26/9/24

International University, VNU-HCMC

School of Computer Science and Engineering

Lecture 5:
System design

Instructor: Nguyen Thi Thuy Loan

nttloan@[Link], nthithuyloan@[Link]
[Link]

International University, VNU-HCMC

Acknowledgement

• The following slides are referenced from Cornell

University-Computing and Information Science.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

1
 26/9/24

International University, VNU-HCMC

Outlines
• System architecture
• Three popular architectural styles
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• Security
• Performance

International University, VNU-HCMC

Design
The requirements describe the function of a system as
seen by the client.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

For a given set of requirements, the software

development team must design a system that will meet
those requirements.
In practice requirements and design are interrelated. In
particular, working on the design often clarifies the
requirements. This feedback is a strength of the
iterative and agile methods of software development.

2
 26/9/24

International University, VNU-HCMC

Design
We have already
looked at user
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

interface design.

International University, VNU-HCMC

Creativity and Design

Software development
Software development is a craft. Software developers
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

have a variety of tools that can be applied in different

situations.
Part of the art of software development is to select
the appropriate tool for a given implementation.

3
 26/9/24

International University, VNU-HCMC

Creativity and Design

Creativity and design
System and program design are a particularly creative
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

part of software development, as are user interfaces.

You hope that people will describe your designs as
“elegant”, “easy to implement, test, and maintain.”
Above all strive for simplicity. The aim is find simple
ways to implement complex requirements.

International University, VNU-HCMC

System Architecture
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

10

4
 26/9/24

International University, VNU-HCMC

System Architecture
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

11

International University, VNU-HCMC

Models for System Architecture

Our models for systems architecture are based on UML
The slides provide diagrams that give an outline of the
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

systems, without the supporting specifications.

For every system, there is a choice of models
Choose the models that best model the system and are
clearest to everybody.
When developing a system, every diagram must have
supporting specification.
The diagrams shows the relationships among parts of
the system, but much, much more detail is needed to
specify a system explicitly.

12

5
 26/9/24

International University, VNU-HCMC

Subsystems
A subsystem is a grouping of elements that form part of a
system.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• Coupling is a measure of the dependencies between

two subsystems. If two systems are strongly coupled,
it is hard to modify one without modifying the other.
• Cohesion is a measure of dependencies within a
subsystem. If a subsystem contains many closely
related functions its cohesion is high.
An ideal division of a complex system into subsystems
has low coupling between subsystems and high cohesion
within subsystems.

13

International University, VNU-HCMC

Component

OrderForm
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

A component is a replaceable part of a system that

conforms to and provides the realization of a set of
interfaces.
A component can be thought of as an implementation of a
subsystem.
UML definition of a component
"A distributable piece of implementation of a system,
including software code (source, binary, or executable), but
also including business documents, etc., in a human system."

14

6
 26/9/24

International University, VNU-HCMC

Components as Replaceable Elements

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

16

International University, VNU-HCMC

Components and Classes

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

18

7
 26/9/24

International University, VNU-HCMC

Package
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

JavaScript

A package is a general-purpose mechanism for

organizing elements into groups.

19

International University, VNU-HCMC

Node
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Server

A node is a physical element that exists at run time and

provides a computational resource, e.g., a computer, a
smartphone, or a router.
Components may live on nodes.

20

8
 26/9/24

International University, VNU-HCMC

Example: Simple Web System

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Web server
Web browser

• Static pages from server

• All interaction requires communication with server

21

International University, VNU-HCMC

Deployment Diagram
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

nodes

PersonalComputer DeptServer

WebBrowse WebServer
r

component
s

22

9
 26/9/24

International University, VNU-HCMC

Component Diagram: Interfaces

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

WebBrowser WebServer
HTTP

dependency realization
interface

23

International University, VNU-HCMC

Application Programming Interface (API)

An API is an interface that is realized by one or more

components.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

WebServer

Get Post

24

10
 26/9/24

International University, VNU-HCMC

Architectural Styles
An architectural style is system architecture that recurs
in many different applications.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

See:
• [Link]
software-architecture-tools-design-definition-
•
explanation-best
• Mary Shaw and David Garlan, Software
architecture: perspectives on an emerging
discipline. Prentice Hall, 1996
• David Garlan and Mary Shaw, An Introduction to
Software Architecture. Carnegie Mellon University, 1994
[Link]
[Link]

25

International University, VNU-HCMC

Architectural Style: Pipe

Example: A three-pass compiler
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Lexical Parser Code

analysis generation

Output from one subsystem is the input to the next.

26

11
 26/9/24

International University, VNU-HCMC

Architectural Style: Client/Server

Example: A mail system
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Mail client Mail server

(e.g. MS Outlook) (e.g. MS Exchange)

The control flows in the client and the server are

independent.
Communication between client and server follows a
protocol.
In a peer-to-peer architecture, the same component acts as
both a client and a server.

27

International University, VNU-HCMC

Architectural Style: Repository

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Input Transactions
components

Repository

Advantages: Flexible architecture for data-intensive

systems.
Disadvantages: Difficult to modify repository since all
other components are coupled to it.

28

12
 26/9/24

International University, VNU-HCMC

Architectural Style: Repository with
Storage Access Layer
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Repository

Input Storage Transactions

components Access

This is sometimes
called a “glue” layer Data Store

Advantages: Data Store subsystem can be changed without

modifying any component except the Storage Access.

29

International University, VNU-HCMC

Time-Critical Systems
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

31

13
 26/9/24

International University, VNU-HCMC

Time Critical System: Architectural Style-Daemon

A daemon is used when messages might arrive at closer

intervals than the time to process them.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Spawned
Daemon
process

Example: Web server

The daemon listens at port 80
When a message arrives it:
spawns a processes to handle the message returns to
listening at port 80

32

International University, VNU-HCMC

Architectural Styles for Distributed Data

Replication:
Several copies of the data are held in different locations.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Mirror: Complete data set is replicated

Cache: Dynamic set of data is replicated (e.g., most recently
used)
With replicated data, the biggest problems are concurrency
and consistency.
Example: The Domain Name System
For details of the protocol read:
Paul Mockapetris, "Domain Names - Implementation and
Specification". IETF Network Working Group, Request for
Comments: 1035, November 1987.

33

14
 26/9/24

International University, VNU-HCMC

An Exam Question
A company that makes sports equipment decides to
create a system for selling sports equipment online. The
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

company already has a product database with

description, marketing information, and prices of the
equipment that it manufactures.
To sell equipment online the company will need to
create: a customer database, and an ordering system for
online customers.
The plan is to develop the system in two phases. During
Phase 1, simple versions of the customer database and
ordering system will be brought into production. In Phase
2, major enhancements will be made to these
components.
34

International University, VNU-HCMC

An Exam Question
a) For the system architecture of Phase 1:
a.i) Draw a UML deployment diagram.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

ShoppingServer

Product DB

PersonalComputer
Ordering
WebBrowser system

Customer DB

35

15
 26/9/24

International University, VNU-HCMC

An Exam Question
(a) For the system architecture of Phase 1:
[Link]). Draw a UML interface diagram.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Product DB

WebBrowser Ordering
system

Customer DB

36

International University, VNU-HCMC

An Exam Question
(b) For Phase 1:
b.i). What architectural style would you use for the
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

customer database?
Repository with Storage Access Layer
[Link]). Why would you choose this style?
It allows the database to be replaced without
changing the applications that use the database.

37

16
 26/9/24

International University, VNU-HCMC

An Exam Question
(b) For Phase 1:
[Link]). Draw an UML diagram for this architectural style
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

showing its use in this application.

Customer DB

Input Storage Ordering

components Access System

optional
Data Store

38

International University, VNU-HCMC

Outlines

• System architecture
• Three popular architectural styles
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• Security
• Performance

39

17
 26/9/24

International University, VNU-HCMC

Three-Tier Architecture
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

40

International University, VNU-HCMC

Example 1:
Batch Processing with Master File Update
• Electricity utility customer billing (e.g., NYSEG)
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• Telephone call recording and billing (e.g., Verizon)

• Car rental reservations (e.g., Hertz)
• Bank (e.g., Tompkins Trust)
• University grade registration (e.g., IU)

41

18
 26/9/24

International University, VNU-HCMC

Master File Update

Example: Electricity Utility Billing
Requirements analysis identifies several transaction types:
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

43

International University, VNU-HCMC

First Attempt
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Transaction Data input Master file Bill

Each transaction is handled as it arrives.

44

19
 26/9/24

International University, VNU-HCMC

Criticisms of First Attempt

Where is this first attempt weak?
• All activities are triggered by a transaction.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• A bill is sent out for each transaction, even if there are

several per day.
• Bills are not sent out on a monthly cycle.
• Awkward to answer customer queries.
• No process for error checking and correction.
• Inefficient in staff time.

45

International University, VNU-HCMC

Batch Processing: Edit and Validation

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

errors

Batches of Edit & Batches of

incoming validation validated
transactions
transactions
Data input
read only

Master file

46

20
 26/9/24

International University, VNU-HCMC

Deployment Diagram: Validation

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

DataInput EditCheck
RawData ValidData

MasterFile
Check

47

International University, VNU-HCMC

Batch Processing: Master File Update-MFU

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

errors
Reports

Validated Sort by
transactions account
in batches Batches of
Master file Bills
input data
update

Checkpoints and
audit trail

48

21
 26/9/24

International University, VNU-HCMC

Benefits of Batch Processing with MFU

• All transactions for an account are processed
together at appropriate intervals, e.g., monthly.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• Backup and recovery have fixed checkpoints.

• Better management control of operations.
• Efficient use of staff and hardware.
• Error detection and correction is simplified.

49

International University, VNU-HCMC

Architectural Style: MFU (Basic Version)

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Data input and Master file Mailing and

validation Sort update reports

Advantages:
Efficient way to process batches of transactions.
Disadvantages:
Information in master file is not updated
immediately. No good way to answer customer
inquiries.

50

22
 26/9/24

International University, VNU-HCMC

Online Inquiry
A customer calls the utility and speaks to a customer
service representative.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Customer service
Representative

read only
New
transaction

Master file

Customer service department can read the master

file, make annotations, and create transactions, but
cannot change the master file.

51

International University, VNU-HCMC

Online Inquiry: Use Case

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

AnswerCustomer
<<uses>>

CustomerRe NewTransactio
p n

The representative can read the master file, but not

make changes to it.
If the representative wishes to change information in the
master file, a new transaction is created as input to the
master file update system.

52

23
 26/9/24

International University, VNU-HCMC

Architectural Style: Master File Update (Full)

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Data input and Master file Mailing and

validation Sort update reports

Customer
service

Advantage:
Efficient way to answer customer inquiries.
Disadvantage:
Information in master file is not updated
immediately.
53

International University, VNU-HCMC

Example 2: Three Tier Architecture-TTA

The basic client/server architecture of the web has:
• a server that delivers static pages in HTML format
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• a client (known as a browser) that renders HTML

pages
Both client and server implement the HTTP interface.
Problem
Extend the architecture of the server so that it can
configure HTML pages dynamically.

54

24
 26/9/24

International University, VNU-HCMC

Web Server with Data Store

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Data
Web browser Server

Advantage:
Server-side code can configure pages, access data,
validate information, etc.
Disadvantage:
All interaction requires communication with server

55

International University, VNU-HCMC

Architectural Style: TTA

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Presentation Application Database

tier tier tier

Each of the tiers can be replaced by other components

that implement the same interfaces

56

25
 26/9/24

International University, VNU-HCMC

Component Diagram

These components might be

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

located on a single node

Database
WebBrowser WebServer Server
HTTP ODBC

57

International University, VNU-HCMC

TTA: Broadcast Searching

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

User

User interface Databases

service

This is an example of a multicast protocol.

The primary difficulty is to avoid troubles at one site
degrading the entire system (e.g., every transaction
cannot wait for a system to time out).

58

26
 26/9/24

International University, VNU-HCMC

Extending the Architecture of the Web

Using a three tier architecture, the web has:
• a server that delivers dynamic pages in HTML format
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• a client (known as a browser) that renders HTML

pages
Both server and client implement the HTTP interface.
Every interaction with the user requires communication
between the client and the server.
Problem 2
Extend the architecture so that simple user interactions do
not need messages to be passed between the client and the
server.

59

International University, VNU-HCMC

Extending the Web with Executable Code
that can be Downloaded

html
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Java Data
Script
Server
Web browser

Executable code in a scripting language such as

JavaScript can be downloaded from the server
Advantage:
Scripts can interact with user and process information
locally.
Disadvantage:
All interactions are constrained by web protocols.
60

27
 26/9/24

International University, VNU-HCMC

Extending the Three Tier Architecture

In the three-tier architecture, a website has:
• a client that renders HTML pages and executes scripts
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• a server that delivers dynamic pages in HTML format

• a data store
Further extensions
• The three-tier architecture with downloadable scripts is
one of how the basic architecture has been extended.
There are some more:
• Protocols: e.g., HTTPS, FTP, proxies
• Data types: e.g., helper applications, plug-ins
• Executable code: e.g., applets, servlets
• Style sheets: e.g., CSS

61

International University, VNU-HCMC

Example 3: Model/View/Controller (MVC)

The definition of Model/View/Controller (MVC) is in a state of
flux. The term is used to describe a range of architectures and
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

designs.
• Some are system architectures, where the model, view, and
controller are separate components.
• Some are program designs, with classes called model,
view, and controller.
We will look at three variants:
• An MVC system architecture used in robotics.
• A general purpose MVC system architecture used for
interactive systems.
• Apple’s version of MVC as a program design for mobile apps.

62

28
 26/9/24

International University, VNU-HCMC

Model/View/Controller in Robotics
Example: Control of an unmanned model aircraft
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Model
Aircraft
View Controller

Controller: Receives instrument readings from the aircraft,

updates the view, and sends controls signals to the aircraft.
Model: Translates data received from and sent to the aircraft, and
instructions from the user into a model of flight performance. Uses
domain knowledge about the aircraft and flight.
View: Displays information about the aircraft to the user on the
ground and transmits instructions to the model via the
controller.
63

International University, VNU-HCMC

Example 3: MVC for Mobile Apps

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

State Model
State
query change

View control
View Controller

64

29
 26/9/24

International University, VNU-HCMC

Model
The model records the state of the application and
notifies subscribers. It does not depend on the
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

controller or the view.

66

International University, VNU-HCMC

View
The view is the part of the user interface that presents
the state of the interface to the user. It subscribes to
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

the model, which notifies it of events that change the

state.
• renders data from the model for the user interface
• provides editors for properties, such as text fields,
etc.
• receives updates from the model
• sends user input to the controller
A given model may support a choice of alternative
views.

67

30
 26/9/24

International University, VNU-HCMC

Controller
The controller is the part of the user interface that
manages user input and navigation within the application.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• defines the application behavior

• maps user actions to changes in the state of the model
• interacts with external services via APIs
• may be responsible for validation of information
Different frameworks handle controllers in different ways.
In particular there are several ways to divide
responsibilities between the model and the controller,
e.g., data validation, external APIs.

68

International University, VNU-HCMC

External Services for Mobile Apps

Mobile apps often make extensive use of cloud-based external
services, each with an API (e.g., location, validation). These
are usually managed by the controller.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

State Model
State
query change
External
View control services

View Controller

69

31
 26/9/24

International University, VNU-HCMC

Apple’s Version of MVC

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

User Controller
action Notify
Update Update

View Model

The diagram shows the model, view, and controller as

components. In practice the Model-View-Controller is a
program design with three major classes.

70

International University, VNU-HCMC

Apple’s Version of MVC

Two challenges:
• A multi-screen app will have several views and
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

controllers sharing the same model.

• It is easy to put too much code into the controller.

71

32
 26/9/24

International University, VNU-HCMC

Architectural Styles and Design Patterns

There are many variants of the common architectural

styles. Do not be surprised if you encounter a variant that
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

is different from the one described in this course.

This is particularly true with the Model-View-
Controller style. Several programming frameworks call
classes that implement a variant of the Model-View-
Controller architectural style a design pattern.

72

International University, VNU-HCMC

Architectural Styles and Design Patterns

In this course we distinguish carefully between

architectural styles and design patterns.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Architectural styles are part of system design. They are

defined in terms of subsystems, components, and
deployment.
Design patterns are part of program design. They are
defined in terms of classes.

73

33
 26/9/24

International University, VNU-HCMC

Outlines
System architecture
Three popular architectural styles
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Security
Performance

74

International University, VNU-HCMC

Security in the Software Development Process

The security goal

The security goal is to make sure that the agents
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

(people or external systems) who interact with a

computer system, its data, and its resources, are those
that the owner of the system would wish to have such
interactions.
Security considerations need to be part of the entire
software development process. They may have a major
impact on the system architecture chosen.

75

34
 26/9/24

International University, VNU-HCMC

Security Needs and Dangers

Needs
• Secrecy: control of who gets to read information
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• Integrity: control of how information changes or resources

are used
• Availability: providing prompt access to information and
resources
• Accountability: knowing who has had access to resources
Dangers
• Damage to information — integrity
• Disruption of service — availability
• Theft of money — integrity
• Theft of information — secrecy
• Loss of privacy — secrecy
Butler W. Lampson, Computer Security in the Real World
IEEE Computer, June 2004
76

International University, VNU-HCMC

The Economics of Security

How secure should your system be?
Building secure systems adds cost and time to software
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

development
"Practical security balances the cost of protection and
the risk of loss, which is the cost of recovering from a
loss times its probability... When the risk is less than the
cost of recovering, it’s better to accept it as a cost of
doing business ... than to pay for better security."
"Many companies have learned that although people may
complain about inadequate security, they won’t spend
much money, sacrifice many features, or put up with
much inconvenience to improve it."
Butler W. Lampson, 2004
77

35
 26/9/24

International University, VNU-HCMC

The Economics of Security

Credit cards: Option A
• The card is a plastic card with all data (e.g., name,
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

number, expiration date) readable by anybody who

has access to the card. A copy of the signature is
written on the card.
• This is a cheap system to implement but does little
to discourage fraud.
Banks in the USA have traditionally used this system.

78

International University, VNU-HCMC

The Economics of Security

Credit cards: option B (chip and PIN)
• The card has an embossed security chip. To use the
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

card, a particular reader must read the security chip,

and the user must type in a confidential 4-digit number.
• This provides excellent protection against fraud but
is more expensive and slightly less convenient for
merchants and users.
For many years, banks in Europe have used this system.
The new system in the USA is less secure than option B but
cheaper to install.
5

79

36
 26/9/24

International University, VNU-HCMC

Security within an Organization: People

Many security problems come from people inside the
organization
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• In a large organization, there will be some dishonest

and disgruntled employees.
-> Dishonest (e.g., stealing from financial systems)
-> Malicious
• Security relies on trusted individuals. What if they are
dishonest?
People are intrinsically insecure
• Careless (e.g., leave computers logged on, share
passwords)

80

International University, VNU-HCMC

Design for Security: People

• Make it easy for responsible people to use the
system (e.g., make security procedures simple).
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• Make it hard for dishonest or careless people (e.g.,

password management).
• Train people in responsible behavior.
• Test the security of the system thoroughly and
repeatedly, particularly after changes.
• Do not hide violations.

81

37
 26/9/24

International University, VNU-HCMC

External Intruders
All network systems are vulnerable to security
breaches by external intruders:
• financial
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• malicious
• secrets
• and worse
Modern software is so complex that it is impossible to
eliminate all vulnerabilities.
Many skilled individuals and organizations are continually
seeking to discover and exploit new vulnerabilities.

82

International University, VNU-HCMC

External Intruders
Examples of external security vulnerabilities:
• unauthorized access — modify software, install
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

listening devices
• backdoors — bypass authentication
• denial of service — overload and other forms of
blocking
• eavesdropping
• spoofing
• phishing etc., etc.
This list is derived from Wikipedia

83

38
 26/9/24

International University, VNU-HCMC

External Intruders: Minimizing Risk

There is no way to guarantee security from external
intruders, but careful software development can make
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

a major difference.
How to minimize the risks:
• System design — secure protocols, authentication,
barriers to access
• Programming — defensive programming and rigorous
testing
• Operating procedures — backup, auditing,
vulnerability testing
• Training and monitoring personnel

84

International University, VNU-HCMC

Minimizing Risks: System Architecture

The system architecture can minimize risks in various
ways:
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• Secure protocols, e.g., HTTPS encryption.

• Authentication, e.g., encryption of passwords in
transmission and when stored, two factor
authentication.
• Barriers, e.g., firewalls, private networks, and
virtual private networks.
• Data security, e.g., encryption of stored data,
backup.

85

39
 26/9/24

International University, VNU-HCMC

Security Techniques: Barriers

Place barriers that separate parts of a complex system:
• Isolate components, e.g., do not connect a computer to
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

a network
• Firewalls
• Require authentication to access certain systems or
parts of systems
Every barrier imposes restrictions on permitted uses of
the system.
Barriers are most effective when the system can be
divided into subsystems.
Example: Integration of Internet Explorer into Windows

86

International University, VNU-HCMC

Barriers: Firewall
Public Private
network network
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Firewall

A firewall is a computer at the junction of two network

segments that:
• Inspects every packet that attempts to cross the boundary
• Rejects any packet that does not satisfy certain criteria,
e.g.,
-> an incoming request to open a TCP connection
-> an unknown packet type
Firewalls provide increased security at a loss of flexibility,
inconvenience for users, and extra system administration.

87

40
 26/9/24

International University, VNU-HCMC

Security Techniques: Authentication &
Authorization
Authentication establishes the identity of an agent:
• What does the agent know (e.g., password)?
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• What does the agent possess (e.g., smart card)?

• What does the agent have physical access to (e.g., crt-
alt-del)?
• What are the physical properties of the agent (e.g.,
fingerprint)?
Authorization establishes what an authenticated agent
may do:
• Access control lists
• Group membership

88

International University, VNU-HCMC

Example:
An Access Architecture for Digital Content
User
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Authentication

Role

Digital material Actions

Authorization
Attributes Operations
Policies

89

41
 26/9/24

International University, VNU-HCMC

Security Techniques: Encryption

Allows data to be stored and transmitted securely, even
when the bits are viewed by unauthorized agents and the
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

algorithms are known.

Encryption

X Y
Decryption

Y X

• Private key and public key

• Digital signatures

90

International University, VNU-HCMC

Minimizing Risks: Programming

The software development challenge
• develop secure and reliable components
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• protect whole system so that security

problems in parts of it do not spread to the entire
system
A large system will have many agents and
components
• each is potentially unreliable and insecure
• components acquired from third parties may have
unknown security problems

91

42
 26/9/24

International University, VNU-HCMC

Minimizing Risks: Programming

The commercial off-the-shelf problem

• Developers of off-the-shelf software have
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

considerable incentives to supply software with

many options and features.
• In developing such software rapidly, they need
more incentives to be thorough about security.

92

International University, VNU-HCMC

Programming Secure Software

Programs that interface with the outside world
(e.g., web sites, mail servers) need to be written
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

in a manner that resists intrusion.

For the top 25 programming errors, see: Common
Weakness Evaluation: A Community-Developed
Dictionary of Software Weakness Types.
[Link]
• Insecure interaction between components
• Risky resource management
• Porous defenses
Project management and test procedures must ensure
that programs avoid these errors.
93

43
 26/9/24

International University, VNU-HCMC

Programming Secure Software

The following list is from the SANS Security Institute,
Essential Skills for Secure Programmers Using
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Java/JavaEE, [Link]
• Input handling
• Authentication & session management
• Access control (authorization)
• Java types & JVM management
• Application faults & logging
• Encryption services
• Concurrency and threading
• Connection patterns

94

International University, VNU-HCMC

Minimizing Risks: Procedures

The operating procedures must anticipate security
problems.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

A senior member of staff must have responsibility for

security.
Equipment
• All system software should be kept up to date with
latest security patches.
• All systems should run up to date virus checking
software.
• Rules about passwords, personal equipment, and
non-standard software should be explicit.

95

44
 26/9/24

International University, VNU-HCMC

Minimizing Risks: Procedures

Routine checks
• Run network security tests regularly.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• Run password checkers.

Training
• Keep staff informed about security. Ask for their
advice.

96

International University, VNU-HCMC

Operations: Recovery
Sooner or later every system fails because of hardware,
software, operational, or security problems.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

The operating procedures must anticipate loss of data and

damage to systems, which can happen at any moment.
Backup techniques
• At regular intervals check point the system
• At regular intervals backup all data.
• Keep full audit trails of all important transactions
Recovery software
• Recovery software is complex. It needs to be tested
regularly in realistic situations.
• A good practice is to rebuild the entire system, but this
may not be possible with large collections of data.

97

45
 26/9/24

International University, VNU-HCMC

Security in the Software Development Process

Conclusion
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

You can never guarantee that a system is completely

secure, but you can do a great deal to minimize the
risks and to be able to recover from problems.

98

International University, VNU-HCMC

Outlines
System architecture
Three popular architectural styles
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Security
Performance

99

46
 26/9/24

International University, VNU-HCMC

Performance of Computer Systems

In most computer systems
The cost of people is much greater than the cost of
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

hardware
Yet performance is important
A single bottleneck can slow down an entire system
Future loads may be much greater than predicted

100

International University, VNU-HCMC

When Performance Matters

• Real time systems when computation must be fast enough
to support the service provided, e.g., fly-by wire control
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

systems have tight response time requirements.

• Very large computations where elapsed time may be
measured in days, e.g., calculation of weather forecasts must
be fast enough for the forecasts to be useful.
• User interfaces where humans have high expectations,
e.g., mouse tracking must appear instantaneous.
• Transaction processing where staff need to be
productive and customers not annoyed by delays, e.g.,
airline check-in.

101

47
 26/9/24

International University, VNU-HCMC

High-Performance Computing
High-performance computing:
• Large data collections (e.g., Amazon)
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• Huge numbers of users (e.g., Google)

• Large computations (e.g., weather forecasting)
Must balance cost of hardware against cost of software
development
• Some configurations are very difficult to program and
debug
• Sometimes it is possible to isolate applications
programmers from the system complexities

102

International University, VNU-HCMC

Performance challenges for all software systems

Tasks
• Predict performance problems before a system is
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

implemented.
• Design and build a system that is not vulnerable to
performance problems.
• Identify causes and fix problems after a system is
implemented.

103

48
 26/9/24

International University, VNU-HCMC

Performance challenges for all software systems

Basic techniques
• Understand how the underlying hardware and
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

networks components interact with the software

when executing the system.
• For each subsystem calculate the capacity and load.
The capacity is a combination of the hardware and
the software architecture.
• Identify subsystems that are near peak capacity.
Example
Calculations indicate that the capacity of a search
system is 1,000 searches per second. What is the
anticipated peak demand?
104

International University, VNU-HCMC

Interactions between Hardware and Software

Examples
• In a distributed system, what messages pass between
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

nodes?
• How many times must the system read from disk for
a single transaction?
• What buffering and caching is used?
• Are operations in parallel or sequential?
• Are other systems competing for a shared resource
(e.g., a network or server farm)?
• How does the operating system schedule tasks?

105

49
 26/9/24

International University, VNU-HCMC

Look for Bottlenecks

Usually, CPU performance is not the limiting factor.
Hardware bottlenecks
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• Reading data from disk

• Shortage of memory (including paging)
• Moving data from memory to CPU
• Network capacity
Inefficient software
• Algorithms that do not scale well
• Parallel and sequential processing

106

International University, VNU-HCMC

Look for Bottlenecks

CPU performance is a limiting constraint in certain
domains, e.g.:
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• large data analysis (e.g., searching)

• mathematical computation (e.g., engineering)
• compression and encryption
• multimedia (e.g., video)
• perception (e.g., image processing)

107

50
 26/9/24

International University, VNU-HCMC

Timescale of Different Components

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Operations per second

CPU instruction: 2,000,000,000
Disk latency: 200
Disk read: 100,000,000 bytes
Network LAN: 10,000,000 bytes

Actual performance may be considerably less than

the theoretical peak.

108

International University, VNU-HCMC

Look for Bottlenecks: Utilization

Utilization is the proportion of the capacity of a service
that is used on average.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Utilization = proportion of capacity of service that is used

=
mean service time for a transaction
mean inter-arrival time of transactions

When the utilization of any hardware component exceeds

0.3, be prepared for congestion.
Peak loads and temporary increases in demand can be
much greater than the average.

109

51
 26/9/24

International University, VNU-HCMC

Predicting System Performance

• Direct measurement on subsystem (benchmark)
• Mathematical models (queueing theory)
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• Simulation
All require detailed understanding of the interaction
between software and hardware systems.

110

International University, VNU-HCMC

Mathematical Models
Queueing theory
Good estimates of congestion can be made for single-
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

server queues with:

• arrivals that are independent, random events (Poisson
process)
• service times that follow families of distributions (e.g.,
negative exponential, gamma)
Many of the results can be extended to multi-server
queues.
Much of the early work in queueing theory by Erlang was
to model congestion in telephone networks.

111

52
 26/9/24

International University, VNU-HCMC

Mathematical Models: Queues

Single server queue

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

arrive wait in line service depart

Examples
• Requests to read from a disk (with no buffering or
other optimization)
• Customers waiting for check in at an airport, with
a single check-in desk

112

International University, VNU-HCMC

Queues
Multi-server queue
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

arrive wait in line depart

Examples
• Tasks being processed on a computer with several
processors
• Customers waiting for check in at an airport, with
a several check-in desks
113

53
 26/9/24

International University, VNU-HCMC

Techniques: Simulation
Build a computer program that models the system as set
of states and events.
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

advance simulated time

determine which events occurred
update state and event list
repeat
Discrete time simulation: Time is advanced in fixed steps
(e.g., 1 millisecond)
Next event simulation: Time is advanced to next event
Events can be simulated by random variables (e.g.,
arrival of next customer, completion of disk latency), or
by using data collected from an operational system.

114

International University, VNU-HCMC

Behavior of Queues: Utilization

The exact shape of the curve depends on the type of
queue (e.g., single server) and the statistical
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

distributions of arrival times and service times.

mean
delay
before
service
begins

Utilization of
0 1 service

115

54
 26/9/24

International University, VNU-HCMC

Measurements on Operational Systems

Measurements on operational systems
• Benchmarks: Run system on standard problem sets,
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

sample inputs, or a simulated load on the system.

• Instrumentation: Clock specific events.
If you have any doubt about the performance of part of
a system, experiment with a simulated load.

116

International University, VNU-HCMC

Example: Web Laboratory

Benchmark: throughput v. number of CPUs on a
symmetric multiprocessor
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

total MB/s

average / CPU

117

55
 26/9/24

International University, VNU-HCMC

Case Study: Performance of Disk Farm

When many transaction use a disk farm, each
transaction must:
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

wait for specific disk

wait for I/O channel
send signal to move heads on disk
wait for I/O channel
pause for disk rotation (latency)
read data
Close agreement between: results from queuing theory,
simulation, and direct measurement (within 15%).

118

International University, VNU-HCMC

Fixing Bad Performance

If a system performs badly, begin by identifying the cause:
Instrumentation. Add timers to the code. Often this will reveal
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

that delays are centered in a specific part of the system.

Test loads. Run the system with varying loads, e.g., high
transaction rates, large input files, many users, etc. This may
reveal the characteristics of when the system runs badly.
Design and code reviews. Team review of system design,
program design, and suspect sections of code. This may
reveal an algorithm that is running very slowly, e.g., a sort,
locking procedure, etc.
Find the underlying cause and fix it or the problem will return!

119

56
 26/9/24

International University, VNU-HCMC

Predicting Performance Change: Moore's Law

Original version:
The density of transistors in an integrated circuit will
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

double every year. (Gordon Moore, Intel, 1965)

Current version:
Cost/performance of silicon chips doubles every 18
months.

120

International University, VNU-HCMC

Moore's Law: Rules of Thumb

Planning assumptions
Silicon chips: cost/performance improves 30%/ year
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• in 12 years = 20:1
• in 24 years = 500:1
Magnetic media: cost/performance improves 40% / year
• in 12 years = 50:1
• in 24 years = 3,000:1
These assumptions are conservative. During some periods, the
increases have been considerably faster.
Recently, the rate of performance increase in individual
components, such as CPUs, has slowed down, but the overall
rate of increase has been maintained by placing many CPU cores
on a single chip.

121

57
 26/9/24

International University, VNU-HCMC

Moore's Law and System Design

Feasibility study: 2013

Production use: 2016
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Withdrawn from production: 2026

Processor speeds 1 2.2 30
Memory sizes: 1 2.2 30
Disk capacity: 1 2.2 30
System cost: 1 0.4 0.03

122

International University, VNU-HCMC

Moore's Law Example

Will this be a typical laptop?
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

2017 2027
Processors 2 x 2.5 GHz 8 x 10 GHz or 100
processors?
Memory 8 GB 200 GB
Disc 500 GB 15 TB
Network 1 Gb/s 25 Gb/s

Surely there will be some fundamental changes in how

this this power is packaged and used.

123

58
 26/9/24

International University, VNU-HCMC

Parkinson's Law
Original:
Work expands to fill the time available. (C. Northcote
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Parkinson)
Software development version:
(a) Demand will expand to use all the hardware
available.
(b) Low prices will create new demands.
(c) Your software will be used on equipment that you
have not envisioned.

124

International University, VNU-HCMC

False Assumptions from the Past

Be careful about the assumptions that you make
Here are some past assumptions that caused problems:
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

• Unix file system will never exceed 2 GB (232 bytes).

• AppleTalk networks will never have more than 256
hosts (28 bits).
• GPS software will not last more than 1024 weeks.
• Two bytes are sufficient to represent a year (Y2K bug).
etc, etc,…

125

59
 26/9/24

International University, VNU-HCMC

Moore's Law and the Long Term

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

1965 Today

126

International University, VNU-HCMC

Moore's Law and the Long Term

What
Assoc. Prof. Nguyen Thi Thuy Loan, PhD

level?

Within your working life?

1965 Ten years When?

from now?

127

60
 26/9/24

International University, VNU-HCMC

Assoc. Prof. Nguyen Thi Thuy Loan, PhD

Thank you for your attention!

128

61