jan17 - CS 426 class Jan 17, 2012

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 426 class Jan 17, 2012 www.cs.purdue.edu/homes/ssw/cs426/{index.html,syll.pdf,outline} (General purpose) Program security These ideas apply also to OS and DB. Read Chapter 3 What does it mean for a pgm to be secure? Depends whom you ask. Takes a long time to break its security controls Has run for 9 weeks with no failure Contains no potential security flaw A program fault is an unexpected (bad) behavior of a pgm Which program is more secure? 1. pgm with 100 faults discovered and fixed 2. a similar pgm with 20 faults discovered and fixed Early computer security was "penetrate and patch" Not a good solution because: 1. narrow focus on a fault ignores the context 2. fault may have nonobvious side effects 3. fixing one problem may cause another 4. fault not fixed because the fixed system wouldn't work A better approach to computer security (via software engineering) program security flaw = pgm behavior not what designers intended or users expected. Flaws may be either inadvertent human errors or malicious, intentional flaws. Unintentional human error are more common than deliberate
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/23/2012 for the course CS 426 taught by Professor Staff during the Spring '08 term at Purdue University-West Lafayette.

Page1 / 3

jan17 - CS 426 class Jan 17, 2012

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online