What are formal methods for secure and robust programs?
- Making a convincing argument that the source code is correct
- Using some rigorous method like math to prove the source code is correct
- Having the source code certified correct by a trusted party
- Testing the executable by ensuring every control path is taken
Which of the following should you check for? (Select all that apply.)
- When computing x * y, check that x and y are both signed.
- When computing x % y, check that x and y are both positive.
- When computing x / y, check that y is not 0.
- When computing array[++i], check that i is not the index of the last element of the array.
Which of the following is true for informal methods?
- An informal method gives a hand waving description of why the program works.
- An informal method gives a proof of correctness of a program.
- An informal method gives a strong argument for correctness of a program.
- An informal method gives a proof of correctness assuming any assumptions are true.
Which of the following is NOT true for ad hoc methods?
- Ad hoc methods do not give proofs of correctness.
- Ad hoc methods test the program so that all paths of control are exercised.
- Ad hoc methods may say a program is correct when, in reality, it is not.
- Ad hoc methods give weak arguments of correctness.
- Why are checklists for secure programming helpful?
- Checklists are a good reminder of what needs to be done.
- A checklist is helpful for writing secure code, but not for validating that a program is a secure one.
- Anyone can use a checklist to write secure code.
- Using a checklist requires some understanding of programming and systems, but not of secure coding.
For a function, the precondition states ___________; the postconditon states __________.
- what is relevant to the function and is true...what the function actually does
- what is assumed when the function is called...what the function will do, assuming the preconditions are satisfied
- what the programmer wants the function to do...what the programmer believes the function will do
- any constraints on the parameters of the function...whether the arguments actually passed to the function satisfy the precondition
Why do you log enough information about a login to reconstruct the login actions?
- Because you want to be able to determine when the most login activity occurs
- Because you want to be able to figure out whether an attempt to login is rejected
- Because you want to be able to audit the login attempt and verify the cleartext password is the correct one
- Because you want to be able to determine what happened should an unauthorized login succeed
Which of the following indicates a poorly structured program?
- Modularizing security-relevant elements so each module performs exactly one security-related function
- Making the connections between security-related modules and other security-related modules (and non-security related modules) difficult for an analyst, and hence an attacker, to figure out.
- Making the security-related parts of the program as simple as possible
- Separating the security-related and non-security-related parts of the program into different sets of modules.