Lecture 29: Non-Robust and Non-Secure Software

Date: December 4, 2013
Homework due: Dec. 6 at 5:00pm

1. Review sessions and final exam
   1. Review sessions:
      Monday, Dec. 9, from 2pm–3pm in 1 Wellman;
      Tuesday, Dec. 10, from 10am–11am in 1006 Giedt
   2. Final exam: Wednesday, Dec. 11, from 10:30am–12:30pm in 1 Wellman
2. What does “secure” mean?
3. What do you look for?
4. Basic requirements
   1. Paranoia
   2. Defending against stupidity
   3. Showing only that which the user needs to see
   4. Assume anything can happen, and guard against undesirable things
5. What does the program depend on?
   1. Network access: what happens if it can’t connect to the network?
   2. User settings: are these easy to do?
   3. Files: what files (intermediate, input, output, does it use?
   4. How does it handle contradictory settings?
   5. Other dependencies, especially on what the user/system/administration does not control?
6. Does the program do what you expect?
   1. Is it clear what the program is to do under all circumstances?
   2. What happens when you give it lots of input or use it on large data sets?
   3. What happens if you give it no input when it expects some?
   4. What happens if you try to exceed some limit?
7. What happens if you give it strange input?
   1. Does it handle “meta-characters” properly?
   2. Does it check for and handle bad characters, or does it check for good characters?
   3. What happens if the input is malformed?
8. Does it interact with other programs?
   1. What happens if the other program is not present?
   2. What happens if it malfunctions?
   3. Will the programs deadlock?
   4. Does the result depend on the order in which the programs interact, and if so, is that ordering enforced?
9. What does it do if something “impossible” happens?
   1. A system database returns an unexpected value (or no value)
   2. A network connection is broken before it shuts down
   3. A configuration file or database is corrupted