Module 2

Secure Software Development (Computer Science)

Unit 7

Introduction to Operating Systems

Learning Outcomes

Describe mitigations to make operating systems more secure.
Explain some of the key risks and vulnerabilities associated with operating systems.
Outline the differences between static and dynamic libraries and when to use each.

e-Portfolio Component: What is an Ontology?

What do you understand about the ontology that has been presented for your reading this week? Could you attempt to define an ontology that would be relevant to the system that you are designing for the summative assessment?

Response:

Ontologies are formal, explicit definitions of terms within a domain and their relationships to other terms, encompassing a collection of concepts (such as entities, objects, domains, processes, goals, and outcomes), along with properties, relationships, constraints, and axioms (Arnaut, Oliveira & Lima, 2010).

Below is a high-level ontology for the online retailer system to be developed in unit 11:

User
- Properties:
  - username: Unique identifier for each user.
  - password: Hashed password for user authentication.
  - is_admin: Boolean indicating if the user has administrative privileges.
- Relationships:
  - Places Orders: A user can place multiple orders.
  - Views Products and Orders: Users can view products available in the system and their past orders.
  - Admin Privileges: A user with admin privileges can view system stats and update them.
Product
- Properties:
  - name: Name of the product, acting as a unique identifier.
  - price: Price of the product.
- Relationships:
  - Associated with Orders: Product is a part of orders placed by users.
  - Viewed by Users: Users can view products available in the system.
Order
- Properties:
  - order_id: Unique identifier for each order.
  - username: User who placed the order.
  - product_name: The product associated with the order.
  - quantity: Number of products in the order.
  - total: Total cost of the order.
- Relationships:
  - Placed by User: Each order is associated with a user.
  - Viewed by Users: Users can view their past orders.

References:

Arnaut, W., Oliveira, K. & Lima, F. (2010) OWL-SOA: A Service Oriented Architecture Ontology Useful during Development Time and Independent from Implementation Time, IEEE.

Activity: Developing an API for a Distributed Environment

Using the Jupyter Notebook workspace, create a file named api.py and copy the following code into it (a copy is provided for upload to Codio/GitHub): You can install Jupyter Notebook on your local machine following these instructions or via the University of Essex Software Hub.

Code:

			
from flask import Flask
from flask_restful import Api, Resource, reqparse
	
app = Flask(__name__)
api = Api(app)
	
users = [
	{
		"name": "James",
		"age": 30,
		"occupation": "Network Engineer"
	},
	{
		"name": "Ann",
		"age": 32,
		"occupation": "Doctor"
	},
	{
		"name": "Jason",
		"age": 22,
		"occupation": "Web Developer"
	}
]
	
class User(Resource):
	def get(self, name):
		for user in users:
			if(name == user["name"]):
				return user, 200
		return "User not found", 404
	
	def post(self, name):
		parser = reqparse.RequestParser()
		parser.add_argument("age")
		parser.add_argument("occupation")
		args = parser.parse_args()
	
		for user in users:
			if(name == user["name"]):
				return "User with name {} already exists".format(name), 400
	
		user = {
			"name": name,
			"age": args["age"],
			"occupation": args["occupation"]
		}
		users.append(user)
		return user, 201
	
	def put(self, name):
		parser = reqparse.RequestParser()
		parser.add_argument("age")
		parser.add_argument("occupation")
		args = parser.parse_args()
	
		for user in users:
			if(name == user["name"]):
				user["age"] = args["age"]
				user["occupation"] = args["occupation"]
				return user, 200
		
		user = {
			"name": name,
			"age": args["age"],
			"occupation": args["occupation"]
		}
		users.append(user)
		return user, 201
	
	def delete(self, name):
		global users
		users = [user for user in users if user["name"] != name]
		return "{} is deleted.".format(name), 200
		
api.add_resource(User, "/user/<string:name>")

app.run(debug=True)

1. Run the API.py code. Take a screenshot of the terminal output. What command did you use to compile and run the code?

The Python script api.py was executed using the python command. This initiated a Flask server instance after resolving a ModuleNotFoundError.

2. Run the following command at the terminal prompt: w3m http://127.0.0.1:5000/user/Ann. What happens when this command is run, and why?

Upon executing the above command, the w3m browser prompted the user to save the response file. The saved file contained a JSON object representing the user's details. To view the JSON response directly in the terminal, the dump argument was added to the command.

3. Run the following command at the terminal prompt: w3m http://127.0.0.1:5000/user/Adam. What happens when this command is run, and why?

The above command was executed with the dump argument. However, no user details were returned as the specified user does not exist in the database.

4. What capability is achieved by the flask library?

Flask, a lightweight Python web framework, is widely used for building web applications. It offers a simple and flexible approach to handling HTTP requests and responses, rendering dynamic content using templates, and integrating with various extensions for additional features.
Beyond web applications, Flask is also a popular choice for creating APIs (Application Programming Interfaces). Its modular design and ease of use make it well-suited for developing RESTful APIs that can be consumed by other applications or services.

Reflection

Unit 7 presented significant challenges due to personal commitments. To prioritize effectively, I concentrated on the e-Portfolio Component and API development activity. Despite the need to install Cygwin on my Windows device, the API development activity was worthwhile.