Computer Security: Principles and Practice (Ch. 11, Software Security)

Software can broadly be divided into two categories: ________ and ________.

Operating systems, application software

Atomic operation

A function or action implemented as a sequence of one or more instructions that appears to be indivisible; that is, no other process can see an intermediate state or interrupt the operation. The sequence of instruction is guaranteed to execute as a group, or not execute at all, having no visible effect on system state. Atomicity guarantees isolation from concurrent processes.

Canonicalization

Replacing alternate, equivalent encodings by one common value

code injection

A method used by hackers to insert malicious code into otherwise legitimate files or data transmissions.

Command injection

Input used in the construction of a command that is subsequently executed by the system with the privileges of the web server.

Cross-Site Scripting (XSS)

a technique used to compromise database data in which web page scripting is injected into the server

XSS reflection

The most common variant, here the attacker includes malicious script content in data supplied to a site. If this content is subsequently displayed to other users without sufficient checking, they will execute the script assuming it is trusted to access any data associated with that site. An example would be guestbook program

Defensive/secure programming

The process of designing and implementing software so it continues to function even when under attack.

Environment variable

A collection of string values inherited by each process from its parent that can affect the way a running process behaves.

Fuzzing

A technique used to discover flaws and vulnerabilities in software.

Injection attack

A wide variety of program flaws related to invalid handling of input data. (Program input data can accidentally or deliberately influence the flow of execution of the program.)

Least Privilege

Programs should execute with the least amount of privileges needed to complete their function.

Privilege Escalation

Executing actions with privileges greater than the compromised program or service.

Memory leak

An undesirable state in which a program requests memory but never releases it, which can eventually prevent other programs from running.

Race condition

Results when several threads try to access and modify the same data with shared memory concurrently, and results in lost changes or corrupted data.

Regular expression

A notation for defining all the valid strings of a formal language or a special text string for describing a search pattern.

Software quality and reliability

Concerned with accidental failure of a program as a result of some theoretically random, unanticipated input, system interaction, or use of incorrect code.

Software security

How to correctly handle program input to prevent many types of vulnerabilities, and manage safe interactions with other programs and operating systems. (Differs from quality and reliability in that attacker chooses probability distribution.)

3 categories in SANS Top 25 software errors

Insecure interaction between components, risky resource management, & porous defenses.

What does CWE stand for?

Common Weakness Enumeration

What does CVE stand for?

Common Vulnerabilities and Exposures

Software Assurance Forum for Excellence in Code (SAFECode)

Develop publications outlining industry best practices for software assurance and providing practical advice for implementing proven methods for secure software development.