SlideShare a Scribd company logo

lec-10 Design-Principles.ppt

Download as PPT, PDF
E
ElghaiebOmar

The document discusses object-oriented design principles. It covers SOLID principles like single responsibility, open/closed, Liskov substitution, interface segregation and dependency inversion. Other topics include composition over inheritance, DRY principle, inversion of control, YAGNI, law of Demeter, principle of least astonishment and MVP. Specific examples are provided to illustrate how these principles can be applied, such as handling changes to authentication mechanisms in a home access system design. The Liskov substitution principle is explained in more detail.

Software
1 of 19
Ivan Marsic Rutgers University LECTURE 10: Object Oriented Design Principles
2 Topics  SOLID Design Principles – https://en.wikipedia.org/wiki/SOLID  Composition over inheritance (aka Composite reuse principle) – https://en.wikipedia.org/wiki/Composition_over_inheritance  Don't Repeat Yourself - DRY – https://en.wikipedia.org/wiki/Don%27t_repeat_yourself  Inversion of Control - IoC (aka Hollywood Principle) – https://en.wikipedia.org/wiki/Inversion_of_control  You Aren't Gonna Need It - YAGNI – https://en.wikipedia.org/wiki/You_aren%27t_gonna_need_it  Law of Demeter - LoD (aka Principle of Least Knowledge) – https://en.wikipedia.org/wiki/Law_of_Demeter  Principle of Least Astonishment - PoLA – https://en.wikipedia.org/wiki/Principle_of_least_astonishment  Minimum Viable Product - MVP – http://en.wikipedia.org/wiki/Minimum_viable_product
SOLID Design Principles Software inevitably changes/evolves over time (maintenance, upgrade)  Single responsibility principle (SRP) – Every class should have only one reason to be changed – If class "A" has two responsibilities, create new classes "B" and "C" to handle each responsibility in isolation, and then compose "A" out of "B" and "C"  Open/closed principle (OCP) – Every class should be open for extension (derivative classes), but closed for modification (fixed interfaces) – Put the system parts that are likely to change into implementations (i.e. concrete classes) and define interfaces around the parts that are unlikely to change (e.g. abstract base classes)  Liskov substitution principle (LSP) – Every implementation of an interface needs to fully comply with the requirements of this interface (requirements determined by its clients!) – Any algorithm that works on the interface, should continue to work for any substitute implementation  Interface segregation principle (ISP) – Keep interfaces as small as possible, to avoid unnecessary dependencies – Ideally, it should be possible to understand any part of the code in isolation, without needing to look up the rest of the system code  Dependency inversion principle (DIP) – Instead of having concrete implementations communicate directly (and depend on each other), decouple them by formalizing their communication interface as an abstract interface based on the needs of the higher-level class 3
4 … is this a good design? Unlock Use Case «destroy» opt «create» sk := getNext() logTransaction( k, val ) activate( "lock" ) : Controller : Checker : KeyStorage : DeviceCtrl : Logger : PhotoObsrv dl := isDaylight() alt [else] enterKey() k : Key val := checkKey( k ) loop activate( "bulb" ) val == true dl == false compare(k, sk) [for all stored keys] numOfAttempts++ alt numOfAttempts == maxNumOfAttempts activate( "alarm" ) denyMoreAttempts() [else] prompt: "try again" Time
Class Diagram KeyChecker + checkKey(k : Key) : boolean – compare(k : Key, sk : Key) : boolean Key – code_ : string – timestamp_ : long – doorLocation_ : string KeyStorage + getNext() : Key KeyReader + acquireKey() : Key Controller # numOfAttemps_ : long # maxNumOfAttempts_ : long + enterKey(k : Key) – denyMoreAttempts() 1 1 sensor reader 1 1..* validKeys 1 1..* devCtrl DeviceCtrl # devStatuses_ : Vector + activate(dev : string) : boolean + deactivate(dev :string) : boolean + getStatus(dev : string) : Object PhotoSObsrv + isDaylight() : boolean 1 checker 1 k
Purpose of Design Principles Principles are used to diagnose problems with designs Patterns are used to address the problems 6
Examples of Software Change  What could change in the home access system: means of user authentication and the controlled devices. These sources of change are independent, so one should not affect the code for the other  Scenario #1: replace numeric-code based keys with magnetic card or RFID chip – What part of the system needs to be replaced? – What is the “interface” seen by the rest of the system that needs to remain invariant?  Scenario #2: same as above – Policy for handling dictionary attacks becomes inadequate: what kind of attack can be mounted by an adversary in case of magnetic or RFID codes? – What policy (or policies) are appropriate for this scenario? 7
Device Driver 8 Policy Layer for Safe Home Access Dependencies for Ordinary Layered Style Mechanism Layer for Safe Home Access Utility Layer for Safe Home Access Device Controller Key Descriptor Key Validator depends-on depends-on What is needed: - User’s identifier (“key”) - Set of valid keys - Mechanism to validate the user’s key Valid Keys Storage User Authenticator Arrival Manager Key Reader File or Database  Note the dependencies from top to bottom  That is, higher-level modules depend on the lower-level modules   Any changes in lower-level modules may propagate up to the higher levels
Need Inverted Dependencies Low-level modules are more likely to change High-level modules are more likely to remain stable: they implement the business policies, which is the purpose of the system and is unlikely to change Dependency Inversion Principle (DIP) 9
10 Example Business Policy & Mechanism IF key  ValidKeys THEN disarm lock and turn lights on ELSE increment failed-attempts-counter IF failed-attempts-counter equals maximum number allowed THEN block further attempts and raise alarm Controller # numOfAttemps_ : long # maxNumOfAttempts_ : long + enterKey(k : Key) – denyMoreAttempts()
Safe Home Access Policy Level Detailed statement of the problem: – Read the numeric code typed-in by the user – Validate the code, and – Set the voltage high to disarm the lock, turn on the light Abstract statement of the problem: – Acquire the user code – Validate the code, and – Enable access and assist user’s arrival activties 11
Dependency Inversion Principle Instead of high-level module (policy) depending on low-level module (mechanism/service/utility): – High-level module defines its desired interface for the low-level service (i.e., high-level depends on itself- defined interface) – Lower-level module depends on (implements) the interface defined by the high-level module –  Dependency inversion (from low to high, instead the opposite) 12
«interface» PolicyServiceInterface 13 Dependency Inversion Pattern Package diagram Defined by policy-package owner Policy Package client : PolicyClass server : PolicyServiceClass depends-on («uses») depends-on («implements») Mechanism Package  Note the dependencies from bottom to top  Both Policy Class and Policy Service Class depend on Policy Service Interface but the former uses (and defines) the interface and the latter implements the interface developer A developer B
Additional Object: Intruder Detector?  Based on an invalid key decides an intruder  However, the notion of a “dictionary attack” may not make sense for non-numeric keys, not acquired from a keypad  If the “key” is a magnetic-card code, it cannot be assumed that the user made a mistake and should be given another try – If a key is transmitted wirelessly, it may be intercepted and reproduced  What if the “key” is user’s fingerprint or another biometric feature? – A biometric identifier could be faked, although also user may have dirty or greasy fingers which would prevent correct fingerprint-based identification or user’s face may not be properly illuminated…   Need a new intruder-detection mechanism … 14
Examples of Software Change  What could change in the home access system: means of user authentication and the controlled devices. These sources of change are independent, so one should not affect the code for the other  Scenario #1: replace numeric-code based keys with magnetic card or RFID chip – What part of the system needs to be replaced? – What is the “interface” seen by the rest of the system that needs to remain invariant?  Scenario #2: same as above – Policy for handling dictionary attacks becomes inadequate: what kind of attack can be mounted by an adversary in case of magnetic or RFID codes? – What policy (or policies) are appropriate for this scenario? 15
… where is the “interface” when the ID mechanism changes? KeyChecker + checkKey(k : Key) : boolean – compare(k : Key, sk : Key) : boolean Key – code_ : string – timestamp_ : long – doorLocation_ : string KeyStorage + getNext() : Key KeyReader + acquireKey() : Key Controller # numOfAttemps_ : long # maxNumOfAttempts_ : long + enterKey(k : Key) – denyMoreAttempts() sensor reader validKeys devCtrl DeviceCtrl # devStatuses_ : Vector + activate(dev : string) : boolean + deactivate(dev :string) : boolean + getStatus(dev : string) : Object PhotoSObsrv + isDaylight() : boolean checker k
«interface» KeyValidityCheckInterface checkKey(k: Key) : Enum 17 Dependency Inversion Pattern Package diagram Policy Package client : DoorPolicyControl depends-on («uses») depends-on («implements») Mechanism Package  Previous solution: Intrusion detection mechanism was entangled with door policy and hidden  Current solution: Intrusion detection mechanism moved from Policy Level to Mechanism Level developer A developer B - valid - invalid - intruder Defined by policy-package owner (developer A) server : KeyValidityChecker checkKey(k: Key) : Enum helper : IntrusionDetector checkIntrusion(k: Key) : Bool
Liskov Substitution Principle Every implementation of an interface needs to fully comply with the requirements of this interface Any algorithm that works on the interface, should continue to work for any substitute implementation 18
Liskov Substitution Principle This principle is often misinterpreted that the two objects are equivalent if they provide the same API – However, the API is a program-level interface that does not capture the use of the object’s methods, attributes, nor its dependency graph – The API cannot represent the preconditions, postconditions, invariants, etc. – An object’s LSP substitute must ensure that the physical aspects for resource footprint do not affect the rest of the system Dependency graph of the substituted object must be completely replaced with the dependency graph of its substitute object 19

Recommended

How much do we know about Object-Oriented Programming?
How much do we know about Object-Oriented Programming?How much do we know about Object-Oriented Programming?
How much do we know about Object-Oriented Programming?
Sandro Mancuso
 
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
Alex Pruden
 
Integris Security - Hacking With Glue ℠
Integris Security - Hacking With Glue ℠Integris Security - Hacking With Glue ℠
Integris Security - Hacking With Glue ℠
Integris Security LLC
 
Certified ethical hacker (cehv11) exam dumps 2022
Certified ethical hacker (cehv11) exam dumps 2022Certified ethical hacker (cehv11) exam dumps 2022
Certified ethical hacker (cehv11) exam dumps 2022
SkillCertProExams
 
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP
 
10 Rules for Safer Code
10 Rules for Safer Code10 Rules for Safer Code
10 Rules for Safer Code
Quang Ngoc
 
10 Rules for Safer Code [Odoo Experience 2016]
10 Rules for Safer Code [Odoo Experience 2016]10 Rules for Safer Code [Odoo Experience 2016]
10 Rules for Safer Code [Odoo Experience 2016]
Olivier Dony
 
Banv
BanvBanv
Banv
netvis
 

Recommended

How much do we know about Object-Oriented Programming?
How much do we know about Object-Oriented Programming?How much do we know about Object-Oriented Programming?
How much do we know about Object-Oriented Programming?
Sandro Mancuso
 
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
Alex Pruden
 
Integris Security - Hacking With Glue ℠
Integris Security - Hacking With Glue ℠Integris Security - Hacking With Glue ℠
Integris Security - Hacking With Glue ℠
Integris Security LLC
 
Certified ethical hacker (cehv11) exam dumps 2022
Certified ethical hacker (cehv11) exam dumps 2022Certified ethical hacker (cehv11) exam dumps 2022
Certified ethical hacker (cehv11) exam dumps 2022
SkillCertProExams
 
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP
 
10 Rules for Safer Code
10 Rules for Safer Code10 Rules for Safer Code
10 Rules for Safer Code
Quang Ngoc
 
10 Rules for Safer Code [Odoo Experience 2016]
10 Rules for Safer Code [Odoo Experience 2016]10 Rules for Safer Code [Odoo Experience 2016]
10 Rules for Safer Code [Odoo Experience 2016]
Olivier Dony
 
Banv
BanvBanv
Banv
netvis
 
Garbled Circuits for Secure Credential Management Services
Garbled Circuits for Secure Credential Management ServicesGarbled Circuits for Secure Credential Management Services
Garbled Circuits for Secure Credential Management Services
OnBoard Security, Inc. - a Qualcomm Company
 
Data mining final report
Data mining final reportData mining final report
Data mining final report
Kedar Kumar
 
Overcoming (organizational) scalability issues in your Prometheus ecosystem
Overcoming (organizational) scalability issues in your Prometheus ecosystemOvercoming (organizational) scalability issues in your Prometheus ecosystem
Overcoming (organizational) scalability issues in your Prometheus ecosystem
QAware GmbH
 
How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)
How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)
How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)
Vladimir Kochetkov
 
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureSCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architecture
qqlan
 
Application Security
Application SecurityApplication Security
Application Security
florinc
 
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
Kim Hammar
 
How to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindHow to write clean & testable code without losing your mind
How to write clean & testable code without losing your mind
Andreas Czakaj
 
Node.js for enterprise - JS Conference
Node.js for enterprise - JS ConferenceNode.js for enterprise - JS Conference
Node.js for enterprise - JS Conference
Timur Shemsedinov
 
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby MeetupBecoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
Andy Maleh
 
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
DefconRussia
 
Attacks1
Attacks1Attacks1
Attacks1
Aravindharamanan S
 
Evento formativo Spring 3 ottobre 2019
Evento formativo Spring 3 ottobre 2019Evento formativo Spring 3 ottobre 2019
Evento formativo Spring 3 ottobre 2019
Giorgio Bernardi
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous Environment
Stefano Maccaglia
 
Implementare e gestire soluzioni per l'Internet of Things (IoT) in modo rapid...
Implementare e gestire soluzioni per l'Internet of Things (IoT) in modo rapid...Implementare e gestire soluzioni per l'Internet of Things (IoT) in modo rapid...
Implementare e gestire soluzioni per l'Internet of Things (IoT) in modo rapid...
Amazon Web Services
 
Learning Automated Intrusion Response
Learning Automated Intrusion ResponseLearning Automated Intrusion Response
Learning Automated Intrusion Response
Kim Hammar
 
Robots in Swift
Robots in SwiftRobots in Swift
Robots in Swift
Janie Clayton
 
Dynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningDynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency Planning
Sean Chittenden
 
The Veil-Framework
The Veil-FrameworkThe Veil-Framework
The Veil-Framework
VeilFramework
 
Advanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsAdvanced System Security and Digital Forensics
Advanced System Security and Digital Forensics
Dr. Ramchandra Mangrulkar
 
bgiolcb
bgiolcbbgiolcb
bgiolcb
独家公布~斯洛文尼亚-塞尔维亚【3 9 7 7 . T W 官方指定】
 
42 Ways to Generate Real Estate Leads - Sellxpert
42 Ways to Generate Real Estate Leads - Sellxpert42 Ways to Generate Real Estate Leads - Sellxpert
42 Ways to Generate Real Estate Leads - Sellxpert
vaishalijagtap12
 

More Related Content

Similar to lec-10 Design-Principles.ppt

Garbled Circuits for Secure Credential Management Services
Garbled Circuits for Secure Credential Management ServicesGarbled Circuits for Secure Credential Management Services
Garbled Circuits for Secure Credential Management Services
OnBoard Security, Inc. - a Qualcomm Company
 
Data mining final report
Data mining final reportData mining final report
Data mining final report
Kedar Kumar
 
Overcoming (organizational) scalability issues in your Prometheus ecosystem
Overcoming (organizational) scalability issues in your Prometheus ecosystemOvercoming (organizational) scalability issues in your Prometheus ecosystem
Overcoming (organizational) scalability issues in your Prometheus ecosystem
QAware GmbH
 
How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)
How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)
How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)
Vladimir Kochetkov
 
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureSCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architecture
qqlan
 
Application Security
Application SecurityApplication Security
Application Security
florinc
 
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
Kim Hammar
 
How to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindHow to write clean & testable code without losing your mind
How to write clean & testable code without losing your mind
Andreas Czakaj
 
Node.js for enterprise - JS Conference
Node.js for enterprise - JS ConferenceNode.js for enterprise - JS Conference
Node.js for enterprise - JS Conference
Timur Shemsedinov
 
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby MeetupBecoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
Andy Maleh
 
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
DefconRussia
 
Attacks1
Attacks1Attacks1
Attacks1
Aravindharamanan S
 
Evento formativo Spring 3 ottobre 2019
Evento formativo Spring 3 ottobre 2019Evento formativo Spring 3 ottobre 2019
Evento formativo Spring 3 ottobre 2019
Giorgio Bernardi
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous Environment
Stefano Maccaglia
 
Implementare e gestire soluzioni per l'Internet of Things (IoT) in modo rapid...
Implementare e gestire soluzioni per l'Internet of Things (IoT) in modo rapid...Implementare e gestire soluzioni per l'Internet of Things (IoT) in modo rapid...
Implementare e gestire soluzioni per l'Internet of Things (IoT) in modo rapid...
Amazon Web Services
 
Learning Automated Intrusion Response
Learning Automated Intrusion ResponseLearning Automated Intrusion Response
Learning Automated Intrusion Response
Kim Hammar
 
Robots in Swift
Robots in SwiftRobots in Swift
Robots in Swift
Janie Clayton
 
Dynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningDynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency Planning
Sean Chittenden
 
The Veil-Framework
The Veil-FrameworkThe Veil-Framework
The Veil-Framework
VeilFramework
 
Advanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsAdvanced System Security and Digital Forensics
Advanced System Security and Digital Forensics
Dr. Ramchandra Mangrulkar
 

Similar to lec-10 Design-Principles.ppt (20)

Garbled Circuits for Secure Credential Management Services
Garbled Circuits for Secure Credential Management ServicesGarbled Circuits for Secure Credential Management Services
Garbled Circuits for Secure Credential Management Services
 
Data mining final report
Data mining final reportData mining final report
Data mining final report
 
Overcoming (organizational) scalability issues in your Prometheus ecosystem
Overcoming (organizational) scalability issues in your Prometheus ecosystemOvercoming (organizational) scalability issues in your Prometheus ecosystem
Overcoming (organizational) scalability issues in your Prometheus ecosystem
 
How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)
How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)
How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)
 
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architectureSCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architecture
 
Application Security
Application SecurityApplication Security
Application Security
 
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
 
How to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindHow to write clean & testable code without losing your mind
How to write clean & testable code without losing your mind
 
Node.js for enterprise - JS Conference
Node.js for enterprise - JS ConferenceNode.js for enterprise - JS Conference
Node.js for enterprise - JS Conference
 
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby MeetupBecoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
 
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
 
Attacks1
Attacks1Attacks1
Attacks1
 
Evento formativo Spring 3 ottobre 2019
Evento formativo Spring 3 ottobre 2019Evento formativo Spring 3 ottobre 2019
Evento formativo Spring 3 ottobre 2019
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous Environment
 
Implementare e gestire soluzioni per l'Internet of Things (IoT) in modo rapid...
Implementare e gestire soluzioni per l'Internet of Things (IoT) in modo rapid...Implementare e gestire soluzioni per l'Internet of Things (IoT) in modo rapid...
Implementare e gestire soluzioni per l'Internet of Things (IoT) in modo rapid...
 
Learning Automated Intrusion Response
Learning Automated Intrusion ResponseLearning Automated Intrusion Response
Learning Automated Intrusion Response
 
Robots in Swift
Robots in SwiftRobots in Swift
Robots in Swift
 
Dynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency PlanningDynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency Planning
 
The Veil-Framework
The Veil-FrameworkThe Veil-Framework
The Veil-Framework
 
Advanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsAdvanced System Security and Digital Forensics
Advanced System Security and Digital Forensics
 

Recently uploaded

42 Ways to Generate Real Estate Leads - Sellxpert
42 Ways to Generate Real Estate Leads - Sellxpert42 Ways to Generate Real Estate Leads - Sellxpert
42 Ways to Generate Real Estate Leads - Sellxpert
vaishalijagtap12
 
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
The Comprehensive Guide to Validating Audio-Visual Performances.pdfThe Comprehensive Guide to Validating Audio-Visual Performances.pdf
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
kalichargn70th171
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
Alina Yurenko
 
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
kgyxske
 
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom KittEnhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Peter Caitens
 
Orca: Nocode Graphical Editor for Container Orchestration
Orca: Nocode Graphical Editor for Container OrchestrationOrca: Nocode Graphical Editor for Container Orchestration
Orca: Nocode Graphical Editor for Container Orchestration
Pedro J. Molina
 
Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...
Paul Brebner
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
ShulagnaSarkar2
 
Upturn India Technologies - Web development company in Nashik
Upturn India Technologies - Web development company in NashikUpturn India Technologies - Web development company in Nashik
Upturn India Technologies - Web development company in Nashik
Upturn India Technologies
 
Optimizing Your E-commerce with WooCommerce.pptx
Optimizing Your E-commerce with WooCommerce.pptxOptimizing Your E-commerce with WooCommerce.pptx
Optimizing Your E-commerce with WooCommerce.pptx
WebConnect Pvt Ltd
 
What is Continuous Testing in DevOps - A Definitive Guide.pdf
What is Continuous Testing in DevOps - A Definitive Guide.pdfWhat is Continuous Testing in DevOps - A Definitive Guide.pdf
What is Continuous Testing in DevOps - A Definitive Guide.pdf
kalichargn70th171
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
ToXSL Technologies
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
Alberto Brandolini
 
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
Luigi Fugaro
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
XfilesPro
 
Going AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applicationsGoing AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applications
Alina Yurenko
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
dakas1
 
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
campbellclarkson
 
Stork Product Overview: An AI-Powered Autonomous Delivery Fleet
Stork Product Overview: An AI-Powered Autonomous Delivery FleetStork Product Overview: An AI-Powered Autonomous Delivery Fleet
Stork Product Overview: An AI-Powered Autonomous Delivery Fleet
Vince Scalabrino
 

Recently uploaded (20)

bgiolcb
bgiolcbbgiolcb
bgiolcb
 
42 Ways to Generate Real Estate Leads - Sellxpert
42 Ways to Generate Real Estate Leads - Sellxpert42 Ways to Generate Real Estate Leads - Sellxpert
42 Ways to Generate Real Estate Leads - Sellxpert
 
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
The Comprehensive Guide to Validating Audio-Visual Performances.pdfThe Comprehensive Guide to Validating Audio-Visual Performances.pdf
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
 
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
 
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom KittEnhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
 
Orca: Nocode Graphical Editor for Container Orchestration
Orca: Nocode Graphical Editor for Container OrchestrationOrca: Nocode Graphical Editor for Container Orchestration
Orca: Nocode Graphical Editor for Container Orchestration
 
Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...
 
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
 
Upturn India Technologies - Web development company in Nashik
Upturn India Technologies - Web development company in NashikUpturn India Technologies - Web development company in Nashik
Upturn India Technologies - Web development company in Nashik
 
Optimizing Your E-commerce with WooCommerce.pptx
Optimizing Your E-commerce with WooCommerce.pptxOptimizing Your E-commerce with WooCommerce.pptx
Optimizing Your E-commerce with WooCommerce.pptx
 
What is Continuous Testing in DevOps - A Definitive Guide.pdf
What is Continuous Testing in DevOps - A Definitive Guide.pdfWhat is Continuous Testing in DevOps - A Definitive Guide.pdf
What is Continuous Testing in DevOps - A Definitive Guide.pdf
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
 
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
 
Going AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applicationsGoing AOT: Everything you need to know about GraalVM for Java applications
Going AOT: Everything you need to know about GraalVM for Java applications
 
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理
 
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
🏎️Tech Transformation: DevOps Insights from the Experts 👩‍💻
 
Stork Product Overview: An AI-Powered Autonomous Delivery Fleet
Stork Product Overview: An AI-Powered Autonomous Delivery FleetStork Product Overview: An AI-Powered Autonomous Delivery Fleet
Stork Product Overview: An AI-Powered Autonomous Delivery Fleet
 

lec-10 Design-Principles.ppt

  • 1. Ivan Marsic Rutgers University LECTURE 10: Object Oriented Design Principles
  • 2. 2 Topics  SOLID Design Principles – https://en.wikipedia.org/wiki/SOLID  Composition over inheritance (aka Composite reuse principle) – https://en.wikipedia.org/wiki/Composition_over_inheritance  Don't Repeat Yourself - DRY – https://en.wikipedia.org/wiki/Don%27t_repeat_yourself  Inversion of Control - IoC (aka Hollywood Principle) – https://en.wikipedia.org/wiki/Inversion_of_control  You Aren't Gonna Need It - YAGNI – https://en.wikipedia.org/wiki/You_aren%27t_gonna_need_it  Law of Demeter - LoD (aka Principle of Least Knowledge) – https://en.wikipedia.org/wiki/Law_of_Demeter  Principle of Least Astonishment - PoLA – https://en.wikipedia.org/wiki/Principle_of_least_astonishment  Minimum Viable Product - MVP – http://en.wikipedia.org/wiki/Minimum_viable_product
  • 3. SOLID Design Principles Software inevitably changes/evolves over time (maintenance, upgrade)  Single responsibility principle (SRP) – Every class should have only one reason to be changed – If class "A" has two responsibilities, create new classes "B" and "C" to handle each responsibility in isolation, and then compose "A" out of "B" and "C"  Open/closed principle (OCP) – Every class should be open for extension (derivative classes), but closed for modification (fixed interfaces) – Put the system parts that are likely to change into implementations (i.e. concrete classes) and define interfaces around the parts that are unlikely to change (e.g. abstract base classes)  Liskov substitution principle (LSP) – Every implementation of an interface needs to fully comply with the requirements of this interface (requirements determined by its clients!) – Any algorithm that works on the interface, should continue to work for any substitute implementation  Interface segregation principle (ISP) – Keep interfaces as small as possible, to avoid unnecessary dependencies – Ideally, it should be possible to understand any part of the code in isolation, without needing to look up the rest of the system code  Dependency inversion principle (DIP) – Instead of having concrete implementations communicate directly (and depend on each other), decouple them by formalizing their communication interface as an abstract interface based on the needs of the higher-level class 3
  • 4. 4 … is this a good design? Unlock Use Case «destroy» opt «create» sk := getNext() logTransaction( k, val ) activate( "lock" ) : Controller : Checker : KeyStorage : DeviceCtrl : Logger : PhotoObsrv dl := isDaylight() alt [else] enterKey() k : Key val := checkKey( k ) loop activate( "bulb" ) val == true dl == false compare(k, sk) [for all stored keys] numOfAttempts++ alt numOfAttempts == maxNumOfAttempts activate( "alarm" ) denyMoreAttempts() [else] prompt: "try again" Time
  • 5. Class Diagram KeyChecker + checkKey(k : Key) : boolean – compare(k : Key, sk : Key) : boolean Key – code_ : string – timestamp_ : long – doorLocation_ : string KeyStorage + getNext() : Key KeyReader + acquireKey() : Key Controller # numOfAttemps_ : long # maxNumOfAttempts_ : long + enterKey(k : Key) – denyMoreAttempts() 1 1 sensor reader 1 1..* validKeys 1 1..* devCtrl DeviceCtrl # devStatuses_ : Vector + activate(dev : string) : boolean + deactivate(dev :string) : boolean + getStatus(dev : string) : Object PhotoSObsrv + isDaylight() : boolean 1 checker 1 k
  • 6. Purpose of Design Principles Principles are used to diagnose problems with designs Patterns are used to address the problems 6
  • 7. Examples of Software Change  What could change in the home access system: means of user authentication and the controlled devices. These sources of change are independent, so one should not affect the code for the other  Scenario #1: replace numeric-code based keys with magnetic card or RFID chip – What part of the system needs to be replaced? – What is the “interface” seen by the rest of the system that needs to remain invariant?  Scenario #2: same as above – Policy for handling dictionary attacks becomes inadequate: what kind of attack can be mounted by an adversary in case of magnetic or RFID codes? – What policy (or policies) are appropriate for this scenario? 7
  • 8. Device Driver 8 Policy Layer for Safe Home Access Dependencies for Ordinary Layered Style Mechanism Layer for Safe Home Access Utility Layer for Safe Home Access Device Controller Key Descriptor Key Validator depends-on depends-on What is needed: - User’s identifier (“key”) - Set of valid keys - Mechanism to validate the user’s key Valid Keys Storage User Authenticator Arrival Manager Key Reader File or Database  Note the dependencies from top to bottom  That is, higher-level modules depend on the lower-level modules   Any changes in lower-level modules may propagate up to the higher levels
  • 9. Need Inverted Dependencies Low-level modules are more likely to change High-level modules are more likely to remain stable: they implement the business policies, which is the purpose of the system and is unlikely to change Dependency Inversion Principle (DIP) 9
  • 10. 10 Example Business Policy & Mechanism IF key  ValidKeys THEN disarm lock and turn lights on ELSE increment failed-attempts-counter IF failed-attempts-counter equals maximum number allowed THEN block further attempts and raise alarm Controller # numOfAttemps_ : long # maxNumOfAttempts_ : long + enterKey(k : Key) – denyMoreAttempts()
  • 11. Safe Home Access Policy Level Detailed statement of the problem: – Read the numeric code typed-in by the user – Validate the code, and – Set the voltage high to disarm the lock, turn on the light Abstract statement of the problem: – Acquire the user code – Validate the code, and – Enable access and assist user’s arrival activties 11
  • 12. Dependency Inversion Principle Instead of high-level module (policy) depending on low-level module (mechanism/service/utility): – High-level module defines its desired interface for the low-level service (i.e., high-level depends on itself- defined interface) – Lower-level module depends on (implements) the interface defined by the high-level module –  Dependency inversion (from low to high, instead the opposite) 12
  • 13. «interface» PolicyServiceInterface 13 Dependency Inversion Pattern Package diagram Defined by policy-package owner Policy Package client : PolicyClass server : PolicyServiceClass depends-on («uses») depends-on («implements») Mechanism Package  Note the dependencies from bottom to top  Both Policy Class and Policy Service Class depend on Policy Service Interface but the former uses (and defines) the interface and the latter implements the interface developer A developer B
  • 14. Additional Object: Intruder Detector?  Based on an invalid key decides an intruder  However, the notion of a “dictionary attack” may not make sense for non-numeric keys, not acquired from a keypad  If the “key” is a magnetic-card code, it cannot be assumed that the user made a mistake and should be given another try – If a key is transmitted wirelessly, it may be intercepted and reproduced  What if the “key” is user’s fingerprint or another biometric feature? – A biometric identifier could be faked, although also user may have dirty or greasy fingers which would prevent correct fingerprint-based identification or user’s face may not be properly illuminated…   Need a new intruder-detection mechanism … 14
  • 15. Examples of Software Change  What could change in the home access system: means of user authentication and the controlled devices. These sources of change are independent, so one should not affect the code for the other  Scenario #1: replace numeric-code based keys with magnetic card or RFID chip – What part of the system needs to be replaced? – What is the “interface” seen by the rest of the system that needs to remain invariant?  Scenario #2: same as above – Policy for handling dictionary attacks becomes inadequate: what kind of attack can be mounted by an adversary in case of magnetic or RFID codes? – What policy (or policies) are appropriate for this scenario? 15
  • 16. … where is the “interface” when the ID mechanism changes? KeyChecker + checkKey(k : Key) : boolean – compare(k : Key, sk : Key) : boolean Key – code_ : string – timestamp_ : long – doorLocation_ : string KeyStorage + getNext() : Key KeyReader + acquireKey() : Key Controller # numOfAttemps_ : long # maxNumOfAttempts_ : long + enterKey(k : Key) – denyMoreAttempts() sensor reader validKeys devCtrl DeviceCtrl # devStatuses_ : Vector + activate(dev : string) : boolean + deactivate(dev :string) : boolean + getStatus(dev : string) : Object PhotoSObsrv + isDaylight() : boolean checker k
  • 17. «interface» KeyValidityCheckInterface checkKey(k: Key) : Enum 17 Dependency Inversion Pattern Package diagram Policy Package client : DoorPolicyControl depends-on («uses») depends-on («implements») Mechanism Package  Previous solution: Intrusion detection mechanism was entangled with door policy and hidden  Current solution: Intrusion detection mechanism moved from Policy Level to Mechanism Level developer A developer B - valid - invalid - intruder Defined by policy-package owner (developer A) server : KeyValidityChecker checkKey(k: Key) : Enum helper : IntrusionDetector checkIntrusion(k: Key) : Bool
  • 18. Liskov Substitution Principle Every implementation of an interface needs to fully comply with the requirements of this interface Any algorithm that works on the interface, should continue to work for any substitute implementation 18
  • 19. Liskov Substitution Principle This principle is often misinterpreted that the two objects are equivalent if they provide the same API – However, the API is a program-level interface that does not capture the use of the object’s methods, attributes, nor its dependency graph – The API cannot represent the preconditions, postconditions, invariants, etc. – An object’s LSP substitute must ensure that the physical aspects for resource footprint do not affect the rest of the system Dependency graph of the substituted object must be completely replaced with the dependency graph of its substitute object 19