More tweaks.
This commit is contained in:
Justin Hsu
parent
d3bf5b92fa
commit
a264ffb14c
|
|
@ -11,16 +11,17 @@ date: November 21, 2018
|
||||||
## Security holes are bugs
|
## Security holes are bugs
|
||||||
1. Programmer writes some code
|
1. Programmer writes some code
|
||||||
2. Programmer makes a mistake!
|
2. Programmer makes a mistake!
|
||||||
- Forgot to check permissions
|
- Forgets to check permissions
|
||||||
- Mixed private and public data
|
- Mixes private and public data
|
||||||
- Didn't allocate enough space
|
- Doesn't allocate enough space
|
||||||
|
- Reads from malicious input
|
||||||
- ...
|
- ...
|
||||||
3. Attacker exploits the security flaw
|
3. Attacker exploits the security flaw
|
||||||
|
|
||||||
## Programming languages: <br> first line of defense
|
## Programming languages: <br> first line of defense
|
||||||
- Catching errors earlier is better
|
- Catching errors earlier is better
|
||||||
- Earliest possible time: when program is written
|
- Earliest possible time: when program is written
|
||||||
- Easier to reject program than try to protect against it
|
- Easier to reject program than try to defend against it
|
||||||
|
|
||||||
## Design languages <br> to reduce security flaws
|
## Design languages <br> to reduce security flaws
|
||||||
- Make it easier for programmer to do right thing
|
- Make it easier for programmer to do right thing
|
||||||
|
|
@ -53,7 +54,7 @@ date: November 21, 2018
|
||||||
- Describe how program "steps"
|
- Describe how program "steps"
|
||||||
|
|
||||||
## 3. Describe how to check <br> a given program
|
## 3. Describe how to check <br> a given program
|
||||||
- Must work *without* running the program
|
- Ideally: works *without* running the program
|
||||||
- Other desirable features:
|
- Other desirable features:
|
||||||
- Scales up to large programs
|
- Scales up to large programs
|
||||||
- Runs in a reasonable amount of time
|
- Runs in a reasonable amount of time
|
||||||
|
|
|
||||||
Reference in New Issue