Exploring the Cyclomatic Complexity’s Relevance Today.

It would be expected that high developed programming requires long and complicated code that can manage complex tasks. However, it is actually the opposite. Well written code that can handle demanding and complex problems should be as simple as possible. The less complex (loops, if statement etc.) code is, the more efficient it can work. And even more important, it is less prone to crash and generate bugs/errors. That is why cyclomatic complexity is a valuable paramiter that is commonly used in high level programming. Does it important from security point of view? of course it does! Bruce Schneier, Founder and CTO, Counterpane Internet Security, Inc. 2000 said: “The future of digital systems is complexity, and complexity is the worst enemy of security.” A Secure system is a system that is free of bugs and errors. The number of bugs increase with the complexity of the code. Moreover if software grows (it is longer and more complex), it may be an easy target for a hacker to exploit. It is important to point out that the complexity explosion in software in exponential. That is why developers should pay a lot of attention at maintaining the code simple with the same level of effectiveness to make it secure.

What is an Ontology?

Ontology in information systems is a clear description or graphical representation of this description (a design) of concepts where properties, features, and attributes are correlated together. It can be described also as conceptual analysis of domain modelling with different specification or architecture. From my perspective and based on the knowledge I gained in this module, ontology is a graphical representation of a concept that is explored within a system design. It does not have to have all the features of the system but it can be narrowed to a particular issue that have to be explored and/or analysed.
In our system design I would use the ontology to explore the possibilities of security violation. I think I would try to find the most vulnerable ares of our system design and explore different scenarios and possibilities of hacking or malicious actions. It would help with better understanding of our system design form the security perspective, but also it would highlight areas of our design/code that we should pay more attention at and review.

Reference: Nahotko M. (2004) [online] Ontologie w systemach informacyjnych, Available at: http://bbc.uw.edu.pl/Content/1753/z2004_2_01.pdf [Accessed on 04. 09. 2022]

Faceted Data.

Question 1.1: Do you think this is a good approach to protect systems from data leakage? What are the pros and cons?
Of course it is a good idea to protect data against leaking. There are numerous of reasons why we should prevent this:
a) Legal responsibility - GDPR and leaking personal data.
b) reputation of an institution or a company.
c) trustworthiness of an institution or a company.
d) attention of users' data and their business.
e) Financial problems. An institution or a company may have financial responsibilities because of leaking data.

Question 1.2: What are the pros and cons?
PRO: Protection against incidents described above.
CON: Additional costs of development such secure solutions.

Question 2: Create a basic outline design of how you would create such a system in Python.
The value (V) that is returned is strictly dependent on an individual how asks for it. If it is an authorized individual, a private value is returned (V_H), if not a public values is returned (V_L). In faceted value flaw it is more complex. An authorized individual can see the value (V) but non-authorised individual an undefined value ⊥.
[k ? V : ⊥]

I would created a Class User that would represent an individual and this class would have an attribute status (True for authorised individuals, and False for unauthorised individuals). An authorised individuals would get the private value (V), however a unauthorised, a public value instead, which in this case is ⊥. And based on what I want to achieve, ⊥ can be defined differently (for example as boolean).