Upload File

cmsc 345

9
CMSC 345 Defensive Programming Practices from Software Engineering 6 th Edition by Ian Sommerville

Upload: bruce-medina

Post on 31-Dec-2015

30 views

Category:

Documents


0 download

Report

DESCRIPTION

CMSC 345. Defensive Programming Practices from Software Engineering 6 th Edition by Ian Sommerville. Types of damage from External Attack. Denial of Service Normal usage of the system by authorized users has been denied Corruption of programs or data - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: CMSC 345

CMSC 345

Defensive Programming Practices from Software Engineering 6th

Edition by Ian Sommerville

Page 2: CMSC 345

Types of damage from External Attack

• Denial of Service– Normal usage of the system by authorized

users has been denied

• Corruption of programs or data– Program or data contents can be modified,

producing undesirable results

• Disclosure of confidential information– Including things like passwords or SSN

Page 3: CMSC 345

Common Security Terms

• Exposure– Possible loss or harm in a computing system

• Vulnerability– A weakness in a computer-based system that may be

exploited to cause loss or harm• Attack

– An exploitation of a system vulnerability• Threats

– Circumstances that have potential to cause loss or harm

• Control – A protective measure that reduces a system

vulnerability

Page 4: CMSC 345

To Ensure Security of a System

1. Vulnerability Avoidance– i.e. don’t connect a computer to the network

if it doesn’t need to communicate with others

2. Attack Detection & Neutralization– i.e. using a virus checker to protect the

computer from further exploitation

3. Exposure Limitation– i.e. regular back ups and constant security

patch application protect a system from long term exposure

Page 5: CMSC 345

Dependable Software

• Fault Avoidance– Design and implement the system in such a

way as to minimize human error

• Fault Tolerance– Design and implement the system such that

even if faults do occur, they do not negatively impact the system

Page 6: CMSC 345

Good Testing Reduces Dangers• Requirements inspection & management

– Continually review your requirements to make sure that you are developing your code to spec

• Code inspections– Have your peers review your code looking for common

problems and ask why you designed certain things in certain ways

• Static analysis– Run a tool like lint or ITS4 against your code to search for

common programming errors– See http://www.wiretapped.net/indexes/development.html for

more information and other tools

• Good Test planning & management– Ensures that you cover all the bases and ensures that

system requirements match up well with the final product

http://www.wiretapped.net/indexes/development.html
http://www.wiretapped.net/indexes/development.html
Page 7: CMSC 345

Static Analysis

• Software tool which scans the source text of a program and detects possible faults or anomalies

• Frequently used during code inspections

• Can be integrated into your development environment– ITS4 can be melded with emacs– /GS is the new part of MS Visual C++

Page 8: CMSC 345

Static Analysis Checks For…

• Control flow analysis– Highlights loops with multiple entry & exit

points and unreachable code

• Data use analysis– Checks variable usage for things like

• Variables that are declared but never used• Variables that are written twice without an

intervening assignment

Page 9: CMSC 345

Static Analysis Checks For…

• Interface Analysis– Performs additional type checking to ensure

proper use

• Information Flow Analysis– Identifies dependencies between input and

output variables

• Path Analysis– Unravels your program to show all the

possible paths


CMSC 330: Organization of Programming Languages · CMSC 330: Organization of Programming Languages Lambda Calculus Encodings CMSC 330 Fall 2019 1

CMSC 150 Loops

CMSC 345 Fall 2000 Unit Testing. The testing process

CMSC 15100

CMSC 2015 program

CMSC Delivery

CMSC 466 / 666

CMSC 601: Topics

CMSC Winter Carnival

Cmsc 100 (web forms)

CMSC 754 - cs.tufts.edu

CMSC San Diego May 31, 2012 · CMSC San Diego May 31, 2012 CMSC San Diego, May 31, 2012

CMSC 411: Computer Architecture

CMSC 491/635

CMSC 345 The Requirements Specification. Why do we need requirements Without the correct requirements, you cannot design or build the correct product,

CMSC 345 Programming. Organization of Coding Process Select “core” to implement first, following an incremental development model Reconsider architectural

CMSC 345 Fall 2000 Design. What is Design? Verb: The creative process of transforming the problem into the solution Noun: The description of the solution

CMSC 345, Version 1/11 S. Mitchell 1 Usability and User Interface Design

CMSC 345, Version 1/11 Software Requirements 1. 2 CMSC 345, Version 1/11 What’s the big deal about requirements? The Tree Swing Project

CMSC Presentation

CMSC 202 CMSC 202, Advanced Section Classes and Objects In Java

An Overview of Software Process. 2 CMSC 345, Version 1/11 Objectives To introduce the general phases of the software development life cycle (SDLC) To

CMSC 345 Fall 2000 Design Issues. Modularity and Abstraction Characteristic of all design methods Components have clearly defined inputs and outputs,

Leave Your Ego at the Door! CMSC 345 Software Design and Development Spring 2011 Ms. Susan Mitchell

CMSC 681 Project

CMSC 313 Lecture 02

CMSC 313 Lecture 18

CMSC 345 Project Planning. Customer’s Perspective Do you understand my problem? Can you develop and deliver a system that will solve my problem? How long

CMSC 601: Proposals

CMSC 335 Computer Graphics

Requirements Reference: Chapters 5, 6, & 8. CMSC 345, Fall 20022 Objectives To introduce the concepts of user and system requirements To explain functional

CMSC 671 Fall 2010

CMSC 754 - graphics.stanford.edu

1 CMSC 250 Discrete Structures CMSC 250 Lecture 1

CMSC 345, Version 1/03 An Overview of Software Processes Reference: Software Engineering, by Ian Sommerville, 6 th edition, Chapter 3