Lecture 9 - Program Security 1. Keeping flaws out of...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Program Security 1. Keeping flaws out of programs 2. Protection from programs with flaws Classical method of software engr. To keep flaws out of programs Penetrate and patch To remove flaws, penetrate the source code and patch the problem (flaw), but this strategy often doesn’t work well because It introduces new flaws. Why? 1. Approach causes a narrow focus on the given problem but leaves the context out of sight. 2. Problem area may have non-obvious interactions with other areas. 3. Fixing of flaws may result in reduced functionality of the application, so the developer decides not to fix it. New Approach: Instead of penetrate and patch, compare the requirements with the behavior of an application. With this approach any unexpected program behavior is essentially a program security flaw. These flaws can be malicious or unintended. Human errors are more costly than planned attacks. Unintentional flaws – validation errors (incomplete or missing), domain errors, serialization and aliasing,
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 04/20/2010 for the course CECS 478 taught by Professor Englert during the Spring '10 term at CSU Long Beach.

Page1 / 2

Lecture 9 - Program Security 1. Keeping flaws out of...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online