Computer Applications Cheatsheet

Cheatsheet Content

INFORMATION SECURITY 1. Introduction to Information Security Security Goals (CIA Triad): Confidentiality: Protects from unauthorized disclosure (encryption, access control). Integrity: Ensures data has not been altered or destroyed (hashing, digital signatures). Availability: Ensures timely and reliable access (redundancy, backups). Security Threats: Events compromising security. Interruption: Asset becomes unavailable (DoS). Interception: Unauthorized access (eavesdropping). Modification: Unauthorized tampering (data alteration). Fabrication: Inserting counterfeit objects (phishing). Computer Criminals / Threat Actors: Hackers (white, black, grey-hat), Crackers, Script Kiddies, State-Sponsored, Insider Threats. Security Services: Mechanisms to counter threats. Authentication: Verifying identity. Access Control: Restricting resource access. Data Confidentiality: Protection against disclosure. Data Integrity: Protection against modification. Non-repudiation: Proof of origin/receipt. Security Mechanisms: Tools to implement services (Encryption, Digital Signatures, Firewalls, IDS). 2. Cryptography: Principles and Algorithms Classic Ciphers: Substitution: Caesar (shift), Vigenère (polyalphabetic). Transposition: Rearrange letters (Rail Fence). Modern Concepts: Confusion: Complex relationship between ciphertext and key. Diffusion: Spreading plaintext influence over ciphertext. Kerchoff's Principle: Security relies only on key secrecy. Symmetric-Key Cryptography: Same key for encrypt/decrypt. Plaintext (P) Encrypt (E) Shared Key (K) Ciphertext (C) Decrypt (D) Shared Key (K) Plaintext (P) Algorithms: DES (56-bit key, insecure), 3DES, AES (128/192/256-bit key, current standard). Modes of Operation (Block Ciphers): ECB (weak), CBC (good for confidentiality), CTR (stream cipher, parallel), GCM (authenticated encryption). Asymmetric-Key Cryptography (Public-Key): Public key for encrypt, private key for decrypt. Plaintext (P) Encrypt Receiver's Public Key Ciphertext (C) Decrypt Receiver's Private Key Plaintext (P) Algorithms: RSA (factoring), ECC (elliptic curves). Used for: Key exchange, digital signatures, non-repudiation. Hash Functions: One-way function, fixed-size output. Properties: One-way, second preimage resistant, collision resistant. Algorithms: MD5 (vulnerable), SHA-256, SHA-512. Applications: Data integrity, password storage. Key Exchange: Diffie-Hellman (shared secret over insecure channel). Digital Signatures: Verifies authenticity & integrity using private key (sign) and public key (verify). Provides non-repudiation. Digital Certificates & PKI: PKI: System for managing digital certificates. Digital Certificate: Binds public key to identity, issued by Certificate Authority (CA). (X.509 standard). 3. Program Security Secure Programs: Designed to operate securely under attack. Non-malicious Errors (Vulnerabilities): Buffer Overflow: Writing beyond allocated memory. Race Conditions: Timing-dependent execution flaws. Input Validation Errors: SQL Injection, XSS. Format String Bugs: Unchecked user input as format string. Malicious Codes (Malware): Virus: Self-replicating, attaches to programs. Worm: Self-replicating, spreads autonomously. Trojan Horse: Malicious code disguised as legitimate. Rootkit: Hides presence, provides root access. Spyware: Gathers info without consent. Ransomware: Encrypts data, demands ransom. Botnet: Network of compromised machines for attacks. Trap Doors (Backdoors): Secret entry points. Salami Attacks: Small, unnoticed thefts accumulating. Covert Channels: Hidden communication violating security policy. Controls Against Programs: Secure coding, input validation, least privilege, code review, fuzzing, memory protection (DEP, ASLR). 4. Threats & Protection in Operating Systems Memory Protection: Segmentation, Paging (MMU). Address Protection: Isolating process address spaces. Access Control: Regulating resource access. DAC: Owner-defined permissions (Unix). MAC: System-wide policy (high-security). RBAC: Permissions based on user roles. ABAC: Attribute-based decisions. File Protection: Controlling permissions (read/write/execute). User Authentication: Verifying identity. Factors: Something you know (password), have (token), are (biometrics), do (behavioral). MFA: Combining multiple factors. OS Hardening: Reducing attack surface (disable services, patch, configure). 5. Database Security Requirements: Confidentiality, Integrity, Availability. Reliability: Data consistency and availability. Integrity Constraints: Rules for data accuracy (PK, FK). Sensitive Data: PII, financial, health, IP. Inference: Deducing sensitive info from non-sensitive queries. Countermeasures: data perturbation, query restriction. Multilevel Security (MLS): Handling data with different sensitivity/clearance levels (Bell-LaPadula, Biba). Database Access Control: Granular permissions, Views, Stored Procedures. SQL Injection: Malicious SQL in input fields. 6. Security in Networks Network Threats: Eavesdropping, Spoofing, DoS/DDoS, MITM, Session Hijacking, Malware Propagation. Security Controls: Firewalls: Packet filtering, stateful inspection, application layer. IDS/IPS: Detects/prevents intrusions (signature-based, anomaly-based). VPN: Secure encrypted tunnel over insecure networks. Secure E-mails: PGP, S/MIME for confidentiality/integrity. Web Security: HTTPS (SSL/TLS) for server auth, confidentiality, integrity. 7. Administrating Security Security Planning: Strategy, policy, risk management, incident response. Risk Analysis & Management: Identify, assess, prioritize risks. Treatment: Avoid, Mitigate, Transfer, Accept. Organizational Security Policy: High-level security guidelines. Physical Security: Protecting physical assets (locks, CCTV, environmental controls). Ethical Issues: Privacy vs. security, responsible disclosure, legal compliance. Protecting Programs and Data: Data backup/recovery, patch management, antivirus, security awareness, incident response. Information and Law: Data protection laws (GDPR), cybercrime laws, IP laws. CLOUD COMPUTING 1. Overview of Computing Paradigm Recent Trends: Shift to remote, virtualized, shared resources; automation, elasticity, utility. Grid Computing: Distributed, heterogeneous, common goal (e.g., SETI@home). Cluster Computing: Tightly coupled, homogeneous, single system (e.g., HPC). Distributed Computing: Networked components communicate via messages. Utility Computing: Metered service for computing resources. Cloud Computing: On-demand access to shared, configurable resources (NIST definition). 2. Introduction to Cloud Computing History: Concepts from 1960s, commercialization from late 1990s (Salesforce), 2006 (AWS). Cloud Service Providers (CSPs): AWS, Azure, GCP (hyper-scalers). Benefits: Cost savings (OpEx), scalability, flexibility, high availability, global reach, reduced management. Limitations: Security/privacy, vendor lock-in, limited control, performance, compliance, internet dependency. 3. Cloud Computing Architecture Comparison with Traditional Computing: Feature Traditional (On-Premise) Cloud Computing Infra. Ownership User owned/managed CSP owned/managed Cost Model High CapEx OpEx (pay-as-you-go) Scalability Limited, manual Elastic, auto-scaling (Horizontal) Maintenance User responsible all layers Shared responsibility Deployment Time Weeks to months Minutes to hours Cloud Service Models (NIST): IaaS (Infrastructure as a Service): VMs, networks, storage. User manages OS, apps. Examples: Amazon EC2, Google Compute Engine. PaaS (Platform as a Service): Dev/deployment platform. User manages apps, data. Examples: Google App Engine, Heroku. SaaS (Software as a Service): Ready-to-use apps. User only consumes. Examples: Gmail, Salesforce. FaaS (Function as a Service)/Serverless: Event-driven functions. Provider manages all infra. Examples: AWS Lambda. Cloud Deployment Models (NIST): Public Cloud: Shared, multi-tenant. (AWS, Azure). Private Cloud: Exclusive to one org (on/off-premise). Hybrid Cloud: Combines two or more distinct clouds. Community Cloud: Shared by specific community with common concerns. NIST Cloud Reference Architecture: Roles (Consumer, Provider, Auditor, Broker, Carrier). 4. Case Studies Google App Engine (GAE): PaaS for scalable web apps, managed infrastructure. Microsoft Azure: Comprehensive IaaS/PaaS/SaaS, global data centers, enterprise focus. Amazon EC2: IaaS, scalable virtual servers, fine-grained control. Eucalyptus: Open-source for private/hybrid clouds, AWS API compatible. 5. Service Management in Cloud Computing SLAs (Service Level Agreements): Contract defining service expectations (uptime, performance, penalties). Billing & Accounting: Pay-as-you-go, metering, cost optimization. Scaling Hardware: Traditional: Vertical (upgrading single machine), Horizontal (adding machines). Cloud: Primarily Horizontal (adding instances), Auto-Scaling. Economics of Scaling: Cloud achieves economies of scale, consumers benefit from elasticity. 6. Cloud Security Shared Responsibility Model: Provider (security OF cloud), Customer (security IN cloud). Infrastructure Security: Network (VPC, firewalls), Host (hardening, patching), Hypervisor. Data Security & Storage: Encryption (at rest/in transit), data masking, DLP, data sovereignty. Privacy Issues: Compliance, auditability, insider threats, supply chain risk. Jurisdictional Issues: Data location impacts legal regulations. Authentication & Authorization: IAM, MFA, federated identity, RBAC. INTERNET TECHNOLOGIES 1. Java Programming Fundamentals OOP Concepts: Encapsulation: Bundling data/methods, restricting access (`private`). Inheritance: Acquiring properties/behaviors (`extends`). Polymorphism: Multiple forms (method overloading/overriding). Abstraction: Hiding details (abstract classes/interfaces). Arrays: Fixed-size, same type elements. `int[] numbers = new int[5];` ArrayList Class: Dynamic-size array (`java.util.ArrayList`). Grows/shrinks, stores objects. ArrayList<String> names = new ArrayList<>(); names.add("Alice"); names.remove(0); names.get(0); Exception Handling: `try-catch-finally` for runtime errors. Multithreading: Concurrent execution (`Thread`, `Runnable`). 2. JavaScript Fundamentals Data Types: Primitive: Number, String, Boolean, Undefined, Null, Symbol, BigInt. Non-Primitive: Object, Array, Function. Operators: Arithmetic, Assignment, Comparison (`==` vs `===`), Logical (`&&`, `||`, `!`). Functions: Blocks of code. `function greet(name) { return "Hello, " + name + "!"; }` Arrow functions (`(name) => "..."`). Scopes (`var`, `let`, `const`). Control Structures: `if/else`, `switch`, `for`, `while`, `do-while`, `for...in`, `for...of`. Events & Event Handling (DOM): User interactions trigger functions. document.getElementById("myBtn").addEventListener("click", function() { alert("Clicked!"); }); AJAX: Asynchronous HTTP requests, partial page updates (`fetch`, `XMLHttpRequest`). 3. JDBC (Java Database Connectivity) Fundamentals: Java API for DB connection. SQL execution, result retrieval. Architecture: JDBC API, Driver Manager, JDBC Driver (vendor-specific), Database. Steps: Load Driver (modern Java often auto-loads). Establish `Connection`: `DriverManager.getConnection(url, user, pass)`. Create `Statement` (simple SQL) or `PreparedStatement` (param. SQL, prevents injection). Execute SQL: `executeUpdate()` (DDL/DML), `executeQuery()` (SELECT). Process `ResultSet`: Iterate `rs.next()`, `rs.getInt()`, `rs.getString()`. Close Resources: `finally` block for `ResultSet`, `Statement`, `Connection`. 4. JSP (JavaServer Pages) Introduction: Dynamic web content by embedding Java in HTML. Separation of concerns. HTTP & Servlet Basics: HTTP (request-response). Servlets (Java programs handling requests); JSPs compile to Servlets. Anatomy: Directives: `<%@ page ... %>` (imports, errorPage), `<%@ include ... %>` (static include). Scripting Elements: Scriptlets: `<% Java code %>` (Java statements). Expressions: `<%= Java expression %>` (output to HTML). Declarations: `<%! variables/methods %>` (instance members of generated servlet). Actions: `<jsp:include>` (dynamic include), `<jsp:forward>`, `<jsp:useBean>`, `<jsp:setProperty>`, `<jsp:getProperty>`. Processing Lifecycle: Translation (JSP to Servlet), Compilation, Loading, Instantiation, `jspInit()`, `_jspService()`, `jspDestroy()`. Application Design with MVC: JSP as View, Servlet as Controller, JavaBeans as Model. Environment Setup: JDK, Web server with Servlet container (Tomcat). Implicit Objects: `request`, `response`, `out`, `session`, `application`, etc. Error Handling: `page` directive `errorPage`, `<jsp:error-page>` in `web.xml`. Sharing Data (Scopes): Page, Request, Session, Application. Database Access: Best via JavaBeans to separate logic from presentation. 5. Java Beans Fundamentals: Reusable Java components (POJOs) following conventions. Public no-arg constructor. Private properties with public getters/setters (`getProperty()`, `setProperty()`). Serializable. JAR files: Package JavaBeans. Introspection: IDEs analyze Bean properties via `get/set` methods. Example Bean: public class UserBean implements Serializable { private String name; public UserBean() { /* ... */ } public String getName() { return name; } public void setName(String name) { this.name = name; } } Connecting to DB: Bean encapsulates JDBC logic; JSPs interact via `<jsp:useBean>` actions. THEORY OF COMPUTATION 1. Languages and Formal Definitions Alphabets ($\Sigma$): Finite, non-empty set of symbols (e.g., $\{0, 1\}$). String ($w$): Finite sequence of symbols from $\Sigma$. $|w|$ is length. $\epsilon$ is empty string ($|\epsilon|=0$). $\Sigma^*$: All strings over $\Sigma$. $\Sigma^+$: All non-empty strings. Language ($L$): Any set of strings over $\Sigma$ ($L \subseteq \Sigma^*$). Basic Operations: Concatenation ($L_1 L_2$): $\{xy \mid x \in L_1, y \in L_2\}$. Union ($L_1 \cup L_2$): $\{x \mid x \in L_1 \text{ or } x \in L_2\}$. Intersection ($L_1 \cap L_2$): $\{x \mid x \in L_1 \text{ and } x \in L_2\}$. Complement ($\overline{L}$): $\Sigma^* - L$. Kleene Star ($L^*$): Zero or more concatenations of strings from $L$ ($L^0 \cup L^1 \cup \dots$). Kleene Plus ($L^+$): One or more concatenations. 2. Finite Automata and Regular Languages Regular Expressions (RE): Notation for regular languages (e.g., $a(a|b)^*b$). `a`, `ab`, `a|b`, `a*`, `a+`, `a?`, `( )`. Finite Automata (FA): Recognize regular languages. Transition Graphs: Visual representation (states, transitions, start/final states). DFA (Deterministic Finite Automata): For each state/symbol, exactly one next state. Formal: $M = (Q, \Sigma, \delta, q_0, F)$, where $\delta: Q \times \Sigma \to Q$. q0 0,1 0 q1 0 q2 1 1 0 NFA (Non-deterministic Finite Automata): Zero, one, or more next states. Allows $\epsilon$-transitions. Formal: $\delta: Q \times (\Sigma \cup \{\epsilon\}) \to P(Q)$. NFA to DFA Conversion: Subset Construction algorithm. Regular Languages: Recognized by DFAs/NFAs, described by REs. Pumping Lemma for Regular Languages: Proves non-regularity. If $L$ is regular, any $s \in L, |s| \ge p$ can be $s=xyz$ where $|y| \ge 1, |xy| \le p$, and $xy^iz \in L$ for all $i \ge 0$. Closure Properties: Regular languages are closed under union, concatenation, Kleene star, intersection, complementation, reversal. 3. Context-Free Languages Context-Free Grammars (CFG): Rules $A \to \alpha$ ($A$ is non-terminal, $\alpha$ is string of terminals/non-terminals). Formal: $G = (V, \Sigma, R, S)$. $L(G)$ is language generated. Parse Trees: Tree representation of string derivation. Ambiguities: Grammar is ambiguous if a string has multiple parse trees/derivations. Language is inherently ambiguous if all its CFGs are ambiguous. Pushdown Automata (PDA): FA with a stack. Recognizes CFLs. Formal: $M = (Q, \Sigma, \Gamma, \delta, q_0, Z_0, F)$. DPDA: Deterministic PDA (subset of CFLs). NPDA: Non-deterministic PDA (equivalent to CFGs). Pumping Lemma for Context-Free Languages: Proves non-CFL. If $L$ is CFL, any $s \in L, |s| \ge p$ can be $s=uvxyz$ where $|vy| \ge 1, |vxy| \le p$, and $uv^ixy^iz \in L$ for all $i \ge 0$. Closure Properties: CFLs closed under union, concatenation, Kleene star, reversal. NOT closed under intersection, complementation. Normal Forms: Chomsky Normal Form (CNF): $A \to BC$ or $A \to a$. Greibach Normal Form (GNF): $A \to a\alpha$. 4. Turing Machines and Models of Computations RAM (Random Access Machine): Theoretical model resembling real computer (CPU, memory, registers). Turing Machine (TM): Most powerful computational model. Infinite tape, head, states, transition function. Formal: $M = (Q, \Sigma, \Gamma, \delta, q_0, B, F)$. Church-Turing Thesis: Anything computable by algorithm is computable by TM. Universal Turing Machine (UTM): Simulates any other TM. Input: TM description + TM input. Language Acceptability: TM accepts $w$ if it halts in final state. Decidability (Recursive Language): TM halts on all inputs (accepts $L$, rejects $\overline{L}$). Recursively Enumerable Languages (RE): TM accepts $L$, may not halt for inputs $\notin L$. Halting Problem: Undecidable (no TM can determine if any TM halts on any input). Unsolvability Problems: Problems with no general algorithm (e.g., Halting, TM Equivalence). Hierarchy of Languages (Chomsky Hierarchy): Type 0: RE (Turing Machines). Type 1: Context-Sensitive (Linear Bounded Automata). Type 2: Context-Free (Pushdown Automata). Type 3: Regular (Finite Automata).