Topics from the 2016 Eduqas Specification
This page contains information from the 2016 Eduqas specification that was removed for the 2020 specification.
Human-Computer Interaction (Command-Line Interface, Touch-Sensitive Interface, Menu-Driven Interface, Voice-Driven Interface)
Cyber Attacks (Dictionary Attack, Buffer Overflow, Human Weakness)
Software Protection (Secure by Design, Too Many Permissions, Scripting Restrictions, Validation with Parameters)
Data Policies (Acceptable Use Policy, Disaster Recovery, Cookies)
Environmental Issues (Tips to Reduce Waste, Positive Impacts of Technology)
Buses & Instruction Sets
Data is transferred within a computer system along pathways called buses.
There are three types of bus:
Sends a memory address of where data is stored. The address is sent from the CPU to RAM in the FDE cycle.
Transfers data between components. Data is sent both ways.
Sends control signals from the control unit to other components of the system. Status signals are sent back to the CPU.
An instruction set is a list of all the instructions that a CPU can process as part of the FDE cycle.
CPUs can have different sets of instructions that they can perform based on their function. The two most common instruction sets are the simpler RISC (Reduced Instruction Set Computer) and more complicated CISC (Complex Instruction Set Computer).
Set Computer (RISC)
Set Computer (CISC)
RISC has fewer instructions than CISC and is therefore slower for carrying out complex commands but quick for basic tasks.
CISC has more complex instructions available and can therefore perform complicated tasks.
RISC is generally cheaper to mass produce because less circuitry is required for the smaller instruction set.
CISC CPUs are generally more expensive because they require more circuitry to operate.
RISC CPUs are designed to use less power and run without dedicated cooling systems (like fans) so that they can be used in devices like smartphones.
Because CISC CPUs require more circuitry this means that they generate more heat and may require a fan. CISC CPUs therefore are commonly used in desktop computers.
RISC CPUs run at lower clock speeds than CISC CPUs. They can perform simpler tasks more quickly than CISC, but are generally not used to carry out complex instructions.
CISC CPUs run at higher clock speeds than RISC CPUs. They can perform complex tasks more quickly than RISC.
POP3 (Post Office Protocol 3) and IMAP (Internet Message Access Protocol) are both protocols for receiving and storing emails from a mail server.
A gateway joins together two networks that use different base protocols.
For example, a gateway could link together a LAN to a WAN.
Human - Computer Interaction
Other types of user interface do exist, such as a command-line interface (CLI).
This type of interface is entirely text-based and requires users to interact with the system by typing commands. This is a complicated process and mistakes could easily accidentally delete data. There are many commands to learn so only experts who have been trained to learn this interface will be able to efficiently make use of it.
Another type of user interface is a touch-sensitive interface, used with smartphones and tablets.
A human interacts with the device by pressing on a touchscreen, making it very intuitive and suitable for most users without training. Touch-sensitive interfaces may not work with dirty or wet fingers and it will take longer to write text compared to using a keyboard.
A menu-driven interface displays data in a series of linked menus. Examples include cash machines (ATMs) and old iPods.
This type of interface is generally user friendly and easy to use as commands do not need to be memorised. However it can be annoying to find specific data through a large number of menus without a search feature.
A voice-driven interface can be controlled by speaking commands aloud to a listening device. Examples include Amazon's Alexa devices, Apple's Siri technology and Google Home.
This interface is intuitive, can be used hands-free and helps to speed up processes. However commands may be misheard or limited in what can be performed.
Dictionary Password Attack
This uses a file containing every word in the dictionary and cycles through them all. This method is relatively easy to program but will only break the simplest passwords.
Buffer Overflow Attack
A buffer is a temporary storage location.
A buffer overflow attack causes a program to try to store more data in a buffer than it can hold which can lead to adjacent memory locations being overwritten.
An attacker can use the buffer overflow to insert malicious code to change data or steal confidential data.
The biggest weakness in online security is often not the systems in place but carelessness or mistakes made by humans.
Social engineering means to trick others into revealing their personal data by posing as a trusted source. For example, impersonating an IT technician via email and asking to send a username and password.
Humans can accidentally compromise data by downloading malicious files or being unsafe online, like using the same password for multiple different accounts.
Attackers can access unauthorised information in person by shoulder surfing and watching them as they enter sensitive data such as a PIN or password.
The following methods of protection are considered in the design, testing and creation stages of developing software.
Secure by Design
This method puts security as the most important concept when creating and designing software.
By focusing on security when designing software there should be less need for later updates and patches and attacks are less likely to succeed.
Too Many Permissions
Apps require permission to use device features (such as the camera or microphone of a smartphone) when they are downloaded. Programmers should only request permission for features that the software requires.
Some malicious apps steal data or spy on users - and the worst part is that you've given permission for it to do it! Users can avoid suspicious apps by reading reviews, checking there are no unnecessary permission requests, only downloading the software you need / will use and uninstall apps if permissions change.
Without SOP an infected website could access personal data or infect a computer with malware by maliciously using the same scripts as other websites you have used. Programmers should set scripting restrictions when creating websites.
Validation with Parameters
A parameter is a measure that is used when validating data, it is usually a range or limit.
For example, the parameters of a length check may be whether the data is between 1 and 10 characters.
Programmers must ensure validation is used on websites with suitable parameters to prevent attacks such as an SQL injection.
Data policies are written documents that clearly define how data should be managed in an organisation. It is important that all employees stick to these policies and requirements so that data is kept safe and can be replaced if lost or corrupted. The following methods are examples of common data policies.
Acceptable Use Policy (AUP)
Workplaces and schools often require people to sign an acceptable use policy (AUP) before being allowed to use the network. It is a list of rules and expected behaviour that users must follow when using the computer systems.
Typical rules include:
Which websites are off-limits (such as social media or gambling sites),
Download permissions (such as who can download and install software)
Email communication (such as appropriate language).
Punishments if rules of the AUP are broken.
The AUP is sometimes known as a Code of Conduct. This is an example of a formal code of practice, with written rules and clear expectations. An informal code of practice would not be officially written down, such as personal habits and preferences (e.g. email layout or desk organisation).
With important data often stored on a computer network, it is absolutely vital that a detailed and effective disaster recovery policy is in place in the event of data being lost due to an unexpected disaster.
Disasters include natural disasters (e.g. fire, flood, lightning), hardware failure (e.g. power supply unit failing), software failure (e.g. virus damage) and malicious damage (e.g. hacking).
There are three clear parts to a disaster recovery policy:
Before the disaster:
All of the possible risks should be analysed to spot if there are any weaknesses in preparation.
Preventative measures should be taken after the analysis, such as making rooms flood-proof or storing important data at a different location.
Staff training should take place to inform employees what should happen in the event of a disaster.
During the disaster:
The staff response is very important – employees should follow their training and ensure that data is protected and appropriate measures are put in place.
Contingency plans should be implemented while the disaster is taking place, such as uploading recent data to cloud storage or securing backups in a safe room and using alternative equipment until the disaster is over.
After the disaster:
Recovery measures should be followed, such as using backups to repopulate computer systems.
Replacement hardware needs to be purchased for equipment that is corrupted or destroyed.
Software needs to be reinstalled on the new hardware.
Disaster recovery policies should also be updated and improved.
A cookie is a small piece of data that is stored by websites when you visit them. They allow the website to identify the user and are often used to speed up processes, such as:
Automatic login (by saving account details)
Save items into a basket (such as pizza delivery sites)
Display adverts related to your previous search terms.
Although they can be used to save time, some argue that cookies can be intrusive and store too much information.
Tips to Reduce Waste
Turn off computers, monitors and other connected devices when not in use.
Adjust power options to help minimise power consumption.
Devices with the Energy Star sticker use between 30% and 70% less electricity than usual.
Repair older devices rather than throwing them away.
Ink jet printers use up to 95% less energy than laser jets.
Think twice about printing paper, don't waste ink and remember to recycle paper.
Positive Environmental Impacts
Communication advancements (such as video messengers) reduces pollution as people do not have to travel to speak to each other. This is especially beneficial in business - workers can talk from the office and do not need to catch a plane to speak.
Smart devices can monitor usage and reduce energy waste - such as smart air conditioners and home security systems.
Collaboration software (such as cloud-based technology and Google Docs) allows experts to work together and share data.
The internet and research databases allows scientists to study the environment more efficiently.
Documents can be viewed on a screen rather than printed out - books and newspaper articles can be read on kindles / tablets saving paper and ink.
New materials and more environmentally-friendly processes have been developed thanks to increased technology and research.
Object-Oriented Programming (OOP)
Java is an example of object-oriented programming (OOP) where a programmer is able to code objects that can be visually placed onto a background. Greenfoot is an IDE for Java.
A class from which other 'subclasses' will inherit characteristics; e.g. hippos, crocodiles and polar bears will inherit properties from the Animals superclass.
A single object from a class; e.g. one crocodile object from the Crocodile class.
A set of objects which share the same properties; e.g. all PolarBears will behave in a similar way.
Two / symbols will allow you to write a comment to explain the code.
A series of instructions that an object will follow. The act() method will loop in Greenfoot when the play button is pressed.
Variable Scope & Lifetime
The scope of a variable refers to the parts of the program where the variable can be viewed and used, e.g. a variable with global scope can be accessed anywhere in the program.
The lifetime of a variable is the amount of time the variable is stored in memory and therefore can be used, e.g. local variables can only be accessed throughout the subroutine they are created in.