| 1. Navigation: | | 1. Eliza has replaced programming with 40-years of continual evolutionary improvements in a way that others will find it hard to emulate. | | 2. Each Data-Structure (DS) can be represented by Program-Logic (PL) times Business-Rules (BR) as DS=PL*BR. The amount of Business-Information (BI) that can be processed by PL is limited but the amount of BI that can be processed by BR is an order of magnitude greater. | | 3. Eliza is driven by knowledge expressed as business rules that are known as Cause-and-Consequence or "if-this-then-that". | | 4. Eliza has evolved because the cost and time to deploy any improvement must be minimised - this can only be achieved by changing fields values in forms, rather than program logic. |
| 7. Navigation Example: | | This Page | User Action | Eliza Cause | Eliza Consequence | Next Page | | start | Click Favourite Link | URL=ER | show dummy page | 1000 | | - | - | URL=OK | show home page | 1001 | | 1001 | Click Sign In Button | User=ER | show sign in page | 1003 | | - | - | User=OK | show access pad | 1007 | | 1001 | Click self-register Button | location=ER | show home page | 1001 | | - | - | location=OK | show registration form | 1017 | | 1017 | enter registration data | data=ER | show registration form | 1017 | | - | - | data=OK | show "saved" message | 1017 | | - | - | data=Complete | show PIN and password | 1001 | | 1003 | Enter name, email, password and select consent | enter=ER | show home page | 1001 | | - | - | enter=OK+TS=ER | show clock in welcome page | 2005 | | - | - | enter=OK+TS=OK | show welcome page | 2003 | | 1007 | Enter PIN | pin=ER | show home page | 1001 | | - | - | pin=OK+TS=ER | show clock in welcome page | 2005 | | - | - | pin=OK+TS=OK | show welcome page | 2003 | | This Page | User Action | Eliza Cause | Eliza Consequence | Next Page | | 2005 | select work place, clock in time and confirm | ts=ER | show home page | 1001 | | - | - | ts=OK | show welcome page | 2003 | | 2003 | click diary button | diary=ER | show home page | 1001 | | - | - | diary=OK | show diary page | 4301 | | 2003 | click HR button | hr=ER | show home page | 1001 | | - | - | hr=OK | show HR dashboard | 4003 | | 2003 | click asset button | asset=ER | show home page | 1001 | | - | - | asset=OK | show asset dashboard | 4004 |
|
| 8. Intellectual Property (IP): | | 1. This page is intellectual property and a trade secret. | | 2. Obfruscation is built-in to the design so a criminal has very little verifiable information to build an attack strategy. | | 3. The One-Program architecture reduces the attack surface to a single program (Eliza) that the criminal can attack - Eliza has a 100% successful defence record from been attacked many times every day for the past 20 years. | | 4. As an obfuscation policy, the only error message that is show is the home page so a criminal cannot deduce any reason or purpose for the home page to be shown. |
| 11. URL Risk Assessment: | | 1. It is a certain threat is that criminals are taking a copy of every URL that flows through the internet and will rerun a URL and will process the URL data to decduce what has been processed. | | 2. The hazard is that the URL parameter is mandated and criminals with access to a large amount of URL data will be able to deduce many things from the use of URL parameters. | | 3. The control measure is the use of a one-time URL parameter that is meaningless and worthless to the criminal - it cannot be reused again and it cannot be used to deduce what has been proccessed. Any manipulation of the URL shall be detected, the attack shall be blocked, the computing device shall be blacklisted and the home page will be shown. |
| 12. SQL Risk Assessment: | | 1. The number one threat to web sites for the past 20 years has been "SQL Injection" where data entered has not been sanitized and stored data has not been encrypted. | | 2. The primary control measure is that every data entry operation is undertaken by the Eliza sanitation assistant that removed symbols that can be used by hackers and ensures that field values match their documented permitted values. | | 3. The secondary control measure is that every field value is encrypted in a way that it cannot contain invalid character codes that could be used as part of an injection attack. | | 4. A permitted values policy is applied to each and every field value so each field can be encrypted with many layers of unique methods to cause data to become meaningless and worthless to a criminal. |
| Document Control. | | 1. Document Title: Navigation. | | 2. Description: Navigation, policies and guidelines. | | 3. Keywords: Navigation, policies and guidelines. | | 4. Privacy: Shared with approved people for the benefit of humanity. | | 5. Edition: 1.1. | | 6. Issued: 2 Jan 2018. |
|
|