Lecture 29: Non-Robust and Non-Secure Software
Date: December 4, 2013
Homework due: Dec. 6 at 5:00pm
- Review sessions and final exam
- Review sessions:
Monday, Dec. 9, from 2pm–3pm in 1 Wellman;
Tuesday, Dec. 10, from 10am–11am in 1006 Giedt
- Final exam: Wednesday, Dec. 11, from 10:30am–12:30pm in 1 Wellman
- What does “secure” mean?
- What do you look for?
- Basic requirements
- Defending against stupidity
- Showing only that which the user needs to see
- Assume anything can happen, and guard against undesirable things
- What does the program depend on?
- Network access: what happens if it can’t connect to the network?
- User settings: are these easy to do?
- Files: what files (intermediate, input, output, does it use?
- How does it handle contradictory settings?
- Other dependencies, especially on what the user/system/administration does not control?
- Does the program do what you expect?
- Is it clear what the program is to do under all circumstances?
- What happens when you give it lots of input or use it on large data sets?
- What happens if you give it no input when it expects some?
- What happens if you try to exceed some limit?
- What happens if you give it strange input?
- Does it handle “meta-characters” properly?
- Does it check for and handle bad characters, or does it check for good characters?
- What happens if the input is malformed?
- Does it interact with other programs?
- What happens if the other program is not present?
- What happens if it malfunctions?
- Will the programs deadlock?
- Does the result depend on the order in which the programs interact, and if so, is that ordering enforced?
- What does it do if something “impossible” happens?
- A system database returns an unexpected value (or no value)
- A network connection is broken before it shuts down
- A configuration file or database is corrupted