Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

Software Security Exam Q&A: Principles and Practices, Exams of Software Development

Carnegie Mellon University (CMU)Software Development

A comprehensive overview of software security concepts, focusing on secure software development and analysis. It covers key principles such as the cia triad (confidentiality, integrity, availability), growing trends affecting software security, and essential design principles like minimizing secrets and least privilege. The document also explores software architecture styles, including pipe and filter and distrustful decomposition, offering insights into their components, advantages, and disadvantages. It is a valuable resource for understanding the fundamentals of building secure and resilient software systems, emphasizing the importance of integrating security considerations throughout the software development lifecycle. Useful for students and professionals alike, providing a solid foundation in software security principles and practices.

Typology: Exams

2024/2025

Available from 06/10/2025

GlobalStudyVault
GlobalStudyVault 🇺🇸

574 documents

1 / 14

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
SSDA Exam 1 | Questions & Answers |
100% Correct | Verified
What is software? - ✔✔Software is a collection of abstract artifacts.
What are some characteristics of software? - ✔✔
- Either customized or generic.
- Software is a logical system.
- Software evolves.
What is security? - ✔✔The practices used to ensure the software works as expected considering the
environment and all possible inputs.
Why are we interested in security? - ✔✔
- No matter the system, there are things that must maintain their integrity: algorithms, user data, system
data.
- Low security leads to low trust.
What does CIA Triad stand for? - ✔✔Confidentiality, Integrity, Availability
What is the CIA Triad? - ✔✔- Three principles to which most vulnerabilities can be associated with. If we
secure all three, we can confidently place trust in the system and its security.
- Sometimes includes Accountability or Non-repudiation.
What is confidentiality? (examples too) - ✔✔- Privacy
- Separation between people who should be able to access data and those who shouldn't.
- Ex: encryption, authentication, separation
What is integrity? (examples too) - ✔✔- "Trustworthiness" of the software
SSDA 1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe

Partial preview of the text

Download Software Security Exam Q&A: Principles and Practices and more Exams Software Development in PDF only on Docsity!

SSDA Exam 1 | Questions & Answers |

100% Correct | Verified

What is software? - ✔✔Software is a collection of abstract artifacts. What are some characteristics of software? - ✔✔

  • Either customized or generic.
  • Software is a logical system.
  • Software evolves. What is security? - ✔✔The practices used to ensure the software works as expected considering the environment and all possible inputs. Why are we interested in security? - ✔✔
  • No matter the system, there are things that must maintain their integrity: algorithms, user data, system data.
  • Low security leads to low trust. What does CIA Triad stand for? - ✔✔Confidentiality, Integrity, Availability What is the CIA Triad? - ✔✔- Three principles to which most vulnerabilities can be associated with. If we secure all three, we can confidently place trust in the system and its security.
  • Sometimes includes Accountability or Non-repudiation. What is confidentiality? (examples too) - ✔✔- Privacy
  • Separation between people who should be able to access data and those who shouldn't.
  • Ex: encryption, authentication, separation What is integrity? (examples too) - ✔✔- "Trustworthiness" of the software
  • We should have a level of confidence in the data being dealt with.
  • Ex: access control systems, physical shielding, checksums, redundancy What is availability? (examples too) - ✔✔- A service or data should be available to those who should have access to it.
  • Often a hardware trait
  • Ex: increasing bandwidth, backup systems, distributed systems (DOS mitigation techniques) What is accountability/non-repudiation? (examples too) - ✔✔- Access to data should be traceable
  • Ex: logging, auditing What are the 3 growing trends that make systems susceptible to software security problems? - ✔✔Connectivity, Extensibility, Complexity What is connectivity? - ✔✔- More devices
  • Internet
  • IoT What is extensibility? - ✔✔Code is made to easily adapt or extend (plugins) What is complexity? - ✔✔- Growing technology dependency - > growing complexity
  • Growing complexity - > more room for error What are vulnerabilities of these growing trends? - ✔✔Bug, defect, fault, risk How can we ensure and maintain CIA? - ✔✔Secure software development & Secure software analysis What is Secure Software Development? - ✔✔- Create quality software with security in mind
  • Security should not be applied after the fact (i.e. penetrate and patch)

Complex vs. Complicated - ✔✔Complex:

  • Many components Complicated:
  • Difficult to understand
  • A complicated system may not be complex Open Design features - ✔✔- The security of a mechanism should not depend on the secrecy of its design or implementation
  • Common practices are good
  • Does not necessarily hinder security Examples of Open Design - ✔✔- Public key encryption
  • Role-based Access Control
  • Open source software/hardware Iterative Model - ✔✔- Multiple mini-waterfall-like cycles
  • A working implementation after each iteration
  • Requirements gathering spread out over iterations
  • Usually with less non-essential artifacts produced Incremental Model - ✔✔- Incrementally improve the software in small steps
  • Customer feedback
  • Less cumbersome than waterfall (fix mistakes quickly)
  • Working product delivered at each iteration (functionality delivered based on importance to client or development process)
  • Adaptable: plan-driven, flexible
  • Problems: difficult for large systems, can be chaotic for large teams Least Astonishment - ✔✔- Not the same thing as simplicity
  • Design should be intuitive and unsurprising
  • If a user does not understand the software, they won't use it correctly
  • Generally UI-oriented
  • Minimize learning curve
  • Sometimes difficult - > Security vs. Usability Attack through Astonishment - ✔✔Malware often takes advantage of this principle, if a user is astonished, it is likely they will do the wrong thing Security Design Principles - ✔✔- Minimize Secrets
  • Complete Mediation
  • Fail-Safe Defaults
  • Least Privilege
  • Economy of Mechanism
  • Least Common Mechanism
  • Separation of Duty Minimize Secrets - ✔✔- Secrets should be few and changeable
  • Secrets probably won't remain secret for long
  • Additional secrets increase administrative burden Complete Mediation - ✔✔- All accesses to all objects must be mediated (checked) to be sure they are allowed Fail-Safe Defaults - ✔✔- If the access fails, the system is not compromised (deny access by default) Least Privilege - ✔✔- Entities should only have the minimal rights necessary to perform a task
  • Works closely with fail-safe defaults
  • It may work to give everyone root access, but then they have access to everything

An architectural style describes: - ✔✔Software components:

  • Details hidden (data structures and algorithms)
  • Services displayed (how they use, are used by, relate to, and interact with other components) Relationships among the components:
  • Data flows
  • Control flows An architectural style determines: - ✔✔- The vocabulary of components and connectors that can be used in instances of that style
  • A set of constraints on how they can be combined Software architectures are represented as ... - ✔✔Graphs Nodes represent ... - ✔✔Components Edges represent ... - ✔✔Connectors What is Pipe and Filter? - ✔✔- Suitable for applications that require a defined series of independent computations to be performed on ordered data
  • A component reads streams of data on its input and produces streams of data on its outputs What are the components and connecters in pipe and filter? - ✔✔- Components: called filters, apply local transformations to their input streams and often do their computing incrementally so that output begins before all input is consumed
  • Connectors: called pipes, serve as conduits for the streams, transmitting outputs of one filter to inputs of another Constraints of pipe and filter? - ✔✔- Filters do not share state with other filters
  • Filters do not know the identity of their upstream or downstream filters

Examples of pipe and filter - ✔✔- Unix shell scripts

  • Traditional compilers Advantages of pipe and filter - ✔✔- Easy to understand the overall input/behavior of a system as a simple composition of the behaviors of the individual filters
  • Supports reuse, since any two filters can be hooked together, provided they agree on the data that is being transmitted between them
  • Complex without being complicated
  • Systems can be easily maintained and enhanced, since new filters can be added to existing systems and old filters can be replaced by improved ones
  • They permit certain kinds of specialized analysis, such as throughput and deadlock analysis
  • They naturally support concurrent execution Disadvantages of pipe and filter - ✔✔- Not good for handling reactive systems, because of their transformational characteristics
  • Excessive parsing and encoding leads to loss of performance and increased complexity in writing the filters themselves What is Distrustful Decomposition? - ✔✔- Goal: separate functions into completely separate programs/objects
  • Least privilege for each component
  • Similar to pipe and filter (filters can be separate programs)
  • Separation of duties => isolation of vulnerabilities What are the components and connectors of distrustful decomposition? - ✔✔- Components: individual programs making up the entire system (usually have a unique user ID running the process, could be file system itself)
  • Connectors: function calls or API between components Advantages of distrustful decomposition - ✔✔- Becomes difficult to compromise entire system (b/c of least privilege)
  • Increases modularity (if one module fails, the problem is contained at the code level)

Describe the Model, View, and Controller in MVC pattern - ✔✔Model:

  • Manages behavior and data of the application domain
  • Responds to requests for information about its state
  • Responds to instructions to change state
  • Often implemented with Object Relational Mapping (ORM) View:
  • Manages the display of information
  • Typically changes when an object changes state Controller:
  • Interprets input from user, controlling the model and/or view to change in response
  • Stores business logic MVC consequences - ✔✔- Data-centric design
  • Views can be easily updated without affecting business logic (modularity)
  • Models can be added as new objects (modularity)
  • Models are predetermined
  • Ease of maintainability What is a pattern? - ✔✔- A pattern is a solution to a recurring problem in a specific context
  • Patterns are like templates
  • Not code reuse What is the Gang of Four? - ✔✔A book of 23 design patterns What are the pattern types? - ✔✔Creational:
  • Techniques for creating objects
  • Configure classes Structural/Architectural:
  • Techniques for organizing objects
  • Separation of interface and implementation Behavioral:
  • Techniques for object communication
  • Class responsibility Singleton Pattern - ✔✔Problem: An object should only be allowed one instantiation within the system. Context: Object-oriented system where a class abstraction has one instance. Solution: make the class constructor private and provide a static method to the instance. Consequences of Singleton - ✔✔Controlled instantiation, Restricted instantiation (abstract) Factory Pattern? - ✔✔Problem: Object instantiation needs to be decided at runtime or many constructors exist and may change. Context: Object-oriented system Solution:
  • Create an interface class for all classes which may be instantiated
  • Create a Factory class which, depending on how it's invoked, will create and return a corresponding implementation of the abstract class
  • Client code only needs to access Factory Abstract Interface Class - ✔✔- Specifies interface and basic behavior of all objects returned by the factory
  • Creation behavior is specified by subclasses
  • Constructors can exhibit polymorphism (many constructors for individual classes) Factory Class - ✔✔- Removes direct use of constructors
  • Handles instance management
  • Usually just a single method

Consequences of Decorator - ✔✔- Different types of functionality can be grouped into decorators instead of core class

  • Simplified extensions
  • Better testing Observer Pattern - ✔✔Problem: Many objects rely on the state of a central object. Context: Situation with one-to-many dependencies. Solution:
  • Create an object called subject which notifies dependent observer objects of state changes (directly or indirectly)
  • Observers typically serve as "views"
  • Subject calls methods in observers to notify them of state change
  • Subject maintains a list of all its observers Publisher-Subscriber Pattern - ✔✔- Similar to observer pattern: publisher is like the subject, subscriber is like the observer
  • However, in pub-sub, neither component knows about the other component
  • Utilizes implicit invocation
  • A third component (broker or event bus) handles the message passing Benefits of using Patterns - ✔✔- Reuse
  • Documentation
  • Expert knowledge
  • Common vocabulary Single Access Point - ✔✔Problem: a system needs to be accessible by multiple users/systems in a secure way Context: isolated systems with a need to communicate with external entities Solution: provide a single interface for all communication with a system, secure that interface

Having multiple entry points providers multiple possibilities for exploitation A single entry point reduces complexity Session Pattern - ✔✔Problem: global information is stored in various places. Context: multi-user system Solution: store much information in a session object on per-user basis Solution: store such information in a session object on a per-user basis Internal checks can then be done based on the session. Typically done at login.