Skip to content

Page387

Object-Oriented Analysis (OOA) and Object-Oriented Design (OOD)

Object-Oriented Analysis (OOA) and Object-Oriented Design (OOD) are software design methodologies that take the concept of objects to a higher, more conceptual, level than OOP. The two terms are sometimes combined as Object-Oriented Analysis and Design (OOAD).

It is like drawing a flowchart on a whiteboard that shows how a program should conceptually operate. The way data in a program flows and is manipulated is visualized as a series of messages and objects. Once the software design is complete, the code may be programmed in an OOP language such as Ruby.

Object-Oriented Analysis (OOA) seeks to understand (analyze) a problem domain (the challenge you are trying to address) and identifies all objects and their interaction. Object-Oriented Design (OOD) then develops (designs) the solution.

We will use Object-Oriented Analysis and Design to design a network intrusion detection system (NIDS). As we learned in Chapter 8, Domain 7: Security Operations, a NIDS performs the following actions:

  1. Sniffs packets from a network and converts them into pcap (packet capture) format;
  2. Analyzes the packets for signs of attacks, which could include Denial of Service, client-side attacks, server-side attacks, web application attacks, and others;
  3. If a malicious attack is found, the NIDS sends an alert. NIDS may send alerts via email, paging, syslog, or security information and event managers (SIEMs).

The previous steps serve as the basis for our Object-Oriented Analysis. A sniffer object receives messages from the network in the form of packets. The sniffer converts the packets to pcap (packet capture) data, which it sends to the analysis object. The analysis object performs a number of functions (methods), including detecting denial of service, client-side, server-side, or web application attacks. If any are detected, it sends an alert message to the alerting object. The alerting object may also perform several functions, including alerting via email, paging, syslog, or SIEM. The NIDS Object-Oriented Design is shown in Fig. 9.12.

FIG. 9.12 Fig. 9.12 NIDS object-oriented design.

This NIDS design addresses the problem domain of alerting when malicious traffic is sent on the network.