Scribd Logo
Upload

Welcome to Scribd!

  • For The Equity Trading System Discussed in Section 13 - 5200512713003902378

    Uploaded by

    Htet Htet Oo
    11 views2 pages
    The document discusses two potential attacks on an equity trading system: 1) A malicious user gains access using legitimate credentials to place fraudulent trades. 2) An unauthorized user corrupts the transaction database by accessing it directly. To counter each attack, the document proposes strategies for resistance, recognition of attacks, and recovery methods like automatically undoing trades, maintaining backups, and using stronger authentication.

    Original Description:

    Original Title

    for-the-equity-trading-system-discussed-in-section-13_5200512713003902378

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses two potential attacks on an equity trading system: 1) A malicious user gains access using legitimate credentials to place fraudulent trades. 2) An unauthorized user corrupts the transaction database by accessing it directly. To counter each attack, the document proposes strategies for resistance, recognition of attacks, and recovery methods like automatically undoing trades, maintaining backups, and using stronger authentication.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views2 pages

    For The Equity Trading System Discussed in Section 13 - 5200512713003902378

    Uploaded by

    Htet Htet Oo
    The document discusses two potential attacks on an equity trading system: 1) A malicious user gains access using legitimate credentials to place fraudulent trades. 2) An unauthorized user corrupts the transaction database by accessing it directly. To counter each attack, the document proposes strategies for resistance, recognition of attacks, and recovery methods like automatically undoing trades, maintaining backups, and using stronger authentication.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    . For the equity trading system discussed in Section 13.4.

    2, whose architecture is shown

    in Figure 13.14, suggest two further plausible attacks on the system and propose

    possible strategies that could counter these attacks.

    Attack 1: A maliciouse user gain access to the system using an accredited user credentials.

    Malicious orders are placed, and stock is bought and sold.

    Strategy to counter the attack:

    Resistance: In order to place an order a dealing password is required which is different

    from login password.

    Recognition:

     Send a copy of order by email to authorized user with contact phone number.

     Maintain user’s order history and check for unusual trading patterns.

    Recovery:

     Provide mechanism to automatically undo trades and restore user accounts.

     Refund users for losses that are due to malicious trading.

     Insure against consequential losses.

    Attack 2: An unauthorized user corrupts the transaction database by gaining permission to

    issue SQL commands directly. Reconciliation of sales and purchase is therefore

    impossible.

    Strategy to counter the attack:

    Resistance: Using a stronger authentication mechanism, such as digital certificates for the

    authorization of privileged users.

    Recognition:

     Maintain read-only copies of transactions for an office on an international server.

    Periodically compare transactions to check corruption.


     Maintain cryptographic checksum with all transaction records to detect corruption.

    Recovery:

     Recover database from backup copies.

     Provide a mechanism to replay trades from a specified time to recreate the

    transactions database.

    You might also like