Chapter 3. Program Security

 <  Free Open Study  >  

In this chapter:

  • Programming errors with security implications ”buffer overflows, incomplete access control

  • Malicious code ”viruses, worms, Trojan horses

  • Program development controls against malicious code and vulnerabilities ”software engineering principles and practices

  • Controls to protect against program flaws in execution ”operating system support and administrative controls

In the first two chapters, we learned about the need for computer security and we studied encryption, a fundamental tool in implementing many kinds of security controls. In this chapter, we begin to study how to apply security in computing. We start with why we need security at the program level and how we can achieve it.

In one form or another, protecting programs is at the heart of computer security. So we need to ask two important questions:

  • How do we keep programs free from flaws?

  • How do we protect computing resources against programs that contain flaws?

In later chapters, we will examine particular types of programs ”including operating systems, database management systems, and network implementations ”and the specific kinds of security issues that are raised by the nature of their design and functionality. In this chapter, we address more general themes, most of which carry forward to these special-purpose systems. Thus, this chapter not only lays the groundwork for future chapters but also is significant on its own.

This chapter deals with the writing of programs. It defers to a later chapter what may be a much larger issue in program security: trust. The trust problem can be framed as follows : Presented with a finished program, for example, a commercial software package, how can you tell how secure it is or how to use it in its most secure way? In part the answer to these questions is independent, third-party evaluations, presented for operating systems (but applicable to other programs, as well) in Chapter 5. The reporting and fixing of discovered flaws is discussed in Chapter 9, as are liability and software warranties. For now, however, the unfortunate state of commercial software development is largely a case of trust your source, and buyer beware.

 <  Free Open Study  >  


Security in Computing
Security in Computing, 4th Edition
ISBN: 0132390779
EAN: 2147483647
Year: 2002
Pages: 129

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net