, Operating System Concepts, Sixth Edition, Addison Wesley Publishing Co., 2003. 2 Andrew S. Tanenbaum, Modern Operating Systems, Second Edition, AddisonWesley, 2001. 3 http://deneb.cs.kent.edu/~mikhail/classes/aos.f02/ 4 http://www.coda.cs.cmu.edu/ljpaper/lj.html 5 http://www.coda.cs.cmu.edu/ 6 http://www.windowsnetworking.com/articles_tutorials/Windows2003-Distributed-FileSystem.html 7 http://www.developers.net/intelisnshowcase/view/758 8 http://csi-india.org/resource-scheduling-real-time-database-systems-operating-systemperspective
21
Course Schedule: S.No Unit I 1. 2. 3. 4. 5. 6. 7. Unit II 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. Unit III 18. 19. 20. 21. 22. 23. 24. 25. Unit IV 26. 27. 28. 29. 30. 31. 32. UNIT V 33. 34. 35. 36. Title INTRODUCTION Functions of an Operating System, Design Approaches Types of Advanced Operating System Concept of a Process, Concurrent Processes, The Critical Section Problem, Other Synchronization Problems Language Mechanisms for Synchronization: monitors Process Deadlocks, Preliminaries , Models of Deadlocks, resources System State ,Necessary and Sufficient conditions for a Deadlock Systems with Single-Unit Requests, Consumable Resources, Reusable Resources DISTRIBUTED OPERATING SYSTEMS Introduction, Issues Communication Primitives Inherent Limitations of a distributed system Lamports Logical Clock, Vector Clock ,Causal Ordering Global State; Cuts; Termination Detection. Distributed Mutual Exclusion, Non-Token Based Algorithms Token-Based Algorithms, Suzuki-Kasamis Broadcast Algorithm Distributed Deadlock Detection, Centralized DeadlockDetection Algorithms Distributed Deadlock-Detection Algorithms. Agreement Protocols DISTRIBUTED RESOURCE MANAGEMENT Distributed File systems, Architecture Design Issues Case Studies Distributed Shared Memory, Architecture, Algorithm Protocols, Design Issues Case Studies Distributed Scheduling, Issues,Components Algorithms FAILURE RECOVERY AND FAULT TOLERANCE Recovery- Basic Concepts, Classification of Failures Basic Approaches to Recovery Recovery in Concurrent System No. of periods 1 1 2 1 1 1 2 Reference Date of Coverage
1 1 1 2 1 2 1 2 1 1 1 1 1 1 1 1 2 1 1 1 1
Ch 4.1 -4.5 Ch 4.7 Ch 5.1,5.2 Ch 5.3 5.5 Ch 5.6-5.8 Ch 6.1 6.8 Ch 6.10,6.11 Ch 7.1-7.6 Ch 7.7 Ch 8 Ch 9.1-9.3 Ch 9.4 Ch 9.5 Ch 10.110.3 Ch 10.5,10.6 Ch 10.7 Ch 11.1 11.5 Ch 11.6 Ch 12.112.3 Ch 12.4,12.5 Ch 12.6,12.7 Ch 12.8,12.9 Ch 12.10 Ch 13.113.3 Ch 13.6 Ch 17.117.4 Ch 17.5 Ch 17.6 Ch 17.7
Synchronous and Asynchronous Checkpointing and 2 Recovery Check pointing in Distributed Database Systems 1 Fault Tolerance, Two-phase and Non-blocking Commit 2 Protocols Voting Protocols, Dynamic Voting Protocols 2 MULTIPROCESSOR AND DATABASE OPERATING SYSTEMS Structures, Design Issues, threads 1 Process Synchronization Processor Scheduling Memory Management 2 1 1
22
Reliability / Fault Tolerance Database Operating Systems Introduction Concurrency Control: Theoretical Aspects Distributed Database Systems Concurrency Control Algorithms. Total No. of Hours
1 1 1 1 2 52
Internal Marks Assessment (Max. 100) Three tests each carrying 100 marks shall be reduced to 75 marks and remaining 25 marks will be given for regular attendance. Internal Test Syllabus Test 1 Test 2 Test 3 : : : Unit 1 & Half of II Unit Remaining half of II Unit and III Unit Unit IV, V
23
MODULE-1 INTRODUCTION Module Overview This module introduces the definitions, Design approaches, functions and types of an operating system. It deals with process synchronization and various solutions. It explains about the problem of deadlocks and the various methods for handling the deadlocks.
LU -1: Functions of an Operating System, Design Approaches(1 period) LU Objectives 1. To learn the functions of operating system. 2. To study the various approaches towards designing an operating system LU Outcomes 1. Identify the functional components of operating system. 2. Compare the various design approaches. Resource Reference 1. Ch 1.1-1.4
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. Test Questions List the functions of an operating system Compare the various design approaches Specify the advantages of layered design What is a virtual machine? Compare micro and mono kernel approach. Level R U R R U
LU -2 Types of Advanced Operating System(1 period) LU Objectives 1. To learn the different types of advanced operating systems LU Outcomes 1. Explore the differences between different advanced operating systems 2. Identify the need for a particular advanced operating system Resource Reference 1. Ch 1.5
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. Test Questions Classify the various advanced operating systems In what way a multiprocessor operating system is different from a uniprocessor operating system? List the functions of a database operating system What is a real time operating system List any two applications where real time os is used Level R R R R R
LU -3 Concept of a Process, Concurrent Processes, The Critical Section Problem, Other Synchronization Problems. (2 periods)
24
LU Objectives To learn about the concept of process and concurrent processes To study about the critical section problem To learn the solution to a few synchronisation problems LU Outcomes 1. Analyse the issues in running concurrent processes 2. Identify the need for various process related data structures 3. Apply solution to synchronisation problems Resource Reference 1. Ch 2.1 -2.5 1. 2.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. Test Questions Define a process. List the information maintained for a process by the os Draw the process state diagram What is a race condition? Explain how does a critical section avoid this condition? What is a critical section problems? List the requirements for the solution to the critical section problem What is a semaphore? List the two atomic operations on semaphore In what way semaphore is better than other synchronisation methods? Using semaphores provide solutions to producer-consumer, readerswrites, and dining philosophers problem The Sleeping Barber Problem: A barbershop consists of a waiting room with n chairs and a barber room containing the barber chair. If there are no customers to be served, the barber goes to sleep. If a customer enters the barbershop and all chairs are occupied, then the customer leaves the shop. If the barber is busy but chairs are available, then the customer sits in one if the free chairs. If the barber is asleep, the customer wakes up the barber. Write a program to coordinate the barber and the customers. Level R R R R R R R L A
LU -4 Language Mechanisms for Synchronization: monitors(1 period) LU Objectives 1. To learn about language mechanism for achieving synchronisation LU Outcomes 1. Able to provide synchronisation solutions using monitors, serilaizers and path expressions Resource Reference 1. Ch 2.6
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Test Questions Explain the working of a monitor Provide a solution to the readers-writers problem using monitors What is the draw back in using monitors and explain how is that rectified in a serializer? Consider a system consisting of processes P1, P2, ..., Pn, each of which has a unique priority number. Write a monitor that allocates three identical line printers to these processes, using the priority numbers for deciding the order of allocation Give the path expression for readers writers problem. Level R R U C
5.
25
LU -5 Process Deadlocks, Preliminaries(1 period) LU Objectives 1. To learn about deadlocks 2. To find out the various deadlock handling strategies 3. To study the various deadlock models LU Outcomes 1. Explore the definition of deadlock 2. Compare the deadlock handling strategies 3. Apply the various deadlock models Resource Reference 1. Ch 3.1-3.4
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. Test Questions Define a deadlock Compare deadlock and starvation State the causes of deadlocks List three examples of deadlocks that are not related to a computersystem environment. List the various deadlock handling strategies Compare the various deadlock models Level R U R U R U
LU -6 System State ,Necessary and Sufficient conditions for a Deadlock(1 period) LU Objectives 1. To understand safe and unsafe system state 2. To learn the necessary and sufficient condition for deadlocks LU Outcomes 1. Identify if system is in safe or unsafe state 2. Analyse the necessary and sufficient condition for deadlocks Resource Reference 1. Ch 3.5,3.6
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Test Questions Discuss the graph theoretical model for expressing the system state What is a safe and unsafe state? Explain the graph reduction method to test a system state for deadlock. Suppose there are 2 copies of resource A, 3 copies of resource B, and 3 copies of resource C. Suppose further that process 1 holds one unit of resources B and C and is waiting for a unit of A; that process 2 is holding a unit of A and waiting on a unit of B; and that process 3 is holding one unit of A, two units of B, and one unit of C.Draw the resource allocation graph. Is the system in a deadlocked state? Why or why not? Level R U R A
26
LU -7 Systems with Single-Unit Requests, Consumable Resources, Reusable Resources. (2 periods) LU Objectives 1. To study the various deadlock handling methods for different types of resources. LU Outcomes 1. Explore the ways to prevent deadlocks 2. Apply Bankers algorithm for deadlock avoidance 3. Find out if a system is deadlocked by applying deadlock detection algorithm Resource Reference 1. Ch 3.7-3.9
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. Test Questions Consider a system consisting of four resources of the same type that are shared by three processes, each of which needs at most two resources. Show that the system is deadlock free. Apply bankers algorithm and find whether the system is in a safe state. Find the total number of resources in the system. Maximum A 0 1 2 0 0 B 0 7 3 6 6 C 1 5 5 5 5 D 2 0 6 2 6 Allocation A 0 1 1 0 0 B 0 0 3 6 0 C 1 0 5 3 1 D 2 0 4 2 4 P0 P1 P2 P3 P4 Level L A
Available : 1 5 2 0
3. 4.
If a request from P1 arrives for (0,4,2,0) , can the request be granted immediately? Create an algorithm for deadlock prevention using process priorities Apply bankers algorithm and find whether the system is in a safe state. Find the total number of resources in the system. Maximum ABCD 0012 1000 1354 0632 Allocation ABCD 0012 1750 2356 0652 Available ABCD 1520
27
0014
0656
MODULE-2 DISTRIBUTED OPERATING SYSTEMS Module Overview This module discusses about the architectures of distributed systems. It deals with two logical lock schemes. It discusses the distributed mutual exclusion algorithms. It also deals with the distributed deadlock detection algorithms.
LU -8 Introduction, Issues(1 period) LU Objectives 1. To learn the motivation and architecture types of distributed operating systems 2. To study the issues in distributed operating systems LU Outcomes 1. Explore and compare the various architecture types. 2. Identify the issues in designing distributed operating systems Resource Reference 1. Ch 34.1-4.3
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Test Questions Define a distributed system List any two motivating factors for distributed systems Compare the various distributed system architecture models Discuss the issues in designing distributed systems Level L A C R
LU -9 Communication Primitives(1 period) LU Objectives 1. To learn about the various communication mechanisms in a distributed system LU Outcomes 1. Analyse the working and design issues of RPC 2. Resource Reference 1. Ch 4.7
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. Test Questions Define the message passing model Compare blocking and non blocking primitives List the benefits of synchronous primitives Expand RPC Discuss the various design issues in RPC Analyse the working of RPC under exactly once semantics Specify how remote procedures are located by the client? Level R U R R U L U
28
LU -10 Inherent Limitations of a distributed system(1 period) LU Objectives 1. To learn about the Inherent Limitations of a distributed system
LU Outcomes 1. Identify the various limitations of a distributed system Resource Reference 1. Ch 5.1,5.2
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions List the two basic limitations of a distributed system Analyse how absence of a global clock affects a distributed application What issues arise out of lack of global memory? Explain with an example Level R L R
LU Objectives 1. To learn about lamports logical clock and vector clock. 2. To understand how events could be ordered using logical clocks LU Outcomes 1. Apply Lamports logical clock to events. 2. Apply vector clocks to order events. 3. Analyse an algorithm for causal ordering of messages Resource Reference 1. Ch 5.3-5.5
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Test Questions Define happened before relation. What are concurrent events? Explain Lamports Logical clocks with example Write down the limitation of lamports logical clocks. Lamport defined a notion of virtual time based on event ordering the happened before relation. Show how a global total ordering of events can be achieved based on this notion of Lamports logical clocks. What is a vector clock? Explain how causal ordering of messages is done using vector clocks. Distinguish the logical and vector clocks. List out the violation of causal ordering of messages. Discuss the Birman-Schiper-Stephenson protocol for causal ordering of messages. Order the events using Lamports Logical clock and vector clock Level R R R U A U U R R A
29
P1 P2 P3
LU -12 Global State; Cuts; Termination Detection. (1 period) LU Objectives 1. To learn about global state recording 2. To study the algorithm for termination detection LU Outcomes 1. Apply Chandy Misra Global state recording algorithm 2. Apply termination detection algorithm 3. Resource Reference 1. Ch 5.6 5.8
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. Test Questions What is a global state? What problems arise in recording the global state with an example Define the following terms: 1. Local state 2.Global Stae 3. Consistent global state 4. Transitless global state Explain the Chandy Misra Global state recording algorithm Describe the role of marker messages in the chandy lamport distributed snapshot algorithm. State one drawback of this algorithm and a possible method to overcome this limitation. Discuss Huangs termination detection algorithm Mention any two distributed applications where termination detection is needed. Explain the algorithm for termination detection Level U R R U R R
LU -13 Distributed Mutual Exclusion, Non Token based algorithms (2 periods) LU Objectives 1. To learn the various non token based mutual exclusion algorithms LU Outcomes 1. Analyse the performance of non token based mutual exclusion algorithms Resource Reference 1. Ch 6.1 -6.8
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions List the two main categories of distributed mutual exclusion algorithms Can mutual exclusion algorithms for single computer system be applied to distributed systems? If not, why? State the requirements for distributed mutual exclusion Level R L R
30
4. 5. 6. 7.
8.
9.
Explain how performance of a distributed mutual algorithm can be measured Show that in Lamports algorithm the critical section is accessed according to the increasing order of timestamps. Show that in the Ricart-Agrawala algorithm, the critical section is accessed according to the increasing order of timestamps. Does the same hold true in Maekawas algorithm? What is the purpose of REPLY message in Lamports algorithm? Note that a site need not necessarily return a REPLY message in response to a REQUEST message. State the condition under which a site does not have to return a REPLY message. Also, give the new message complexity per critical section execution in this case. Maekawas mutual exclusion algorithm give the impression that message complexity of a distributed mutual exclusion can be O(sqrt(N)) instead of O(N), as in many other mutual exclusion algorithms. Discuss how Maekawas algorithm fundamentally differs from other algo rithms and what problems it poses. Calculate the synchronistaion delay, throughput, no of messages exchanged per CS in the Mekawa voting algorithm. Can deadlock occur in this algorithm? If yes, how it is handled?
R U L L
LU -14 Token-Based Algorithms, Suzuki-Kasamis Broadcast Algorithm(1 period) LU Objectives 1. To learn the various token based mutual exclusion algorithms LU Outcomes 1. Analyze the performance analysis of token based mutual exclusion algorithms Resource Reference 1. Ch 6.10,6.11
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Test Questions Explain the working of a token based mutual exclusion algorithm with an example. Analyse the performance of Suzuki-Kasami broadcast algorithm Explain how Raymons tree based mutual exclusion algorithm works with an example. Compare the performance of the two token based mutual exclusion algorithms L R R Level R
LU -15 Distributed Deadlock Detection, Centralized Deadlock-Detection Algorithms(2 periods) LU Objectives 1. To study the problem of deadlocks in a distributed system 2. To learn the centralised deadlock detection algorithms for deadlock detection. LU Outcomes 1. Identify the issues in distributed deadlock detection 2. Compare the working of centralised deadlock detection algorithms Resource Reference 1. Ch 7.1-7.6
31
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. Test Questions Explain how deadlocks can occur in a distributed system What is a wait for graph? List the deadlock handling strategies in a distributed system Discuss the issues in deadlock detection and recovery Discuss the centralized deadlock detection algorithms and compare the performance of the algorithms in terms of messages exchanged What is a phantom deadlock? How it is avoided in Ho-Ramamoorthy algorithms? Level R L R R U U
LU -16 Distributed Deadlock-Detection Algorithms. (1 period) LU Objectives 1. To study the various distributed deadlock detection algorithms LU Outcomes 1. Apply the various deadlock detection algorithms on the system state Resource Reference 1. Ch 7.7
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. Test Questions List the four classes of distributed deadlock detection Discuss how the edge chasing algorithm works What is a diffusion computation based algorithm? Discuss a few hierarchical deadlock detection algorithms Instead of using a deadlock detection algorithm, deadlocks can be handled by timeouts where a process that has waited for a specified period for a resource declares that it is deadlocked. What are the risks in using this method Discuss the impact of message loss on the various deadlock detection algorithms Suppose all the processes in the system are assigned priorities that can be used to totally order the processes. Modify Chandy Misra Hasss edge chasing algorithm, so that when a process detects a deadlock, it also knows the lowest priority deadlocked process. Consider the following scheme to reduce message traffic in distributed deadlock detection: Transactions are assigned unique priorities, and an antagonistic conflict occurs when a transaction waits for a data object that is locked by a lower priority transaction. Deadlock detection is initiated only when an antagonistic conflict occurs. When a waiting transaction receives a probe that is initiated by a lower priority transaction, the probe is discarded. a) Determine the number of messages exchanged to detect a deadlock in the best case. b) Determine the number of messages exchanged to detect a deadlock in the worst case. c) Determine the number of messages exchanged to detect a deadlock in the average case. d) Determine the saving (as a percentage) in the average number of messages exchanged under this message traffic reduction scheme, as compared to when no such scheme is used. Level R R R R L
6. 7.
8.
32
LU Objectives 1. To study the various agreement protocols LU Outcomes 1. Explore the need for agreement protocols Resource Reference 1. Ch 8
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. Test Questions What system model could be assumed for the study of agreement protocols? Discuss the model of processor failures in Agreement protocols. List the classifications of agreement protocols What is a Byzantine agreement problem? Discuss the solution to the Byzantine agreement problem. What is the upper bound on the no of faulty processors? Why? Specify a few applications for agreement protocols Show that Byzantine agreement cannot always be reached among four processors if two processors are faulty How can the blue army loyal generals reach agreement on troop strength of all other loyal generals using byzantine generals problem? Level R
R R R L A U
MODULE-3 DISTRIBUTED RESOURCE MANAGEMENT Module Overview This module explains about distributed file systems concepts like mechanisms for building distributed file systems and design issues of distributed file systems. It deals with the distributed shared memory algorithms. It also discusses the various distributed scheduling algorithms. Case studies are analysed.
LU -18 Distributed File systems, Architecture (1 period) LU Objectives 1. To learn the goals of distributed file systems 2. To study the architecture of distributed file systems 3. To understand the mechanisms involved in building distributed file systems LU Outcomes 1. Appreciate the need and goals for distributed file systems 2. Explore the architecture of distributed file systems 3. Identify the underlying mechanisms for building distributed file systems Resource Reference 1. Ch 9.1-9.3
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Test Questions List the goals of distributed file systems What is network transparency? Discuss the typical data access actions in a distributed file system with a neat flow chart. What is mounting? What will be the contents of mount table? Level R U R R
33
5. 6. 7.
Discuss how caching is used to improve the performance in a distributed file system State how a communication in a distributed file system can be made secure Discuss the various underlying mechanisms in building a distributed file system
U U R
LU -19 Design Issues ( 1 period) LU Objectives 1. To study the various design issues in distributed file system (DFS) LU Outcomes 1. Analyse the design issues and their solutions
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. Test Questions How are resources named in DFS? What is the use of a name server? Explain how caches improve performance in a DFS? Where cache is placed in the client and server? Why? Specify the various writing policies used in DFS. Compare client initiated vs. server initiated approaches to maintaining cache consistency Specify how a DFS can be made more available with replication? What is scalability? How is it achieved in a DFS? Level R R U U U U R R
LU -20 Case Studies ( 1 period) LU Objectives To learn about the architecture and design issues of Sun Network File System, Sprite File System and Coda file system LU Outcomes 1. Compare the various existing distributed file systems Resource Reference 1. Ch 9.5 1.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Test Questions Discuss the architecture of Sun Network File System. What is the caching policy in sun NFS? What are the advantages and disadvantages of a stateless server? Explain how a file is located in Sprite file system? What is the use of prefix table? Discuss the design goals and implementation of Coda file system? Analyse the caching policies of any two DFS. What is the benefit of grouping files into volumes in Coda? What is a call back mechanism? Explain the following sentence. Consistency, availability and Level R R U R R R L R R U
34
( 1 period)
1. To learn the motivation, architecture and algorithms for distributed shared memory(DSM) LU Outcomes 1. Explore the motivation, architecture of DSM 2. Compare the various algorithms for DSM Resource Reference 1. Ch 10.1-10.3
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions Discuss the architecture and motivation behind DSM Compare the working of central server algorithm with the distributed algorithm Specify the differences between read replication and full replication algorithms. Level R U U
LU Objectives 1. To learn the various coherence protocols used in DSM. 2. To understand the design issues in DSM LU Outcomes 1. Compare the working of various coherence protocols 2. Explore the design issues and the solutions in DSM. Resource Reference 1. Ch 10.4-10.6
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. Test Questions List the different memory consistency models Compare write invalidate and write update protocols. Discuss the cache coherence in PLUS system. Discuss the benefits of type specific memory coherence in Munin DSM system What is the major shortcoming of Munins type specific memory coherence protocol? Describe the design issues in DSM Level R U R R R R
LU -23 Case Studies ( 1 period) LU Objectives 1. To learn about the architecture and working of example DSMs LU Outcomes 1. To compare the working of DSMs like IVY,Mirage and Clouds Resource Reference
35
1.
Ch 10.7
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions What is the coherence protocol followed in IVY? Discuss the dynamic distributed manager scheme. Compare Mirage and Clouds DSM. Level R R U
LU -24 Distributed Scheduling, Issues,Components ( 2 periods) LU Objectives 1. To learn about scheduling tasks in a distributed system and its advantages 2. To study various issues and components in distributed scheduling LU Outcomes 1. Identify the benefits of distributed scheduled 2. Explore the issues and components in distributed scheduling Resource Reference 1. Ch 11.1-11.5
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. Test Questions How is load measured in a system? State the difference between load sharing and load balancing Compare pre-emptive and non pre-emptive job transfers. List the components of a load distributing algorithm Specify the three types of information policies Level R U U R R
LU -25 Algorithm ( 1 period) LU Objectives 1. To study the various distributed scheduling algorithms. LU Outcomes Compare the performance of sender initiated, receiver initiated and symmetrically initiated load distribution algorithms Resource Reference 1. Ch 11.6,11,7 1.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. Test Questions Discuss and compare the performance of sender initiated algorithms Explain sender initiated load sharing with threshold policy with a diagram What is the transfer policy of receiver initiated algorithms? In what way symmetrically initiated algorithms are better than sender initiated and receiver initiated algorithms? Under what situation sender initiated algorithms do better? How adaptive load distribution algorithms work? Predict the performance of the receiver initiated load sharing algorithm when the entire system workload is generated at only a few nodes in the system instead of equally at all the nodes. Identify all the overheads in a load sharing policy State the difference between load sharing and load balancing Describe the concept of distributed scheduling and explain suitable Level R U U R R L U R R
36
algorithms.
(1 Period)
LU Outcomes 1. 2. Explore the system model and the process of recovery Analyse the various types of failures and their effects.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No 1. 2. 3. 4. 5. 6. 7. Test Questions Explain about the failure models in distributed systems Differentiate error, fault and failure Classify system failures How does a communication failure affect the system? Differentiate synchronous and asynchronous check pointing Define recovery in concurrent systems. What are failures in OS? How they are classified? How are they recovered? Describe few approaches with suitable algorithm. Level R U R R L R R
(1 Period)
To learn backward and forward error recovery approaches To study the various approaches to backward error recovery
LU Outcomes 1. 2. Compare backward and forward error recovery approaches Analyse the performance of various backward error recovery approaches.
37
S. No 1. 2. 3. 4. 5. 6. 7.
Test Questions Differentiate forward and backward error recovery mechanisms. State the purpose of write ahead log What is a state based approach to error recovery? How do you recover the data when failure occurs? Distinguish between synchronous and asynchronous recovery system. Give an example for any one of the recovery algorithm and where the recovery algorithm can terminate after only one iteration. Give an example for any one of the recovery algorithm and need to execute for N iterations where N is the number of processor in the system.
Level U U R L E L L
(1 Period)
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No 1. 2. 3. 4. 5. 6. 7. 8. 9. Test Questions Define a concurrent system. What happens when you rollback a process in a concurrent system? How do you recover the data when failure occurs? Explain the problem of domino effect and orphan messages Level R U L R
List the problems that can arise during the rollback of cooperating processes.
How are lost messages handled? Define live locks. What is the difference between a deadlock and a live lock? Show that when checkpoints are taken after every K (k>1) messages are sent, the recovery mechanism can suffer from the domino effect. Assume that a process takes a checkpoint immediately after sending the Kth message but before doing anything else. Write a message complexity of any one of the rollback recovery algorithm. R U L R
(1 Period)
LU Outcomes 1. Compare the various synchronous and asynchronous check pointing and recovery algorithms.
38
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Test Questions Distinguish between synchronous and asynchronous check pointing and recovery algorithms. Explain access matrix model. Summarize the characterization of synchronous check pointing. Explain with example The Checkpoint Algorithm. Explain with example The Rollback Recovery Algorithm. Discuss scheme for Asynchronous Check pointing and Recovery. Discuss the algorithm for Asynchronous Check pointing and Recovery with example. In the synchronous check pointing algorithm, a process on receiving a take a tentative checkpoint messag e will send a similar message to all the processes in the check point cohort set. Why is this necessary? Give an example where the asynchronous recovery algorithm will need to execute |N| iterations where |N| is the number of processors in the system. Give an example where the asynchronous recovery algorithm will terminate after only one iteration. Level R R R R R R R L L L
(1 Period)
To learn the issues in check pointing and recovery in distributed database systems
LU Outcomes 1. 2. Analyse how check pointing and recovery help in maintaining consistency in a distributed database system
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No 1. 2. 3. 4. 5. 6. Test Questions Discuss the term authentication in distributed systems Define the notion of consistency in a distributed database system Discuss about the principle of distributed database systems Discuss the Agarwala check pointing algorithm Explain how a distributed data base system can recover from failure using checkpoints recorded. How synchronization issues exist in distributed database applications. Level R R R R R L
(2 Periods)
LU Objectives
39
1. 2.
To learn the different types of failures that may occur in a distributed system To study the various blocking and non blocking commit protocols
LU Outcomes 1. 2. Identify the classes of failures Compare the performance of non blocking commit protocols against blocking commit protocols
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. Test Questions What are the classifications of faults? Explain in detail about architecture of fault tolerance in database Systems Define fault tolerance Explain the characteristics of atomic actions. What steps could be taken to improve the fault tolerance of your own. Explain the concept of Generals Paradox for commit protocols. Discuss the working of two phase commit protocol Explain how site failures are handled in a distributed system What is a non blocking commit protocol? Discuss a synchronous non blocking commit protocol. The two-phase commit protocol is a centralized protocol where the decision to abort or commit is taken by the coordinator. Design a decentralized two phase commit protocol where no site is designated to be a coordinator. Level R R R R U R R U R R C
LU Objectives 1. 2. To study the need for voting protocols To understand the working of Static and dynamic voting protocols.
LU Outcomes 1. 2. Identify the need for voting protocols Analyse the static and dynamic voting protocols
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No 1. 2. 3. 4. 5. 6. 7. 8. 9. Test Questions What do you mean by static voting What is the need for voting protocols? Differentiate commit and voting protocols Illustrate the fault tolerance implementation by voting protocols. Explain in detail The Static Voting Algorithm What is a dynamic voting protocol? Discuss the majority based dynamic voting protocol? Specify the principle behind dynamic vote reassignment protocol Consider a system with three sites employing two-phase commit Level R R U U R R R U A
40
10.
protocols. Illustrate a situation where in a site may not be able to arrive at a consistent decision concerning the outcome of the transaction in the event of site failures. Assume that a site can communicate with any other operating site to check the outcome of a transaction. Consider a system using the dynamic vote reassignment protocol with an overthrow technique to increase the voting power of a site. Show that if a site j increases its voting power by twice the number of votes of the failed site I, all the majority groups that used I can still form a majority group using site j instead.
(1 period)
To learn the different multiprocessor structures and design issues. To study about thread management
LU Outcomes 1. 2. Explore the various multiprocessor structures and design issues Performance analysis of user level threads and kernel level threads
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Test Questions Explain the overview of multi-processor operating system List the design issues of multiprocessor operating system Compare the three different multiprocessor architectures How does a master slave configuration work? State the advantages of symmetric multiprocessor system Which is faster user level or kernel level threads? List the advantages of kernel level threads Define Thread What is multi-threading? How threads differ from processes? Level R R U U R U R R R U
(2 Periods)
41
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No 1. 2. 3. 4. 5. 6. Test Questions State the need for process synchronisation What are the issues in process synchronisation? Provide a solution using test and set instruction Apply sawp instruction to the critical section problem How does the compare and sawp instruction work? Compare the various synchronisation techniques with respect to communication and processing overheads. Level R R A A R U
( 1 Period)
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No 1. 2. 3. 4. 5. 6. 7. 8. 9. Test Questions What is the goal of processor scheduling? List the issues in processor scheduling Discuss co-scheduling of the Medusa OS What is smart scheduling? Explain affinity based scheduling Compare uniprocessor and multiprocessor scheduling If the subtasks of a task have large critical sections, which scheduling policy is most desirable? Explain. If nothing about the subtasks of a task is known, which scheduling policy would you recommend and why? Can the performance of a multiprocessor system with 2 identical processors be worse than the performance of a uniprocessor system Level R R R U R U A A L
(1 Period)
42
LU Outcomes 1. 2. Analyse the various issues in memory management with MACH os as case study
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No 1. 2. 3. 4. 5. Test Questions List the memory management design issues Specify how memory protection is offered in MACH OS What techniques are used by MACH os to improve the efficiency List the data structures used by MACH virtual memory management systems What are the page replacement algorithm s used in MACH os? Level R U R R R
(1 Period)
LU Outcomes 1. Analyse the various issues of fault tolerance and reliability in a multiprocessor system
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No 1. 2. 3. Test Questions List the design issues in fault tolerance Explain how fault detection is done in a Sequoia architecture Specify how recovery from process, memory and I/O failures can be achieved. Level R R U
(1 Period)
43
Resource Reference 1. Ch 18
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No 1. 2. 3. 4. Test Questions Give notes on database operating system Specify the two approaches to database system design In what way services offered by general purpose os is inadequate for a database os? Discuss the requirements of database os Level R R L R
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No 1. 2. 3. 4. 5. 6. Test Questions Define a database system What is a transaction conflict? Describe a concurrency control model for a database system Explain the inconsistent retrieval problem with an example What is an inconsistent update? Describe the serializabilty theory Level R R R U R R
(1 Period)
Resource Reference
44
1.
Ch 19.6
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No 1. 2. 3. 4. 5. 6. Test Questions What is heterogeneous database system? List the motivations for distributed database systems? Explain the serializability condition in DDBS. Discuss the transaction processing model of DDBS What complications may arise in a DDBS? Design a distributed database system by applying all the mechanisms? Level R U R R L A
(2 Period)
LU Outcomes 1. Compare the working of lock based, timestamp based and optimistic concurrency control algorithms
Resource Reference 1. Ch 20
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. Test Questions State the differences between lock based and timestamp based concurrency control algorithms Explain how two phase locking works List the problems with two phase locking What is a cascaded rollback? How a timestamp based locking is used in DDBS? Explain the optimistic concurrency control algorithm What is the difference between concurrency control and mutual exclusion Why are timestamp-based concurrency control algorithms free from deadlock> List basic, multiversion and conservative timestamp ordering algorithms in increasing order of transaction aborts. Level U R U R R R R L
45
COURSE DETAILS ADVANCED SYSTEM SOFTWARE Subject Code Subject Name Semester Prepared By Approved By Effective Date Revision No. Course Objective: To familiarize the phases of a compiler and understand in detail the functions of each phase To design a Scanner, Parser for the given language To write semantic routines to generate the intermediate code To perform code optimization for a piece of code To understand the different forms of intermediate representations To know in detail about the concept of virtualization To introduce the features of Virtual Machines like Pascal P-Code and JVM : CS9223 : ADVANCED SYSTEM SOFTWARE : ME(CSE) II Semester : Mrs.S.Vanitha Sivagami : Dr.K.Muneeswaran : 06.02.2013 : 1
Concept Map
46
Course OutcomesProgramme Outcomes mapping (3- Substantially, 2-Moderately, 1-Slightly) Programme Outcomes S.No Course Outcomes 1 1. Identify the features of a good computer programming language 2. Identify the phases of a compiler in a modular form and bring out the functions of each phase 3. 4. 5. Design a Scanner for the given language Design a Parser for the given language Choose the appropriate intermediate code by comparing their features 6. Write semantic routines to generate the intermediate code 7. Identify the places where the efficiency of code can be improved 8. Work the procedures for optimizing the intermediate code 9. Write the routines to generate the machine code from the intermediate code 10. Devise mechanisms to optimize the machine code for the delivery 2 3 1 2 1 2 1 3 1 3 2 1 2 3 2 2 1 1 1 3 2 1 2 1 3 3 2 2 1 2 2 3 1 3 3 2 3 3 2 2 2 1 1 2 2 2 1 1 2 3 1 1 2 3 2 2 3 2 4 5 1 6 7 2 8 9 10 11 12 2
Basic Compiler Functions Grammars Lexical Analysis Syntactic Analysis Code Generation Heap Management Parameter Passing Methods Semantics of Calls and Returns Implementing Subprograms Stack Dynamic Local Variables Dynamic binding of method calls to methods Overview of Memory Management, Virtual Memory, Process Creation Overview of I/O Systems, Device Drivers, System Boot
UNIT II
10
47
Introduction and Overview Symbol table structure Local and Global Symbol table management Intermediate representation Issues High level, medium level, low level intermediate languages MIR, HIR, LIR ICAN for Intermediate code Optimization Early optimization loop optimization
UNIT III
Procedure optimization in-line expansion leaf routine optimization and shrink wrapping register allocation and assignment graph coloring data flow analysis constant propagation alias analysis register allocation global references Optimization for memory hierarchy -Code Scheduling Instruction scheduling Speculative scheduling Software pipelining trace scheduling Run-time support Register usage local stack frame run-time stack Code sharing positionindependent code
UNIT IV
Introduction to Virtual Machines (VM) Pascal P-Code VM Object-Oriented VMs Java VM Architecture Common Language Infrastructure Dynamic Class Loading Security Garbage Collection Optimization
UNIT V
Emulation Interpretation and Binary Translation Instruction Set Issues Process Virtual Machines Profiling Migration Grids Examples of real world implementations of system software TEXT BOOKS:
1. Steven S. Muchnick, Advanced Compiler Design Implementation, Morgan Koffman Elsevier Science, India, First Edition 2004 2. James E Smith and Ravi Nair, Virtual Machines, Elsevier, 2005. (Units 4, 5) (Sections 1.0-1.6, 2.0-2.5, 2.8, 3.0-3.6, 4.2, 5.0-5.3, 5.5-5.6, 6.0-6.3, 6.5-6.6, 10.2, 10.3) 3. Robert W. Sebesta, Concepts of Programming Languages, 7 th ed., Pearson Education, 2006. (Unit 3) (Sections 6.9, 9.3, 9.5, 10.1-10.3, 12.10.2) REFERENCES:
1. Alfred V Aho, Ravi Sethi, Jeffrey D Ullman, Compilers, Pearson Education, 1986. 2. Terrance W Pratt, Marvin V Zelkowitz, T V Gopal, Programming Languages, 4 th ed., Pearson Education, 2006. 3. Carl Hamacher, Zvonko Vranesic, Safwat Zaky, Computer Organization, 5 th ed., McGraw Hill, 2002. 4. Silberschatz, Galvin, Gagne, Operating System Concepts, 6 th ed., Wiley, 2003.
48
Web References: 1. http://www.onesmartclick.com/engineering/compiler-design.html 2. http://dinosaur.compilertools.net/ 3. http://infolab.stanford.edu/~ullman/ 4. http://epaperpress.com/lexandyacc/index.html Course Schedule No.of Periods Date of Coverage
SI.No
Topics to be covered
MODULE-I 1. 2. Overview of the course Overview of the compiler front end( scanner, Parser, semantic analyzer) 3. Overview of the compiler back end(Intermediate code generator, Code generator) 4. 5. Heap Management Parameter Passing Methods Semantics of Calls and Returns 6. Implementing Subprograms Stack Dynamic Local Variables 7. 8. Dynamic binding of method calls to methods Overview of Memory Management, Virtual Memory, Process Creation 9. Overview of I/O Systems, Device Drivers, System Boot 1 10 MODULE -II 10. 11. 12. Introduction and Overview Symbol table structure Local and Global Symbol table management Intermediate representation Issues High level, medium level, low level intermediate languages 13. 14. MIR, HIR, LIR ICAN for Intermediate code 1 1 1 1 1 1 1 1 1 1 1 1 2
49
15. 16.
Introduction to Optimization Early optimization Constant expression evaluation, Scalar replacement aggregates
1 1
Algebraic simplification and reassociations Value numbering Copy Propagation Sparse conditional Constant Propagation Loop optimization-Induction variable optimizations Unnecessary boundary checking elimination
1 1 1 1 2 1 14
Total Hours in Module- II MODULE -III 23. Procedure optimization Tail Call optimization and TailRecursion Elimination-in-line expansion 24. 25. 26. 27. 28. Leaf routine optimization and shrink wrapping Register allocation and assignment Graph coloring- overview, top level structure Graph coloring- Allocatable objects, Inference Graph Graph coloring- Register Coalescing, Computing Spill Costs 29. Graph coloring-Pruning Inference Graph, Assigning
1 1 1 1 1
Registers 30. 31. 32. 33. 34. 35. 36. 37. Data flow analysis Constant propagation Alias analysis register allocation global references Optimization for memory hierarchy Code Scheduling Instruction scheduling Speculative scheduling Software pipelining, Trace scheduling 1 1 1 1 1 1 1 1
50
38.
39.
1 18
Total Hours in Module- III MODULE -IV 40. 41. 42. 43. 44. 45. 46. 47. Introduction to Virtual Machines (VM) Pascal P-Code VM Object-Oriented VMs Java VM Architecture Common Language Infrastructure Dynamic Class Loading Security Garbage Collection Optimization
1 1 1 1 1 1 1 1 8
Total Hours in Module- IV MODULE -V 48. 49. 50. 51. 52. 53. 54. Emulation Interpretation and Binary Translation Instruction Set Issues Process Virtual Machines Profiling Migration Grids Examples of real world implementations of system software Total Hours in Module- V Total
1 1 2 1 1 1 1
8 58 Hours
MODULE-I - Overview
51
In this module we have discussed about the basic functions of compilers such as front end and back end compilers, lexical and syntactic analysis. Heap management briefs about the need for memory hierarchy. It also deals about the parameter passing methods, implementation of subprograms. The help of memory hierarchy and memory management in the compiler design.
(1 Period)
LU Objectives 3. 4. To introduce the concept of Compilation To list and explain the components of the source program
LU Outcomes 3. 4. 5. Bring out the features of compiler List out some of the commercial compilers Identify the programming language constructs
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. Test Questions What are the functions of a compiler? What are the input and output of the compiler? Define analysis and synthesis phases of the compiler List out some of the commercially available compilers Give an example for executable and non-executable statement List out the control statements in a programming language Level R R R R R R
LU -2: Overview of the compiler front end( scanner, Parser, semantic analyzer)
(2 Periods)
LU Objectives 1. 2. 3. To list and specify the various phases of compiler To describe the need for splitting the compiler into many phases To detail various phases of the front end of the compiler
LU Outcomes
52
1. 2. 3. 4.
Identify various phases of compiler Scan the source program and separate the tokens Parse the token together and form a hierarchical structure Perform semantic analysis of the source program
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. Test Questions Differentiate token and lexeme List out the functions of lexical analyzer Write regular definitions for representing tokens: identifier, integer constant Convert the following regular expression into a DFA: (a|b)*abb What are the outputs of the scanner program for the following piece of C programming code? int a,b,c; a = 10; b = 20; c = a +b 6. Consider the grammar E E+E | E* E | E- E | (E) | id and parse the sentence (id + id) * id Eliminate ambiguity from the following grammar: E E + E | E * E | E- E | E / E | id Define ambiguous grammar. Name the different types of parsing techniques. State the advantage of grouping the phases of compiler. What are the different types of conflicts in shift reduce parsing? A Level U R A A A
7.
8. 9. 10. 11.
R R U R
LU -3: Overview of the compiler back end(Intermediate code generator, Code generator)(1 Period)
LU Objectives 1. 2. To detail the various phases of back end of the compiler To discuss the various issues in designing a good code generator
LU Outcomes 1. 2. Identify the need of intermediate code generation Generate assembly code using a sample code generator
53
3.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions List the different types of intermediate languages. What is the need for intermediate representation? Discuss the various issues to be considered in designing a good code generator. Explain the different data structures needed for a code generator. Compare and contrast Quadruples, Triples and Indirect Triples. List the various phases present in the back end of the compiler. Generate (i) Quadruples (ii) Triples (iii) Indirect Triples (iv) syntax trees (v) DAG for the following code: x=a+b*-d/g+(e-k) Describe the procedure for generating code using DAGs. Explain the different types of optimization techniques used in a compiler. Level R U R
4. 5. 6. 7.
R U R U
8. 9.
R R
LU Objectives 1. 2. To know the different types of storage management techniques To understand heap management
LU Outcomes 1. 2. 3. Perform storage allocation using static allocation technique Allocate storage using stack allocation Allocate storage in heap and perform storage management
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions Define scope and life time of a variable. Draw and state the different areas in run time storage areas. List the different elements present in an activation record. Level R R R
54
4. 5.
What is the limitation of static allocation storage ? Write a recursive algorithm for quick sort and draw activation tree for sorting the following set of 9 elements in ascending order: 98, 86, 78, 60, 57, 48, 36, 20, 12 Describe in detail the heap based storage allocation technique. What is the role of a heap manager? How the deallocated memory spaces are organized by memory manager?
R A
6. 7. 8.
R R R
LU Objectives 1. 2. To understand the different types of parameter passing mechanisms To understand the working of calls and returns
LU Outcomes 1. 2. Identify the type of parameter passing Access non local data from a procedure
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Test Questions Differentiate pass by value and pass by reference Detail about call by name Discuss in detail about how to access non local data present in a procedure. What are the different tasks performed during the prologue and epilogue of a procedure call? Level R R R R
LU Objectives 1. 2. To study about stack storage management To learn about local variables dynamic storage management
LU Outcomes
55
1. 2.
Allocate and manage storage in stack Allocate local variables in dynamic stack
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Test Questions Explain in detail about stack based storage management. How can compiler help for performing dynamic storage management? Describe about dangling reference problem with an example. How can local and non local data be differentiated in a stack based storage environment? Define recursion. Level R R R U
5.
LU Objectives 1. 2. To understand dynamic binding To know how one method can handle call for another method
LU Outcomes 1. 2. Handle nested method calls Know about recursive method calls
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions Explain in detail about dynamic binding. Describe how compiler handles nested method calls. Can the method used for handling nested calls be used for recursive calls. Justify. State the advantages of dynamic binding. Level R R L
4.
56
LU Outcomes 1. 2. Improve program efficiency using virtual memory Process creation and memory management
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions What is the need for virtual memory? How larger programs can be run in a fixed virtual address size? Given the following code segment with the variable a along with another set of 100 variables declared in some other part of the program. f1( ) { int sum,n,i; double average, realmin = 0.000000001; sum = 0; do { printf(Enter the numbers of iteration\n); scanf(%d, &n); } while (n < 0) for (i = 0; i < n; i++) sum = sum + i; average = sum / (n + realmin); } Suggest suitable data structure for increasing (10, 100,1000,10000, 100000) value of n (the number symbol references increases as the value of n increases). Comment on the performance of the program execution with respect to the speed of symbol table access 4. 5. What are the applications of virtual memory? What are the causes of memory overhead? R R Level U U A
57
6.
LU Objectives 1. 2. To know the overview of I/O systems To understand the various operations performed in booting
LU Outcomes 1. 2. Understand how interrupts can be used for I/O programming List the steps in system booting
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. Test Questions How can interrupts be used for I/O programming? What is Booting/ What are device drivers? What are BIOS function calls? Describe how device management is performed by an OS. What is meant by mounting and unmounting drives? Explain the various procedures in Direct Memory Access. Level R R R R U R R
MODULE-II - Overview This Module gives the introduction about the symbol table structure, local and global symbol table management and also the intermediate representation of the languages. It also gives overview about the issues in generating the high, medium and low level intermediate languages. In early optimization it explains about the constant expression evaluation, value numbering, copy propagation and sparse conditional constant propagation.
LU Objectives 1. To explore issues involved in structuring symbol tables to accommodate the features of
58
modern programming languages. 2. To know about the symbol attributes and to construct a local symbol table.
LU Outcomes 1. 2. 3. Identify the issues related to the symbol table structure. Work with the different storage classes, scope rules. Construct local symbol table.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. Define scope. Define extent. Give an example. Describe the visibility of a variable. List out some of the storage classes. Explain in detail about the principles prescribed for structuring the symbol table and to access its variables during run time. What is the use of the symbol table entry? List out some of the typical fields in symbol-table entries. Test Questions Level R R U R R
6. 7.
R R
LU Objectives 1. 2. To commence the concept of Local Symbol-Table management. To comprehend the concept of Global Symbol-Table management.
LU Outcomes 1. 2. Manage the Local Symbol-Table Identify the ways to organize a Global Symbol-Table that includes importing and exporting scopes. Design symbol table for local and global symbols.
3.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No Test Questions Level
59
1. 2. 3. 4.
Differentiate between static and dynamic data. Under what circumstances static data will be applicable? Where do you store the static data and dynamic data? Consider the following C program #include<stdio.h> int a,b,c; int f1() { int a,c; a=10; c=10; printf("f1: a=%d b=%d c=%d\n",a,b,c); return 1; } int f2() { int b,c; b=220; c=230; printf("f2:a=%db=%dc=%d\n",a,b,c); return 1; } int main() { a=10; b=20; c=30; printf("main:a=%db=%dc=%d\n",a,b,c); f1(); f2(); return 1; } Identify the local and global variables in the above program and show the
U U R A
60
output after the execution. 5. 6. 7. 8. What is an activation record? In which area of the memory, the activation record is placed? How memory is requested from the heap? What happens when the requested heap memory is not released even after the use of the variables usage is completed ? R U U U
LU -12: Intermediate representation Issues High level, medium level, low level intermediate languages (1 period)
LU Objectives 1. 2. To recognize the issues involved in the design of intermediate-code representations. To know about the several intermediate-code forms with its advantages.
LU Outcomes 1. 2. Identify the issues in the intermediate-code representation design. Address the issues in the generation of the intermediate-code forms.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. Test Questions Explain the issues in designing intermediate representations. How can we identify the type of intermediate representation needed for a particular programming construct? What is multi level intermediate language? Where can we use High-Level Intermediate Languages? What is the use of Low-Level Intermediate Language? What are the issues that may arise when Intermediate Language in target architecture? using the Low-Level Level R U
3. 4. 5. 6.
R U U U
7.
LU Objectives
61
1. 2.
To understand the different intermediate representations such as MIR, HIR, LIR. To select the appropriate intermediate representation for the design of an optimization.
LU Outcomes 1. 2. Represent intermediate code at its place of use. Identify the appropriate intermediate representation.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. Test Questions Describe the changes to be made to instructions and operands in MIR to modify it as a HIR. State the two methods to represent conditional branching. What are the features Intermediate Language? provided by the Medium-Level Level R
2. 3.
R U
4. 5.
What is the use of component-selection operators? Explain the changes to be made to instructions and operands in MIR to modify it as a LIR. What are the five types of assignment instructions that are used by LowLevel Intermediate Language?
U U
6.
LU Outcomes 1. 2. Use ICAN for representing intermediate code Represent MIR, HIR and LIR using ICAN tuples
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. Test Questions Is there any need for additional operators while representing the HIR in ICAN representation? Explain the different ICAN types used for intermediate code representation. Level U
2.
62
3. 4. 5.
Discuss in detail how MIR can be represented using ICAN tuples. Name the data structures used in a procedure. How is quadruples different from triples? Which of the representation is more efficient? Why? Write notes on DAG. Write a c function to find the sum of 2 matrics. Now construct an abstract syntax tree for the above function. Translate the C function while(i<10) A=b+c; into i) Quadruples ii)Triples iii) Abstract Syntax Trees
R R U
6. 7.
R A
8.
9.
LU Outcomes 1. 2. 3. Identify the different types of optimizations Bring out the significance of optimization Find out the effective order of optimizations
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. Define optimization. Why the optimization is said to be a misnomer? What are the two fundamental criteria that decide which optimizations should be applied to a procedure? How the optimization techniques are getting ordered? What are the classifications of data-flow information? Distinguish may versus must summary information and flow-sensitive versus flow-insensitive problems. What is the use of flow-sensitive versus flow-insensitive classification? Test Questions Level R U R U U U U
63
8.
LU -16: Early optimization Constant expression evaluation, Scalar replacement aggregates (1 Period)
LU Objectives 1. 2. To know about the series of local and global optimizations. To understand the optimization that evaluates at compile time of expressions whose operands are known to be constant. To get the idea of optimization that makes the other optimizations applicable to components of aggregates.
3.
LU Outcomes 1. 2. 3. Compare the types of optimizations. Comprehend the Constant expression evaluation. Evaluate the Scalar replacement aggregates.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. Test Questions List out the early optimization techniques. What is meant by constant folding? How the implementation of Constant-Expression Evaluation varies with respect to different data types? What are the exceptions that may occur while applying the ConstantExpression Evaluation and how it can be replaced? What are the problems that may arise with respect to the floating-point values? What is the application of Scalar replacement of Aggregates? Where the Scalar replacement of Aggregates is useful in particular? What is meant by aggregate components? How the Scalar replacement of Aggregates optimization works? Level R U U U R R U U U
LU Objectives
64
1.
To understand the algebraic properties of operators and to apply it to simplify the expressions. To apply a specific algebraic property to divide an expression into parts.
2.
LU Outcomes 1. 2. Apply the algebraic properties to simplify the expressions. Use a specific algebraic property to divide an expression into parts.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions What is meant by algebraic simplification? What is meant by reassociation? List out some of the examples for the algebraic simplification with respect to different operators. Algebraic simplification is viewed as strength reduction. Why? Where the simplification technique will be more effective? Write down the algorithm for algebraic simplification. What is meant by canonicalization? Brief the application of algebraic simplification to floating-point expressions. Simplify the following Pascal fragment. The address of a[i,j] is base_a + ((I lo1)*(hi2 lo2 + 1 ) + j lo2)*w. Level U U R
4. 5. 6. 7. 8. 9.
U U R U U A
LU Objectives 1. To understand and apply the methods for determining that two computations are equivalent. To know about the easiest approach of value numbering.
2.
LU Outcomes 1. 2. Apply the value numbering method in optimization. Comprehend the concept of global value numbering.
65
Sl.No 1. 2. 3.
Test Questions List out the steps performed for the value numbering process. How the value numbering can be applied to basic blocks? Apply the value numbering for the following example. a <- x V y b <- x V y if !z goto L1 x <- !z c <- x & y if x &y trap 30
Level U U A
4. 5. 6. 7. 8. 9.
Define value graph. How the nodes are named in value graph? List out the data structures used in the value graph. List out the steps involved in the construction of value graph. How the global value numbering optimization is applied to a program? Convert the following code into value graph. a <- 3 b <- 3 c <- a + 1 d <- b + 1 if c >= 3 then
U U R R U A
10.
Write down the partitioning algorithm to do global value numbering by computing congruence.
66
Sl.No 1. 2. 3. 4. 5.
Test Questions Where the copy propagation can be used? Write down the algorithm for local copy propagation. Define the COPY() and KILL() sets. Define the data-flow equations of CPin() and CPout() sets. Write down the steps to perform the global copy propagation from the local copy propagation. Explain the linear-time local copy propagation algorithm with an example.
Level U U U U U
6.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Test Questions List out the procedures used by the routines of constant propagation. How the constant propagation differs from other optimization techniques? Define SSA. Write down the SSA based algorithm for sparse conditional constant propagation Level R U R U
LU Objectives 1. 2. To know about the optimization technique that operates effectively on loops. To identify and understand the various techniques and steps available in induction variable optimizations.
LU Outcomes
67
1. 2.
Identify the different loop optimization techniques. Work Out induction variable optimization.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. Define induction variable. Briefly explain the process of identifying the induction variables with an example. What are the types of induction variables? List out some of the functions used in identifying the induction variables. What is the use of strength reduction? What is meant by live variable analysis and mention its need? When a variable is said to be live? Test Questions Level R U
3. 4. 5. 6. 7.
R R U U U
LU Objectives 1. To know about the technique available to find the boundary of a variable.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. Test Questions What is the use of range checking? What are the assumptions to be made for the concreteness of the boundschecking? Define range expression with its default form. Explain in detail about the bounds checking with an example. Is it necessary to perform the bounds checking? Justify your answer. Level U U
3. 4. 5.
R U U
MODULE-III - Overview
68
This Module explains various procedures that can be followed for the optimization. It also explains about the in-line and leaf routine optimization. The process of allocating registers for the object and the issues related to that are also detailed. It also gives the overview of graph coloring along with the details such as top level structure, inference graph, and register coalescing, pruning inference graph etc., related to the same. This module also tells the essence of scheduling for the optimization of memory hierarchy with the overview about the scheduling schemes such as instruction scheduling, speculative scheduling and traces scheduling.
LU -23: Procedure optimization Tail Call optimization and Tail-Recursion Elimination-in-line expansion (1 Period)
LU Objectives 1. 2. To introduce procedure optimization To discuss about the different types of procedure optimization
LU Outcomes 1. 2. 3. Apply optimization to procedure calls Work out tail recursion elimination to change recursion into a loop Perform low level inline expansion to optimize procedures
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions Discuss the various issues that arise with the procedure integration. Define procedure integration. How the problem of multiple compilation units can be overcome in procedure integration? If the caller and callee are written in different languages, then how it can be processed? Whether there is any need to keep intermediate code copies of routines that have been inlined? What are the heuristics that are to be considered to decide the procedure to be inlined? How the in-line is different from the procedure integration? What is the main use of inlining in particular? What are the important mechanisms that are essential to provide an in- line expansion? Level R R U
4.
5.
6.
7. 8. 9.
U R R
69
10.
LU Objectives 1. 2. To know what is a leaf routine To learn how to perform leaf routine optimization and shrink wrapping
LU Outcomes 1. 2. Optimize leaf routine calls Apply generalized shrink wrapping for all routines
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. What is a leaf routine? Describe about leaf routine optimization. How can we use shrink wrapping for optimizing all routines? List the name of data flow properties used for performing shrink wrapping Write a ICAN routine to perform leaf routine optimization on LIR code assuming that parameters are passed in registers r1 through r6 and that r7 through r13 are saved by the caller. How can we make sure that there is enough stack space for all leaf procedures, while performing leaf routine optimization? Test Questions Level R R R R A
6.
LU Objectives 1. 2. To understand significance of register allocation To learn how to perform register assignment
LU Outcomes 1. 2. Allocate register using different methods like Graph Coloring Assign register appropriately for each value
70
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. Test Questions Differentiate register allocation and register assignment. How do you allocate register for inner loop index variable and outer loop index variable? Justify your answer What are the issues in assigning the register to the variable Write down the algorithm for getting a free register to be used in code generation process and explain. Justify, whether you will get the same register everytime you call this algorithm Level R R
3. 4.
R R
LU Objectives 1. 2. To understand graph coloring problem To learn how graph coloring can be used for register allocation
LU Outcomes 1. 2. Allocate register using graph coloring algorithm Design data structures used in register allocation
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. Test Questions Which was the first compiler to use graph coloring algorithm for register allocation? Explain the global type definitions and data structures used in register allocation by List the steps to be performed for register allocation by graph coloring. What is a interference graph? Which method is used for interference graph as an adjacency matrix? State the top level of graph coloring register allocation algorithm. Level R R
3. 4. 5. 6.
R R R R
71
LU Outcomes 1. 2. 3. Identify the allocatable objects alone in a given piece of code Find inferences between variables Build interference graph
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions What are the nodes in the inference graph? Explain in detail the structure of the inference graph. Name the different data structures used for representing interference graph. What are the space requirements for the a) adjacency matrix and b) adjacency lists for a procedure with w webs? Define web. Give example What is the advantage of using webs instead of variables? Write down the algorithm for Build_AdjMtx() used to build adjacency matrix for an inference graph. Level R R R
4.
5. 6. 7.
R U R
LU Objectives 1. 2. To discuss in detail about register coalescing To understand and compute spill costs
LU Outcomes 1. 2. Transform adjacency matrix using register coalescing Compute spill costs to spill and restore register contents
Resource Reference
72
1.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. What is Register Coalescing? Discuss in detail the significance of register coalescing. Explain the algorithm for register coalescing. Give the formula for computing cost of spilling a web. State the issues to be considered while computing spill costs. Explain how Build_AdjMtx() and Coalesce_Registers() can be used to enable machine instructions that require specific source and target registers to have their operands and results in those registers. Test Questions Level R R R R R U
LU Outcomes 1. 2. 3. Prune inference graph Assign colors to real and symbolic registers Reduce register pressure for effective register allocation
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. Test Questions What is the need of pruning inference graph? State the different methods used for pruning. When should we apply optimistic heuristic method for pruning? Write down the algorithm to assign colors for real and symbolic registers. Define register pressure. Modify the procedure Gen_Spill_Code() to handle rematerialization within a basic block. Level R R U R R U
73
LU Objectives 1. 2. To understand the significance of dataflow analysis To learn about side effect analysis
LU Outcomes 1. 2. 3. Analyze flow insensitive side effects Compute values of DMOD(), GMOD() for piece of code Calculate time complexity for working out data flow analysis
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. Test Questions State the need for data flow analysis. List the names of the functions used to characterize side effects. Explain the algorithm for computing GMOD() using Tarjans algorithm. How can we reduce the time complexity for performing side effect analysis? Write notes on the issues in computing side effects. Level R R R U U
LU Objectives 1. 2. To understand the basics of constant propagation To learn about interprocedural constant propagation using ICP
LU Outcomes 1. 2. Perform interprocedural constant propagation using only forward jump functions Identify all possible types of jump and return jump functions
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. Test Questions What is constant propagation? Level R
74
2. 3.
Write in brief about jump and return jump functions. Discuss in detail the procedure to perform interprocedural constant propagation using only forward jump functions. What is a ICP? How it is used in constant propagation? Describe all the possible choices of jump and return jump functions.
R R
4. 5.
U R
LU Outcomes 1. 2. 3. Perform alias analysis for interprocedural code optimization Work out register allocation for interprocedural optimization Execute aggregation of global references
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. Define alias. Write down the algorithm for computing aliases of non local variables using binding graph Differentiate call and binding graphs. Write notes on binding graphs. Explain the different methods used for achieving interprocedural optimization. Define cloning. State some of the issues to be considered during register allocation. Also discuss, how to handle them. Test Questions Level R R
3. 4. 5.
U R R
6. 7.
R U
LU Objectives
75
1. 2.
To learn how to efficiently use the memory hierarchy To understand code optimization for memory hierarchy
LU Outcomes 1. 2. Realize the need of cache memory Experiment code optimization to make memory access efficient
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions Why do we need cache memory? What are the different types of cache memory? What is the impact of using data and instruction caches in speeding memory access? Explain the different techniques used in Instruction cache optimization? How can we optimize code by using memory hierarchy? Write notes on scalar replacement of array references. Which of the code optimizations can be used to enhance the effect of procedure sorting?Why? Level R R R
4. 5. 6. 7.
R R R U
LU Outcomes 1. 2. Work with code scheduling Classify different types of code scheduling
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions Name the different types of code scheduling approaches. Why do we need code scheduling in CISC machines? What is loop unrolling? Level R U R
76
4.
LU Objectives 1. 2. To know about instruction scheduling To learn about the issues to be considered during instruction scheduling
LU Outcomes 1. 2. 3. Realize the significance of instruction scheduling Handle issues during scheduling process Discriminate instruction scheduling for RISC, CISC and Superscalar architectures
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. What is branch scheduling? What is a delay slot? How can we fill it? Explain how delay calculation is performed in list scheduling. Why should scheduling be performed before register allocation? Discuss how code scheduling can be performed across basic blocks. Test Questions Level R R R U R
LU Outcomes 1. 2. Include speculative loads for optimization Carry out safe and unsafe speculative scheduling
77
Test Questions
Level R R U R
Differentiate safe and unsafe speculative scheduling. What is the need of speculative scheduling in pipelining?
LU Objectives 1. 2. 3. To learn in detail about software pipelining To know different methods to introduce software pipelining To understand trace scheduling fundamentals
LU Outcomes 1. 2. 3. Make out the need for software pipelining Work out the different procedures for software pipelining Schedule traces
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. Test Questions Why should we perform software pipelining? Explain the method for working out window scheduling with proper example. How can we decide that a particular loop can be unrolled? Define variable expansion. How can register renaming be used to eliminate unnecessary dependencies? Define trace. How can we schedule traces? Level R R
3. 4. 5. 6. 7.
U R R R R
LU -38: Run-time support Register usage local stack frame run-time stack (1 Period)
LU Objectives
78
1. 2.
To understand run time issues To know about runtime support to be provided for compilers
LU Outcomes 1. 2. Impart runtime support for handling runtime issues Discover the need of runtime stack
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. Test Questions Give some of the runtime issues. Discuss about the various data representations and instructions needed for the different data types? State the different concerns available for register usage. Though register usage increases efficiency of a code, it is preferred to have a memory area called stack for some purposes. What are those purposes? Why? Differentiate static links and dynamic links in runtime stack. Level R R
3. 4.
R U
5.
LU Outcomes 1. 2. Identify issues in utilizing shared libraries Generate position independent code for shared
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. Test Questions State some of the issues to be considered to utilize shared libraries. Level R
79
2. 3. 4. 5.
What is position independent code? Explain the issues in accessing shared objects. Define stud. Write notes on different strategies, how stud works.
R R R U
MODULE-IV - Overview This Module gives the introduction about the virtual machine architecture. It also discusses about the Pascal P-code and object-oriented virtual machine JVM. It deals with the infrastructure used for the common language representation. The security issues that arise due to implementation of virtual machine in target architecture are also dealt.
LU Objectives 1. 2. To introduce fundamentals of virtual machines To learn basics of different types of virtual machines
LU Outcomes 1. 2. Comprehend the need of virtualization Identify the difference between process and system virtual machines
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Define Virtualization What is the advantage of using virtual machines? What is a virtual machine monitor? Write notes on Emulation. How can we achieve platform independence by using virtual machines? What is a high level language Virtual machine? Relate the significance of codesigned VMs. What are the bottlenecks associates with virtualization? Compare System VM and HLL VM Discuss the cost benefit ratio due to virtualization of the resources Test Questions Level R U R R U R U U U U
80
LU Objectives 1. 2. To know high level language VM architecture To learn basics of Pascal P-Code VM
LU Outcomes 1. 2. Comprehend the usage of high level language VM Relate the details of Pascal P-code VM
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. Test Questions Write notes on high level language VM. Give some popular examples for high level language VM. Name the two major parts of P-code VM. Explain the memory architecture of P-code VM. List some of the features of Pascal P-code VM. How is P-code VM different from modern HLL VMs? Level R R R R R U
LU Objectives 1. 2. To know object oriented high level language VM To learn basics of Java VM
LU Outcomes 1. 2. Comprehend the usage of Object Oriented high level language VM Relate the details of Java VM architecture
81
Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
Test Questions What are the additional features supported by a network oriented HLL VM? What is the use of JNI? How is security and protection included in Java VM? Explain. Explain the architecture of Java VM. Elaborate the different data types supported by Java. Write notes on stack structure used by Java. Describe the instruction set of Java VM. Write in brief about exception handling in Java. Whether Java VM is a truly platform independent? Describe the sand box model of Java VM
Level R R U R R R R R U R
LU Objectives 1. 2. To learn the fundamentals of Common Language Infrastructure To know about Microsoft Intermediate Language
LU Outcomes 1. 2. 3. Identify the special features in CLI Find how CLI is different from Java VM Use CLI for languages like C and C++
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. Test Questions Compare and Contrast Java VM and CLI. How the portability is achieved in using CLI? What are the components of CLI? Describe the architecture of CLI. How CLI can be used for languages like C and C++? What is isolation? How can CLI tackle the isolation problem? Level U U R R U R R
82
8.
How can CLI support C language features like memory allocation and access?
LU Objectives 1. 2. To introduce the components of Java VM To learn about dynamic class loading
LU Outcomes 1. 2. Know the different components of Java VM Realize how dynamic class loading works
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Test Questions Compare static and dynamic loading of classes What are the advantages of dynamic class loading? Explain the various components present in Java VM. What is the impact of memory requirements in loading a large size program? What is dynamic class loading? What happens if a program is loaded only when it is needed? Level U R R U
5. 6.
R U
LU Objectives 1. 2. To know in detail about Java protection sandbox To learn about security and protection
LU Outcomes 1. 2. Use Java protection sandbox to ensure security Find out how signing can enhance the features of Java protection sandbox
Resource Reference
83
1.
Section 6.2 of T2
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. Test Questions What are the major security issues to be handled by Java protection sandbox? How can we create a barrier around Java execution environment using sandbox? Explain how intraprocess protection is achieved in Java VM? Write notes on role of Java security manager. Explain how encryption can be used to sign a binary file. How can method call stack be used to enforce protection? Level R U
3. 4. 5. 6.
R R R U
LU Objectives 1. 2. To understand the basics of garbage collection To learn in detail about different types of garbage collectors
LU Outcomes 1. 2. 3. Perform Garbage collection using heap Analyze the features of different garbage collectors Identify root pointers for garbage collection
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. Test Questions How can we identify the memory is leaking? What is the impact of leaky memory? What is garbage? Explain how it could be collected. Does garbage collection affect system performance? Explain. How can we identify root pointers? Explain the functionality of mark and sweep collector. What is the significance of concurrent collector? Which of the collectors is efficient? How? Level U U R U R R U U
84
LU Objectives 1. 2. To know the features of emulation engine To understand the various optimization techniques for HLL VMs
LU Outcomes 1. 2. Enhance performance of HLL VMs Discover the role of optimizing runtime compiler
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. Test Questions Write the different methods of implementing emulation. Discuss in detail the different optimization techniques for HLL VMs. Define method inlining. What is deferred compilation? Describe the scenarios when on stack replacement is needed. Define escape analysis. Level R R R R U R
MODULE-V - Overview This module explains about the emulation techniques that are followed in the
implementation of virtual machine. It also explains in detail about the interpretation of source into the binary(machine) representation. The issues that arise with respect to the instruction set during the implementation of source code in target architecture are also dealt.
LU Outcomes 1. 2. Comprehend the significance of emulation Discriminate basic and threaded interpretation
85
3.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Define emulation. Compare and contrast interpretation and binary translation. How can threaded interpretation reduce the execution cost of the interpreter? What is predecoding? Differentiate predecoding interpreter and decode and dispatch interpreter. How dynamic translation is efficient compared to static translation? What is JIT compiler? Test Questions Level R U U
4. 5. 6. 7.
R U U R
LU Outcomes 1. 2. Identify different issues to be handled during emulation Represent machine architecture of host processor affects emulation
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. Test Questions List the different issues to be handled during emulation. Write down the format of the instruction set in JVM. What is special in JVM with respect to stack? Whether the instruction set of JVM can be translated to all platforms? Is there any overhead associated with executing with JVM instructions? Explain. How can byte order within a word affect emulation performance? Write notes on effect of memory alignment in emulation performance. Level R R U U R
6. 7.
U R
86
LU Objectives 1. 2. To understand in detail about process VMs To discuss various issues to be considered in implementing process VMs
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions What is the need for a process VM? Describe the functions of a process VM. Explain the different implementing a VM. compatibility issues to be considered while Level R R R
4. 5. 6.
What is intrinsic compatibility? Explain how state mapping is carried out. How can we eliminate self referencing code or self modifying code?
R R U
87
Sl.No 1. 2. 3. 4.
Test Questions What is the need for profiling? Explain in detail the different types of profile data used in VM. Discuss the methods for collecting a profile. What are the advantages of profiling? How does it impact on program execution? What is the use of profile table during interpretation? What is profile counter decaying? Why is it needed?
Level R R R U
5. 6.
R U
LU Outcomes 1. 2. Identify the need for migrating computing environments Migrate VMs using VMotion
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions When should we migrate a computing environment? What are the issues in migration? List out the steps in the migration of code and data in Process VM and explain. What is capsuling? Explain how migration of VMs is carried out using VMotion. Level U R R
4. 5.
R R
LU Outcomes
88
1. 2.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Explain grid computing. How is Grid computing different from a conventional VM? Explain the various characteristics of an ideal Grid. How can we implement Grid on a classic VM? Discuss in detail. Test Questions Level R U R R
LU Objectives 1. 2. To learn the features in real world machines To understand the tasks of operating system
LU Outcomes 1. 2. Identify the features supported in real machines Use operating system to manage system resources of real machines
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. Test Questions Explain the various architectural features supported by a real machine. How can OS perform processor management? What are system calls? Explain about interrupts. Write about the applications. How are signals different from interrupts? Level R R R U U
89
COURSE DETAILS Subject Code Subject Name Semester Prepared By Approved By Effective Date Revision No. : CS9224 : Information Security : II Semester : Dr.Kannan Balasubramanian : Dr.K.Muneeswaran : 06.02.2013 : 1
Course objective 1. To expose the students to the fundamentals of access control and security policies. 2. To introduce the students to Encryption,Hashing and Key Management techniques. 3. To expose the students to Digital Signatures and Cipher techniques. 4. To introduce the students to the design principles of Secure Information Systems. 5. To introduce the students to the Information flow and confinement problem. 6. To expose the students to Auditing, Vulnerability analysis, Malicious logic and Intrusion Detection. 7. To introduce the students to Network and System Security. 8. To expose the students to User and Program security.
Course Prerequisite Knowledge of Computer Programming and Computer Networks Course Competencies 1. Identify the components of information Security 2. Evaluate the Policies for confidentiality and Integrity 3. Evaluate the Access Control Matrix Model 4. Classify the cryptographic mechanisms and tools 5. Implement Digital Signatures and encryption algorithms 6. Categorize System Design Principles and Representation of Identity 7. Analyze the Information Flow and Confinement Problem 8. Critique the tools for malicious logic and vulnerability analysis 9. Infer the Auditing mechanism 10. Examine the Intrusion Detection Security mechanism 11. Create mechanisms for Network Security 12. Implement the System Security procedures
90
13. Organize the User Security tools and techniques 14. Apply procedures to program Security
(3- Substantially, 2-Moderately, 1-Slightly) Course Assessment Matrix Course Title : Information Security Programme Outcomes
Competencies 1 Identify the components of Security Evaluate the policies for Confidentiality 3 and Integrity Evaluate the Access Control Matrix Model Classify the cryptographic mechanisms and tools Implement Digital Signatures and Encryption Algorithms Categorize System Design Principles and 3 Representation of Identity Analyze the Information Flow and Confinement problem Critique the tools for Malicious logic and 3 Vulnerability analysis Infer the auditing mechanism Examine the intrusion detection Security mechanism Create mechanisms for Network Security Implement the System Security Procedures Interpret the functions and uses of firewalls Organize the User Security tools and techniques Apply procedures to program security 3 3 3 3 3 3 2 2 2 2 2 2 1 1 1 1 2 1 1 1 1 1 1 2 2 2 3 1 2 3 2 1 3 3 3 3 3 3 2 2 3 2 3 2 3 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 1 3 2 2 3 2 2 3 2 1 2 1 2 2 3 2 2 2 2 1 1 3 2 2 2 3 3 3 2 2 1 1 1 2 2 1 3 3 2 2 2 3 3 1 2 2 3 3 1 2 2 2 2 2 1 3 1 2 2 3 2 2 2 2 1 1 information 3 2 1 1 1 3 2 2 2 1 2 3 4 5 6 7 8 9 10 11 12
91
Concept Map
Syllabus (As per Anna University) UNIT I An Overview of Computer Security, Access Control Matrix, Policy-Security policies, Confidentiality policies, Integrity policies and Hybrid policies.
UNIT II Cryptography- Key management Session and Interchange keys, Key exchange and generation, Cryptographic Key Infrastructure, Storing and Revoking Keys, Digital Signatures, Cipher Techniques UNIT III Systems: Design Principles, Representing Identity, Access Control Mechanisms, Information Flow and Confinement Problem.
UNIT-IV Malicious Logic, Vulnerability Analysis, Auditing and Intrusion Detection UNIT-V Network Security, System Security, User Security and Program Security
92
Total Hours: 45
TEXTBOOK: Matt Bishop ,Computer Security art and science , Second Edition, Pearson Education
REFERENCES:
1.Mark Merkow, James Breithaupt Information Security : Principles and Practices First Edition, Pearson Education, 2. Whitman, Principles of Information Security, Second Edition, Pearson Education 3. William Stallings, Cryptography and Network Security: Principles and Practices, Third Edition, Pearson Education. 4. Charles P.Pfleeger and Shari Lawrence Pfleeger,Security in Computing Third Edition.
ONLINE MATERIALS:
1. http://www.information-security-policies-and-standards.com/weblinks.htm -Resources regarding information security policies. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. http://www.opengroup.org/security/links.html Link to Information security resources http://www.ieee-security.org/Cipher/InterestingLinks.html Information Security Resources http://www.infosecresources.com Information Security Resources http://www.backtrack-linux.org Linux Distribution focusing on Information Security http://www.sagemath.org Cryptographic tools http://www.networksecuritytoolkit.org Network Security Toolkit http://www.cryptool.com Tool for Cryptography and Cryptanalysis. http://www.sectools.org Information Security Tools http://www.cse.sc.edu/~maxal/e-books.html Resources on Cryptography and Security. http://www.isthe.com/chongo/tech/math/index.html Prime Numbers and Cryptography. http://www.cosic.esat.kuleuven.be/publications/thesis-201.pdf Mathematical aspects of Symmetric-key cryptography. http://math.scu.edu/~eschaefe/crylec.pdf An Introduction to Cryptography and Cryptanalysis. http://www.cs.ut.ee/~lipmaa/crypto/ Cryptology pointers http://www.mekabay.com/overviews/csh5_fm.pdf Computer Security Handbook. http://meminagaoglu.yasar.edu.tr/wp-content/uploads/2012/10/Information-Security-RiskAnalysis-2-Ed.1.pdf Information Security Risk Analysis.
LECTURE SCHEDULE
Sl.No.
Subject
No. of Hours
Date of Coverage
93
Sl.No. 2 3 4 5 6 7 8 9 Threats
Subject
No. of Hours 1 1 2 1 1 1 2 1
Date of Coverage
Policy and Mechanism Access Control Matrix Model Assurance Information Security Policies Confidentiality Policies Integrity Policies Hybrid Policies UNIT II
10 11 12 13 14 15 16 17
Cryptography Key Management Session and Interchange Keys Key Exchange and generation Cryptographic Key infrastructure Storing and Revoking Keys Digital Signatures Cipher Techniques-Problems, Stream and Block ciphers Cipher Techniques-Protocols UNIT III
2 1 1 1 1 1 2 1
18
19 20 21 22 23 24 25 26 27
Systems-Design Principles Representing Identity-Files and Objects Representing Identity-Naming and Certificates Representing Identity-Identity on the web Access control Mechanisms-Lists Access control Mechanism-Capabilities Information Flow Confinement Problem-Isolating Entities Confinement Problem-Covert Channels UNIT IV
1 1 1 1 1 1 2 1 1
28 29
1 1
94
Sl.No. 30 31 32 33 34 35 36
Subject Vulnerability Analysis- Penetration Studies Vulnerability Analysis-Frameworks Auditing-Design Auditing-Examples Intrusion Detection- Models Intrusion Detection- Architecture Intrusion Detection-Response UNIT-V Network Security-Policy Development Network Security-Network Organization System Security-Web Server system System Security-Development system User Security- Access User Security-Files and Devices User Security-Processes Program Security-Design and Implementation Program Security-Testing and Maintenance
No. of Hours 1 1 1 1 2 1 1
Date of Coverage
37 38 39 40 41 42 43 44 45
1 2 1 1 1 1 1 2 1 Total Hours: 53
Module-I Overview This module introduces the information security model and describes the access control matrix as a main tool for providing information security. It introduces Security policies that emphasize Biba Confidentiality or Integrity or both. It discusses the Bell-La Padula model for confidentiality, Chinese Wall model which supports confidentiality and integrity.
model for integrity, the Clark-Wilson model which has a transaction as the basic operation and the
LU Objectives 1. 2. To explore the components of Information Security To make the students to understand information security policy
LU Outcomes
95
1.
2.
Resource Reference 1. Ch 1 of T1
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. Test Questions What are the components of Information Security? Why is Information Security policy important? What are the goals of security? What are attacks and threats? What are the classes of threats? Define Confidentiality. Define Integrity. Define Availability. Define Accountability. Define Security Assurance. What is an access Control Matrix? What is a confidentiality policy? What is an integrity policy? What is a hybrid policy?. What is a multilevel security policy? Distinguish between military(governmental) Policy and commercial Security policy. 17. 18. 19. Distinguish between policies and mechanisms What are the types of mechanisms? Classify each of the following as a violation of confidentiality, of integrity of availability or of some combination thereof a. c. e. John Copies Marys Homework Carol changes the amount of Angelos check from $100 to $1,000. Rhonda registers the domain name Addison -Wesley.com and refuses that publishing house to buy or use that domain name U R A Level R U R R U R R R R R U U U U U R
96
f.
Jonah obtains Peters credit card number and has the credit card company cancel the card and replace it with another card bearing a different account number.
g. Henry spoofs Julies IP address to gain access to her computer. 20. Identify mechanisms for implementing the following. Stat what policy or policies they might be enforcing. a. A password changing program will reject passwords that are less than five characters long or that are found in the dictionary. b. Only students in the computer Science class will be given accounts on the departments computer system c. The login program will disallow logins of any students who enter their password incorrectly three times d. The permissions of the file containing Carols Robert from cheating or copying it. e. When World wide web traffic climbs to more than 80% of networks capacity systems will disallow any further communications to or from web servers. f. Annie, a systems analyst,will be able to detect a student using a program to scan her system for vulnerabilities. g. A program used to submit homework will turn itself off after the due date. 21. The aphorism security through obscurity suggests that hiding information provides some level of security. Give an example of a situation Then give an example of a situation in which it does. 22. Give an example of a situation where compromise of confidentiality leads to compromise of integrity. A in which hiding information does not add appreciably to the security of a system. A homework will prevent A
LU Objectives 1. 2. To make the students to understand the attacks on information security To make the students to understand the threats to information Security
LU Outcomes 1. 2. To identify the attacks on information security To identify the threats to information security
97
Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
Test Questions What is meant by Denial of Service? What is meant by interruption or snooping? What is meant by Modification or alteration? What is meant by Fabrication,masquerade or spooping? What is meant by repudiation of origin? What is meant by Disclosure? What is meant by Deception? What is meant by Disruption? What is meant by Usurpation? Show that the three security services, Confidentiality, Integrity and availabiltiy are sufficient to deal with the threats of disclosure, disruption, Deception and usurpation.
Level R R R R R R R R R A
LU Objectives 1. To make the students to understand the difference between information security policy and mechanism. To explore the operational issues of Information Security. To describe the stages of information security product life cycle.
2. 3.
LU Outcomes 1. 2. To write down the operational issues of information security To explain the various stages of information security product life cycle.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. Test Questions What is the difference between a information security policy and mechanism? What are the assumptions regarding policies? When is a mechanism 'secure'? When is a mechanism 'Precise'? Level R
2. 3. 4.
R U U
98
5. 6. 7. 8. 9. 10.
When is a mechanism 'broad'? When is meant by Cost-Benefit Analysis? What is meant by Risk Analysis? What is the difference between Laws and customs? What are the Human Issues affecting Information Security Implementation? Describe the various stages in the Information security product Life Cycle with a neat diagram.
U U U U R U
11.
In addition to mathematical and informal statements of policy, policies can be implicit (not stated). Why might this be done? Might it occur with informally stated policies? What problems can this cause?
12.
For each of the following statements, give an example of a situation in which the following is true. a. c. Prevention is more important than detection and recovery. Recovery is more important than prevention and detection.
b. Detection is more important than prevention and recovery. 13. Is it possible to design and implement a system in which no assumptions about the trust are made? Why or why not? 14. Policy restrics the use of electronic mail on a particular system to faculty and staff. Students cannot send or receive electronic mail on that host. Classify the following mechanisms as secure, precise or broad. a. The electronic mail sending and receiving programs are disabled (or recipient) in a database, If the faculty is listed as faculty or staff, the mail is processed. Otherwise the mail is rejected. (Assume that the database entries are correct) c. The electronic mail sending programs ask the user if he or she is a student. If so the mail is refused. The electronic mail receiving programs are disabled. A A
LU Objectives 1. To make the students to understand the access control matrix model and the operations on it
99
2.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. What are Subjects? What are Objects? What are rights? Describe the access Control matrix with an example. What is an Access Control List? What are capabilities? How can accesses be controlled by history? What are the primitive commands in the access Control Matrix Model? What are Locks and Keys? Explain a cryptographic implementation of Lock and Keys. What is a Protection Domain? What is a Reference Monitor? What is Role Based Access Control? What is Mandatory Access Control? What is Discretionary Access Control? Classify each of the following as an example of a mandatory, discretionary or originator controlled policy, or a combination thereof. Justify your answers. a. The file access control mechanisms of the UNIX operating system. b. A system in which no memorandum can be distributed without the author's consent. c. A military facility in which only generals can enter a particular room d. A university registrar's office, in which a faculty member can see the grades of a particular student provided that the student has given written permission for the faculty member to see them. Test Questions Level R R R U R U U R R U R R R R R
100
LU Outcomes 1. To work with the concept of Information Security Assurance and the method for determining it
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. Test Questions What is meant by Information Security Assurance? What is the basis for determining information Security Assurance? Discuss the Specification step of information Security Assurance. Discuss the Design step of Information Security Assurance. Discuss the Implementation of information Security Assurance. What is the state of a protection system? What are the components of a protection system? What are the two parts of a Protection System? Describe the transition between states of a Protection System. When is a Protection System considered secure? Consider a very high assurance system developed for the military. The system has a set of specifications, and both the design and implementation have been proven to satisfy the specifications. What questions should school administrators ask when deciding to purchase whether to purchase such a system for their schools use? How do laws protecting privacy impact the ability of system administrators to monitor user activity? Level R R U U U R R R U R L
12.
LU -6: Information Security Policies(1 Period) LU Objectives 1. To explore the different types of Information Security Policies
LU Outcomes
101
2.
To state the types of information Security Policies and where they are used.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. Test Questions How are the Information Security Policies classified? Give an example of a Confidentiality Policy. Give an example of a Integrity Policy. Give an example of a Hybrid Policy. Give an example of a Multilevel Security Policy. Give an example of a Commercial Security Policy. Computer viruses are programs , that among other actions,can delete files without a users permision. A U.S legislator wrote a law banning the deletion of any files from computer disks. What was the problem with this law from a computer security point of view? Specifically, state which security service would have been affected if the law had been passed? Users often bring in programs or download programs from the internet. Give an example of a site for which the benefits of allowing users to do this outweigh the dangers. Then give an example of a site for which the dangers of allowing users to do this outweigh the benefits. Level R U U U U U A
8.
9.
An organisation makes each lead system administrator responsible for the security of the system she runs. However the management determines what programs are to be on the system and how they are to be configured. a. Describe the security problem(s) this division of power would create. b. How would you fix them? The president of a large software development company has become concerned about competitors learning proprietory information. He is determined to stop them. Part of his security mechanism is to require all employees to report any contact with employees of the companys competitors, even if it is social. Do you believe this will have the desired effect? Why or why not? Companies usually restrict the use of electronic mail to company business but do allow minimal use for personal reasons. How might a company detect excessive personal use of electronic mail, other than by reading it? (Hint: Think about the personal use of a company telephone. b. Intuitively, it seems reasonable to ban all personal use of electronic mail on company computers. Explain why most companies do not do this. Argue for or against the following proposition. Ciphers that the government cannot cryptanalyze should be outlawed. How would your argument change a.
10.
11.
12.
102
if such ciphers could be used provided that the users registered the keys with the government.
LU Objectives 1. To make the students understand the Bell Lapadula Model for Confidentiality Policy.
LU Outcomes 1. To write down the Bell Lapadula Model for Confidentiality Policy
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. Test Questions Define Multilevel Security Policy. Discuss the 'no reads up' rule in the Bell Lapadula model. Discuss the 'no writes down' rule in the Bell Lapadula model. How can we extend the notion of Security level to include categories? Describe the Bell Lapadula Model for Categories. What is a lattice? Level R U U U U U
LU Objectives 1. 2. To make the students understand the Biba Model for Integrity Policy. To explain the Clark-Wilson Integrity Model
LU Outcomes 1. 2. To explain the Biba Model for Integrity Policy To know the Clark-Wilson Integrity Model
Resource Reference
103
1.
Ch 6 of T1
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. Test Questions Discuss the Biba Model for Integrity. Discuss the low water mark policy. Discuss the ring policy. Discuss the strict Integrity policy of the Biba's model. Discuss the Clark-Wilson Integrity model. Define Constrained Data items. Define Unconstrained Data items. What are integrity Verification Procedures(IVP)? What are Transformation Procedures(TP)? What are the Certification/Enforcement Rules in the Clark-Wilson Model What are the requirements of Commercial integrity policies? What are the requirements of Commercial Integrity Policies? Compare the Clark-Wilson Model with the Requirements of a Commercial Security Policy. Level R R R U U R R R R R U U U
LU Objectives 1. To make the students to understand the Chinese Wall Model for Confidentiality and Integrity. To explore the Clinical Information Systems Security Policy
2.
LU Outcomes 1. 2. To examine the Chinese Wall Model for Confidentiality and Integrity To write down the Clinical Information Systems Security Policy
104
Test Questions Discuss the Chinese-Wall model. Discuss the read rule in the Chinese Wall model. Discuss the write rule in the Chinese Wall model. Compare the Chinese Wall model with that of Bell Lapadula. Compare the Chinese Wall model with that of Clark-Wilson model. Discuss briefly the Clinical Information Systems Security Policy(CISSP) . What are the entities in the CISSP? What are the assumptions in CISSP? Discuss the access principle in CISSP. Discuss the Creation principle in CISSP. Discuss the Deletion Principle in CISSP. Discuss the Confinement Principle in CISSP. Discuss the Aggregation Principle in CISSP. Discuss the Enforcement Principle in CISSP. Compare the CISSP Model with Bell Lapadula model. Compare CISSP with Clark-Wilson model.
Level U R R U U U R R R R R R R R U U
Module-II Overview This module introduces cryptography as tool for providing information security. Both Symmetric and Asymmetric key Encryption methods are discussed. The problem managing secret keys and also the public keys is discussed in detail. The use of master keys to establish session keys, the Diffie-Hellman Key Exchange algorithm, Merkle Tree Scheme for Storing keys, the Key Escrow protocol and the Public Key Certificate distribution and Revocation method are discussed. The use of Digital Signatures in providing integrity to information and techniques that focus on secure implementations are also discussed.
105
LU Objectives 1. To make the students understand symmetric key and public key cryptography
LU Outcomes 1. To work with the symmetric key and public key cryptography
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Test Questions What are the requirements for secret or private key cryptography? What are the applications of secret key cryptography? Discuss private key encryption/decryption with a diagram. Discuss the Diffie-Hellman Key exchange mechanism for generating secret keys. 5. 6. 7. 8. 9. 10. 11. 12. 13. What are the requirements for Public-Key Cryptography? What are public key certificates? Who is a certificate authority? How is public key distribution of secret keys done? Explain Key generation in the RSA algorithm. Discuss how Encryption/Decryption are done in the RSA algorithm Discuss the attacks on the RSA algorithm. Discuss the security of the RSA algorithm Perform encryption and decryption using the RSA algorithm for (i) p=3; q=11, e=7; M=5 (ii) p=11; q=13, e=11; M=7 14. In an RSA system the public key of a given user is e=31, n=3599. What is the private key of this user? 15. If one-time pads are provably secure, why are they so rarely used in practice? 16. Prove that the DES key consisting of all 0-bits and the DES key consisting of all 1-bits are both weak keys. What are the other two weak keys? L A A R U U U U U U U A Level R U R U
106
Sl.No 17.
Test Questions Prove that the DES cipher satisfies the complementation property.
Level A
LU Objectives 1. To make the students understand the management and Distribution of Keys in symmetric and public Key Cryptography
LU Outcomes 1. To deploy the management and distribution of keys in symmetric key and public key cryptography
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. Test Questions What are the methods for distributing keys in private key cryptography? What are the various types of keys used in Key Management? What are public key certificates? Who is a certificate authority? How is public key distribution of secret keys done? What is the use of Pseudo Random Numbers? Describe the Kerberos authentication system. An X.509 certificate revocation list contains a field specifying when the next such list is expected to be issued. Why is that field present? Level R U R U R U R U
LU Objectives 1. To make the students understand the use and application of session and Interchange
107
Keys LU Outcomes 1. To state the use and application of session and interchange Keys
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. What is a session key? What is a session interchange key? Describe the classical key exchange algorithm. What is the problem in the classical key exchange algorithm? Describe the Needham-Shroeder key exchange algorithm. What is the problem in the Needham-Shroeder Key exchange algorithm? What is the Dennis-Sacco Modification for the Needham-Shroeder exchange algorithm? 8. 9. 10. Describe the Otway-Rees Protocol. What is a replay attack? What is a Man-in-the middle attack? R U U key Test Questions Level R R U U R U U
LU Outcomes 1. To explain Diffie Hellman Key exchange and Key generation methods
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No Test Questions Level
108
1. 2. 3.
What is Key distribution Center? How is Diffie-Hellman Key exchange used to establish a session key? Describe the use of Key exchange protocols in Key distribution.
R U U
LU Objectives 1. To explore the Merkle Tree Mechanism, Key Escrow system and Yaksha Security System
LU Outcomes 1. To know the Merkle Tree Mechanism, Key Escrow system and Yaksha Security System
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. Test Questions Discuss the Merkle Tree organisation for public keys. Discuss how keys are validated in the Merkle Tree scheme. Discuss the Key Escrow mechanism. What are the components of the Key escrow mechanism? Describe the User Security component. Describe the Key escrow component. Describe the Data Recovery component. Describe ESS and Clipper chip. Describe the Yaksha Security system. Level U R U R R U U U R
LU Objectives
109
1.
To distinguish and differentiate different methods for Storing and Revoking Keys.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. Test Questions Why is Key Revocation necessary? What is the use of Certificate Revocation List? How is validation done with the use of CRL? How is validation of keys done in PGP? What is cross certification? How is a X.509 Certificate validated? Level U R U R U U
LU Objectives 1. To make the students understand Digital Signatures and their use
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Test Questions Describe the Classical Digital Signature. Describe the RSA Digital Signature. Describe the Elgamal Digital Signature. Describe the attacks on Digital Signatures. Level U U U R
110
LU -17: Cipher Techniques-Problems, Streams and Block Ciphers(1 Period) LU Objectives 1. To make the students to understand techniques used in encryption and their use
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Test Questions What are the attacks in precomputing ciphertexts? Describe the problem of misordered blocks in ciphertexts. How can statistical regularities in ciphertexts be overcome? What are stream ciphers? Level U R U R
LU Objectives 1. To make the students understand the Linear Feedback Shift Register implementation of stream ciphers
LU Outcomes 1. To explain the Linear Feedback Shift Register implementation of stream ciphers
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. Test Questions Discuss synchronous stream ciphers. Describe Linear Feedback Shift Register. Describe Non-Linear Feedback Shift Register. Let the function f for a four-stage NLFSR be f(r0,r1,...rn-1) = (ro Level R U U A
111
and r1) or r3, and let the initial value of the register be 1001. Derive the initial sequence and cycle. 5. An n-stage LFSR produces a sequence with a period of length at most the length of the period never be 2^n? Which register value is excluded from the cycle, and why? 2^n A
-1, but the register has n bits and thus may assume 2 ^n values. Why can
Module-III Overview This module introduces the design principles of information security system. It discusses various methods for representing identity and how users can be secured against misuse of identity. It discusses the information flow by introducing entropy as an important measure of information flow. Finally it discusses the confinement problem and introduces covert channels. Finally, Access Control Lists, Capabilities and Covert channels are used as access control mechanisms.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. Test Questions What is the principle of least privilege? What is the principle of fail safe defaults? What is the principle of economy of mechanism? What is the principle of complete mediation? What is the principle of open design? What is the principle of separation of privilege? What is the principle of least common mechanism? Level U U U U U U U
112
8. 9.
What is the principle of psychological acceptability? A common technique for inhibiting password guessing is to disable an account after three failed login attempts. a. Discuss how this might prevent legitimate users from accessing the system. Why is this action a violation of the principle of least common mechanism. b. One can argue that this is an example of fail-safe defaults, because by blocking access to an account under attack, the system is defaulting to a known safe state. Do you agree or disagree with this argument? Justify your answer.
U A
10.
Design an experiment to determine the performance impace of checking access permissions for each file access (as opposed to once at the file's opening). If you have access to a system on which you can modify the file access mechanism, run your experiment and determine the impact.
11.
A company publishes the design of its security software product in a manual that accompanies the executable software. a. In what way does this satisfy open design? In what ways does it not?
12.
Assume that processes on a system share no resources. Is it possible for one process to block another proecss' access to a resource? Why or why not? From your answer, argue that denial of service attacks are possible or impossible.
13.
Given that the Internet is a shared network, discuss whether preventing denial of service attacks is inherently possible or not possible. Do systems connected to the Internet violate the principle of least common mechanism?
113
Test Questions
Level U R R R U U U R U
Why is identity important in information systems?. What problems may be caused by multiple identities? What are pseudonyms? What is anonymity? How will identities differ based on different contexts? How will identities differ based on different environments? What are the various representations of identity?. Discuss how files and objects are tied to an entity.
LU Objectives 1. To explore the different methods for representing identity using names and certificates
LU Outcomes 1. To explain the different methods for representing identity using Distinguished Names and Public Key Certificates
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. Test Questions Distinguish between users, groups and roles. What is the purpose of Certificates? How are identities represented in Certificates Discuss naming in certificates. Discuss the format of X.509 Certificates. Who is a certificate Authority? How do we authenticate a Certificate? Level R U R R U U U
114
What is a certification Hierarchy? What are the types of certificates? Discuss how certificates can be tied to Roles? What are Distinguished Names? How do we avoid naming conflicts? What are personal certificates? What are PGP certificates?
R R U R U R R
LU -22: Representing Identity-Identity on the Web(1 Period) LU Objectives 1. To distinguish and differentiate the various identities on the web
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Test Questions Discuss host identity in the internet What is the purpose of the Domain Name System? What are dynamic identifiers? How does DHCP assign addresses to the systems? What is weak authentication? Discuss security issues in DNS. Discuss the fields in the cookie. Discuss anonymity in the web. What is the pseudo-anonymous email service? The web site www.widget.com requires users to supply a user name and a password. This information is encoded into a cookie and sent back to the browser. Whenever the user connects to the Web server, the cookie is sent. Level R U R R U R R U R A
115
This means that use user need only supply a password at the beginning of the session. Whenever the server requests reauthentication, the client simply sends the cookie. The name of the cookie is identif. a. Assume that the password is kept in the clear in the cookie. What should the settings of the secure and expires fields be, and why? b. Assume that the name and password are hashed and that the hash is stored in the cookie. What information must the server store to determine the user name associated with the cookie?
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1 Test Questions Give an example of an access control matrix and its representation in the form of access control Lists. 2 What are the advantages and disadvantages of the access control List representation of the access control matrix? 3 Both ACLs and C-List entries use owners (users) rather than individual processes. Why? 4 Alice can read and write to the file x, can read the file y, and can execute the file z. Bob can read x, can read and write to y, and cannot access z. a. Write a set of access control lists for this situation. Which list is associated with which file? b. Write a set of capability lists for this situation. With what is each list A U U Level R
associated? 5 Revoking an individual's access to a particular file is easy when an access control list is used. How hard is it to revoke a user's access to a particular A
116
set of files, but not to all files? Compare and contrast this with the problem of revocation using capabilities. 6 Explain why some UNIX-based systems with access control lists do not allow root to alter the ACL. What problems might this raise? 7 It is said that UNIX uses access control lists. Does the UNIX model include capabilites as well as access control lists? (Hint: Consider file descriptors, If a file is opened, and its protection mode is changed to exclude access by the opener, can the process still access the file using the file descriptor? 8 Suppose a user wishes to edit the file xyxxy in a capability-based system. How can he be sure that the editor cannot access any other file? Could this be done in an ACL-based system? If so, how? If not, Why not? A A A
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. Test Questions Give an example of an access control matrix and its representation in the form of Capabilities. 2. What are the advantages and disadvantages of the Capabilities representation of the access control matrix? 3. Although most systems alllow objects to have only one owner, it is possible for an object to have two (or more) owners. Consider ownership as a right that allows the changing of capabilities (or access control lists). How might you implement this right using capabilities? How might you implement it using access control lists? Contrast these implementations of capability lists and access control lists with PACLs A U Level R
117
LU Objectives 1. To make the students to understand the information flow problem and entropy
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. Test Questions How do we ensure that information flows through governed channels? 2. 3. 4. 5. 6. 7. 8. 9. 10. Define Entropy. When do we say information flows from X to Y?. Define Implicit Flow. How do we manage information flow? How can information flow be managed through policies? Discuss Compiler based mechanisms for managing information flow. Discuss Execution based mechanisms for managing information flow. Discuss the Data Mark Machine. Prove that the Fenton's Data Mark machine would detect the violation of policy in the execution time certification of the copy procedure. U R R U R U U U A Level R
LU Outcomes
118
1.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. Test Questions What is the confinement problem? What is isolation? What is a Virtual Machine? What is a Sandbox? What is transitive confinement? Two UNIX processes wish to communicate but cannot use mechanisms. However both can run ps (1) as a subprocess. a. Devise a protocol whereby the two processes can communicate using their environment lists. b. Implement the protocol. Measure the (actual) rate of transmission 7. Consider the rule of transitive confinement. Suppose a process needs to execute a subprocess in such a way that the child can access exactly two files, one only for reading and one only for writing. A standard IPC Level R U R R U A
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. Test Questions What is the purpose of a covert channel? Level R
119
2. 3. 4. 5.
Discuss how we can detect covert channels. Discuss how we can analyze covert channels? Discuss how we can mitigate covert channels? In the Covert flow tree technique, it is possible for some part of the tree to enter a loop in which recognition of attribute a depends on recognition of attribute b which in turn is possible when attribute a is recognized. a. Give a specific example of such a loop. b. Should such a loop occur, the covert flow tree path is labeled, with a
U U U A
repeat parameter that dictates the maximum number of times that branch may be traversed. Discuss the advantages and drawbacks of this solution.
Module-IV Overview
This module discusses the different malicious programs like Viruses, Worms, and Trojan Horses. This module also discusses methods for detecting the malicious programs and defending the computers systems data and processes against the action of malicious programs. discusses vulnerability of systems and discusses penetration This module testing as a important tool for
analyzing the presence of vulnerabilities. This module discusses auditing as an important security mechanism that analyzes the logs in the system and notifies the analyst about the results. Finally, the module defines the goals of an intrusion detection system and discusses different methods for intrusion detection.
LU Objectives 1. To make the students to understand how malicous code spread and infect
LU Outcomes 1. To work with how viruses and worms propagate and infect
120
Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9.
Test Questions What are the different types of malicious code? What is a Trojan horse? What is a virus? What is a worm? How does a virus differ from a worm? How does a virus propagate? What are the different types of viruses? What is a Logic Bomb? Tripwire does not encipher the signature blocks. What precautions must installers must take to ensure the integrity of the database?
Level R R R R U U U R U
10.
Consider how a system with capabilities as its access control mechanism could deal with Trojan horses. a. In general, do capabilities offer more or less protection against Trojan horses than do access control lists? Justify your answer in light of the theoretical equivalence of ACLs and C-Lists? b. Consider now the inheritance properties of new processes. If the creator controls which capabilities the created process is given initially, how could the creator limit the damage that a trojan horse can do. c. Can capabilites protect against all Trojan horses? Either show that they can or describe a Trojan horse process that C-Lists cannot protect against.
11.
Describe in detail how an executable infecting comuter virus might append itself to an executable. What changes must it make to the executable, and why?
12.
A computer system provides protection using Bell Lapadula policy. How would a virus spread if: a. the virus were placed on the system at system low (the compartments that all other compartments dominate? b. the virus were placed on the system at system high (the compartment that dominates all other compartments)
13.
A computer system provides protection using Biba Integrity model. How would a virus spread if: a. the virus were placed on the system at system low (the compartments that all other compartments dominate?
121
b. the virus were placed on the system at system high (the compartment that dominates all other compartments) 14. A computer system provides protection using the Chinese Wall model. How would a virus spread throughout the system if it were placed within a company dataset? Assume that it is a macro virus. 15. Assume that the Clark-Wilson model isimplemented on a computer system. Could a computer virus that scrambled constrained data items be introduced into the system? Why or why not? Specifically, if not identify the precise control that would prevent the virus from being introduced, and explain why it would prevent the virus from being introduced; if yes, identify the specific control or controls that allow the virus to be introduced and explain why they fail to keep it out. A A
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1 2 3 4 Test Questions Describe how malicious code can be detected? Describe the defense mechanisms against viruses. What are multilevel security mechanisms? Design a signature detection scheme to detect polymorphic viruses, assuming that no encipherment of virus code was used. Level R R R A
122
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. Test Questions How is vulnerability analysis done? What is the purpose of formal verification? What are penetration studies used for? What is penetration testing? An attacker breaks into a Web server running on a Windows-2000 based system. Because of the ease with which he broke in, he concludes that Windows 2000 is an operating system with very poor security features. Is his conclusion reasonable? Why or why not? 6. Why might an analyst care how similar two vulnerabilies are? U Level R U R U L
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No Test Questions Level
123
1. 2. 3. 4. 5. 6. 7.
Describe the method of Flaw Hypothesis. What is the purpose of information gathering? How is Flaw hypothesis used? What is Flaw Testing? What is Flaw Generalization? What is Flaw Elimination? One expert noted that the PA model and the RISOS model are isomorphic. Show that the PA vulnerability classifications correspond to the RISOS vulnerability classes and vice versa.
U U U R R R A
8.
The NRL classification scheme has three axes: genesis, time of introduction, and location. Name two other axes that would be of interest to an analyst. Justify your answer.
9.
In the NRL classification scheme for the time of introduction axis, must the development phase precede the maintenance and operation phases, and must the maintenance phase precese the operation phase? Justify your answer?
10.
In the NRL classification scheme for the genesis axis, how might one determine whether a vulnerability is malicious or nonmalicious?
11.
In the NRL classification scheme for the genesis axis, can the classes Trojan horse and Covert Channel overlap? Justify your answer. I f your answer is yes, describe a Trojan horse that is also a covert channel or vice versa.
12.
Aslam's classification scheme classifies each vulnerability into a single category based on a decision tree that requires yes or no answers to questions about the vulnerability. A researcher has suggeted replacing the tree with a vector, the components of which correspond to questions about the vulnerability. A 1 in the vector corresponds to a yes answer to the question; a 0 corresponds to a no answer. Compare and contrast the two approaches.
124
2.
Test Questions
Level R U U R R R R A
Describe a secure state of a system. What are the components of an Audit structure? What is a logger? What is an analyzer? What is a Notifier? What is Log sanitization? Extend the example of deriving required logging information to the full BellLaPadula model with both security levels and compartments
9.
In the example of deriving required logging information for the Chinese Wall model, it is stated that the time must be logged. Why? Can something else be logged to achieve the same purpose?
10.
The Windows NT logger allows the system administrator to define events to be entered into the security log. In the example, the system administrator configured the logger to record process execution and termination. What other systems might the system administrator wish to record?
11.
Suppose a notifier sends e-mail to the system administrator when a successful compromise of that system is detected. What are the drawbacks of this approach? How would you notify the appropriate user?
12.
Describe a set of constraints for the Clark-Wilson model that lead to a descriptions that an audit mechanism should detect. Give these conditions.
13.
Why is adherence to the principle of complete mediation a necessity for logging of file accesses?
14.
A network monitor records the following information while recording a network connection.
125
Sl.No
Test Questions a. System prompts that name neither the user nor the system. b. System control files sucs as the password file. c. e. f. A file containing a list of dictionary words A system banner A source code file
Level
g. A Web page downloaded from a remote site Which type of information should the monitor check to see if it must sanitize the data to conceal the names of the users and the names and addresses of the computers involved? 15. Four Levels of log sanitization are defined. a. Simple sanitization, in which all information except the commands issued by an intruder are deleted b. Information-tracking sanitization, in which sensitive information is entered into a symbol table as it is encountered, a unique identifier is assigned, and whenever that information is encountered it is replaced with the associated identifier. c. Format sanitization, in which compressed or encoded data is transformed into its original form, the original form is sanitized using informationtracking sanitization, and the resulting data is returned to its transformed format. d. Comprehensive sanitization, in which all data is analyzed and sanitized as in information-tracking and format sanitization Discuss the level of anonymity of each level of sanitization. Which level could be automated, and to what degree would human oversight required? be A
LU Outcomes
126
2.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. What is state-based auditing? What is transition-based auditing? What is application logging? What is the use of an audit browser? Prove or disprove that state-based logging and transition-based logging are equivalent if and only if the state of the system at the first transition is recorded. 6. Suppose a remote host begins the TCP three-way handshake with the local host but never sends the final ACK. This is called a half-open connection. The local host waits for a some short time and then purges the information from its network tables. If a remote host makes so many half-open connections that the local host cannot accept connections from other hosts, the remote host has launched a syn flood attack. Derive logging and auditing requirements to detect such an attack. 7. What are the logging and auditing requirements for the NFS operations MKDIR and WRITE? A A Test Questions Level U U U R U
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No Test Questions Level
127
1. 2. 3. 4. 5. 6.
What is Intrusion Detection? What are the characteristics of systems not under attack? What is an attack tool? What are the goals of Intrusion Detection System? What are the models of Intrusion Detection? You have been hired as the security officer for compute Computers Inc. Your boss asks you to determine the number of erroneous login attempts that should be allowed before a user's account is locked. She is concerned that too many employees are being locked out of their accounts unnecessarily, but is equally concerned that attackers may be able to guess passwords. How would you determine an appropriate value for the threshold?
R U R U R A
7.
Why should the administrator (or the superuser) account never be locked regardless of how many incorrect login attempts are made? What should be done instead to alert the staff to the attempted intrusion, and how could the chances of such an attack succeeding be minimized?
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. Test Questions What is anomaly based intrusion detection? What is misuse based intrusion detection? What is specification based detection? What is the use of an audit browser? Consider the trace-based approach to anomaly-based intrusion detection. An intrusion detection analyst reports that a particular pattern of system usage results in processes with low entropy, meaning that there is little Level U U U R L
128
uncertainty about how the system processes behave. How well would a cluster-based analysis mechanism for anomaly-based intrusion detection work with this system? Justify your answer.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. Test Questions Discuss the different response mechanisms for intrusion detection. Level L
Module-V Overview This module discusses the organization of a private network by using a firewall and internal and external routers for private networks. The Demilitarized Zone between the internal and the external router can be used to host servers accessible to the public. The security of both development workstations and the production systems are dealt with in detail. The user security deals with granting privileges for the resources for access by the users. The Program security deals with the security of software and methods to ensure the correctness of the programs by employing appropriate validation procedures.
LU Outcomes
129
1.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. Test Questions What are the privileges given to outsiders for public data ,development data for existing products, development data for products, corporate data and customer data? 2. 3. 4. 5. What are the privileges given to Developers for the data? What are the privileges given to Corporate Executives for the data? What are the privileges given to the employees data? Suppose that an attacker has found a technique for sending packets through the outer firewall to the DMZ without the packets being checked. (The attacker does not know the internal addresses of the hosts in the DMZ.) Using this technique, how can the attacker arrange for a packet to be sent to the www server in the DMZ without the firewall checking the packet? 6. The organization of the network provides a DMZ to which the public has controlled access. Explain how the principle of Least privilege is relevant to the creation of the DMZ. 7. A security analyst wishes to deploy intrusion detection monitors to determine if any attackers penetrate the organization's network. a. Where should the intrusion detection monitors be placed in the network's topology and why? b. If the analyst wished to monitor insider attacks, how would your answer to part (a) change? Justify your changes. L L U U U L Level U
LU Outcomes
130
2.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. 6. 7. 8. Test Questions What are the major components of the network infrastructure for security? What is the use of the inner firewall? What is the use of the outer firewall? How is the Demilitarized zone used? What are the components in the internal network? Discuss the application of principle of least privilege. Discuss the application of principle of complete mediation. Discuss the application of principle of separation of privilege. Level R U U U R U U U
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions Describe the configuration of the network. How are the incoming web connections accepted? What is the purpose of using a trusted administrative host? Level R U U
131
4. 5. 6. 7. 8. 9. 10. 11.
Where do the log messages go to? How is the DMZ DNS system used? Where do the public keys reside? What is the function of the DMZ web server? How is the user access to the DMZ web server provided? Is extensive logging provided in the DMZ web server? How can attacks on the web server be minimized? The Web server on the DMZ Web server system renames temporary files used to record transactions. The name has the form trns followed by the integer representation of the date and time, followed by one or more digits. Why are the extra digits necessary?
U R R U R U R L
12.
Web pages change too frequently to be placed on a CD-ROM, but that the CGI scripts are changed infrequently enough to allow them to be placed them on CD-ROM. a. In light of the fact that the CGI scripts do not contain data, Why is their alteration a concern? b. CGI scripts can generate Web pages from data stored on the server. Discuss the integrity issues arising from storing of the data that those scripts use on writeable media but storing of the scripts themselves on read-only media. In particular, how trustworthy are the pages resulting from the script's use of stored data c. Assume that the CGI scripts are to be changed frequently. Devise a
method that allows such changes and also keeps the interface to those scripts on read-only media. Where would you store the actual scripts, and what are the benefits and drawbacks of such a scheme?
Resource Reference
132
1.
Ch27 of T1
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. Test Questions How is security provided in the Development workstation? How do users access the Development workstation? How is the network communication secured in the Development workstation? 4. 5. What is the purpose of auditing in the development workstations? What are the procedures regarding installation of new programs in the workstations? 6. 7. Explain the backup procedure used in the Development workstations. A System administrator on a development network workstation wants to execute a program stored on a floppy disk? What steps would the organization take to configure the workstation to prevent the system administrator from mounting the floppy and executing the program? 8. Suppose a user has physical access to computer hardware (specifically the box containing the CPU and a hard drive). The user does not have an account on the computer. How can the user force the computer to shut down? To reboot? 9. Consider the use of NIS to distribute hashes. a. In general, why might an administration want to use encryption techniques to protect the transmission of NIS records over a network b. Why is secrecy of the NIS records not important to the system user information such as password L L U L U U Level U R U
administrators? c. Assume the devnet firewall (and the inner and outer firewalls) did not prevent the outside users from monitoring the development network. How important would the secrecy of NIS records be then? Why? d. The NIS client accepts the first response to its query that it receives from any NIS server. Why is physical control of the development network critical to the decision not to use cryptography to protect NIS network traffic?
133
LU Outcomes 1. To work with the design of the access procedure for user security
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. Test Questions Describe the user access procedures in computer systems. Who are allowed to access the system? What commands should the user enter? What is the procedure for logging in to the system? What are the security procedures concerning use of password in systems? 6. 7. 8. What is the use of a proactive password checker? What precautions should be taken in the use of passwords? What steps should be taken when leaving the system? R U U Level U R U R U
LU Objectives 1. To state the user security procedures for files and devices
LU Outcomes 1. To deploy the user security procedures for files and devices
134
Sl.No 1. 2. 3. 4. 5. 6. 7. 8.
Test Questions What steps should be taken in the use of files? What steps should be taken when copying,moving and writing to files? Who is allowed to read or change file? Who protects the integrity, confidentiality and availability of files? How can we keep keys and passwords secure? How can we prevent overwriting or deleting files? How can we protect against malicious programs? Suppose that users A, B and C are the only members of the group proj and that users A, B and D are the only members of the group exeter. Show how user B can restrict access to the file design to himself and user A using only abbreviated ACLs.
Level R R R R U R R A
9.
The UNIX umask disables access by default. The Windows scheme enables it. Discuss the implications of enabling access by default and disabling access by default with respect to security.
10.
Many UNIX security experts say that the umask should be set to 077 (i.e. allow access only to the owner). Why? What problems might this cause?
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No Test Questions Level
135
1. 2.
What steps should be taken in the use of processes? How do we ensure superuser privileges are used by the correct user?
R R
LU Objectives 1. 2. To discuss the issues in Program security To provide the design and implementation of program security
LU Outcomes 1. 2. To list the issues in Program security To work with the design and implement program security methods
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. Test Questions How can security be enforced in the development of programs? What are the steps in program development? What are the common security related programming problems? What is the importance of role based access in program development? Describe validation in program security. Level U R U U R
136
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) Sl.No 1. 2. 3. 4. 5. What is bounds checking? What is Type checking? What is Error checking? How are inputs checked for valid data? Describe designing programs for validation. Test Questions Level R R R R R
137
COURSE DETAILS Subject Code Subject Name Semester Prepared By Approved By Effective Date Revision No. : CS9225 : Web Technology : M.E. (CSE) II Semester : Mr. J. Raja Sekar : Dr. K. Muneeswaran : 06.02.2013 : 0
Course Objective: To gain knowledge on the essentials of web technology and the elements involved in it. To have a thorough knowledge on markup languages (HTML), XHTML and various cascading style sheets (CSS). To learn the basics of client-side programming using Java scripts and its built-in objects. To get experience on server side programming by learning Java Servlets, JSP and ASP. To have clear idea of Java database programming using JDBC. To know the significance of XML and different technologies related to XML such as DTD, Schema, DOM, SAX and Xquery. To understand the basics of PHP and MySQL. Course Prerequisite: Programming Paradigms / Java Programming Internet Programming
Course Outcomes Programme Outcomes mapping (3-Substantiall , 2-Moderately, 1-slightly) Programme Outcomes Course Outcomes 1. Gain knowledge on the essentials of web technology and the elements involved in it. 2. Have a thorough knowledge on markup languages (HTML), XHTML and various cascading style sheets (CSS). 3. Learn the concept of client-side programming using Java scripts and its built-in objects. 1 2 2 1 3 4 2 5 6 7 8 9 10 11 12 13
138
4. Get experience on server side programming by learning Java Servlets, JSP and ASP. 5. Have clear idea of Java database programming using JDBC. 6. Know the significance of XML and different technologies related to XML such as DTD, Schema, DOM, SAX and Xquery. 7. Understand the basics of PHP and MySQL.
2 2
2 3 3 2
2 3 2 3 2 3 2 2 3 2 3
3 3
2 3
3 3
Concept Map
Web essentials clients servers - communication Markup languages XHTML simple XHTML pages style sheets CSS
Unit II
Client side programming Java script language Java script objects Host objects: Browsers and the DOM
Unit III
Server side programming Java servlets basics simple program separating programming and presentation ASP/JSP - JSP basics - ASP/JSP objects Simple ASP/JSP pages.
139
Unit IV
Representing Web data Data base connectivity JDBC Dynamic Web pages XML DTD XML schema DOM SAX Xquery.
Unit V
Building Web applications - Cookies Sessions Open source environment PHP MYSQL Case studies. Total: 45 Periods TEXT BOOKS: 1. Jeffrey C Jackson, Web Technology A Computer Science Perspective, Pearson Education, 2007. 2. Chris Bates, Web Programming Building Internet Applications, Wiley India, 2006. ONLINE MATERIALS: 1. http://www.javascriptkit.com/ 2. http://www.w3schools.com/xml/default.asp 3. http://www.tutorialspoint.com/jsp/jsp_overview.htm 4. http://www.docstoc.com/search/asp-tutorial-download-pdf 5. http://www.javacommerce.com/displaypage.jsp?name=intro.sql&id=18238 6. http://www.freewebmasterhelp.com/tutorials/phpmysql 7. http://www.learnphp-tutorial.com/
Course Schedule S. No. MODULE I Web essentials Clients, servers, communication Hours needed Date of coverage
Topic
1. 2. 3. 4. 5. 6.
Markup languages HTML XHTML, Simple XHTML pages Style sheets Cascading style sheets (CSS) CSS core syntax Style rule cascading and inheritance Sub Total: 9 MODULE II Client side programming Java script introduction
2 2 1 1 1 2
1 2
7. 8.
140
S. No.
Topic Java script objects Host objects: Browsers and the DOM DOM event handling Sub Total: 9 MODULE III Server side programming: Java servlets, basics
Hours needed 2 2 2
Date of coverage
9. 10. 11.
2 1 1 2 2 2
18.
1 2 1 1 2 2 1 Sub Total: 10
19. Database connectivity JDBC 20. Dynamic Web pages, XML 21. XML DTD 22. XML schema 23. DOM, SAX 24. XQuery
141
Web essentials Clients Servers - Communication Markup languages XHTML Simple XHTML pages Style sheets CSS.
Module Overview This module outlines the essentials of web technology and the various elements involved in it. The markup languages such as HTML, XHTML are discussed here. Also, the different ways of presenting the HTML documents by separating the web contents are learnt by using cascading style sheets (CSS).
LU Objectives 1. 2. 3. To identify basic internet protocols. To study the HTTP protocol message structure. To understand about web clients and web servers.
LU Outcomes 1. 2. 3. Explore the structure of HTTP request and response messages. Realize the functionality of web browser. Identify the working of the web server.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4. 5. 6. 7. 8.
What are the basic Internet protocols? Distinguish between TCP and UDP. Define DNS. What is WWW? Define HTTP. Draw and explain the message of structure of HTTP request message. With a neat diagram, explain the HTTP response message structure. Identify the various tasks performed by the web browser while making a HTTP request.
R R U R U R R A
142
9. 10.
List some of the additional functionality of the web browser. Identify the various steps involved during the HTTP request and response to and from a web server.
U A
LU Objectives 1. 2. 3. To identify the different basic elements of HTML. To study the way of including images, tables, hyperlinks and frames into a web page. To learn the design of HTML web pages.
LU Outcomes 1. 2. 3. Learn the various elements of HTML. Identify the usage of images, links, tables and frames in the web page. Develop the ability to build a web site using HTML.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4. 5. 6. 7.
List any four HTML entity references. What do you mean by empty element in HTML? How will you format text in a web page? Identify some of the HTML elements. How will you insert multiple images and hyperlinks into a web page? Illustrate the three types of lists supported by HTML with necessary examples. Determine the basic features of structuring and formatting HTML tables with suitable examples.
143
3.
8. 9.
Create a HTML application with frames, links, tables and other tags for highlighting the facilities in your College. Create a HTML application with frames, links, tables and other tags that will provide information about the services provided in Bharat blood bank.
C C
LU Objectives 1. 2. To learn the three flavors of XHTML. To construct web pages using XHTML.
LU Outcomes 1. 2. Explore the knowledge on XHTML document type declarations (DTD). Design web pages using XHTML sysntax.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4. 5. 6.
What are the characteristics of direct manipulation graphical system? Mention the various limitations of direct manipulation systems. Distinguish between HTML and XHTML documents. With a neat diagram, explain the relationships between SGML, XML, HTML, and XHTML. Illustrate with example, the three document type declaration (DTD) used in XHTML document. Design a XHTML web page for a registration page containing information about the student details.
R U A U U C
LU Objectives 1. To quote the need and importance of cascading style sheets (CSS).
144
2. 3.
To express the different forms of CSS. To understand about web clients and web servers.
LU Outcomes 1. 2. Apply different styles using CSS. Sketch web pages with various forms of CSS.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4. 5.
Define Cascading Style Sheets (CSS) and its three flavours. What is inline style sheet? How will you link an external style sheet to improve the presentation of a document? Is it possible to apply more than one style to a HTML document? Justify. Design a HTML document and CSS style sheet that will cause a background image to be repeated across the vertical center of the browser client area. The image should remain in the center of the window even if the window is scrolled.
U R A A C
LU Objectives 1. 2. To know about the CSS style rule. To study the various forms of CSS selector strings.
LU Outcomes 1. 2. Dramatize the web page design with CSS. Discriminate web pages by applying different styles to them.
145
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4. 5.
Write down the two parts of CSS style rule. Give the significance of At-rules. Demonstrate with necessary examples, the various types of CSS selectors. Determine with necessary examples, the different forms of style rules / statements used in CSS. Create an embedded style sheet (including the appropriate HTML tags) that sets the value of the font-family property to Gill Sans Bold SamllCaps & OSF for all elements of the document.
U U A A C
LU Objectives 1. 2. To learn the style rule cascading. To understand the element inheritance of style properties.
LU Outcomes 1. 2. Identify the cascading of style sheet rules. Explore the inheritance property of cascading style rules.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4. 5. 6.
Explain in detail, the various steps involved in cascading of style rules. Clarify how style rules declarations are prioritized once the origin and weight are established. What do you mean by specificity? List out the priority levels of the CSS style rules based on the origin and weight of all declarations. Demonstrate with an HTML document, the element inheritance of style properties. Write a style sheet that will cause the li elements within any ol element to be numbered in an outline style: the top-level li elements should use uppercase Roman numerals, the next level uppercase letters, the next level lowercase Roman numerals, then lowercase letters, and finally decimal numbers at the fifth level.
U A U R A C
146
Module II Client side programming Java script language Java script objects Host objects: Browsers and the DOM
Module Overview This module explains the understanding of client-side programming and the need of the scripting language, JavaScript. The basics of JavaScript are learnt here. JavaScript objects, both, intrinsic and extrinsic are also analyzed. The host objects, browsers and the Document Object Model (DOM) are also discussed.
LU Objectives 1. 2. To recognize the need of client-side programming. To learn the scripting language JavaScript.
LU Outcomes 1. 2. Realize the concept of client side programming. Understand the usage of JavaScript in HTML document.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3.
Define scripting language. Is JavaScript interpreted or compiled language? Explain. Identify some of the client-side programming languages and analyze their significance. Give the basic syntax of JavaScript.
U A A
4.
LU Objectives
147
1. 2. 3.
To identify the various data types in JavaScript. To understand the three types of statements. To study the ways of handling arrays.
LU Outcomes 1. 2. Prescribe the usage of JavaScript. Apply the JavaScript to the web pages for validation.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
Write down the primitive data types of JavaScript. Give the significance of typeof operator. Explain the various operators supported by JavaScript with suitable examples. Describe the various data types and operators available in JavaScript. Illustrate with examples, how arrays are created and accessed in JavaScript. Elaborate any five methods inherited by JavaScript Array object with example. Estimate how dynamically the JavaScript changes its array length. Distinguish between JavaScript and Java. Write a JavaScript program that reads N set of numbers and compute their sum and average. Using Array object, sort the given set of numbers. Design a function median( ) that accepts a one-dimensional array containing an odd number of integers as its single argument and returns the median value stored in the array (this is the value of the middle element of a sorted version of the array). The argument array should not be modified.
R R U R U R A A C C
LU Outcomes 1. Review the built-in objects such as Array, Date, Math and RegExp objects.
148
2.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2.
Explain any five built-in objects supported by JavaScript with suitable example. Using a RegExp instance, write a JavaScript function isValid() that accepts a String argument and returns true if the argument matches one of the following phone-number formats and returns false otherwise: (123)456-7890 (123) 456-7890 123/456-7890 123-456-7890 123 456 7890 1234567890
U E
3.
Write a JavaScript program that generates 10 random math problems. Each math problem should consist of three operands (random integers between 10 and 10, inclusive) and two operators (randomly drawn from +, -, *, and %). For example, a problem might be -4 + 7 % 3. Display each problem in a prompt box, and allow the user to enter an integer representing the value of the problem (following standard JavaScript operator precedence rules). After all 10 problems have been answered, output the number of correct answers.
LU Objectives 1. 2. 3. To list the various browser objects used in JavaScript. To study the Document Object Model (DOM) API. To understand about web clients and web servers.
LU Outcomes 1. 2. Recognize the different browser objects. Focus on DOM2 support for document tree access and modification within a browser.
Resource Reference
149
1.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4. 5. 6.
Define Document Object Model (DOM). Elaborate the various browser objects available with JavaScript with necessary examples. Write a simple JavaScript program that displays information about the screen size, resolution and color depth. Explain the DOM approach for XML processing with suitable example. Discuss in detail the JavaScript DOM objects with suitable examples. Write a JavaScript program that displays the outline of the Element nodes in the document tree of a given input HTML document.
U R C U U A
LU Outcomes 1. 2. Identify the two traditional ways of assigning event handlers. Handle simple events using JavaScript.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2.
List the six DOM2 mouse events. Illustrate with neat examples, the functions of event listeners, event propogation, event cancelling and event generation with respect to DOM event handling. Consider the JavaScript codings below: var button = window.document.getElementById("msgButton"); button.addEventListener("click", sayHello, false); function sayHello(event) { window.alert("Hello World!\n\n" + "Event type: " + event.type + "\n" + "Event target element type: " +
R U
3.
150
Module III Server side programming Java servlets basics simple program separating programming and presentation ASP/JSP - JSP basics - ASP/JSP objects Simple ASP/JSP pages.
Module Overview Here in this module, the different server-side programming technologies such as Java servlets, Active Server Pages (ASP) and/or Java Server Pages (JSP) are learnt. Study on the basics of Java servlet programming is performed with simple servlet programs. The server page technologies such as Java Server Pages (JSP) and/or Active Server Pages (ASP), and their objects are discussed. Creating simple JSP/ASP pages are also done.
LU Objectives 1. 2. To identify the concept of server side programming. To learn the basics of Java servlet.
LU Outcomes 1. 2. 3. Relate the significance of client-side and server-side programming. Express the basics of Java servlet programming. Review the usage of GenericServlet and HttpServlet.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2.
Compare and contrast client-side and server-side programming. Mention the two kinds of HTTP responses made by a web server to an HTTP request.
U R
151
3. 4. 5. 6. 7. 8. 9. 10. 11.
Distinguish between CGI scripts and Java servlets. Compare and contrast static and dynamic (HTTP) responses. What is MIME? Draw a neat sketch of high-level web server-servlet interaction. With a neat diagram, explain the architecture of Java Servlet. Explain the three methods involved in the life cycle of Java Servlets. Distinguish between doGet( ) and doPost( ) methods. Identify some of the methods of HttpServeltRequest for accessing parameter data and their purpose. Identify some of the methods of HttpServeltResponse used by the server to generate an HTTP response.
A A R U U U A R R
LU Objectives 1. 2. To write simple programs using GenericServlet class. To write simple programs using HttpServlet class
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1.
Consider the following URL: http://localhost:8080/servlet/Login?txtUname=Shaks&txtAge= 42 Write a simple servlet program that reads the parameter data in the URL and displays them back to the user.
2.
Design a HTML page containing the following details: register number, student name, subject code, subject name, grade obtained, and subject credit for three subjects. Develop a servlet program that reads all these data entered by the user, computes the CGPA and display it back to the user alongwith register number and student name. Write the servlet code for reversing the given integers. Write a simple HttpServlet program to obtain the personal details such as name, age, gender and contact number entered by the web client and validate the details based on the age criteria and send the appropriate response back to the client
3. 4.
C C
152
LU Objectives 1. 2. To understand the need for separating programming and presentation. To study the architecture of JSP / ASP.
LU Outcomes 1. 2. 3. Understand the importance of separating programming and presentation in web pages. Recognize the architecture of JSP and ASP. Identify the various components in the JSP and ASP architecture.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3.
Write two advantages of JSP over servlet. With a neat diagram, explain the architecture of ASP .NET framework. Separating programming and presentation is preferable . Why?
U U A
LU Objectives 1. 2. 3. To learn the major components of JSP. To understand the different directive tags. To know the standard action tags of JSP.
LU Outcomes 1. 2. Unite JSP tags with HTML codings. Capable of writing simple JSP pages.
153
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
Every valid JSP documents consists of at most three types of information. What are they? Explain each of them. Write a JSP to demonstrate the usage of page and include directives. List some of the JSP Expression Language (EL) implicit objects. State the major components of JSP. Compare and contrast include directive and include action tags. What is MVC? How can it be implemented? By giving suitable examples, explain the JSP scriptlets. Define JSTL. What are the benefits of JSP custom tags? Design a simple JSP page that accepts two numbers as input and computes its sum and product, and displays the results back to the user.
R C R R A A U U U C
LU Objectives 1. 2. To identify the various implicit objects. To learn the ASP objects.
LU Outcomes 1. 2. Familiarize various objects of JSP / ASP. Usage of these objects in web pages.
Resource Reference 1. Chapter 12.9 of the book Web Technology: A Developer's Perspective - by N.P. Gopalan & J. Akilandeswari
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3.
Highlight the Response and Session objects of JSP / ASP along with their available methods. What is the main use of Session object? Create a cookie named Name and store your name to this cookie. Using
U R C
154
addCookie( ) method of the Response object, add this cookie. 4. 5. 6. How to create JSP objects and use of that? Explain with suitable example. Discuss in detail the five objects of ASP with examples. Write short note on ASPError object. A U U
LU Outcomes 1. 2. Enabling the students to develop web pages using JSP / ASP. Designing web pages containing ASP / JSP implicit objects.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3.
Write an ASP code to display different image each time a user visits a page. Write a simple ASP code that displays the number of current visitors in an ASP file. Design a simple ASP /JSP page that holds information about an online bus ticket booking system. Assume your own set of necessary details for the same Develop a web application for a Super Market Billing System using ASP / JSP pages. Use cookies as part of the web application. State the assumptions you make (business logic you are taking into consideration). Note: Your application must access a database. Develop a web application for a Railway Reservation System using ASP / JSP pages. Use cookies as part of the web application. State the assumptions you make (business logic you are taking into consideration). Note: Your application must access a database. Design a web page for library management system using JSP/ASP that contains the following information: book no., book name, author(s) name, publisher name and cost of the book.
C C C
4.
5.
6.
Module IV
155
Representing Web data Database connectivity JDBC Dynamic Web pages XML DTD XML schema DOM SAX Xquery.
Module Overview T he concepts of Java database connectivity (JDBC) are discussed here. The basics of
eXtensible markup language (XML) are learnt. Different technologies related to XML such as DTD, XML schema, DOM, SAX and Xquery are discussed.
LU Outcomes 1. 2. Learn how web data is represented. Understand how XML document is used to represent web data.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2.
What do you mean by web data? How will you represent web data using XML?
U U
LU Objectives 1. 2. To know the key ideas behind JDBC. To understand the different classes and interfaces involved in JDBC API. To execute static and dynamic SQL statements. 3. To write simple JDBC application programs.
156
LU Outcomes 1. 2. Ability to choose the JDBC driver type based on the requirement. Capable of developing JDBC applications.
Resource Reference 1. 2. Appendix C of T1 Chapter 4 of Core Java Vol. II Advanced Features, 8th Edition, by Cay S. Horstmann and Gary Cornell.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4. 5. 6.
List the four types of Java database driver. How will you delete a specific record from an already existing table? Explain the steps involved in developing a Java database application Identify and list out how SQL statements are created and those commands are executed. Realize the importance of PreparedStatement in Java SQL. Write a Java database program to perform the following for a railway information system: (i) to retrieve all the records contained in the database (ii) retrieve details of a particular train based on the train number (iii) insert a new record with the train details (iv) alter the starting and reaching time of a particular train number (v) delete the details of a particular train based on the train number
R A U U U A
7.
Design a web page using JSP that reads customer details and his/her ration card details in applying for a new mobile connection. The details are to be stored in MySQL database.
LU Objectives 1. 2. 3. To learn the concept of dynamic web pages. To know the basic ideas of XML. To understand the different kinds of XML documents.
LU Outcomes 1. 2. Classify between static and dynamic web pages. Relate the different technologies of XML.
157
3.
Resource Reference 1. 2. Chapter 7.1 to 7.3 of T1 Chapter 1 to 3 of Beginning XML, 4 th Edition, by David Hunter, Jeff Rafter, et. al.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4. 5. 6. 7. 8. 9.
Distinguish between static and dynamic web pages. Define XML and its uses. What are well-formed XML documents? List out the various XML syntax rules. Write a note on XML namespaces. When is an XML document said to be valid? Differentiate well-formed and valid XML documents. Write two main differences between HTML and XML. Create a simple XML document for a mobile phone and identify various attributes.
U U R R U A A U C
LU Objectives 1. 2. To look at each of the DTD declarations in detail. To validate an XML document using DTDs.
LU Outcomes 1. 2. 3. Know the various declaration parts of DTDs. Describe the DTD for an XML document. Specify an XML document and DTD using external files.
Resource Reference 1. Chapter 4 of Beginning XML, 4 th Edition, by David Hunter, Jeff Rafter, et. al.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
158
1. 2. 3. 4. 5.
Mention the basic three parts of any XML DTD. List the four kinds of content model allowable within an element declaration. Compare #REQUIRED and #IMPLIED attribute value declarations. Discuss in detail, XML DTD definition with suitable examples. Consider the following XML document below: <?xml version="1.0"?> <mobileset> <mobile> <name>Sony Ericsson </name> <model>W700i </model> <cost type = "Rupees">8000</cost> </mobile> <mobile> <name>Apple</name> <model>iPhone 4S </model> <cost type = "Rupees">10000</cost> </mobile> </mobileset> The following is the generated XML DTD for the above XML document. <!ELEMENT mobileset ( mobile )*> <!ELEMENT mobile ( name | model, cost )*> <!ELEMENT name ( #PCDATA )> <!ELEMENT model ( #PCDATA )> <!ELEMENT cost ( #PCDATA )> <!ATTLIST cost type CDATA #IMPLIED> Check for the correctness of this DTD definition.
R R A U E
6. 7.
What are the limitations of DTD? Consider the XML document below: <?xml version=1.0?> <contacts> <contact> <name> <first>Jeff</first> <middle>Craig</middle> <last>Rafter</last> </name> <location> <latitude>34.031892</latitude> <longitude>-117.207642</longitude> </location> <phone>001-909-555-1212</phone> <knows>David Hunter, Danny Ayers</knows> <description> Jeff is a developer and author for Beginning XML <em>4th edition</em>.<br/>Jeff <strong>loves</strong> XML! </description> </contact> </contacts>
159
Currently, each contact can have only one phone number. Modify the contact declaration so that each contact can have zero or more phone numbers. In addition, add declarations for website and email elements.
LU Objectives 1. 2. 3. To associate an XML schema with an XML document. To specify allowable XML content using simple and complex types. To create an XML schema using multiple documents and namespaces.
LU Outcomes 1. 2. 3. Recognize the benefits of XML schemas. Associating XML schema with an XML document. Document your XML schema.
Resource Reference 1. Chapter 5 of Beginning XML, 4 th Edition, by David Hunter, Jeff Rafter, et. al.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4. 5. 6. 7. 8.
List out the benefits of XML schemas. Compare and contrast XML DTDs and XML schemas. Mention some of the built-in data types available with XML schema. Distinguish between simple and complex data types. Identify the four element content model of a XML schema definition. Discuss in detail, XML Schema definition with necessary examples. Is it possible to create a schema from multiple documents? Justify. Why XML schema is needed? Compare with DTD.
R U U R U U A A
LU Objectives 1. 2. To understand the purpose of XML Document Object Model (DOM). To learn the important XML DOM interfaces and objects.
160
3.
LU Outcomes 1. 2. 3. Write java programs to create DOM parser using Java DOM APIs. Explore the significance of SAX parsers and its usage. Plan suitable parser (either DOM or SAX) based on the XML document for consideration.
Resource Reference 1. 2. Chapter 7.5 and 7.6 of T1 Chapter 11 and 12 of Beginning XML, 4 th Edition, by David Hunter, Jeff Rafter, et. al.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4. 5. 6. 7.
What is the purpose of the XML DOM? List some of the important DOM interfaces and objects. Write a detailed note on XML Document Object Model (DOM) Develop a Java program using DOM API, to count for a specific tag contained in the input HTML document. Define SAX. Determine how SAX parser helps to parse large XML documents. Differentiate between DOM and SAX parser.
U R U C U R A
LU Objectives 1. 2. To query an XML document using XQuery To use the different types of expression in XQuery
LU Outcomes 1. 2. 3. Usage of XQuery tools to query the XML document. Familiarize the important FLWOR (for, let, wher, order by, return) expressions. Hands on experience with some XQuery functions.
Resource Reference
161
1.
Chapter 9 and 10 of Beginning XML, 4 th Edition, by David Hunter, Jeff Rafter, et. al.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4. 5. 6.
Describe how XQuery helps in querying the XML data. How to query an XML document using XQuery and how to create new elements in the result using element constructors? Give the significance of doc( ) function. What notation is used in an XQuery expression to indicate that its content is created dynamically? Create a simple library element containing details about book name and publishing year using element and attribute constructor. What do you mean by FLWOR expressions? Explain with necessary examples.
U U R U C R
Module V
Building Web applications - Cookies Sessions Open source environment PHP MYSQL Case studies.
Module Overview This module defines the way to build web applications using PHP. The role of cookies and session management are described using Java servlet and PHP. Moreover, the open source database technology, MySQL is discussed. Some of the applications are considered for case study.
LU Objectives 1. 2. To know how to build web applications. To learn what a cookie is.
LU Outcomes 1. 2. Building web applications Demonstrate the creation and use of cookies.
Resource Reference
162
1. 2. 3.
Chapter 6.7 of T1 Chapter 12 of T2 Chapter 27 of Java 2: The complete reference, Fifth Edition by Herbert Schildt
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4. 5.
Define cookie. List some of the methods of servlet Cookie class. Using servlet cookie, write a simple code segment that counts the number of times a user visits a URL. Give the general form of creating a cookie in PHP. Discuss how cookies and sessions help to track users across many web sites.
U U C R U
LU Outcomes 1. 2. Creating and terminating sessions using servlet. Storing and retrieving attributes in session.
Resource Reference 1. 2. 3. Chapter 6.6 of T1 Chapter 12 of T2 Chapter 27 of Java 2: The complete reference, Fifth Edition by Herbert Schildt
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4.
With a neat diagram, show how a server establishing and maintaining sessions with two clients. Why session management is required in JSP / servlet? Explain. Illustrate servlet session tracking with suitable example program. Explain the two session management techniques (URL rewriting and
U A U U
163
cookie). 5. Discriminate why PHP sessions are better than cookies for tracking users. A
LU Objectives 1. 2. 3. To learn the basic of PHP. To understand the handling of arrays. To gain knowledge on PHP program control statements.
LU Outcomes 1. 2. Creating web pages in open source environment using PHP. Ability to access HTTP data using PHP.
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4. 5. 6. 7.
Define PHP. List and explain any eight features of PHP. State the different data types supported by PHP. List the various operators provided by PHP with necessary example. Describe how arrays are handled in PHP with example. What do you mean by associative array? Give example. Write the code in PHP for A cookie of a page stores a URL at the server. Now when any client visits the page, the server redirects and connects the visitor to the URL. Illustrate the different control structures available with PHP. Use PHP to display the current time of day at the server within a web page. Determine how $_GET and $_POST are used to access HTTP data with suitable example. Create an HTML form which you can use to enter a list of your friends names, include both forenames and surnames. Pass the data to a PHP script. Display the names in the order in which they were entered and in descending alphabetical order. Store the unordered names in a cookie. Let the user enter another name, display it correctly in the sorted list, taking the other names from the cookie.
R U U R U U C
8. 9. 10. 11.
U C A C
164
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1. 2. 3. 4.
Write a simple PHP script that helps to connect to the database server. Using while structure, show how to retrieve more than one record from a table. Distinguish between mysqli_fetch_row(result) and mysqli_fetch_array(result, type). Design PHP pages for online ticket booking for a cinema complex. Create necessary tables with required fields with MySQL database. Provide necessary operations to book or cancel the tickets online.
C U A C
LU Objectives 1. 2. To enable the students to develop dynamic web pages. To make them to develop database applications.
LU Outcomes 1. 2. Irrespective of technologies, create dynamic web pages. Organize web pages with database applications.
Resource Reference
165
1.
Chapter 12 and 13 of T2
Possible Assessment Questions: (Rating the level of questions R, U, A, L, E, C) S. No. Test Questions Level
1.
Create the following tables: Table Name Musician CD Track Musician to CD Track to CD Fields musicianID, name, instrument cdID, title, release date, type trackID, title, length, rating musicianID, cdID trackID, cdID
Write SQL statements to insert data into the database, to delete items and to query the database. Also, write query statements which will select All musicians All musicians who play a particular instrument All CDs All CDs on which a chosen musician plays All tracks on a chosen CD Create PHP pages that can execute the above SQL statements and to display the results with appropriate formatting. 2. What will be the result for the following? INSERT INTO user (fname, lname, class, email) VALUES (Kannan, Kavitha, I M.E.(IS), kavithak@gmail.com), (Anand, kumar, I B.E.(ECE), ankumar@in.com), (Sundar, Hari, IV B.E.(CIV), harirocks@email.com); 3. Create an HTML form that helps to enter a list of your friends names, including both first and last names. Pass the data to a PHP script. Display the names in the order in which they were entered, and in descending alphabetical order. Consider the URL: http://localhost/htdocs/cookie.php?rollno=12MCS003&name=ABC Define a cookie MyCookie that stores the roll number and name and access this cookie. Also, this cookie should last only for 10 minutes. C A
4.
166
COURSE DETAILS - SOFTWARE QUALITY ASSURANCE Subject Code Subject Name Semester Prepared By Reviewed By Approved By Effective Date Revision No. : CS9262 : SOFTWARE QUALITY ASSURANCE : M.E (CSE) II Semester : Mr.N.BalaGanesh : Dr.K.Mala : Dr.K.Muneeswaran : 06.02.2013 : 1
Course Objective To develop the software with world class quality to satisfy the customer needs To create and manage a good testing infrastructure inside the software industry To create and maintain quality documentation for each software product under development To form software quality assurance team to ensure the quality of the software product. To follow the quality standards and get proper certification for the quality maintenance infrastructure within the industry To make use of proper tools while implementing quality infrastructure within organization
Course Prerequisite: Software Engineering CASE Tools Object Oriented Analysis and Design
Course OutcomesProgramme Outcomes mapping (3- Substantially, 2-Moderately, 1-Slightly) Programme Outcomes S.No Course Outcomes 1 1. Development of the software with world class quality to satisfy the customer needs 2. Creation and management of good testing infrastructure inside the software industry 3. Creation and maintenance of quality 3 2 3 3 3 4 3 5 2 6 2 7 3 8 3 9 3 10 3 11 1 12 3
167
under development 4. Formation of software quality assurance team to ensure the quality of the software product 5. Implementation of quality standards and get proper certification for the quality the maintenance industry 6. Usage of proper tools while implementing quality infrastructure within organization infrastructure within 1 2 3 1 1 1 1 2 2 2 1 2 3 1 1 1 2 3 2
Concept Map
CS9262
LTPC 3003
UNIT I Introduction to software quality - challenges objectives quality factors components of SQA contract review development and quality plans SQA components in project life cycle SQA defect removal policies Reviews
168
UNIT II Basics of software testing test generation from requirements finite state models combinatorial designs - test selection, minimization and prioritization for regression testing test adequacy, assessment and enhancement
UNIT III Testing strategies white box and black box approach integration testing system and acceptance testing performance testing regression testing - internationalization testing ad hoc testing website testing usability testing accessibility testing Test plan management execution and reporting software test automation automated testing tools
UNIT IV Hierarchical models of software quality software quality metrics function points Software product quality software maintenance quality effect of case tools software quality infrastructure procedures certifications configuration management documentation control
UNIT V Project progress control costs quality management standards project process standards Management and its role in SQA SQA unit
REFERENCES: 1. Daniel Galin, Software quality assurance from theory to implementation , Pearson education, 2009 2. Aditya Mathur, Foundations of software testing, Pearson Education, 2008 3. Srinivasan Desikan and Gopalaswamy Ramesh, Software testing principles and practices, Pearson education, 2006 4. Ron Patton, Software testing , second edition, Pearson education, 2007 5. Alan C Gillies, Software Quality Theory and Management, Cengage Learning, Second edition, 2003 WEB REFERENCES 1. 2. 3. 4. 5. http://www.qaforums.com/ http://www.softwareqatest.com/index.html http://www.aptest.com/index.html http://www.softwarecertifications.org/ http://www.qatutorial.com/
169
6. http://www.etestinghub.com/index.php
MODULE-I 1. 2. 3. 4. 5. 6. 7. Introduction to software quality - challenges objectives Components of SQA Contract review Development and Quality plans SQA components in project life cycle SQA defect removal policies Reviews Sub Total MODULE II 1. 2. 3. 4. 5. 6. 7. Basics of software testing Test generation from requirements Test generation from Finite state models Test generation from combinatorial designs Test selection for regression testing Test minimization and prioritization for regression testing Test adequacy: Assessment using Control Flow and Data Flow 8. Test adequacy: Assessment using Program Mutation Sub Total MODULE III 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. Testing strategies White box testing Black box testing Integration testing System and acceptance testing Performance testing Regression testing Internationalization testing Adhoc testing Website testing Usability and Accessibility testing Test planning and management Test execution and reporting Software test automation and Tools Sub Total 1 1 1 1 1 1 1 1 1 1 1 1 1 13 1 11 1 2 2 2 1 1 1 2 1 1 1 1 2 1 9
170
Sl.No
Topics
No. of Periods
Date of coverage
MODULE IV 1. 2. 3. 4. 5. 6. 7. 8. 9. Hierarchical models of software quality Software quality metrics Function points Software maintenance quality Effect of CASE tools Software quality infrastructure procedures and work instructions Staff Training and certifications Configuration management Documentation control Sub Total MODULE V 1. 2. 3. 4. 5. 6. 7. Project progress control Costs of software quality Quality management standards ISO 9000 Series Quality management standards CMM Project process standards Management and its role in SQA SQA unit Sub Total Total No. of periods DELIVERY PLAN FOR THE LEARNING UNITS (LU) MODULE-I This module deals with the introduction to software, its quality requirements and the need of software quality assurance team and review procedure for maintaining the quality 1 1 1 1 1 2 2 9 51 1 1 1 1 1 1 1 1 1 9
LU Objectives
1. 2.
To define and explain various software quality terminologies To explain the objectives of software quality assurance activities and to distinguish those activities from the quality control.
LU Outcomes
1.
171
2.
Resource Reference
1.
Chapter 2 of R1
Sl.No 1. 2. 3. 4. 5.
Test Questions Define software, software quality and software quality assurance Distinguish between software errors, software faults and software failures Identify the various causes of software errors Explain the objectives of software quality assurance activities Distinguish and explain the differences between software quality assurance and quality control. List the four components of a software system. How does the quality of each component contribute to the quality of the developed software? How does the quality of each component contribute to the quality of the software maintenance?
Level R L L U L
6. 7.
R U
8.
LU Objectives
1.
To discuss about the wide range of SQA components available to planners of an intraorganizational SQA system. To understand the potential contribution of each component, about the entire range of components, and about the system as a defined entity.
2.
LU Outcomes
1. 2.
Familiar with the components available in the SQA system Pick out and apply the right quality assurance component at proper phase of the project
Resource Reference
172
1.
Chapter 4 of R1
Sl.No 1. 2. 3. 4. 5. 6.
Test Questions Explain briefly on SQA System with architecture diagram List down the pre-project SQA components Describe the pre-project SQA components in detail List down the software project lifecycle SQA components Describe the software project lifecycle SQA components in detail List down the improvement infrastructure components for error prevention and
Level U R U R U R
7.
components
for
error
prevention
and
U R U U
8. 9. 10.
List down the management SQA components Describe the management SQA components in detail Discuss the guidelines for construction of organizations SQA system
LU Objectives
1.
To explain the contract review stages, their objectives and factors affecting the review process To discuss the process and importance of carrying out a contract review for internal projects
2.
LU Outcomes
1. 2.
Realize the importance of the contract review Arrange and plan for a contract review process for the projects
Resource Reference
1.
Chapter 5 of R1
173
Sl.No 1. 2. 3. 4. 5.
Test Questions Explain the two contract review stages List the objectives of contract review. Identify the factors that affect the extent of the contract review Identify the difficulties in performing a major contract review Explain the recommended avenues for implementing a major contract review Discuss the importance of carrying out a contract review for internal projects List the various aspects involved with the examination of the customers capabilities What proposal team activities are required regarding each of the revealed development risks?
Level U R L L U
6.
7.
8.
LU Objectives
1. 2. 3. 4. 5.
To explain the objectives and elements of a development plan and a quality plan To identify the major software risk items. To explain the process of software risk management To discuss the importance of development and quality plans for small projects To discuss the importance of development and quality plans for internal projects
LU Outcomes
1. 2.
Design a development plan for any kind of projects Realize the importance of development plan and educate the same to fellow team members Design a quality plan for any kind of projects Realize the importance of quality plan and educate the same to fellow team members Carrying out the risk management process in software products
3. 4. 5.
174
Resource Reference
1.
Chapter 6 of R1
Sl.No 1. 2. 3. 4. 5. 6.
Test Questions Explain the objectives of development and quality plans Identify the elements of a development plan Identify the elements of a quality plan Identify the major software risk items Explain the process of software risk management Discuss the benefits of preparing development and quality plans for small projects Discuss the benefits of preparing development and quality plans for internal projects.
Level U L L L U U
7.
1.
To describe the various software development models and discuss the differences between them To explain the considerations affecting intensity of applying quality assurance activities
2.
LU Outcomes
1.
Compare various software development models and pick out the right model for the project Apply appropriate quality assurance activities to the software development model
2.
Resource Reference
1.
Chapter 7 of R1
175
Sl.No 1.
Test Questions Describe the various software development models and discuss the differences between them. Explain the activities considerations affecting application of quality assurance
Level U
2.
3.
What are the seven basic phases of the development process suggested by the SDLC model? List the conditions necessary for the prototyping model to be applied List the advantages of prototyping compared to the SDLC methodology for development of small to medium-sized projects
4. 5.
R U
6.
Explain why the advantages of prototyping cannot be realized for large software systems Describe the four activities to be repeated in each iteration of the spiral development process. Explain why the four activities designated are to be repeated in each iteration of the development process Explain the advantages of the spiral model as compared with the SDLC model
7.
8.
1.
To explain the different aspects of verification, validation and qualification associated with quality assurance activities To describe the model for the SQA plan s defect-removal effectiveness and cost
2.
LU Outcomes
1.
Setting of verification, validation and qualification criteria for each and every quality assurance activity Creation of model for the SQA plans defect-removal effectiveness and cost
2.
Resource Reference
1.
Chapter 7 of R1
176
Sl.No 1.
Test Questions Explain the different aspects of verification, validation and qualification for quality assurance activities. Describe the model for SQA defect removal effectiveness and cost List out the average defect removal effectiveness of quality assurance activities based on Boehm and Johns List out the average defect removal cost of quality assurance activities based on Boehm and Johns Illustrate with an example on computing defect removal effectiveness of various phases of the project based on the defect identification rate
Level U
2. 3.
U U
4.
5.
1. 2. 3.
To explain the direct and indirect objectives of review methodologies. To explain the contribution of external experts to the performance of review tasks To compare the three major review methodologies
LU Outcomes
1. 2.
Plan for review processes based on the objectives of SQA Create an internal atmosphere inside software industry to bring the external experts for reviewing the tasks carried out for maintaining quality Strengthen the quality process by carrying out review, walkthrough and inspection
3.
Resource Reference
1.
Chapter 8 of R1
Sl.No 1. 2.
Test Questions Explain the direct and indirect objectives of the review methodologies Explain the contribution of outside experts to the performance of review
Level U U
177
tasks 3. 4. Compare the objectives and participants of the three team review methods For each direct and indirect objectives, indicate the review technique or techniques that contribute(s) the most to achieving that objective Explain the importance of enforcing templates and sticking to style procedures and conventions Compare the various review techniques. (1) In what aspects are design reviews more formal than inspections? (2) In what aspects are inspections more formal than walkthroughs? L L
5.
6.
MODULE-II This module gives an overview on software testing process. The test generation based on the requirements, finite state machines and combinatorial designs is introduced. The techniques for test selection, minimization and prioritization from large number of tests for carrying out the regression testing are also discussed. Also, the measurement of adequacy of the testing using control flow, data flow and program mutation techniques are also discussed.
LU Objectives
1. 2. 3.
To present basic concepts and terminology in software testing To discuss the role of control flow graph in software testing To present the relationship between various testing techniques and their use in different scenarios
LU Outcomes
1. 2. 3.
Knowledge attainment in basics of software testing process Carry out software testing in different scenarios using appropriate techniques Usage of mathematical techniques for carrying out software testing
Resource Reference
178
1.
Chapter 1 of R2
Sl.No 1. 2. 3. 4. 5. 6.
Test Questions Differentiate Errors, Faults and Failures Explain in detail on static testing Illustrate with block diagram the process of model checking What is a Control Flow Graph (CFG)? How it helps in software testing? List out the types of testing and explain them in detail Explain in detail on saturation effect
Level L U U U U U
LU Objectives
1. 2. 3.
To introduce the classes of test generation techniques To discuss on the techniques of partition testing To discuss on the techniques of predicate testing
LU Outcomes
1. 2. 3.
Ability to generate tests from requirements using category-partition method Generation of tests from requirements using cause-effect graphing method Generation of tests from requirements using predicates
Resource Reference
1.
Chapter 2 of R2
179
Sl.No 1. 2. 3. 4. 5.
Test Questions Explain in detail on Equivalence Partitioning method Illustrate with example on test selection based on equivalence classes Illustrate with example on boundary value analysis List out the steps in category partition method Illustrate with a simple example on generation of tests from requirements using category-partition method What is cause-effect graphing? Illustrate with a simple example on generation of tests from requirements using cause-effect graphing Illustrate with a simple example on generation of tests from predicates (Conditions from requirements)
Level U U U R U
6. 7.
R U
8.
LU Objectives
1. 2.
To introduce and explain how the finite state machine can be used for test generation To introduce W-Method, Partial W-Method (W p-Method) and UIO-Method for constructing a test set from given finite state machine
LU Outcomes
1. 2.
Test generation from basic finite state machine Test generation from minimal, complete and connected finite state machine using several methods
Resource Reference
1.
Chapter 3 of R1
180
Sl.No 1. 2. 3. 4.
Test Questions What is a Finite state machine? Explain in detail on working of Finite state machine List out the properties of Finite state machine Illustrate with an example on W-Method for constructing a test set from given finite state machine Illustrate with an example on Partial W-Method (W p-Method) for generating a test set from minimal, complete and connected finite state machine Illustrate with an example on UIO-Method for constructing a test set from given finite state machine based on unique input/output sequence
Level R U R U
5.
6.
LU Objectives
1. 2.
To introduce the basics of combinatorial test design process To describe the ancient methods like latin squares and mutually orthogonal latin squares (MOLS) and their application for the selection of subset To discuss on the methods for generating combinatorial design (for use in software testing)
3.
LU Outcomes
1. 2. 3.
Generation of tests from combinatorial designs Usage of mathematical methods for the selection of subset Generation of combinatorial designs using several methods
Resource Reference
1.
Chapter 4 of R2
Sl.No 1.
Level R
181
2. 3. 4.
Discuss briefly on combinatorial test design process Explain the Latin square of order 2 and 4 with example Explain the Mutually Orthogonal Latin square (MOLS) of order 2 and 3 with example List out the shortcomings of using MOLS for test design Illustrate with an example on generation of test case using simple orthogonal array Illustrate with an example on generation of test case using mixed level orthogonal array Write a procedure for generating mixed-level covering arrays for pairwise designs
U U U
5. 6.
U U
7.
8.
LU Objectives
1. 2.
To introduce regression testing process To explain how regression test selection is done using execution trace and dynamic slicing
LU Outcomes
1. 2.
Realize the importance of regression testing Test selection using various techniques for carrying out regression test
Resource Reference
1.
Chapter 5 of R2
Test Questions
Level R U U
Illustrate in detail on regression test process Illustrate how the test selection is carried out using execution trace
182
4. 5.
Illustrate how the test selection is carried out using dynamic slicing What is dynamic slicing?
U R
LU Objectives
1. 2.
To explain how regression test minimization is done To discuss how regression test prioritization is carried out
LU Outcomes
1. 2.
Capable of minimizing tests using various techniques for carrying out regression test Capable of prioritizing tests using various techniques for carrying out regression test
Resource Reference
1.
Chapter 5 of R2
Test Questions
Level R A U U R A U R
Write the procedure for test minimization Illustrate with example on set-cover optimization problem Explain with example how the regression test minimization is done? What is test prioritization? Write the procedure for test prioritization Explain with example how the regression test prioritization is done? List out the tools for regression testing
LU -14: Test adequacy: Assessment using Control Flow and Data Flow (1 Period)
183
LU Objectives
1.
To discuss and explain the test adequacy assessment using control flow and data flow
LU Outcomes
1. 2.
Realize the importance of test adequacy assessment Assessing test adequacy using control and data flow
Resource Reference
1.
Chapter 6 of R2
Test Questions
Level R U U U U
How the test adequacy can be measured? Describe the way of enhancing the testing using measurement of adequacy? List out the coverage patterns based on control flow Illustrate with examples on how test adequacy assessment is done using control flow What is C-Use and P-Use? What is a data flow graph? Give an example How a data flow graph can be drawn for a given program? List out the coverage patterns based on data flow
6. 7. 8. 9.
R U U R U
10. Illustrate with examples on how test adequacy assessment is done using data flow
LU Objectives
1.
184
2.
LU Outcomes
1. 2.
Familiar with the process of mutation Assessment of test adequacy using mutation
Resource Reference
1.
Chapter 7 of R2
Sl.No 1. 2. 3. 4.
Test Questions Discuss briefly on Mutation and Mutants? What are First-Order and Higher-Order Mutants? Differentiate Strong and Weak Mutants Illustrate with examples on how test adequacy assessment is done using program mutation What are Mutation operators? List out the types of mutation operators List out the guidelines for design of mutation operators Illustrate with an example on how fault detection is done using mutation Discuss in detail on mutation operators for C language Discuss in detail on mutation operators for Java language List out the tools used for mutation testing
Level U R L U
5. 6. 7. 8. 9. 10.
R R U U U R
MODULE-III This module lists out various types of testing, its methodology and importance. The procedures for planning, managing, executing and reporting of software testing are also discussed. Also the importance of automation and usage of tools is highlighted in this module
185
LU Objectives
1. 2.
To discuss about basics of white box testing To explain the concepts of static and structural testing and its real world applications
LU Outcomes
1. 2.
Realize the importance of white box testing Capable of carrying out white box testing in real world applications
Resource Reference
1.
Chapter 3 of R3
Test Questions
Level R R U U U L R
What are the classifications of white box testing? Discuss briefly on static testing Discuss briefly on structural testing How functional testing is carried out? Differentiate Code coverage and Code complexity testing List out the challenges in white box testing
LU Objectives
1. 2.
To discuss about basics of black box testing To explain the types of black box testing and its real world applications
LU Outcomes
186
1. 2.
Realize the importance of black box testing Capable of carrying out black box testing in real world applications
Resource Reference
1.
Chapter 4 of R3
Test Questions
Level R L R U L U
Differentiate White and Black box testing What are the classifications of black box testing? Discuss briefly on requirements based testing Differentiate positive and negative testing How user documentation testing is carried out?
LU Objectives
1. 2.
To discuss about basics of integration testing To explain the types of integration testing and its real world applications
LU Outcomes
1. 2.
Realize the importance of integration testing Capable of carrying out integration testing in real world applications
Resource Reference
1.
Chapter 5 of R3
187
Test Questions
Level R R U U U U
What are the types of integration testing? Discuss briefly on Top-down integration testing Discuss briefly on Bottom-up integration testing How Bi-Directional integration testing is carried out? Discuss briefly on Scenario testing
LU Objectives
1. 2.
To discuss about basics and to explain the process of system testing To describe the phases involved in acceptance testing
LU Outcomes
1. 2.
Realize the importance of System and acceptance testing Capable of carrying system and acceptance testing in real world applications
Resource Reference
1.
Chapter 6 of R3
Test Questions
Level R R
188
3. 4. 5. 6. 7.
Discuss briefly on Functional testing Discuss briefly on Non- Functional testing Differentiate Functional and Non- Functional testing How acceptance test is carried out? Discuss briefly on phases involved in acceptance test
U U L U U
LU Objectives
1. 2.
To discuss about basics of performance testing To describe the methodology involved in performance testing
LU Outcomes
1. 2.
Realize the importance of performance testing Capable of carrying out performance testing in real world applications
Resource Reference
1.
Chapter 7 of R3
Test Questions
Level R U U U R
Discuss briefly on performance testing methodology Discuss briefly on performance testing process How performance benchmarking is carried out in performance testing? List out the tools for performance testing
LU Objectives
189
1.
To discuss about basics and explain the types of regression testing and its real world applications To describe the phases involved in regression testing
2.
LU Outcomes
1. 2.
Realize the importance of regression testing Capable of carrying out regression testing in real world applications
Resource Reference
1.
Chapter 8 of R3
Test Questions
Level R R U R U
What are the types of regression testing? Discuss briefly on smoke or sanity test How regression test is carried out? Discuss briefly on phases involved in regression test
LU Objectives
1.
To discuss and explain the types of internationalization testing and its real world applications To describe the phases involved in internationalization testing
2.
LU Outcomes
1.
190
2.
Resource Reference
1.
Chapter 9 of R3
Sl.No 1. 2. 3. 4. 5. 6. 7. 8.
Test Questions What is internationalization testing? What are the types of internationalization testing? Discuss briefly on language test Discuss briefly on fake language test Discuss briefly on localization test How internationalization test is carried out? Discuss briefly on phases involved in internationalization test List out the tools used for internationalization test
Level R R U U U U U R
LU Objectives
1. 2.
To discuss about basics of Ad hoc testing To explain the types of Ad hoc testing and its real world applications
LU Outcomes
1. 2.
Realize the importance of Ad hoc testing Capable of carrying out Ad hoc testing in real world applications
Resource Reference
1.
Chapter 10 of R3
191
Test Questions
Level R R U U U R U
What are the types of Ad hoc testing? Discuss briefly on buddy test Discuss briefly on pair test Discuss briefly on exploratory test How iterative testing is carried out? Discuss briefly on agile and extreme testing
LU Objectives
1. 2.
To discuss about basics of website testing To describe the phases involved in website testing
LU Outcomes
1. 2.
Realize the importance of website testing Capable of carrying out website testing in real world applications
Resource Reference
1.
Chapter 12 of R3
Test Questions
Level R U U U
Discuss briefly on website load testing How security test in web application is carried out? Discuss briefly on phases involved in website test
192
5.
LU Objectives
1. 2.
To discuss and describe the phases involved in usability testing To discuss and describe the accessibility testing
LU Outcomes
1. 2.
Realize the importance of usability and accessibility testing Capable of carrying out usability and accessibility testing in real world applications
Resource Reference
1.
Chapter 12 of R3
Test Questions
Level R U U U R
Discuss briefly on Aesthetics testing How usability test is carried out? Discuss briefly on phases involved in acceptance test List out the tools for carrying out usability testing
LU Objectives
1. 2.
To explain the process involved in test planning To describe the management process involved in testing phase
193
LU Outcomes
1. 2.
Plan for the software testing for any given problem Managing the software testing process to achieve quality software product
Resource Reference
1.
Chapter 15 of R3
Test Questions
Level R U R U U
Discuss briefly on phases involved in test planning What is test deliverables? Describe the steps for managing infrastructure for carrying out the testing Describe the steps for managing people involved in carrying out the testing
LU Objectives
1. 2.
To explain the process involved in test execution To describe the procedure involved in reporting the test results
LU Outcomes
1. 2.
Plan for the execution of software testing for any given problem Reporting the software test result in better form so that it conveys clear message to both developers and clients
Resource Reference
194
1.
Chapter 15 of R3
Sl.No 1. 2. 3. 4. 5.
Test Questions What is test case specification? Discuss briefly on phases involved in test execution What is traceability matrix? How the test summary document can be prepared? Describe the steps for preparing test report
Level R U R U U
LU Objectives
1. 2.
To explain the process of designing test automation To introduce the tools available for doing the testing
LU Outcomes
1. 2.
Capable of automating the testing process wherever manual effort is needed Ability to use or introduce tools in the testing process
Resource Reference
1.
Chapter 16 of R3
Test Questions
Level R U
195
3. 4. 5.
Explain in detail, the design and architecture for test automation? List down the generic requirements for the test automation? List down the testing tools and their feature
U R R
MODULE-IV This module gives an overview on models and metrics related to software quality. The infrastructure to be developed, formation of procedures and documentations related to software product quality is also discussed. Also, the procedure of configuration control (version maintenance) for all work products related to quality is discussed in this module
LU Objectives
1. 2.
To introduce the basic concepts and explain the hierarchical models of software quality. To discuss the relationships between quality criteria as suggested by Perry.
LU Outcomes
1. 2.
Realize the importance of software quality and its basic model Listing out the quality criteria for a given problem and to find the relationships between the criteria
Resource Reference
1.
Chapter 2 of R5
Sl.No 1. 2. 3. 4.
Test Questions What is a hierarchical model? List out its significance Explain briefly on GE Model (McCall) Explain briefly on Boehm Model List out the three areas addressed by McCall Model
Level R U U R
196
5. 6.
How the quality criteria interrelate as per Perry? McCalls and Boehms models were developed in the era of batch processing and mainframe computers. How far are they affected by the move to interactive computing? As organizations move towards networked group working systems, what new criteria of quality will be needed? How far does Perrys analysis of relationships tally with your own experience of computer systems? Has it been overtaken by advances in technology?
U L
7.
LU Objectives
1. 2.
To explain the objectives of software quality metrics. To list the requirements to be fulfilled by successful software quality metrics and to explain how software quality metrics are categorized To describe the process of defining a new software quality metrics. To explain the reasons for limitations characterizing some software quality metrics
3. 4.
LU Outcomes
1. 2. 3. 4.
Realize the importance of the software quality metrics Ability to list down the requirements to be fulfilled by successful software quality metrics Analyze the existing metrics and apply them in the software projects Ability to define new software quality metrics based on the project needs
Resource Reference
1.
Chapter 21 of R1
Sl.No 1. 2. 3. 4.
Test Questions Explain the objectives of software quality metrics List the requirements for successful software quality metrics Explain how software quality metrics are categorized Describe the process of defining a new software quality metric
Level U R U U
197
5.
Explain the reasons for limitation characterizing some software quality metrics
LU Objectives
1. 2. 3.
To explain the objectives of KLOC metric To explain the objectives of function point metric Compare the KLOC and function point measures for the size of a software system.
LU Outcomes
1. 2. 3.
Realize the objectives and importance of KLOC metric Realize the objectives and importance of function point metric Apply the KLOC and function point metric in real world software projects
Resource Reference
1.
Sl.No 1. 2. 3. 4.
Test Questions Explain with a practical example on function point metric Discuss briefly on the advantages and disadvantages of function point metric Compare the KLOC and function point measures for the size of a software system. A human resources software system requires 15000 lines of Visual Basic code and 5000 lines of SQL code. Estimate the number of function points required for the software system
Level U U L E
LU Objectives
198
1. 2. 3.
To list the software maintenance components and explain their distinction. To describe and explain pre-maintenance software quality components. To list down the infrastructure and managerial tools for supporting and controlling maintenance quality assurance.
LU Outcomes
1. 2.
Realize the importance of software maintenance components Identification of the software maintenance components and apply them in software projects Analyze the existing tools available for maintenance and pick up appropriate tool for for controlling software maintenance quality
3.
Resource Reference
1.
Chapter 11 of R1
Level R
2. 3. 4. 5.
Describe the foundations of high quality maintenance Describe and explain the pre-maintenance software quality components List the infrastructure tools that support maintenance quality assurance. List the main managerial tools for controlling software maintenance quality and explain their importance What are the basic elements of a maintenance plan? Explain the importance of each element
U U R R
6.
7.
It is claimed that higher standards are needed for training and certification of maintenance team members than for development team members. (1) Do you agree or disagree with this statement? List your arguments. (2) If you agree with the above, what component of software maintenance (corrective, adaptive or functionality improvement) do you consider most suitable for the above statement? Most software corrective maintenance procedures require extensive
8.
199
documentation of the activities performed. (1) List the main uses for the various types of corrective maintenance documentation. (2) Explain the importance of the required documentation in your own words
LU Objectives
1.
To list out and explain the contribution of CASE tools to software development and software quality maintenance.
LU Outcomes
1. 2.
Use the CASE tools in software development and maintenance Realize the importance of CASE tools and educate the team on using it
Resource Reference
1.
Chapter 13 of R1
Sl.No 1. 2.
Test Questions Explain the contribution of CASE tools to software development Explain the difference between classic and real CASE tools and provide some examples List the main contributions of real CASE tools to product quality Explain the contribution maintenance of CASE tools to the quality of software
Level U U
3. 4.
R U
5.
The main component of real CASE tools is the repository. (1) Define repository in your own words (2) List the functions a repository fulfills and explain their impact on software development productivity. (3) List the functions a repository serves and explain their impact on software quality The contribution of real CASE tools to the quality of project management is debatable. (1) Describe the quality aspects of project management.
6.
200
(2) Discuss what contributions real CASE tools can make to the quality of project management and why.
LU Objectives
1.
To explain the contribution of procedures and work instructions to software quality assurance To List the activities involved in maintaining an organizations procedures
2.
LU Outcomes
1.
Formulation of the procedures for maintaining quality in all aspects of software development process Capable of maintaining procedures and work instructions implemented by software quality assurance team
2.
Resource Reference
1.
Chapter 14 of R1
Sl.No 1. 2. 3.
Test Questions Explain the contribution of procedures to software quality assurance Explain the difference between procedures and work instructions List the activities involved in maintaining an organizations procedures manual List the benefits of implementing an SQA procedures manual in an organization Some software quality experts claim that a standard procedures manual with no changes or adaptations can serve 90% of the organization. Do you agree with this statement? List your arguments As an SQA unit member, you are required to prepare the first draft of a new procedure. (1) Suggest what sources of information may be used to prepare the draft. (2) Mark those sources mentioned in your answer to (1) that are
Level U U R
4.
5.
6.
201
LU Objectives
1.
To explain and discuss the main objectives and requirements for training and certification. To list the main components of a certification program. To explain the objectives of follow-up of trained and certified staff performance and the main sources of the follow-up data
2. 3.
LU Outcomes
1. 2.
Realize the importance of training the staff and keep constant records of their progress Implementation of training programs for staff members in both technical and nontechnical aspects Encouraging the staff members to get certified after training for creating a quality environment
3.
Resource Reference
1.
Chapter 16 of R1
Sl.No 1. 2. 3. 4.
Test Questions Explain the main objectives of training and certification Discuss what is needed to prepare a training and updating program List the main components of a certification program Explain the objectives of follow-up of trained and certified staff performance and main sources of the follow-up data
Level U U R U
202
LU Objectives
1.
To explain the objectives of software configuration and change management and to differentiate baseline and intermediate software configuration versions. To explain the objectives of software configuration management plans. To explain the nature of the tasks fulfilled by software configuration management audits.
2. 3.
LU Outcomes
1. 2.
Realize the importance of versioning and baselining of software product Setting up a software configuration management team with proper plans and audits for maintaining the configuration items of all project components Formulation of procedures and implemention the change management process in industry
3.
Resource Reference
1.
Chapter 18 of R1
Sl.No 1. 2. 3. 4.
Test Questions Define software configuration version Explain the tasks of software configuration management List the main tasks of software change control Explain the difference configuration Versions between baseline and intermediate software
Level R U R U
5. 6.
Explain the objectives of software configuration management plans Describe the nature of the tasks performed in software configuration management audits Most SCM systems are packages. operated nowadays by specialized software
U U
7.
Explain the special features offered effectively and efficiently only by computerized management software packages and explain their contribution to software quality.
203
LU Objectives
1.
To explain and describe the tasks involved in establishment and maintenance of a controlled documents list To discuss the issues covered by documentation control procedures.
2.
LU Outcomes
1. 2.
Realize the importance of documentation while carrying out a software project Creation of documents and proper maintenance of them wherever needed in the project
Resource Reference
1.
Chapter 19 of R1
Sl.No 1. 2.
Test Questions Explain the objectives of controlled documents Describe the tasks involved in establishment and maintenance of a controlled documents list Discuss the issues covered by documentation control procedures List down the typical controlled documents (including quality records) List out the issues of controlled document storage and retrieval
Level U U
3. 4. 5.
U R R
MODULE-V This module discuss about the progress tracking, cost constraints of the project. The role of standards in implementing the quality aspects of the project and development environment is discussed briefly. Also, the role of management in software quality management is also discussed.
204
LU Objectives
1. 2.
LU Outcomes
1. 2.
Implementation of project progress control in the industry and also make use of the tools Design of progress report for tracking the project
Resource Reference
1.
Chapter 20 of R1
Sl.No 1. 2. 3.
Test Questions Explain the components of managements control of project progress Explain the implementation issues associated with project progress control List down the services provided by computerized tools for project process control List down the main budget items which demand control in the project Design a template of Project leaders progress report
Level U U R
4. 5.
R C
LU Objectives
1.
To explain and justify development of a unique quality cost model for software development To explain the standard and unique difficulties arising in application of cost of software quality systems
2.
205
LU Outcomes
1. 2.
Development of unique quality cost model for software development Implementation of the optimized cost model with best process in software development process
Resource Reference
1.
Chapter 22 of R1
Sl.No 1. 2. 3.
Test Questions Explain the objectives of cost of software quality measurements Compare the classic software quality costs model with the extended model Justify the formulation of a unique quality cost model for software development Describe the implementation of a cost of software quality system Explain the standard and unique problems involved in implementing a cost of software quality system List some examples of hidden failure costs. Indicate for what type of software development organization and situation these failure costs could become extremely high? Compare the characteristics of prevention costs for software development with any manufacturing industry
Level U L E
4. 5.
U U
6.
7.
8.
Compare the characteristics of appraisal costs for software development with any manufacturing industry
9.
Compare the characteristics of internal failure development with any manufacturing industry Compare the characteristics of external failure development with any manufacturing industry
costs
for
software
10.
costs
for
software
LU Objectives
206
1.
To describe the general principles of underlying quality management according to ISO 9000-3 and its certification process. To describe the principles underlying ISO/IEC 15504
2.
LU Outcomes
1.
Creation of a quality software development environment as specified in ISO 9000 series in the industry Creation of proper documentation as specified in ISO 9000 series to get ISO certification for the industry
2.
Resource Reference
1.
Chapter 23 of T1
Sl.No 1. 2. 3.
Test Questions Explain the benefits of the use of SQA standards Describe the contributions made by the use of standards Describe the general principles underlying quality management according to ISO 9000-3
Level U U U
4. 5. 6. 7. 8.
Describe the ISO 9000-3 certification process Describe the principles that guided the developers of ISO/IEC 15504 Define the various classes of SQA standards Explain the differences between various classes of SQA standards The SPICE project performed a comprehensive trial for the early versions of the ISO/IEC 15504 Standard. Explain the contribution of the trial to development of the standard
U U R U U
LU Objectives
207
1. 2. 3. 4.
To describe the principles embodied in the CMM To explain the key process areas of CMM To describe the significance of CMMI and its key process areas To compare CMMI with CMM
LU Outcomes
1.
Creating a quality software development environment as specified in CMM standard in the industry Creation of proper documentation as specified in CMM standard to get CMM Level certification for the industry Ability for creating a quality software development environment as specified in CMMI standard in the industry Creation of proper documentation as specified in CMMI standard to get CMMI Level certification for the industry
2.
3.
4.
Resource Reference
1.
Chapter 23 of T1
Sl.No 1. 2. 3.
Test Questions Describe the principles embodied in the Capability Maturity Model (CMM) Explain in detail on key process areas of CMM Describe the principles Integration (CMMI) embodied in the Capability Maturity Model
Level U U U
4.
The evolution and diversification of the CMM methodology have produced several specialized CMM products that were offered to the software industry. At a certain point, SEI moved toward creation of integrated CMM models. (1) Explain the reasons for this move (2) List some arguments against integration CMM and CMMI are both composed of almost identical capability maturity models. While CMM bases its assessments on 18 key process areas, CMMI employs 24 process areas. (1) Explain the differences between the CMM and CMMI process areas in relation to the respective subject matter. (2) Indicate which of the capability levels have been substantially changed (3) Can you characterize the observed changes?
5.
208
LU Objectives
1. 2. 3.
To explain the concepts embodied in IEEE/EIA Std 12207. To explain the concepts and essence of the SVVP as required by IEEE Std 1012 To explain the concepts embodied in IEEE Std 1028.
LU Outcomes
1.
Creation of a software life cycle process as specified in IEEE 12207 standard in the industry Framing of verification and validation process as specified in IEEE 1012 standard in the industry Framing of review process as specified in IEEE 1028 standard in the industry
2.
3.
Resource Reference
1.
Chapter 24 of R1
Sl.No 1. 2. 3. 4. 5.
Test Questions Explain the concepts underlying IEEE/EIA Std 12207 Explain the concepts underlying IEEE Std 1012 Explain the essence of the SVVP as required by IEEE Std 1012 Explain the concepts underlying IEEE Std 1028 The 1998 version of IEEE Std 1012 introduces the notion of V&V metrics in one of its Annexes. This notion was absent from the 1986 version (reaffirmed 1992). (1) Explain the notion of V&V metrics and how it should be implemented. (2) Discuss the contribution of V&V metrics to software quality and to the effectiveness of V&V activities
Level U U U U U
209
LU Objectives
1. 2. 3.
To describe top managements responsibilities regarding software quality. To describe the main objectives of management reviews. To explain and list out the SQA-related responsibilities of department management.
LU Outcomes
1. 2. 3.
Realize the importance of the managements responsibility in software quality Ability to set objectives and conduct management review Ability to set the software quality assurance responsibilities for management and managers for maintaining quality in industry and projects
Resource Reference
1.
Chapter 25 of T1
Sl.No 1. 2. 3.
Test Questions List the actors in a typical quality assurance organizational framework Describe top management responsibilities regarding software quality Describe the software system-related responsibilities of the executive in charge of software quality issues Describe the main objectives of management reviews Explain the SQA system-related responsibilities of department management List the SQA professional hands-on tasks required of project managers The top management contributes to software quality by employing three main managerial tools. (1) List the tools applied by top management to achieve its software quality objectives. (2) Describe each tool in your own words and explain how it affects software quality The executive in charge of software quality issues is responsible for the preparation of the annual SQA activities program and budget. (1) Describe in your own words the activities the executive has to perform to prepare the mentioned program and budget. (2) Describe the participation of the heads of the SQA unit and subunits in the preparation of the program and budget
Level R U U
4. 5. 6. 7.
U U R U
8.
210
9.
The executive in charge of software quality issues is responsible for overall control of the performance of SQA activities. (1) List the types of SQA activities under the executives responsibility (2) Describe in your own words the activities the executive has to perform to control the SQA activities
LU Objectives
1.
To describe the SQA units tasks according to the proposed organizational structure model. To describe the development, audit and maintenance tasks associated with SQA standards and procedures. To describe the tasks, types and characteristics of SQA forum.
2.
3.
LU Outcomes
1.
2. 3.
Define the project related, development and maintenance tasks for the SQA team Ability to assign tasks for SQA team members
Resource Reference
1.
Chapter 26 of R1
Sl.No 1.
Test Questions Describe the SQA units tasks according to the proposed Organizational Structure Model Describe the typical tasks of the head of an SQA unit Describe typical project life cycle tasks Describe the audit types the SQA unit is involved with Describe the development and maintenance tasks associated with SQA
Level U
2. 3. 4. 5.
U U U U
211
standards and procedures 6. 7. 8. 9. 10. 11. Describe the tasks of SQA trustees Describe and compare the types of SQA committees Describe SQA forum characteristics List the four sub-units that deals with SQA operations List the three sub-units that deals with SQA development and maintenance SQA trustees are expected to be SQA agents in their teams/units and provide the internal support for successful implementation of SQA components. (1) Explain how SQA trustees complement the formal activities performed by SQA units and unit managers. (2) Evaluate the contributions of SQA trustees to software quality U L U U R E
212
LAB COURSE MANUAL Subject Code Subject Name Semester Prepared By Approved By Effective Date Revision No. Course Objective: : CS9227 : OPERATING SYSTEM LAB : ME (CSE) II Semester : Ms. Golda Jeyasheeli : Dr.K.Muneeswaran : 06.02.2013 : 1
To achieve synchronisation among multiple processes running in a multiprocessor system (Multiprocessor operating system) To provide synchronisation using monitors in a multithreaded application. (Multiprocessor operating system) To write a program to identify the various LAN hardware, network configuration option in a system. (Network operating system) To develop real time applications like alarm clock. (Real Time operating system) To apply concurrency control algorithms for database transactions.(Database operating system) To write a distributed application using RMI. (Distributed operating system) To write a program order events in a distributed system using vector clocks. (Distributed operating system)
Course Prerequisite: Data structure Algorithms Any programming language Course OutcomesProgramme Outcomes mapping (3- Substantially, 2-Moderately, 1-Slightly)
Programme Outcomes S. No 1. 2. Course Outcomes Achieving Synchronisation among multiple processes Providing synchronisation in a multithreaded application 3. Identifying LAN hardware components and system configuration 4. 5. Developing Real Time Applications Applying Concurrency Control Algorithms 6. 7. Developing an RMI based distributed application Ordering events using vector clocks 3 3 3 3 3 3 3 3 3 3 3 1 1 3 3 3 3 3 1 3 3 3 3 3 1 3 3 3 3 3 1 3 3 3 3 3 1 3 3 3 3 3 1 1 2 3 4 5 6 7 8 9 1 0 1 1 1 2
213
LTPC0032
Assume there are three processes: Pa, Pb, and Pc. Only Pa can output the letter A, Pb B, and Pc C.Utilizing only semaphores (and no other variables) the processes are synchronized so that the output satisfies the following conditions:
a) A B must be output before any C's can be output. b) B's and C's must alternate in the output string, that is, after the first B is output, another B cannot be output until a C is output. Similarly, once a C is output, another C cannot be output until a B is output. c) The total number of B's and C's which have been output at any given point in the output string cannot exceed the number of A's which have been output up to that point. Examples AACB -- invalid, violates a) ABACAC -- invalid, violates b) AABCABC -- invalid, violates c) AABCAAABC -- valid AAAABCBC -- valid AB -- valid
Consider a simulation with three smoker threads and one agent thread. Each smoker continuously makes a cigarette and smokes it. But to make a cigarette, a smoker needs three ingredients: tobacco, paper, and matches. One of the smoker threads has only paper, another has only tobacco and the third has only matches. The agent thread has an infinite supply of all three materials. The three smoker threads are initially blocked. The agent places two randomly chosen (different) ingredients on the table and unblocks the one smoker who has the remaining ingredient. The agent then blocks. The unblocked smoker removes the two ingredients from the table, makes a cigarette, and smokes it for a random amount of time, unblocking the agent on
214
completion of smoking the cigarette. The agent then puts out another random two of the three ingredients, and the cycle repeats. Write a multi-class multithreaded Java program that uses a monitor to synchronize the agent thread and the three smoker threads. Do not mechanically translate semaphore code into monitor code! The agent thread executes in an agent object created from an agent class. Each smoker thread executes in a smoker object. All smoker objects are created from one smoker class whose constructor is used to specify the ingredient possessed by the smoker object. A driver class with a main method constructs the objects and starts the threads. Use a single monitor object instantiated from a class Control for synchronization. Each of the four threads invokes a synchronized monitor method for its synchronization. No semaphores are allowed. No synchronized blocks are allowed, only synchronized methods. No busy waiting is allowed. No calls to nap inside a synchronized method are allowed (do not nap while holding the monitor object's lock, that is, while inside a synchronized method or while inside a method called by a synchronized method). PROGRAM 3 Multiple sleeping barbers - Multiprocessor operating systems Write a multi-class multithreaded Java program that simulates multiple sleeping barbers, all in one barbershop that has a finite number of chairs in the waiting room. Each customer is instantiated from a single Customer class; each barber is instantiated from a single Barber class. Network operating systems PROGRAM 4 Network operating systems Establish a Lab setup for the following network operating systems based programs based on the skills in networking on your own. E.g. for identifying networking hardware, identifying different kinds of network cabling and network interface cards can be done. Exercises 1. Identifying Local Area Network Hardware 2. Exploring Local Area Network Configuration Options 3. Verifying TCP/IP Settings 4. Sharing Resources 5. Testing LAN Connections Real time operating systems PROGRAM 5 Real time operating systems A real-time program implementing an alarm clock shall be developed. [Alarm clock, using C and Simple_OS]
The program shall fulfill the following requirements: Clock with alarm functionality shall be implemented, It shall be possible to set the time, It shall be possible to set the alarm time, the alarm shall be enabled when the alarm time is set, the alarm shall be activated when the alarm is enabled, and when the current time is equal to the alarm time, an activated alarm must be acknowledged. Acknowledgement of an alarm shall lead to the alarm being disabled, the alarm is enabled again when a new alarm time is set, and an alarm which is not acknowledged shall be repeated every 10 seconds. The program shall communicate with a graphical user interface, where the current time shall be displayed, and where the alarm time shall be displayed when the alarm is enabled. It shall be possible to terminate the program, using a command which is sent from the graphical user interface.
215
Database operating systems PROGRAM 6 Transactions and Concurrency -Database operating systems Exercises Assume any application (e.g. banking) on your own and do the following exercises.
1. Investigate and implement the ObjectStore's concurrency options. 2. Implement the concurrency conflict that occurs between multiple client applications. 3. Observe and implement the implication of nested transactions.
Distributed operating systems PROGRAM 7 Distributed operating systems 1. Design a RMI Lottery application. Each time you run the client program -- java LotteryClient n, the server program LotteryServer will generate n set of Lottery numbers. Here n is a positive integer, representing the money you will spend on Lottery in sterling pounds. Write this program in a proper engineering manner, i.e. there should be specifications, design (flow chart, FD, or pseudo code), coding, test/debug, and documentation. 2. Consider a distributed system that consists of two processes which communicate with each other. Let P be a state predicate on the local state of one process and Q be a state predicate on the local state of the other process. Assume that neither P nor Q are stable (i.e. closed). Design a superimposed computation which detects that there exists an interleaving of underlying events in this system where at some state P ^Q holds. (A superposed computation is one that does not affect the underlying system; it may \read" but not \write" the state of the underlying system. Events in a superposed computation may occur in at the same instant as the underlying events and/or at di_erent instants.) State any assumptions you make. [Hint: Use vector clocks. TOTAL : 45 PERIODS
Ex. No.
Exercises
Laboratory Hours
1.
Program for multi process synchronization using Semaphores in Multiprocessor operating systems. Program for multi threading in Multiprocessor operating systems The Cigarette Smokers Problem Program for multi threading in Multiprocessor operating systems Multiple sleeping barbers Program for identifying networking hardware, identifying different kinds of network cabling and network interface cards in Network operating systems
2. 3.
6 6
4.
216
5. 6.
Program for Sharing Resources in Network operating systems Program implementing an alarm clock in Real time operating systems Program implementing Transactions and Concurrency Control Algorithms- To investigate and implement the ObjectStore's concurrency options, the concurrency conflict that occurs between multiple client applications. Program implementing Transactions and Concurrency Control Algorithms- To observe and implement the implication of nested transactions. Client server program for Lottery application using RMI. Design a superimposed computation which detects that there exists an interleaving of underlying events in the distributed system that consists of two processes which communicate with each other at some state using vector clocks. Model Exam
3 6
7.
8. 9.
3 6
10.
11.
217
Instructional System Design Subject Code Subject Name Semester Prepared By Approved By Effective Date Revision No. Course Objective: To have thorough knowledge on markup languages (HTML), and various cascading style sheets (CSS). To perform client-side programming using Java scripts. To develop web applications using JSP / ASP / PHP. To write Java Servlet programs using HttpServlet class. To have clear idea of Java database programming using JDBC. To know the significance of XML and different technologies such as DTD / Schema. To parse XML document using DOM, and SAX parsers. : CS9228 : WEB TECHNOLOGY LAB : M.E. (CSE) II Semester : Mr. J. Raja Sekar : Dr. K. Muneeswaran : 06.02.2013 : 0
Course Prerequisite: Internet Programming Java programming Course OutcomesProgramme Outcomes mapping (3- Substantially, 2-Moderately, 1-Slightly)
Programme Outcomes Course Outcomes 8. Have thorough knowledge on markup languages (HTML), and various cascading style sheets (CSS) 9. Perform client-side programming using Java scripts. 10. Develop web applications using JSP / ASP / PHP. 11. Write Java Servlet programs using HttpServlet class. 12. Have clear idea of Java database programming using JDBC. 1 1 2 2 1 2 1 2 2 2 2 2 3 3 4 2 2 2 2 3 3 3 3 3 2 3 5 6 7 8 9 10 11 12 3 2 3 3 3 3 3 3 3 3 13 3 3 3 3 3
218
13. Understand the significance of XML and different technologies such as DTD / Schema. 14. Parsing XML documents using either DOM or SAX parsers
2 2
3 3
2 3
2 3
2 3
2 3
3 3
1. Creation of HTML pages with frames, links, tables and other tags. 2. Usage of internal and external CSS along with HTML pages. 3. Client side Programming. i. ii. Java script for displaying date and comparing two dates Form Validation including text field, radio buttons, check boxes, list box and other controls 4. Usage of ASP/JSP objects response, Request, Application, Session, Server, ADO etc. i. ii. Writing online applications such as shopping, railway/air/bus ticket reservation system with set of ASP/JSP pages Using sessions and cookies as part of the web application 5. Writing Servlet Program using HTTP Servlet. 6. Any online application with database access. 7. Creation of XML document for a specific domain. 8. Writing DTD or XML schema for the domain specific XML document. 9. Parsing an XML document using DOM and SAX Parsers. 10. Sample web application development in the open source environment.
Course Schedule
Ex. Topic No. 1. 2. 3. 4. 5. 6. 7. 8. Working with HTML pages Working with cascading style sheets (CSS) Web Form controls - client-side validation (Using JavaScript) Writing Servlet Program using HTTP Servlet Online Reservation System (Using JSP) Online application with database access (Using MySQL) Evaluatory Domain specific XML document creation
No. of Hours
3 3 6 3 6 3 3 3
219
Writing DTD / XML schema for the domain specific XML document Parsing an XML document (Using DOM Parser) Parsing an XML document (Using SAX Parser) Web application development Open Source Environment Total
6 3 3 3 45
220