Secure Computing and C Programming Flashcards

Practice questions covering secure computing principles, C language vulnerabilities, coding standards like MISRA and SEI CERT, and common attack vectors such as buffer overflows.

When is Assignment $1$ due, according to the lecture admin?

Assignment $1$ is due tomorrow at $3PM$.

Where can students find the marking rubric and interview guidelines?

These details are posted on Blackboard under the assessment section.

What is the median mark for the $140$ students who had submitted Assignment $1$ as of the morning of the lecture?

The median mark is $64$ out of $75$.

According to the Australian Computer Society, what is the estimated annual cost of cybersecurity to Australia's economy?

It is estimated to be $63,000,000,000$ a year ($59,000,000,000$ to businesses and $4,000,000,000$ to individuals).

What are the two primary organizations mentioned that provide C programming security guidelines?

The Software Engineering Institute ($SEI$) $CERT$ at Carnegie Mellon University and the Motor Industry Software Reliability Association ($MISRA$).

What is $SEI$ $CERT$ C coding rule $5.1$?

Ensure that unsigned integer operations do not wrap.

What is the $MISRA$ $C$ directive regarding dynamic memory allocation in safety-critical systems?

Dynamic memory allocation should not be used because running out of constrained memory can cause system crashes.

According to $MISRA$ $C$ Rule $13.5$, what is prohibited in the right-hand side of a logical $and$ or $or$ operation?

The right-hand side shall not contain persistent side effects, due to C's lazy evaluation behavior.

What was the cause of the Apple $SSL$ vulnerability discovered in $2014$?

A duplicate $goto\text{ fail}$ line was included without braces, causing the program to bypass $SSL$ verification if it fell through the first conditional.

Why is the function $gets()$ considered dangerous for reading strings from standard input?

It continues reading characters until a newline or end-of-file without checking the size of the buffer, leading to potential buffer overflows.

In a buffer overflow attack on the stack, which direction does the stack typically grow in the memory model described?

The stack grows from higher addresses toward lower addresses.

What compiler flag can be used with $GCC$ to add checks for stack smashing?

The $-fstack-protector$ flag.

Which $printf$ format specifier is particularly dangerous because it allows the program to write a value to a position on the stack?

The $$ specifier, which writes the number of characters printed so far into a memory location.

What is Address Space Layout Randomization ($ASLR$)?

A security feature where the stack and heap are placed at different memory addresses every time a program runs to prevent attackers from predicting exact memory locations.

What is $Floor\text{ Finder}$ in the context of C programming?

It is an open-source static analysis tool that scans C source code for common security vulnerabilities and assigns them a severity level from $1$ to $5$.

Aside from code issues, what human behaviors were cited as major factors in cybersecurity problems?

Reusing passwords across multiple systems, falling victim to phishing or social engineering, and failing to keep operating system patches or firmware up to date.